Author: James Bore
ISBN No: 9781 7385 15301 (hardback)
Review date: 19/11/2025
No of pages: 256
Publisher: Security Blend
Publisher URL:
https://securityblendbooks.com
Year of publication: 01/01/2024
Brief:
price
£20
James Bore’s collection of articles about cyber and security is enjoyed by Mark Rowe.
Usually the reviewer reads the book first and then maybe gets to meet the author. With James Bore, it has been the other way round for me. I met him at one of Phelim Rowe’s events (no relation) and in May at the London offices of Corps Security who were hosting a thank-you evening for all to do with the Chartered Security Professional (CSyP) status. James was there; he’s a CSyP.
Would James in his writing turn out to be as friendly and intelligent as he is in real life? In a word, yes. He writes early on about how he came to be in information security; he ‘dropped out of university’ in the 2000s and went into work, as a network manager for a school, ‘having their data protection issues and ISO 27001 compliance dropped into my lap immediately’. While school IT guy is not the stereotypical entry into private security, via the police or military, like so many, he found it ‘dropped’ on him, and found it to his liking. Note the use of 27001, an international standard for information security management, which equally means physical security (protection of the actual paperwork or machines) and cyber (hacking). In other words, info-security is real-world. James has a welcome knack for making sense about info-sec. That’s not to deny a place for the technical knowledge; someone in a security department has to know their way around that. But as James writes, cyber is ‘ultimately about the protection of assets from threats, relying on principles of risk management’, and (he adds elsewhere) the applying of controls.
Cyber (to quote from one of the later of the collected 30 articles that began in 2019) is at once about devices – by the billion; and, ever more inter-connected, garage shutter talking to fish-tank; while ‘cyber security also concerns itself with issues such as social media disinformation, ethics, and social attack vectors using technology’. As he adds, ‘it’s almost impossible to consider any aspect in complete isolation’. Wisely he admits that ‘no defence is perfect’, partly because threats are changing at such a pace. That said, and as the author of a foreword Lisa Ventura notes, though the articles are up to five years old (a fair time in tech terms), much remains unchanged, such as principles; and myths. She lists four (‘you need a degree to get into cyber security’ – James didn’t, though he did take a master’s; ‘strong passwords will keep business safe online’ – except that, does every account have a strong password?!; ‘robust cyber will cost too much’ – many useful things cost little or are even free; and ‘cyber threats are always external’ – what about insiders, and suppliers?).
To single out chapter 29, James takes us through the social phenomenon of ‘parasocial relationships’ and the extremes that people go to, doing crimes or contemplating (and carrying out) suicide because the chatbot or artificial intelligence ‘companion’ encourages them. As James frankly points out, these social media subscription services are exploiting and monetising ‘the loneliness epidemic’. The illusion of a personal relationship ‘can lead to a distorted perception of reality’. When or how should the social media platforms and AI developers intervene, if users are harming themselves and others as a result of becoming unhealthily dependent on the product? Talking of reality, James closes with a word on the future; use of analytical and generative AI will continue to grow, by those in authority and dissenters alike. We can expect ever more, and more convincing, disinformation.
This review can only give a flavour of the sheer variety of topics – self-driving (or as James puts it ‘self-destructing’) cars, social engineering, the law around cyber, ‘deep fakes’, ransomware, phishing, the security (or lack of it) around smart homes. May I single out one quite recent article that I found especially intriguing, about ‘close protection in virtual worlds’. Given that as James states ‘even the most cartoony or unrealistic forms can be surprisingly immersive and engaging’, do influencers and other celebs when in these online worlds (or business chiefs when talking to employees as an avatar on some platform) require protection, the same as when out and about they have human bodyguards to keep stalkers and gawkers at arm’s length? While it’s still early days to form an answer, given the anonymity online, people may feel more ready to assault others online than they would in real life (if we may still assume ‘real life’ is the physical world).
Perhaps the finest compliment I can pay is that having read James’ collection, I await eagerly what he has to say about the next five years.
