The Security Hippie

In this new book, Barak looks at security purely through the lens of story-telling, sharing many and varied experiences from his long and accomplished career as organizational and thought leader, and visionary in the information security field.

The Security Hippie is Barak Engel's second book. As the originator of the "Virtual CISO" (fractional security chief) concept, he has served as security leader in dozens of notable organizations, such as Mulesoft, Stubhub, Amplitude Analytics, and many others. The Security Hippie follows his previous book, Why CISOs Fail, which became a sleeper hit, earning a spot in the Cybercannon project as a leading text on the topic of information security management.

In this new book, Barak looks at security purely through the lens of story-telling, sharing many and varied experiences from his long and accomplished career as organizational and thought leader, and visionary in the information security field. Instead of instructing, this book teaches by example, sharing many real situations in the field and actual events from real companies, as well as Barak's related takes and thought processes.

An out-of-the-mainstream, counterculture thinker - Hippie - in the world of information security, Barak's rich background and unusual approach to the field come forth in this book in vivid color and detail, allowing the reader to sit back and enjoy these experiences, and perhaps gain insights when faced with similar issues themselves or within their organizations. The author works hard to avoid technical terms as much as possible, and instead focus on the human and behavioral side of security, finding the humor inherent in every anecdote and using it to demystify the field and connect with the reader.

Importantly, these are not the stories that made the news; yet they are the ones that happen all the time. If you've ever wondered about the field of information security, but have been intimidated by it, or simply wished for more shared experiences, then The Security Hippie is the perfect way to open that window by accompanying Barak on some of his many travels into the land of security.

Good storytelling is both an art and a gift. When mixed with real world experiences, they can combine to create a masterpiece. The Security Hippie masterfully uses real world experiences and compelling storytelling to paint a picture of what real life looks like in the security profession, and in doing so, becomes that masterpiece. Brian Ahern, CEO, Threatstack The Security Hippie tells stories about what it takes to have a career in security with plenty of learning moments and laughs along the way. Security is a field that is all about ethics, trust, and often, finding out who you shouldn't trust. Security professionals have a moral obligation to call things out when they see them and Barak's career narrative serves as a prime example of how we should all play a role in protecting society. Nick Santora, CEO, Curricula There are many lessons in the dark arts of information security management that Barak shares in The Security Hippie. They remind us that CISOs are, more importantly than IT experts, people. Drawing source material from the frontlines of the evolution of infosec, Barak shares relevant personal experiences that are by turns illuminating and thought-provoking while being funny and engaging, and always informative and well-written. Security Hippie offers a confessional-style memoire that emphasizes the human aspect of information security, providing CISOs actionable insights for unlocking next-level performance. You'll laugh, you'll cry, you'll re-examine your information security management system design and implementation. Like other great counterculture authors before him, Barak takes his readers into new territory on a journey paved with personal experiences. Courageously displaying the good, the odd, and the downright embarrassing moments of his career, Barak spins a yarn that showcases the soft skills and strategic business mindset needed to elevate this traditionally IT-focused profession. Today's CISO cannot thrive in an IT sandbox sealed off from the business they are charged with protecting. In conversational-but-intelligent prose, Barak explains how to think outside the CISO sandbox. -- Eliot Baker, Sr Mgr, Hoxhunt When I first read Barak's book I thought it was about tactical examples to survive security breaches or ways you could be a better leader. I mean it is a book about all of that; you get to see his life play out through his lens, as a security special agent. Helping companies prepare for and React to security incidents. But in reality I saw it as an authentic biography about a person who deeply believes in integrity and relationships and how he's built a sustainable enterprise in the service of his customers. Finally, even his writing style speaks to his lifelong pursuit of showing other geeks like me that we can find success in our own skin. In that, I found a lot of inspiration and I am certain you will as well. -- Dilip Ramachandran, Chief Product Therapist at Nimi, Author of "Gangsta PM" I'm at a loss for words for Barak. Literally. When I suggested that hippie wasn't a big enough word to capture his uniqueness, he suggested I come up with another. I couldn't. I don't think there's a word or a sentence or a handful of both that could accurately describe his unique quiver of skills and traits. I met Barak nearly two decades ago. By that time I already had two decades of security experience under my own belt, and we both had lots of war stories to share. Many stories since, and I can't think of an expert whose counsel I would seek first, or trust more, than Barak's. -- Neal O'Farrell, Executive Director of the Identity Theft Council We are all wired to soak up stories and narratives - and that is where this focused, well-organized and colorful collection of information security anecdotes really shines. An important reminder that career success in the world of information security demands not just technical aptitude, but solid communications, problem-solving and even diplomatic skills. And a little snark doesn't hurt! If you like to laugh while you learn, give this short book a read. -- Ben Smith, Field CTO at RSA Security Sometimes a great notion starts with a simple idea. Just like in his previous book "Why CISOs Fail," Barak Engel distills decades of experience into those "Aha!" moments that seem so obvious in hindsight and yet so elusive beforehand. One of the things that always impresses me about Mr. Engel is how he effectively cuts right to the root of things, going beyond the threats, the vulnerabilities, the technology stack, and even the business dynamics, to the people that operate across all of those layers. As he always does so well, the insights and lessons are made accessible to a broad audience with Mr. Engel's distinctive wit and unassuming style. As he says, "a good storyteller will pretty much always defeat any security system"! -- Dylan Capener, Director of Security Engineering, Box Stories and commentary abound in "The Security Hippie." I may even recognize a number of them, with a wry smile. This isn't a technical manual, per se. It is a series of vignettes and lessons learned from being out there in the field and experiencing first-hand the world of information security (and a smattering of privacy) in companies large and small. There are strategies for how-tos, should-not-do, should-have-done, all with a dose of logic and a common sense approach to security. This is highly recommended reading for anyone interested in some keen insights and the thought process and rather different way of looking at relevant issues in security and privacy. Marc Escuro, Privacy Program Manager, Facebook Backword Akin to a foreword, shouldn't a backword be something that one writes after having read it and is then providing a review? The beauty of having wor…