Book Review: Digital Resilience, by Ray Rothrock

There was a time in America, decades ago, when one would feel obliged to possess a good working knowledge of science and technology to be considered a well-rounded adult. This is how physicists like Einstein became mainstream celebrities, attending film openings with Charlie Chaplin, and being hailed for scientific contributions. Years later, NASA engineers were treated accordingly, especially by young people hoping to someday design rockets.

Today, there are mixed results when groups of adults, especially corporate executives, are asked about their collective level of understanding of technology – which translates mostly to the Internet. This also goes for Internet security, where C-Suite captains can point to the risk, but might have as much understanding of how it works as they would about nuclear fission. This creates an obvious need for books to help address this problem.

I spent time with cyber security company RedSeal last week, and shortly thereafter purchased a copy of Digital Resilience by their CEO, Ray Rothrock. I must say that I found the book informative and entertaining – which is unusual for most of the published works that appear on my desk each week (usually sent for free by publishers who see my .edu connections and covet student purchases). Here is a summary of the book and its approach:

The book is written for executives and managers – as evidenced by the subtitle: “Is Your Company Ready for the Next Cyber Threat?” Interspersed throughout the narrative, Rothrock includes that familiar management tool anyone who works in a corporate environment will understand: Action Items. I found these to be useful as I went through the book, because they helped to identify where the author saw primary emphasis.

One good example shows up in Chapter 4 entitled “Digitally Bound,” where Rothrock provides an explanation of how networks and infrastructure were designed. One of his action items was this: “Learn all you can about the basic structure of digital networks. This will aid you in making decisions that contribute to digital resilience.” I can think of several bosses I’ve had in the past who would have benefitted from such advice.

Rothrock also includes a Takeaway section after each chapter – another nod to the executive reader targeted in this book. One summary point made at the end of Chapter 6 on “Digital Resilience” starts with this: “The universal Catch-22 of business today is that connectivity, a business necessity, creates vulnerability.” He goes on to say: “Security alone prevents neither attacks nor breaches.” And he is 100% correct.

With data security so prevalent in the mainstream and business press, non-technical executives might make the mistake of believing that they understand the relevant issues through briefing osmosis. My advice is that they spend time with Rothrock’s book to make certain that they really do understand the basics. Cyber security is more complicated than meets the eye. It’s much more than just passwords and click avoidance.

Action Item: If you’re an executive or manager, then order a copy of this book. (And if you’re not, then please buy a copy for a manager or executive you might know.) It’s best to read the narrative carefully and to memorize the takeaways. The book includes practical advice that is easily absorbed and that can be put into practice immediately. And please let me know what you think of the book after you’re gone through the material. Enjoy.