Curious about cybersecurity?

Cybersecurity in Context introduces cybersecurity to undergraduate students and for self-study

The book uses a new approach to teaching cyber—Cybersecurity in Context supports a three or four-credit course with a technical lab

Cyber is a technical field. You can learn technical skills and have a rewarding career in cybersecurity

Cybersecurity in Context is forthcoming (Wiley September 2024)

Cybersecurity in Context

Preorder Now

At Wiley
At Amazon

Cybersecurity in Context introduces students to the most important themes that envelop the field

Everyone now has a stake in the healthy functioning of computer communications and control networks, in the devices and services dependent on these networks, and by implication, in all of the complicated infrastructure required to keep networks, devices, and services operating.

Cybersecurity in Context explains how cybersecurity has come to encompass these interests, how cybersecurity is conceptualized, and how cybersecurity concerns and rules permeate the public and private sectors.

Written for introductory cybersecurity courses, Cybersecurity in Context outlines the most important forces that have come to shape cybersecurity—from macro-level concerns, such as the security of the state and the operation of an innovative private sector, to micro-level concerns and individual decision-making.

Cybersecurity in Context explains internet technology with hands-on exercises showing how the internet is vulnerable and why software and hardware exploits stubbornly persist.

Comprehensive treatment of the epistêmê and technê of cyber

Cybersecurity is as important as it is exciting

Cybersecurity experts protect the associational, free speech, and privacy rights necessary for a free society

Students—Imagine a future you… Working in cyber, you…

  • Analyze whether a series of posts on social media are the product of authentic user activity or part of a coordinated attempt to influence understanding of a political issue
  • Help a client investigate a security incident to determine its severity
  • Inspect a suspicious software package that was emailed to your COO. Within the software, you find that malicious code seeks to steal valuable trade secrets from your company
  • Examine the logs of recent voter registration changes at the Secretary of State’s office. You learn that someone has systematically changed the registration records of voters from poor neighborhoods around the state
  • Test a network to determine whether an adversary can access devices on the network and take them over

Cybersecurity in Context includes a full set of resources for teachers

We reject “find the answer” teaching. Our formative evaluation exercises offer the student the opportunity to develop their own arguments and insights.

The book comes with:

  • A collection of technical exercises with a companion VM
  • A full set of slides, refined over years, keyed to each chapter of the book
  • The book has over 120 discussion prompts, and sample discussion points are in the teachers manual
  • Each chapter has at least one significant assignment, designed for individual or group projects—there are 30 exercises in the book
  • The teachers manual is over 100 pages long and it actually useful. It proposes different assignments and ways to teach the course.
  • A model syllabus
  • Two chapters teaching policy analysis and scenario planning
  • The course can be taught with an exam, or with a projects-based focus

The book focuses on the key wrapping elements of cybersecurity: Frameworks, not this week’s security breach. Think economics, psychology, military science, IR theory, and law

Committed to inclusion

Anyone—including you—can learn the skills necessary for success in cyber

Do not be intimidated by technology! Technological skills—like all skills—can be learned. Cybersecurity in Context sets students on the path to learning the technology of cybersecurity with hands-on labs. There are no prerequisites.

Cybersecurity leadership requires many non-technical skills as well, ranging from management to analysis to policy evaluation and implementation. The most successful people in cybersecurity blend technical prowess, soft skills, and policy context. This is why Cybersecurity in Context connects the dots among theory, law, and policy implementation of cybersecurity rules.

You can do well while doing good in cybersecurity. According to the US Bureau of Labor Statistics, the median pay for information security analysts (an entry level position) is just over $110,000. Highly-skilled candidates may make several times this much, or more. And even better: the U.S. government predicts the field will grow more than 30% in the next decade. Positions are available across the nation.

There is a career for you in cybersecurity.

The Labs

Cybersecurity in Context comes with straightforward labs that could be assigned as homework or used to support a 1-credit in-class lab. The website has a special virtual machine we have prepared that has all the tools and data necessary. We recommend that all students do the Introduction to Linux first. But after that lab, one could teach them in any order. The order we have below roughly follows themes of the book.

Introduction to the Linux (and Mac) Command Line

Many cybersecurity tools are command line-based and it’s also very useful from a basic computer literacy standpoint to understand how to interact with computer systems using the command line. Many common computing tasks can also be handled much more quickly and efficiently from the command line. This lab teaches basic navigation of the filesystem, creation of subdirectories, copying and moving files, editing files using vim or emacs, sorting data, searching for keywords in files, and more. This is a very basic lab, although it will be revelatory for students who have never used the command line.

Basic Cryptography

This lab explores some basic historical ciphers and also the use of modern cryptographic tools to encrypt and decrypt data. Most of these tools are command line-based, so it’s essential that students are familiar with using the Linux command line.

Password Security Lab

The purpose of this lab is to gain practical experience with password security—and insecurity. Students will use a powerful password cracking tool called John the Ripper to attempt to crack ZIP files encrypted with passwords of various strengths and to crack Unix (specifically, Linux) passwords.

Social Engineering Lab

The purpose of this lab is to gain some basic experience with social engineering tools. These are used in penetration testing (evaluating the security posture of an organization) as well as for attacks. Experience with how social engineering attacks are conducted will help students improve their own security posture.

Personal Security Lab

In this lab, students conduct a personal security survey and explore some tools commonly used to discover social media accounts, physical locations, and vulnerable devices

Network Security Lab

The purpose of this lab is to gain some familiarity with tools that are commonly used to analyze computer networks. Students will learn to use nmap and zenmap to perform network scans and identify networked computers, what services they’re running, and other characteristics (such as which operating systems they’re running). First, you’ll use the command line tool and then the official GUI for the tool, which simplifies use of the frequently very complex options for nmap.

Digital Forensics Lab 1

The purpose of this lab is to use common digital forensics tools to recover and examine digital evidence from a hard drive image (a copy of a hard drive recovered from a crime scene). Students will use tools such as fls, fsstat, and scalpel.

Digital Forensics Lab 2

Students will use the memory forensics framework called Volatility to examine volatile evidence—that is, evidence that is not permanently stored on a hard drive and that exists in a computer’s memory. Memory forensics is now considered an essential tool for solving crimes involving digital devices because malware can exist only in memory. But the tools are still relatively complex to use. Because of this, the lab is set up as a walkthrough that lets the student mirror an experienced investigator’s steps

Malware Analysis Lab

The purpose of this lab is to gain some practical experience with malware analysis. Students will use Strings and popular commercial sites such as Virus Total. An optional part of the lab, at the end, explores the source code of a short malware sample written by the authors of Cybersecurity in Context

Web Security Lab

In this lab, students will use some common tools for assessing the security of websites. This includes
scanning for hidden pages, enumerating subdomains, and performing some simple web exploitation exercises.

Simple Software Exploits Lab

This lab focuses on two pervasive, poorly managed problems in cybersecurity: first, that
software engineers often fail to limit how users can input information into programs. The
“input validation” problem allows malicious users to craft inputs that result in unauthorized
execution of commands, bypassing authentication, etc., thereby undermining confidential-
ity, integrity, and availability. Second, “memory corruption vulnerabilities” allow malicious
users to cause software to misbehave, resulting in similar compromises to confidentiality,
integrity, and availability.

Meet the Authors

Golden G. Richard III

  • Professor of Computer Science and Engineering at Louisiana State University
  • Director of the LSU Cyber Center and Applied Cybersecurity Lab
  • Associate Director for Cybersecurity, Center for Computation and Technology (CCT)
  • Fellow of the American Academy of Forensic Sciences
  • Over 40 years of experience in computer systems and security
Golden G. Richard III

Chris Jay Hoofnagle

  • Professor of Law in Residence at University of California, Berkeley
  • Affiliated faculty, Simons Institute for the Theory of Computing, Center for Security in Politics
  • Author of The Quantum Age (with Simson Garfinkel, Cambridge Univ. Press 2022) and FTC Privacy Law & Policy (Cambridge Univ. Press 2016)
  • Of Counsel to Gunderson Dettmer, LLP
  • Serves on boards for Constella Intelligence and Palantir Technologies
Chris Jay Hoofnagle
Odysseus offers the cup
Odysseus offers the cup of wine to the stupefied Polyphemus while his soldiers prepare a spear to blind the cyclops. Generated with Dall-E v3.

The Hero and Cybersecurity in Context

We decorated Cybersecurity in Context with allegories from the Iliad and Odyssey. Why?

Recall from the story that Odysseus convinces Polyphemus that his name is “Noman.” Odysseus intoxicates Polyphemus with wine while his soldiers sharpen a stake and use it to blind the giant once he loses consciousness. Polyphemus calls for help, but falls for the trick of telling his friends “Noman is killing me,” and thus the rescuers leave confused. Once Odysseus is on the escape, he announces his true identity to Polyphemus.

Conflicts in cybersecurity often have similar dynamics—anonymity, the tricking of a victim into creating a vulnerability, rapid action that serves the attacker’s goal, misleading the victim about the identity of the attacker, sometimes attribution of the true identities of attackers, along with many avenues of pursuit against the wrongdoer.

As you consider the allegory, know that thinkers in cybersecurity are not certain whether cyberattacks are most like the deception surrounding Odysseus’ name, the wine, or the stake. As cybersecurity evolves, it may take the form of one or all three of these elements.

Cyber and Mētis

The Iliad and Odyssey are infused with the Greek concept of Mētis. Mētis, the Greek Titan mother of Athena, represented wisdom and cunning.

Mētis presents a dilemma: we are ambivalent about tricks and tricksters. On one hand, we admire tricksters. Yet on the other, tricksters can wreak havoc. Homer put the clever and their tricks at the center of the story—Penelope’s loom, Athena’s disguise as Mentor, Patroclus’ donning of Achilles’ armor, Helen’s perfidies, and Odysseus’ too-many-to-enumerate schemes.

The tricks in the Odyssey and Iliad are relevant to today’s cybersecurity conflicts. Cyber creates new opportunities for ingenious cunning and for a new generation of heroes

Emily Wilson, in her translation of the Odyssey, opens the work by describing Odysseus as “complicated.” And so are our feelings about the modern tricks so frequently used in cybersecurity.

Polyphemus throws the stone
Odysseus used a pseudonym—Noman—to trick Polyphemus. But as he escaped the cyclops, Odysseus proudly announced his true name. Nowadays, many computer attackers exhibit the same behavior: they announce their identity to claim responsibility for hacks. Generated by Dall-E v3.

The Details

Cybersecurity in Context will is available for pre-order, arriving September 2024

General

ISBN: 978-1-394-26244-1

For Faculty

Use the Wiley faculty site for access to the teacher’s manual, a model syllabus, and discussion prompts

For Students

TKTK

For Self-Study Students

You can download our VM to study cybersecurity on your own

Bibtex

@book{hoofnaglerichard2024,
title={{Cybersecurity in Context: Technology, Policy, and Law}},
authors={Hoofnagle, Chris Jay and Richard, Golden G.},
year= 2024,
publisher={Wiley},
ISBN= {978-1-394-26244-1}
}

High resolution cover

Cybersecurity in Context Cover