Roger Grimes has worked in the computer security industry for nearly three decades, and I’ve had the pleasure of knowing him for roughly half that time. He’s one of a select few professionals I’ve met who clearly has security in his bones—an intuitive grasp of the subject that, coupled with his deep experience catching bad guys and rooting out weaknesses in security defenses, makes him uniquely qualified to write this book.

Roger first began writing for InfoWorld in 2005 when he sent an email criticizing the work of a security writer, a critique that carried so much weight we immediately asked him to contribute to the publication. Since then he has written hundreds of articles for InfoWorld, all of which exhibit a love of the subject as well as a psychological understanding of both malicious hackers and the people who defend against them. In his weekly “Security Adviser” column for InfoWorld, Roger shows a unique talent for focusing on issues that matter rather than chasing ephemeral threats or overhyped new technologies. His passion for convincing security defenders and their C‐suite bosses to do the right thing has been steadfast, despite the unfortunate inclination of so many organizations to neglect the basics and flock to the latest shiny new solution.

In this book, Roger identifies the ethical hackers in this industry who have made a difference. Their tireless efforts help hold the line against a growing hoard of attackers whose objectives have shifted over the ...