An imaginative fairy tale that also acts as a primer on cybersecurity.
In a world where cyberattacks are a very real and frightening threat to most businesses, Finney offers an authoritative instruction manual, tucked into a world of fantasy in which characters all work together to learn important life lessons. Harmony Evergreen is an elf whose father, Honest, is the CEO of a magic wand company that finds itself under attack from competitors who sell knockoff wands. After a security breach results in a leak of the company’s customer information, an angry witch turns Harmony’s father into a statue. Harmony decides to use the last remaining magic wand to go back in time and try to prevent the leak from happening. She learns through trial and error how to form a culture of security among her employees, and readers will learn along with her. She must figure out who to hire for her security team, how to train her employees to spot “phishing” emails, and how to create redundancies in duties that prevent a single employee from stealing money or data. The central lesson of the book is that all of a company’s employees must work in tandem to enable cybersecurity’s success—from elf CEOs to groundhog midlevel managers and beyond. The lessons are driven home in chapter summaries that translate Harmony’s fictional quest into real-world challenges. Finney is the chief security officer at Southern Methodist University in Texas and has worked in cybersecurity for more than 15 years, so his words ring true when he advises his target audience about the cultural changes that can protect a company against attacks. He’s also written screenplays and novels, so his manual is dotted with numerous plot and character details that have nothing to do with cybersecurity but simply make for a good read. For example, the cast not only includes elves, wizards, and gnomes—it also has talking pigs, groundhogs, and rabbits. At not quite 130 pages, it’s a short book as well—one that would make an ideal accompaniment to a cybersecurity seminar for people who are new to the subject.
A lively plot and brief chapters will evoke CEOs’ and business managers’ memories of bedtime stories—and make them want to learn more about preparing for cyberthreats.