Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Events
Videos
Audiobooks
Packt Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Cybersecurity Beginner's Guide
Cybersecurity Beginner's Guide

Cybersecurity Beginner's Guide: Understand the inner workings of cybersecurity and learn how experts keep us safe

Arrow left icon
Profile Icon Joshua Mason
Arrow right icon
$34.99
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (1 Ratings)
Paperback Sep 2025 350 pages 1st Edition
eBook
$25.19 $27.99
Paperback
$34.99
Arrow left icon
Profile Icon Joshua Mason
Arrow right icon
$34.99
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (1 Ratings)
Paperback Sep 2025 350 pages 1st Edition
eBook
$25.19 $27.99
Paperback
$34.99
eBook
$25.19 $27.99
Paperback
$34.99

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Cybersecurity Beginner's Guide

The Cybersecurity Landscape: A World of Hidden Dangers and Exciting Opportunities

Imagine waking up to find your bank account drained, your private emails leaked, or your company’s sensitive data held for ransom. In our hyper-connected world, these aren’t just plot points for a thriller—they’re real threats we face daily. Welcome to the world of cybersecurity, where digital guardians work tirelessly behind the scenes to protect our online lives. In this chapter, we’ll explore why cybersecurity matters, examine real-world cyberattacks, and introduce you to the unsung heroes who keep our digital world safe.

By the end of this chapter, you will have a profound respect for the real threats posed by cyberattacks and the heroic efforts of professionals in this space who combat those threats, allowing us to utilize technology safely.

We’re going to cover the following topics:

  • Understanding why cybersecurity matters: The digital age and its vulnerabilities
  • Notable cybersecurity events
  • Meet the heroes: Cybersecurity professionals and their roles
  • NIST NICE Framework: A baseline for discussion

Getting the most out of this book – get to know your free benefits

Unlock exclusive free benefits that come with your purchase, thoughtfully crafted to supercharge your learning journey and help you learn without limits.

Here’s a quick overview of what you get with this book:

Next-gen reader

Figure 1.1: Illustration of the next-gen Packt Reader’s features

Our web-based reader, designed to help you learn effectively, comes with the following features:

Multi-device progress sync: Learn from any device with seamless progress sync.

Highlighting and notetaking: Turn your reading into lasting knowledge.

Bookmarking: Revisit your most important learnings anytime.

Dark mode: Focus with minimal eye strain by switching to dark or sepia mode.

Interactive AI assistant (beta)

Figure 1.2: Illustration of Packt’s AI assistant

Our interactive AI assistant has been trained on the content of this book, to maximize your learning experience. It comes with the following features:

Summarize it: Summarize key sections or an entire chapter.

AI code explainers: In the next-gen Packt Reader, click the Explain button above each code block for AI-powered code explanations.

Note: The AI assistant is part of next-gen Packt Reader and is still in beta.

DRM-free PDF or ePub version

Figure 1.3: Free PDF and ePub

Learn without limits with the following perks included with your purchase:

Learn from anywhere with a DRM-free PDF copy of this book.

Use your favorite e-reader to learn using a DRM-free ePub version of this book.

Unlock this book’s exclusive benefits now

Scan this QR code or go to https://packtpub.com/unlock, then search for this book by name. Ensure it’s the correct edition.

Note: Keep your purchase invoice ready before you start.

Understanding why cybersecurity matters

Information has always been a powerful tool—so powerful that entire civilizations have built their survival around controlling who gets access to it. From the beginning of human history, secrets have been guarded, and knowledge has been withheld to maintain power, protect communities, and advance society. Today, this struggle to protect and restrict access to information continues in the form of cybersecurity.

The eternal struggle to protect knowledge has been a constant theme throughout history. From the biblical story of Adam and Eve to the modern-day encryption methods used in cybersecurity, the desire to control and protect knowledge has shaped our societies and technologies.

Unveiling the ancient roots of cybersecurity

Let’s journey through time and across cultures to see how deeply rooted this concept of guarding knowledge is.

In the Judeo-Christian tradition, the knowledge of good and evil was hidden from Adam and Eve in the fruit of the forbidden tree. God’s desire to prevent access to this powerful information shows us that even at the dawn of humanity, there was an understanding that some knowledge needed to be protected for the good of all. We will revisit this story when discussing controls, incident response, and post-incident policy changes.

Across the Mediterranean, the ancient Greeks told the story of Zeus keeping the secret of fire on top of Mount Olympus, out of humanity’s reach. Prometheus, who crafted humans from the spit of Zeus and the soil of Gaia, stole fire from Olympus and delivered it to humans. This was a dangerous act in the eyes of Zeus because with fire came technology, creativity, and power, making humans too godlike, essentially giving them access to knowledge that they did not know how to handle. Zeus sentenced Prometheus to be chained to a rock and have his liver eaten by a hawk every day, healing every night, since he was a Titan, until the bird was destroyed by Heracles (or Hercules).

Prometheus’ theft of fire from the gods represents unauthorized access to powerful knowledge that can be misused. This can be compared to modern insider threats. In 2019, a former employee of Capital One used their inside knowledge to exploit a misconfiguration, leading to a data breach affecting over 100 million customers. Capital One claimed that their Vulnerability Disclosure Program (VDP) made them aware of an exploitable vulnerability in their system. While following up on this vulnerability, the Capital One team discovered that the vulnerability did lead to an attacker exploiting their system and stealing customer data.

In ancient China, the formula for silk production was one of the most closely guarded secrets for centuries. The Chinese monopoly on silk allowed them to control a vital part of the world’s economy. This “information advantage” is similar to how companies today keep their algorithms, processes, and intellectual property under lock and key, both physically and digitally, to maintain their competitive edge in the market.

Even the ancient Indian Vedas, sacred texts of spiritual and philosophical knowledge, were orally passed down only to select individuals who were deemed to have the proper understanding and capability to handle such powerful insights, preserving the integrity and authority of that knowledge.

As societies evolved, the need to protect information became a matter of national security. Think of Sun Tzu’s The Art of War, which emphasizes that knowledge of your enemy and yourself is critical to victory. The practice of espionage, from ancient dynasties to modern intelligence agencies, has always revolved around stealing or protecting knowledge. In medieval Islamic culture, scholars protected critical scientific and philosophical works using encryption, creating ciphers that guarded their intellectual property. This was one of the earliest uses of cryptography.

This continues throughout modern history: during World War II, the Navajo Code Talkers used their native language to encrypt US military communications, making it impossible for enemies to decipher their messages. At the same time, the Enigma machine, a German encryption device, was being used to secure military communications. The British effort to crack Enigma at Bletchley Park remains one of the most famous examples of how the ability to access or block information can alter the course of history.

These examples highlight a fundamental truth: the need to protect knowledge is not new. What has changed is the sheer scale of information and the sophisticated tools we employ to safeguard it. What once required codes, spies, and secret agents now demands firewalls, encryption algorithms, and cybersecurity professionals. While the methods and tools may have evolved from code-breaking machines and spies to encryption algorithms and cybersecurity teams, the underlying goal remains unchanged: to control access to information and protect it from those who misuse it.

Bridging the past to the digital present

As we move into the 20th century, the need to protect information becomes increasingly tied to technology. The rapid advancement of industrial, military, and communication technologies requires new methods of securing knowledge. Cryptography, once a manual art, became a field dominated by machines and computers. Securing information took on new dimensions during the Cold War of the mid-20th century. Governments and militaries realized that control over communication and information would be pivotal to their success, in addition to protecting against physical threats. The development of the Advanced Research Projects Agency Network (ARPANET) in the late 1960s marked the beginning of the modern internet. Initially designed for academic institutions and the US military to communicate, the system focused on resilience and security from external threats. Only a few entities, mainly governments, universities, and defense organizations, had access to this early internet. It was a tool for the privileged few—those responsible for protecting nations or pushing the boundaries of scientific discovery.

The network expanded in the 1970s and 1980s, connecting more universities and research institutions. With this growth came a heightened awareness of safeguarding sensitive information. However, the internet remained primarily a tool for academia and the military, far removed from ordinary people’s everyday lives.

By the 1990s, everything had changed. The internet was opened to the public, and what had been a tightly controlled tool for military and academic use became a global phenomenon. Governments, businesses, and individuals were suddenly sharing and storing information worldwide. While the ability to communicate globally created immense opportunities, it also introduced new risks.

Cybersecurity, as we know it today, began to take shape during this period. The rise of personal computers, followed by the dot-com boom, brought millions online. At the same time, threats emerged—from the first viruses and worms to email phishing scams. Organizations and individuals alike were suddenly vulnerable to attacks that didn’t require physical access but could be carried out worldwide with the click of a button.

Hacker culture also rose to prominence in the late 1990s and early 2000s. What had been a community of curious tech enthusiasts grew into a much broader underground movement. Some hackers sought to expose vulnerabilities for fun or challenge, while others did so for financial gain or political motives. The infamous Melissa virus in 1999 and the I Love You virus in 2000 infected millions of computers via separate email attachments that automatically emailed others in a contact list, waking the world up to the dangers of the internet age.

The explosion of connectivity: The past 20–30 years

In the past 20–30 years, the internet has expanded exponentially. What started as a handful of connected computers in the 1960s is a global network that touches nearly every aspect of life. The internet is no longer just for academics, scientists, or businesses. It’s for everyone—no matter where they are in the world. Children in remote villages watch the same cartoons as kids in bustling cities. People across continents speak different languages but interact in the same digital space—thanks to the internet’s vast reach, made possible by fiber-optic cables running under oceans and cell towers scattered across every corner of the globe.

Smartphones, Wi-Fi, and globalized content now connect billions of people. Every home, business, and public space has become a hub of digital activity. The devices we carry—smartphones, tablets, and laptops—are all interconnected, exchanging data over wireless networks, satellite signals, and cables in the air, underground, and even underwater.

This interconnectedness causes an exponential rise in security challenges. From social media accounts being hacked to massive data breaches exposing the personal information of millions, we have entered a new age of cyber threats. The explosion of online shopping, cloud storage, and remote work means that both individuals and corporations are at risk, and the scale of these threats has grown beyond anything that could have been imagined just a few decades ago.

As of today, data is the new currency. In this digital age, the data we produce—our social media activity, personal emails, banking information, or even our movements tracked by fitness apps—can be as valuable as money. Attackers no longer just want to steal passwords or credit card numbers. They’re after everything: medical records, proprietary corporate secrets, and even state secrets.

The rise of Artificial Intelligence (AI) and big data analytics has further complicated the cybersecurity landscape. On one hand, AI tools are being developed to help detect and prevent cyberattacks, automating scanning for vulnerabilities. On the other hand, cybercriminals are leveraging the same technology to launch more sophisticated attacks, using machine learning to find weaknesses in systems faster than ever before.

The past century saw the internet transform from a military tool to a commercial one and now to a fully integrated global resource. Today, the fight to protect information doesn’t take place in physical vaults or war rooms; it happens in data centers, on servers, and within cloud infrastructure. The battlefield is digital, and everyone is a potential target.

But the need to protect that information, whether it’s the private details of your emails or the critical data that runs national infrastructure, is the same as it’s always been. Just as past empires protected trade routes and scientific knowledge, today’s governments, corporations, and individuals must protect their data and digital identities.

Moving deeper into this chapter, we will examine specific examples of cyberattacks, their real-world consequences, and what modern cybersecurity professionals are doing to fight back. Whether preventing state-sponsored cyber warfare, stopping criminal enterprises from siphoning money from corporations, or keeping your data safe, cybersecurity has never been more critical.

Modern vulnerabilities

In the digital world, vulnerabilities are like cracks in a wall—weak spots in software, systems, or networks that can be exploited to get through by means other than those intended. These weaknesses can enable someone to bypass security measures, access information, or disrupt normal operations. Just as a structural crack in a building can lead to more significant problems if not repaired, digital vulnerabilities can lead to substantial risks if left unaddressed.

Every technology we use—our smartphones, computers, and the websites we visit—operates based on rules and processes designed by the people who created it. These rules tell the system how to behave, protect data, and interact with other systems. However, sometimes, gaps or errors in these rules form. When that happens, vulnerabilities form, creating unintended ways for someone to access information or functions that are supposed to be secure.

Common vulnerabilities: Everyday examples

Understanding vulnerabilities doesn’t have to be complicated. Let’s examine some simple, everyday examples of vulnerabilities and how they can be used to access systems in unintended ways. Vulnerabilities can exist for a variety of reasons:

  • Human error: People who design, build, and use technology sometimes make mistakes, leaving unintended system openings
  • Outdated software: If systems aren’t regularly updated, known weak spots remain exploitable
  • Complex systems: The more complex a system is, the more likely it is to have vulnerabilities due to unforeseen interactions
  • Misconfigurations: Improper setup of security settings can leave systems exposed
  • Default settings: Failure to change default passwords or security settings can provide easy access points for attackers
  • Lack of encryption: Unencrypted data transmission or storage can be easily intercepted or accessed
  • Insufficient access controls: Overly permissive user rights can allow unauthorized access to sensitive areas
  • Third-party vulnerabilities: Weaknesses in external services or software libraries can compromise otherwise secure systems
  • Social engineering: Manipulation of human psychology can bypass technical security measures
  • Physical security gaps: Inadequate protection of physical assets can lead to unauthorized access to digital systems

These vulnerabilities manifest in various ways, often with severe consequences. Let’s explore some common types of vulnerabilities through real-world examples that demonstrate the high stakes of cybersecurity in action.

Weak passwords: The unlocked door

Imagine your front door is protected by a lock, but instead of using a strong key, you use 12345 as the code; it won’t do much to stop anyone! The movie Space Balls presents this situation in a comedic turn of events, with one character saying, “That’s the kind of thing an idiot would have on his luggage!” (https://youtu.be/a6iW-8xPw3k?si=lQcQGyg3SKFbUUOy). Police report that most larceny from vehicles occurs because the car is left unlocked and unattended. We will discuss how to avoid this problem in later chapters. Further, many people reuse the same password for many different websites. Unfortunately, so many credentials have been leaked in the past that the combination of your username, email address, and password is available for anyone who knows where to look. We will also address how to find this later in Chapter 11, Open-Source Intelligence (OSINT): Uncovering Information Like a Spy.

Password reuse and weak passwords led to the 2021 Colonial Pipeline Company ransomware attack. The company reacted to the attack by shutting down its pipeline, leading to panic-buying, which caused gas shortages in the Southeastern US. Colonial Pipeline paid the ransom, and while the FBI recovered most of the cryptocurrency, the more significant loss that occurred was due to a loss of business and a drop in stock price due to the company’s handling of the incident.

Outdated software: The festering wound

Imagine you have an injury that is left untreated. The lack of proactive treatment could lead to infection and bigger problems. Not updating your software is similar. While some software updates are rolled out to fix annoying bugs or improve features, the most critical updates occur because of security flaws that were identified and fixed. Now, it is the user’s responsibility to update their computer with the latest version offered by the software developer and ensure effective protection of their data.

In 2022, a system administrator’s personal computer for the software company LastPass was infected because it was hosting an out-of-date version of the Plex video hosting software. Attackers hijacked the administrator’s credentials. With these credentials, attackers accessed the LastPass database and stole thousands of customer records. Due to the event, LastPass saw a massive hit to its stock and a loss of customers.

The consequence of leaving software outdated is further highlighted in the 2017 Equifax attack. Equifax utilized a fairly common website software called Apache Struts. Apache became aware of a vulnerability in its software and told users to install the update promptly, if not immediately. Equifax became a victim of a group hunting for this exact Apache Struts vulnerability in large companies. The vulnerability was easily attacked through the Equifax website, and attackers got in and wreaked havoc on other unpatched systems. By the time Equifax was able to remove attackers and seal up their environment, over 140 million customers had been affected. Many of those affected did not even know they were Equifax customers. Because Equifax is a credit bureau, its customers are anyone who has or may ever want to utilize credit. Lawsuits, fines, and market conditions resulting from the incident have cost Equifax over $1.3 billion.

Overcomplexity: The enemy of security

In Greek mythology, King Minos of Crete had Daedalus design a labyrinth to be a prison for his enemies and a home for his wife’s son, the Minotaur. The labyrinth was so complex that even Daedalus could not give Theseus the secret to successfully make it through the maze. However, Princess Ariadne gave Theseus a simple solution: a ball of string. By tying one end at the entrance and unraveling it as he walked, Theseus would always know the way back to the exit. Just like the labyrinth, modern systems can be very complex, but the vulnerabilities can still be simple. A simple, overlooked weakness can lead to a serious security risk.

A great example of this is the MGM Resorts attack of 2023. The attackers found details for one of the system administrators and used a relatively simple method to gain access. They called tech support and intimidated them into resetting the administrator’s passwords by pretending to be the administrator and claiming they would get the tech support technician in trouble if they didn’t help them. This methodology is called social engineering, and we will cover more details of that in Chapter 5, The Human Factor: Why People Are the Key to Success in Cybersecurity In the end, the attacker convinced tech support to change the password and bypass multi-factor authentication, which we will also explain later. The attack cost MGM Resorts over $100 million, including $10 million in one-time consulting cleanup fees.

A similar event occurred at Uber in 2022. An attacker convinced technical support to give the attacker the username and password to log in with high-level access. Fortunately for Uber, this attacker was not interested in money or malice and had participated in this attack for the thrill. Had the attacker been motivated by financial gain, they would have been able to shut down the company for days, if not longer.

Having all the guards, locks, and sensors is fine and dandy. But when you walk the attacker right into the vault and hand them the keychain for all of the safes, the rest doesn’t matter. The concept of social engineering will be discussed in detail later in this book. It can be the most powerful tool in an attacker’s arsenal.

Insider threat: The classic folly

A few of the examples from early in this chapter—the Garden of Eden, Prometheus, and Ariadne and the labyrinth—illustrate those who have access or knowledge of a system either taking advantage of that knowledge themselves or sharing it with another. In cybersecurity, this is a form of insider threat attack. Other forms of the attack are less malicious or malevolent but can still harm the organization, including accidents and negligence. Some examples we have shared might fall under multiple types of vulnerability or attack.

An expensive example of an insider threat attack was the 2019 Capital One data breach. A former employee knew of a misconfiguration in a web application security feature. After leaving the company, the former employee broke back in using that known flaw and exposed the personal information of over 100 million customers and applicants.

At a water treatment facility in Ellsworth County, Kansas, in 2019, a former employee remotely accessed the plant and attempted to shut down the facility’s cleaning and disinfecting processes, which are crucial for providing clean water to the public. After the attacker was fired, they retained credentials (username and password) to access the facility’s control systems remotely. Proper access control methods, personnel onboarding, and offboarding procedures could have prevented this and several other incidents we have discussed. We will explain all of that in more detail in the upcoming chapters.

In 2019, a rogue employee leaked the personal data of 9.7 million Canadian credit union Desjardins Group customers. The employee exported sensitive data over time and sold it to third parties. Similarly, if we look at the cases of Edward Snowden in 2013, Chelsea Manning in 2010, and Harold T. Martin III between 1996 and 2016, we see that many insider threat actors work slowly and operate over a long period before they are caught or complete their attack. In these three cases, government contractors and a military intelligence analyst gained access to sensitive data, removed it from proper storage, and either released it to the public or stored it insecurely in their homes.

Notable cybersecurity events

The history of significant cyberattacks stretches back decades. Let’s briefly examine some landmark events shaping the cybersecurity landscape.

In 1988, the Morris worm, one of the first recognized computer worms, caused widespread disruption across the internet by slowing or halting over 6,000 computers, roughly 10% of the computers at the time. This incident led to the formation of the first Computer Emergency Response Team (CERT), shaping early cybersecurity practices and demonstrating how a single vulnerability could have far-reaching consequences.

The global nature of cyber threats was starkly demonstrated by the WannaCry ransomware attack in 2017. This attack affected over 200,000 computers across 150 countries in several days. It particularly impacted healthcare organizations, including the UK’s National Health Service.

The involvement of nation-states in cyberattacks has raised the stakes even further. In 2020, the SolarWinds supply chain attack, attributed to Russian state-sponsored actors, compromised numerous US government agencies and major corporations. The attackers accessed many high-value targets by inserting malicious code into a widely used software product. This incident showcased how cyberattacks can be sophisticated tools of espionage and geopolitical conflict, blurring the lines between cybercrime and cyber warfare.

In 2010, a sophisticated cyber weapon known as Stuxnet was discovered. This malware specifically targeted industrial control systems and reportedly caused physical damage to Iran’s nuclear program. Stuxnet demonstrated that cyberattacks could cross the boundary from the digital world to cause tangible, physical damage to infrastructure.

All the cases that have been covered highlight the importance of timely software updates, without which attacks with consequences ranging from financial losses to life-threatening situations might occur.

We understand that these examples may have aroused concern and suspicion in our dear readers. In cybersecurity, we present the facts not to incite fear or doubt, but to foster a clear understanding of the challenges at hand and to provide context for both offensive and defensive strategies. With that intent, we will now discuss the professionals working tirelessly to secure the digital civilization.

Meet the heroes: Cybersecurity professionals and their roles

Cybersecurity often conjures images of lone hackers in dimly lit rooms wearing dark hoodies, waging digital wars against unseen adversaries. The truth is far more nuanced. Cybersecurity is a vast and dynamic field, demanding diverse talents and skills. Cybersecurity professionals work collaboratively to defend our digital world, safeguarding personal information and protecting critical infrastructure. As we’ve seen, the need to protect information has been a constant throughout history. However, just as the methods of storing and sharing information have evolved, so have the roles of those who protect it. Today’s cybersecurity professionals are the modern-day guardians of our digital realm, each playing a unique part in keeping our information safe.

Let’s look at some of these roles; you might notice that they echo some historical examples we’ve discussed.

The SOC: Incident responders and security analysts

At the heart of most organizations’ cybersecurity efforts is the Security Operations Center (SOC). If you imagine cybersecurity as a battlefield, the SOC is the command center, and itssoldiers are the incident responders and security analysts. These professionals are on the front lines, monitoring for threats, identifying attacks, and responding quickly to mitigate the damage when things go wrong.

Incident responders: The cyber first responders

When a cybersecurity incident occurs—whether it’s a ransomware attack, a data breach, or a malicious insider—incident responders are the ones who spring into action. When Prometheus stole fire from Olympus, this is who Zeus would have called on to contain the situation. Their job is similar to that of emergency responders in the physical world: the moment an alarm goes off, they assess the situation, limit the damage, and restore things to normal as quickly as possible.

Incident responders operate in a constant state of readiness. Their work involves containment and recovery—figuring out how the breach happened, how far it has spread, whether it is over, how to end it, and how to prevent it from happening again. They gather digital evidence, create reports, and sometimes directly negotiate and interact with the attackers. These personnel can sometimes have the least stability in their workload as they travel to company or client locations on short notice. It’s a fast-paced role that demands technical expertise and the ability to remain calm under pressure.

Security analysts: The sentinels of the SOC

While incident responders are like digital firefighters, security analysts are like guards standing watch. They spend their days and nights in the SOC, using various tools and technologies to monitor the network and system traffic. Remember the guardians of the silk-making secret in ancient China? Security analysts are their modern counterparts. Security analysts look for signs of suspicious activity—something as small as an unusual login or an unexpected spike in network traffic could be the first sign of an attack. They are also qualified to handle minor emergencies. Think about how someone who knows how to operate a fire extinguisher removes the need to bring in the whole fire department.

The job of a security analyst often involves looking for patterns—recognizing when something deviates from the norm. They are trained to sift through endless data streams and spot the needle in the haystack, the anomaly that might be the first indication of a more significant problem. When they find it, they decide whether to handle it, pass it to higher levels of support, or call in the incident response team.

Security analysts play a vital role in an organization’s ability to be proactive rather than reactive about cybersecurity. Identifying potential threats before they become incidents helps keep the organization safe from attacks that could disrupt operations or compromise data. That is the role of the red team, which is discussed next.

The red team: Playing the attackers to help the defenders

Naming conventions and terms in the cybersecurity field tend to originate from the US government and military. The term “red team” is no exception. The term “red team” is often given to those tasked with thinking like the enemy in a given scenario. The RAND Corporation, a government think tank, utilized a red team while creating simulations for the US during the Cold War. The researchers colored Russian forces in red and American troops in blue.

This technique has been utilized repeatedly by military planners and during exercises since then. It is utilized in cybersecurity in a similar way; the cybersecurity red team thinks and acts like actual attackers. Sitting and waiting for an attack to occur is a surefire way of getting caught by surprise. A crucial part of proper preparation and planning pertains to providing premeditated precautions that are implemented proactively. Like the concept of know thy enemy proposed by Sun Tzu in The Art of War, if we know how an attack occurs, we can set up effective defenses.

The most common red team role in cybersecurity is the penetration tester.

Penetration testers: The ethical attackers

If incident responders and security analysts are the defenders, penetration testers (or pentesters) are the attackers. The critical difference is that pentesters work for the defenders. Penetration testing is about acting like the enemy, trying to break into systems as an attacker might. Think of these as the Trojan horse builders of the cybersecurity world, but on the good side. Pentesters simulate real-world attacks to find weaknesses in an organization’s defenses before someone else does.

Pentesters start by planning the attack. They might target a specific web application, a corporate network, or even the employees themselves (through social engineering tactics such as phishing emails). The goal is to probe for vulnerabilities—weak passwords, unpatched software, or open ports—and see how far they can get before they are stopped or caught.

Once they find a way in, they’ll document their steps and report back to the organization, showing exactly how they got access, what they could do with that access, and how to fix the problem. Their job isn’t to cause harm but to highlight the gaps in security and help organizations shore up their defenses.

To further have a good understanding of the landscape of cybersecurity roles, looking at how the industry categorizes them is helpful. The National Institute of Standards and Technology (NIST) has developed the National Initiative for Cybersecurity Education Workforce Framework (NICE Framework), which provides a common language for describing cybersecurity work. The next section discusses this framework.

NIST NICE Framework: A baseline for discussion

While incident responders, security analysts, and pentesters may be the most well known, there are many more roles within the profession. There is a group that focuses on building secure systems from scratch. This is where the Securely Provision category of the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Workforce Framework fits into the picture. You can visit the link here for more information: https://niccs.cisa.gov/workforce-development/nice-framework.

The NIST NICE Framework focuses on the impact of a role rather than specific job titles. This means it’s less about what you’re called and more about what you do. So, one company might have a security analyst, while another has a threat intelligence specialist—both could be doing similar work under the NICE Framework. Some organizations may have employees fulfilling multiple roles, and others may have whole departments of workers fulfilling a singular role. In this section, we will talk about the categories outlined by NIST NICE to provide you with a basic understanding of the field. We will cover the jobs in more depth in Chapter 7, The Cybersecurity Career Landscape: A Map of Diverse Opportunities.

Oversight and Governance: Setting the rules and managing the Strategy

At the higher levels of cybersecurity, the Oversight and Governance category focuses on leadership, governance, and compliance. These roles are concerned with setting policies, ensuring security measures are followed, and supporting business operations by advising on applicable regulations, industry best practices, and standards. This category in the NIST NICE Framework includes 16 work roles, and several are not tied to jobs limited to the IT and cybersecurity job market. They include Communications Security (COMSEC) Management, Cybersecurity Policy and Planning, Cybersecurity Workforce Management, Cybersecurity Curriculum Development, Cybersecurity Instruction, Cybersecurity Legal Advice, Executive Cybersecurity Leadership, Privacy Compliance, Product Support Management, Program Management, Secure Project Management, Security Control Assessment, Systems Authorization, Systems Security Management, Technology Portfolio Management, and Technology Program Auditing. Some of these roles are straightforward as they are known business world jobs with cybersecurity added. In this context, looking at a few specific jobs commonly responsible for the roles in this category may be more helpful.

Executive cybersecurity leadership – Chief Information Security Officer (CISO): The security strategist

The CISO is the highest-ranking security officer in an organization and is responsible for developing and implementing the organization’s overall cybersecurity strategy. The CISO oversees all aspects of cybersecurity, from incident response to long-term planning. They also play a crucial role in communicating security risks to senior leadership and ensuring cybersecurity remains a priority at the executive level. If Sun Tzu were alive today, he might well have been a CISO, strategizing the overall defense of an organization’s digital assets.

Much like their counterparts in the C-suite, the CISO considers the overall company objectives to prioritize security requirements and utilizes their knowledge and resources in the cybersecurity space to help the organization meet its goals. The better a CISO can communicate and cooperate with their counterparts, the greater their capabilities and impact.

Compliance officers and auditors: Ensuring adherence to standards and law

In today’s regulatory landscape, organizations must follow various cybersecurity and privacy standards and laws, from the European Union’s General Data Protection Regulation (GDPR) to industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Compliance officers and auditors ensure that the organization adheres to these requirements by correctly implementing controls that protect client or customer privacy. They work with legal teams, IT departments, and management to implement policies and procedures that keep the organization secure, with the double benefit of meeting compliance. These roles are not new to the business. The financial and accounting sectors have long featured similar roles. The same Certified Public Accountants (CPAs) who may audit financial records for government filings are also capable of completing cybersecurity audits that record the effectiveness of an organization in meeting its cybersecurity and privacy goals. These professionals ensure organizations follow the rules—consider them the modern equivalent of the guardians of ancient legal codes such as the Code of Hammurabi.

Design and Development: Security starts in the planning

This section will focus on the Design and Development category. This category includes Cybersecurity Architecture, Enterprise Architecture, Secure Software Development, Secure Systems Development, Software Security Assessment, Systems Requirements Planning, Systems Testing and Evaluation, and Technology Research and Development. The following subsections dig into a few specific roles in the category to give you a better idea of what the jobs that cover those roles may look like.

Security architects: The designers of digital defenses

Security architects are the masterminds behind an organization’s security infrastructure. They are responsible for designing and overseeing the implementation of security solutions, ensuring that systems are built with security in mind from day one. Much like the creators of the Enigma machine, but working to secure information rather than obscure it, security architects design an organization’s overall security infrastructure. A security architect’s job involves a deep understanding of the technology used and the threats the organization will likely face.

They work closely with development teams, network engineers, and management to ensure security is built into every system, application, and network. Their job is to predict potential threats and design defenses that can withstand them. Security architects play a vital role in an organization’s long-term security, from creating firewall rules to implementing encryption methods.

Software developers, systems developers, and systems testing and evaluation engineers: Integrating security into software

Software developers, systems developers, and systems testing and evaluation engineers are the ones who write the code, build the systems, and test the final products that become the solutions we rely on every day. In today’s world, creating a system is not just about functionality but also about ensuring that the process remains secure. Systems developers ensure that security features are integrated into the developed software. These roles function together by threat modeling before any code is written, ensuring that the process of writing and deploying code is secure and that the final result doesn’t just work but works securely. These professionals are the modern-day scribes, ensuring that every piece of code they write is as secure as the ancient texts once locked away in guarded libraries. They ensure that no extraneous information is collected. This may lead to privacy dissemination, input validation, and sterilization to prevent malicious code injection and ensure that all data is encrypted during transmission and storage.

Software plays a monumental role in our lives today. Much like how civil engineers and architects work to create safe and secure buildings, security personnel are responsible for ensuring that software is safe and secure.

Implementation and Operation: Keeping systems running securely

After systems are built, they need to be maintained and monitored. The Implentation and Operation category includes the professionals responsible for ensuring systems run securely over time. They keep everything up to date, apply security patches, and monitor systems for any signs of trouble. Work roles in this category include Data Analysis, Database Administration, Knowledge Management, Network Operations, Systems Administration, Systems Security Analysis, and Technical Support. Let us look deeper into three of the more ubiquitous roles.

Systems administrators: The keepers of the infrastructure

Systems administrators are the unsung heroes who ensure that computer systems, networks, and servers run smoothly. Their job includes installing updates, configuring security settings, and troubleshooting issues as they arise. While their primary focus is on keeping things working, security is always a concern. Ensuring systems are patched, unnecessary services are disabled, and only authorized users have access is also part of their job.

Network engineers: Protecting the highways of the internet

Networks are the backbone of any organization’s IT infrastructure, and network engineers are responsible for keeping networks running securely. They monitor network traffic, configure firewalls, and ensure data flows securely between users and applications. Any disruption in the network can cause significant problems for an organization, so these specialists work to ensure that networks are not only fast and reliable but also secure.

Technical support: The face of cybersecurity

These individuals are often overlooked for their important role in protecting an organization’s information and assets. Still, they are usually the first people on the scene and get the most interaction with non-IT personnel in the company. Support technicians reset your passwords, install the software you need, and replace malfunctioning equipment, among a whole host of duties that keep the business running. If a user notices strange activity on their computer or suspects something malicious is occurring, they will likely inform the support help desk before anyone else. These individuals, often in their first role in IT/cybersecurity, answer the call whenever someone in the company needs help with a piece of technology. Without them, our organizations would grind to a halt, and attackers would run all over our networks.

Protection and Defense: Behind the scenes but in the fight

These are the many roles people traditionally think of when they think about cybersecurity. Roles in this category include Defensive Cybersecurity, Digital Forensics, Incident Response, Infrastructure Support, Insider Threat Analysis, Threat Analysis, and Vulnerability Analysis. These roles protect against, identify, and analyze technology systems or network risks. They may investigate events or crimes related to technology systems and networks. We have previously discussed incident response. Let us now dive into digital forensics and the analysis roles collectively to better understand what jobs in these responsibilities look like.

Digital forensics: Cybersecurity’s crime scene investigators

In the aftermath of a cyberattack, the scene can resemble a chaotic crime scene. Crucial evidence is scattered across digital landscapes—hard drives, network logs, and even the ephemeral traces left in a computer’s memory. Digital forensics experts’ job is to meticulously sift through the digital debris, piecing together the puzzle of what happened, how it happened, and who was responsible. Jobs that fulfill this role often exist as part of an incident response team or within the military or criminal justice community. In the military and criminal justice positions, the goal is frequently about identifying and prosecuting attackers. For incident response teams, the focus is more on learning how the attack occurred to determine whether other systems have been affected but have gone undetected.

The analysts: Unveiling hidden threats

IT is tied to every part of our modern businesses. In 2019, Satya Nadella, CEO of Microsoft, famously said that in today’s environment, every company is a software company. There is so much data created every second of the day. Analysts are the people whose job day in and day out is to sift through that data and pull out gems that enable others to make strategic decisions to improve the organization and increase security. Vulnerability analysts spend their days analyzing the software utilized by the company and what known vulnerabilities exist in that software to recommend mitigation and remediation actions to prevent attackers from using those vulnerabilities to hurt the company. Threat analysts are responsible for collecting, processing, analyzing, and disseminating cybersecurity threat intelligence and developing indicators to create new rules to identify attackers.

Investigation: Unraveling the digital mysteries

This category represents roles most often connected to jobs in the criminal justice realm. Cybercrime investigators collect, manage, and analyze digital evidence in pursuit of prosecuting criminals. Because of the nature of cybercrime, the complexity and evolving nature of cyber laws and regulations, and the difficulty in identifying and attributing malicious actions to actors, professionals in these roles face unique challenges from what their non-cyber colleagues face. Cybercrime investigators need to understand both the traditional criminal investigation methodology and the technical aspects of cybersecurity.

Summary

Historically, many roles that make up the cybersecurity workforce are just cyber representations of roles that have existed in other ways throughout history. This understanding is vital because while technology may change, the skills that make workers in the more traditional roles effective in their daily work are the same skills that make their digital counterparts effective. Too often, people think of cybersecurity as a mysterious world that is difficult to understand. Hopefully, this stroll through the introductory concepts of cybersecurity, common vulnerabilities, and workforce roles has started to remove some of the fog and mystery surrounding this concept of cybersecurity.

From the security analysts monitoring your network to the incident responders saving the day after a breach, every role in cybersecurity is essential to keeping our digital world secure. In the next chapters, we’ll dive deeper into these roles and what you can do to protect yourself and your organization from the ever-evolving cyber threats.

In Chapter 2, Decoding the Cyber Lexicon: A Beginner’s Guide to Essential Terminology, we will begin to decipher some of the language used in the cybersecurity community. If there were terms and concepts covered in this chapter that you wanted to understand better, then you will enjoy what is coming up.

Unlock this book’s exclusive benefits now

Scan this QR code or go to https://packtpub.com/unlock, then search this book by name.

Note: Keep your purchase invoice ready before you start.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Gain an insider's view of cybersecurity roles and the real work they do every day
  • Make informed career decisions with clear, practical insights into whether cybersecurity is right for you
  • Build essential skills that keep you safe online, regardless of your career path

Description

In today’s increasingly connected world, cybersecurity touches every aspect of our lives, yet it remains a mystery to most. This beginner’s guide pulls back the curtain on how cybersecurity really works, revealing what professionals do to keep us safe. Learn how cyber threats emerge, how experts counter them, and what you can do to protect yourself online. Perfect for business leaders, tech enthusiasts, and anyone curious about digital security, this book delivers insider knowledge without the jargon. This edition also explores cybersecurity careers, AI/ML in cybersecurity, and essential skills that apply in both personal and professional contexts. Air Force pilot turned cybersecurity leader Joshua Mason shares hard-won insights from his unique journey, drawing on years of training teams and advising organizations worldwide. He walks you through the tools and strategies used by professionals, showing how expert practices translate into real-world protection. With up-to-date information of the latest threats and defenses, this cybersecurity book is both an informative read and a practical guide to staying secure in the digital age. *Email sign-up and proof of purchase required.

Who is this book for?

This book is for curious minds who want to decode cybersecurity without the technical jargon. Whether you're a business leader making security decisions, a student exploring career options, a tech enthusiast seeking insider knowledge, or simply someone who wants to stay safe online, this book bridges the gap between complex concepts and practical understanding. No technical background needed—just an interest in learning how to stay safe in an increasingly digital environment.

What you will learn

  • Master the fundamentals of cybersecurity and why it's crucial
  • Get acquainted with common cyber threats and how they are countered
  • Discover how cybersecurity impacts everyday life and business
  • Explore cybersecurity tools and techniques used by professionals
  • See cybersecurity in action through real-world cyber defense examples
  • Navigate Generative AI confidently and develop awareness of its security implications and opportunities
  • Understand how people and technology work together to protect digital assets
  • Implement simple steps to strengthen your personal online security
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Sep 25, 2025
Length: 350 pages
Edition : 1st
Language : English
ISBN-13 : 9781836207474
Category :
Concepts :

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to United States

Economy delivery 10 - 13 business days

Free $6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Publication date : Sep 25, 2025
Length: 350 pages
Edition : 1st
Language : English
ISBN-13 : 9781836207474
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Table of Contents

16 Chapters
The Cybersecurity Landscape: A World of Hidden Dangers and Exciting Opportunities Chevron down icon Chevron up icon
Decoding the Cyber Lexicon: A Beginner’s Guide to Essential Terminology Chevron down icon Chevron up icon
The Anatomy of a Cyberattack Chevron down icon Chevron up icon
Defending the Digital Fortress: Understanding the Layers of Cybersecurity Protection Chevron down icon Chevron up icon
The Human Factor: Why People Are the Key to Success in Cybersecurity Chevron down icon Chevron up icon
Emerging Threats on the Horizon – AI/ML, Quantum Computing, and the Future of Cybersecurity Chevron down icon Chevron up icon
The Cybersecurity Career Landscape: A Map of Diverse Opportunities Chevron down icon Chevron up icon
Developing Essential Cybersecurity Skills for Career Success Chevron down icon Chevron up icon
Your Cybersecurity Journey Begins: Taking the Next Steps Toward a Rewarding Career Chevron down icon Chevron up icon
Unleashing Your Inner Hacker Chevron down icon Chevron up icon
Open-Source Intelligence (OSINT): Uncovering Information Like a Pro Chevron down icon Chevron up icon
Web Application Pentesting: Finding and Fixing Flaws Chevron down icon Chevron up icon
Cybersecurity as a Superpower: Applying Your Skills to Make a Difference Chevron down icon Chevron up icon
Unlock Your Book’s Exclusive Benefits Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(1 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
N/A Feb 19, 2026
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Feefo Verified review Feefo
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the digital copy I get with my Print order? Chevron down icon Chevron up icon

When you buy any Print edition of our Books, you can redeem (for free) the eBook edition of the Print Book you’ve purchased. This gives you instant access to your book when you make an order via PDF, EPUB or our online Reader experience.

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
Modal Close icon
Modal Close icon