How to
Jonathan Crowe
Dec 2016

Introducing the Open Source Cybersecurity Playbook (eBook Preview)

Photo by Source


The hardest thing about security is knowing what to focus on first. That's where our new guide comes in... 

With another year nearly in the books it's time to step back, look around, and see where things stand at your organization in terms of security. What improvements have you made? What's still on your to-do list? What do you know now you didn't know a year ago? What do you now know you don't know? What can you prioritize learning heading into 2017? 

Don't get too discouraged if you're not feeling too confident, or if you find you have more questions than answers. According to a recent survey of 700 security practitioners, the average organization is less confident in its security posture than it was this time last year. 

On average, security practitioners gave their organizations a grade of C- in cybersecurity. 

cybersecurity confidence grades.jpg

Source: Tenable Global Cybersecurity Assurance Report Card

The top three reasons for the drop in confidence? 

  1. the "overwhelming cyber threat environment"
  2. low security awareness among employees
  3. lack of network visibility (BYOD, shadow IT)

Whether you’re new to security or a seasoned pro, chances are you find at least one of these things challenging. After all, new threats are constantly emerging. The workplace and work habits are rapidly evolving, too.

As a result, priorities are shifting all the time. There’s a lot to be distracted by and it’s easy to feel like you’re perpetually playing from behind.

A Practical Step-by-Step Playbook for Securing Your Organization in 2017

If you're like the majority of practitioners, security isn't the only thing on your plate. To help you make the best use of your limited time we've teamed up with security tactician Pete Herzog to create The Open Source Cybersecurity Playbook, a complete, customizable IT security plan for protecting your organization against cyber attacks and data theft. 

We designed the Playbook to provide IT pros with a practical, step-by-step framework designed for generating quick wins as well as long-term, sustainable progress. That means no fluffy or unrealistic best pratices. Just actionable tips and real-world tactics you can start putting to use now.  

Thanks in part to Pete's persistence (of which he has loads), we also decided it was important to make the Playbook available to anyone with as little barriers as possible. That's why we're publishing it un-gated (no email address required!) and making it open source. 

Ready to check the Playbook out for yourself? Download it here.

What you'll find inside:

  • Scouting Reports: Profiles for the most common security threats you need to be prepared to face.
  • Your Game Plan: A list of real-world tactics for good, strong security.
  • Looking Downfield: Tips for setting yourself up for success both now and in the long run as threats evolve. 


More about Pete and ISECOM:

Pete Herzog is Managing Director and co-founder of the Institute for Security and Open Methodologies (ISECOM), a non-profit, open research organization focused on all things related to security and hacking. Pete is also author of the Open Source Security Testing Methodology Manual (OSSTMM) and creator of Hacker Highschool, a program designed to teach cybersecurity to teens.

Pete is up to all sorts of interesting security research, and he provides a variety of security training, seminars, and certification, too. Learn more at

Send us your feedback!

Thanks in advance for checking out the Playbook. We hope you find it useful and would love to get your thoughts on how we can make it even better. Send any questions or feedback to jonathan dot crowe at

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.