Book Reviews

Book Reviews


Book alert, Behind the Screen: Hacking Hollywood, by Mark Stone


By Stephen Northcutt

As a computer security author, I am always interested in hearing about other authors and their projects. Here is one from Mark Stone and he has been working on a project called Behind the Screen: Hacking Hollywood. Who knows, he may be a household (SOChold?) name in a year or two. Mark wrote to the SANS Security Laboratory and said:


I've written a novel with computer security as a main theme. It is a work of fiction and has many thriller elements, but there are many lessons to be learned throughout the book regarding information security practices. As far as I know, there are few, if any, fiction books that are set in the world of computer security. It is currently being published by iUniverse, and there are several literary agents reading through it whom I hope will get it sold to a big publisher. In the meantime, do you think you would be interested in making the book available somehow through SANS? I would be happy to work with you in ensuring that the arrangement is a win/win for both parties. I have no problem providing you with an advance copy if you are interested.


Well, Mark, we can certainly tell people about the book (which I see is available on Amazon.com), why don't you tell us about the book?

Computer security specialist Jonathan Davis's daily routine includes monitoring firewall and intrusion detection logs for a large financial services company in Palm Springs, California. The job is mind-numbing until, like some of his fellow employees, he begins compromising the privacy of others - the very thing he was hired to protect - for his own amusement.

It isn't long before Davis comes upon a scandalous e-mail from one of Hollywood's hottest stars. A recovering gambling addict swimming in debt, Davis believes his prayers are answered when he sells the star's e-mail to a gossip magazine for a hefty sum. With his debts paid off, he intends to put the indiscretion behind him - but the magazine wants more and will go to any lengths to get it.

As if that isn't enough to keep him up at night, Davis becomes privy to a sinister plot to murder the very celebrity whose secrets he has been selling. With his love life in turmoil, his career in the balance, and his very life on the line, Davis must summon more than his technical expertise to save his girlfriend, her daughter, and Hollywood's elite.

Behind the Screen is a technological thriller that will make anyone think twice before hitting "Send".


And can you tell us just a bit about yourself and your security background?

When I am not writing weekly articles on computer security (or books with an information security theme), I am a consultant for my company, Triad Security Consulting located in Kelowna, BC. I've been in the Information Security industry for nine years and in Information Technology for over 20 years. I am a Certified Information Systems Security Professional (CISSP) since 2001, and a strong advocate for promoting computer security awareness and policy in organizations. I believe that security is not solved with technology, but with solid security awareness and knowledge from the company's employees and management. I work with Human Resources departments and ensure they are the catalyst for promoting proper information security policies and procedures in their organizations.

Before moving to Kelowna, I was an information security analyst for a large government organization. What began as a job monitoring firewall and intrusion detection logs, morphed into a position in which the monitoring was more of the company's employees and their online adventures. I'm sure everything I saw was nothing worse than you'd find at any given organization, but some of the issues were shocking, even for a guy who thought he'd seen it all. I would have loved to write a tell-all about everything I came acrosss, but didn't want to get sued. Thus, Behind the Screen was born. I was able to fictionalize my experiences and create a wild thriller of a plot, all at once.


Writing a book is a lot of work, but I for one find it rewarding. How did the project go for you?

Writing the novel was a wonderful experience. It made me realize that writing is something I want to do for the rest of my life, and that it is my life's passion. I hope to make a career out of it, while still keeping up on all the goings-on in the wonderful world of information security. I can't see myself ever losing interest in how information security is evolving.


Can you share a section from Behind the Screen, an excerpt?

As usual, John began his daily routine of checking the firewall and intrusion detection logs. If there were to be a cyber-attack from the outside world, the logs would be the best place to look.
"Ya know, I'm starting to wonder whether these logs are ever going to reveal anything fun!" John said.
"It's not really about fun though, this is the way it is. Welcome to the life of a security analyst," Dan pointed out.
Dan Thompson is John's supervisor. Dan was instrumental in hiring John, seeking him out from a job bulletin posting for Certified Information System Security Professionals. Both were certified CISSP, each having suffered through the six-hour certification examination. They often commiserated over the experience that never failed to leave the exam participant feeling like he or she were just run over by an eighteen-wheeler. With spiked tires.
"I know, I know. I was just hoping that there'd be more to it than just reading logs. Do you know how hard it is on the eyes?"
"That's why you're the one doing this shit. See these glasses? My eyes don't work the same as yours, Mr. Security Baby," Dan said rather sarcastically, making reference for the tenth time this week that John, at thirty-four, was the youngest in the security department.
John's two-month tenure of professional boredom ended abruptly with an email from Barbara Stevens.

From: Stevens, Barbara
To: Davis, John
Subject: confidential
Hey John,
I was wondering if I could meet with you sometime. There is a serious issue here that I hope you can help me with. I work in the insurance department on the 3rd floor, and I got your name from a co-worker. I trust what I tell you will be kept confidential.
Barb


John was ecstatic. After months of reading logs, it seemed like he was finally going to get the chance to do something interesting! Secretly, he wondered what this Barb looked like. Before he even had the chance to reply, a shadow appeared over his computer screen and there was a woman lurking over his shoulder.
"Are you John?" the woman said.
"That would be me. May I help you?" John replied.
"Yeah, I'm Barb, I just sent you an email."
"Wow, you're fast! This must be pretty important. How did you find me by the way? And how did you get into this area?" John asked. Non-IT staff was not supposed to have access to the Information Technology area.
"I have my ways. Let's just say I know a lot of people here in IT," Barb bragged.
"Well, we'll save that discussion for later, but what can I help you with? That email sounded pretty serious. Tell me all about your problems," John said, in his best Sigmund Freud imitation.
"Come with me," Barb blurted out quickly, as she dragged John by the arm and led him down the hall.


OK, you certainly have my attention with that section. Why don't you tell us a bit about yourself, what do you like to do for fun?

My wife and I read a ton of books and watch a whole lot of movies. Nothing impresses us more than great writing, whether it's for a book, TV, or film. The current Hollywood writer's strike is going to stifle our enjoyment of current entertainment choices. I sincerely hope that the writer's strike ends shortly, and that one day I will be one of those writers who is making a living providing Hollywood with more great creative diversions.