A very shallow book that covers the entirety of defensive security. This is not really a criticism, just that in trying to cover all parts of defensive security it cannot be very in-depth about any particular subject. It does provide the topics which you can then continue researching and can act as a quick reference and perhaps that is where it's real value is. I did come out learning something from this, and if I was starting in cyber security without any knowledge at all it would be full of new learning topics.
Unfortunately it does not stay at the high-level description of the various techniques and aspects that you need in order to create a comprehensive security program. It goes from describing processes and policies and then explaining how to use UNIX specific tools complete with code snippets. Additionally I am a bit disappointed that it doesn't really point towards where you can learn more about a particular subject so I have to go digging around for books and learning materials on SIEM for example instead of having a list of recommended further reading.
Overall an alright book that is good to skim through to ensure you are aware of all of the many different aspects of defensive security

I agree with other reviewers that the target audience for this is confusing to me. It varies wildly between being very broad and very specific. I still found it useful for introducing key terms and linking out to further references. It's probably most useful for individuals who have never worked in an organization with a security team, and who are interested in learning basic best practices, security team responsibilities and processes, etc.

Good book to read through and see all the relevant information in a single place. Someone beginning in defensive security may find it useful too, but will probably look up other sources for the important topics: I found some of the details a bit random.

This is a not bad overview of the variety of things you should do to secure your technology infrastructure. If you've been down in the weeds trying to pass the CISSP for example, this comes up for air and is pretty high level. Of course that is the disadvantage as well: Examples don't go very deep, and the breakdown of concepts can be a little too generic.

But in 2019 (the book was apparently written in 2016 and published in 2017) the book is dated, and was dated in 2017:

* Very little mention of cloud vendors like AWS;
* Very little mention of true Internet-scale solutions. So we get, for instance, Snort but not AWS services or ThreatStack which provide similar functionality at high volumes;
* Very behind on the software-development life cycle, even for 2017: For instance, no mention of contemporary continuous integration, and nothing about how this can now be a cloud-based service.

The author would probably say: Well this is about securing your infrastructure; but that train has left the building; everyone is at least hybrid (infrastructure split between on-prem and some kind of cloud, be it private or public).

The book also does things that are just irritating. It classes Ruby with Python and Perl because it's an interpreted language with flexible typing systems (p. 181). True enough. But Rubyists know that, and that is why they have some of the most deeply ingrained habits of testing. Automated testing is said to be "more complex and time-consuming to set up compared to static testing" (p. 184; I guess, but the book also acknowledges that static testing doesn't really work) but then doesn't mention things like JUnit, RSpec, etc. So the high level means you can't get a taste of the mainstream tools that make automated testing easier.

Finally, the chapter on Purple Teaming (ch. 18) is kind of phoned-in with largish screen shots that don't provide a lot of information. There's even a bit that says you can download Rawr by typing "git pull link-to-git-repo" -- what? Was there value? It was nice to read some distinctions across various terminologies and there's some nice advice here and there but . . . there sure is an opportunity for something similar that somehow digs into more interesting examples.