About the Book:
Cyberjutsu is an approachable and enlightening guide to modern cyber security and espionage, based on secret techniques shared in ancient Japanese ninja scrolls. Like Sun Tzu’s Art of War for Modern Business, this book uses ancient ninja scrolls as the foundation for teaching readers about cyber-warfare, espionage and security.
Cyberjutsu brings the tactics, techniques, and procedures ninjas used in feudal Japan into today’s cyber security battlefield, creating an essential handbook for cyber defenders. The book uses authentic Japanese scrolls to analyze how real ninjas thought about and practiced information assurance, security, infiltration, and espionage that often required covert, unauthorized access to heavily fortified organizations–many of the same concepts cyber security professionals deal with every day. Readers learn: how to map a network like an adversary; how to place network sensors like a ninja; how ninja used social engineering techniques to slip into castles and how ninja installed backdoors and implants into castles; anti-attribution tactics used by ninja to protect their employer and punish the enemy; ninja command and control communication (C2) techniques and much more!
Guest Reviewer Craig’s Thoughts:
Mr. McCarty has produced what I absolutely have to call a labor of love. As a career cyber security professional I have read and authored more than a few of these. McCarty has summed up his knowledge of cyber security and married it with his learnings of the ninja stories of old Japan. At the risk of marginalizing his effort, this has been done before in the cyber industry with the work of Sun Tzu, the Chinese military general. So, what new is brought to the table in this effort? As a start, McCarty uses very specific Ninja examples and intertwines them with technology and defense, and marries in the most important and often missing pieces of thought and analysis.
This book is not intended to be an introduction to cyber security. I believe the author makes the assumption that his audience is either tasked with protecting a cyber infrastructure or in hiring and managing those professionals. With that audience in mind I would definitely recommend this book with some caveats. There is much value in the descriptions, analogies and schemes as described. The cyber technology presented is correct and complete. I am no expert in Ninja warfare, but the analogies absolutely makes sense to me. However, the suggested and recommended implementation(s) of his program is highly idealized. He repeatedly recommends programs, processes or plans that would not be “minor tweaks” to current corporate culture, but wholesale shifts in thinking and structure! One of his most simple suggestions is, hire intelligent, patient, capable, loyal, and eloquent staff. From your lips to God’s ear sir! Do we have such a person? Do we have them in quantity?
The author is strong on the “what” to do. I wish he had answered the question of “how” to do it. I believe a wholesale shift in cyber culture would be required! Additionally, we would need the development of soft skills not currently taught, else, we will continue muddling along. I’m reminded of the phrase…the ability to detect failure requires the same skills as to create success. To that end, Mr. McCarty has given us road map. Unfortunately, I believe it’s one that we likely can’t follow at this moment.
I loved the author’s analogies of ninja warfare to modern day cyber security. It made me think of malware and virus threats. Unlike my co-reviewer, Craig, I’m not well versed in protecting the cyber infrastructure of a business. As a novice, I appreciated the author’s analogies to make his point. I will say that much of the technical discussion was…not over my head but out of my wheel house. I did feel the target audience was not the uniformed user of technology (me) but a new IT manager tasked with securing a company’s cyber assets.
Clearly an important topic, and I hope that Cyberjutsu – Cybersecurity for the Modern Ninja finds its way to the many people tasked with cyber security for their existing or newly formed company. As a mere user of technology, I found the risks presented absolutely frighten! I imagine that creating a secure system from the start would be easier than applying Band-aids to an existing one.
About the Author: Ben McCarty is an American author, veteran, inventor and cybersecurity professional.