About the Author

Morey J. Haber

Morey J. Haber is the Chief Security Officer at BeyondTrust. With more than 25 years of IT industry experience, he currently oversees BeyondTrust security and governance for corporate and cloud-based solutions. He is a published author, having ideated and co-authored all four books in the Attack Vector series. In addition, Morey frequently publishes in Forbes and SecureWorld, and regularly consults for global periodicals and media.

Morey regularly contributes to the growth of the IT security industry through his contributions to:

  • Transparency in Cyber (founding member)
  • Identity Defined Security Alliance (IDSA) (Executive Advisory Board member).

About the Attack Vector Series

The Attack Vector series provides a detailed examination of common and emerging threat vectors that are increasingly being exploited by threat actors and used in attacks on organizations. The purpose of the series is to arm IT leaders with the insights and best practices they need to better manage cyber risk.

The series consists of 4 books:

  • Cloud Attack Vectors (2022) – Details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and how to improve detection of malicious activity.
  • Identity Attack Vectors (2020) – Details the risks associated with poor identity management practices, the techniques that threat actors and insiders leverage, and the operational best practices that organizations should adopt to protect against identity theft and account compromises, and to develop an effective identity governance program.
  • Privileged Attack Vectors (2017, 2020) – The first edition (2017) details the risks associated with poor privilege management, the techniques that threat actors leverage, and the defensive measures that organizations should adopt to protect against an incident, protect against lateral movement, and improve the ability to detect malicious activity due to the inappropriate usage of privileged credentials. The revised and expanded second edition (2020) also covers new attack vectors, has updated definitions for privileged access management (PAM), new strategies for defense, tested empirical steps for a successful implementation, and includes new disciplines for least-privilege endpoint management and privileged remote access.
  • Asset Attack Vectors (2018) – Details how to build an enterprise-class vulnerability management program, drawing on proven techniques for threat analysis, risk measurement, and regulatory reporting. Asset Attack Vectors also outlines practical service level agreements (SLAs) for vulnerability management and patch management.

Learn More

Read on to learn more about each of the books in the Attack Vector series.

Cloud Attack Vectors

Building Effective Cyber-Defense Strategies to Protect Cloud Resources

"No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity." --Morey J. Haber, Cloud Attack Vectors

Who this book is for:

This book is for new security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud.

What you'll learn:

  • The key definitions pertaining to cloud technologies, threats, and cybersecurity solutions
  • How entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
  • How to implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
  • How to develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementation

Authored by: Morey J. Haber and Chris Hills

Identity Attack Vectors

Implementing an Effective Identity and Access Management Solution

"When identity theft and poor identity management are leveraged as an attack vector, risk and vulnerabilities increase exponentially." --Morey J. Haber, Identity Attack Vectors

Who This Book Is For:

Management and implementers in IT operations, security, and auditing looking to understand and implement an identity access management program and manage privileges in these environments.

What you'll learn:

  • The concepts behind an identity and how their associated credentials and accounts can be leveraged as an attack vector
  • How to implement an effective Identity Access Management (IAM) program to manage identities and roles, and provide certification for regulatory compliance
  • Where identity management controls play a part of the cyber kill chain and how privileges should be managed as a potential weak link
  • How to build upon industry standards to integrate key identity management technologies into a corporate ecosystem
  • How to plan for a successful deployment based on real-world strategies to prevent identity attack vectors

Authored by: Morey J. Haber and D. Rolls

Privileged Attack Vectors

Building Effective Cyber-Defense Strategies to Protect Organizations

"Privileges, insecure passwords, administrative rights, and remote access can be combined as an attack vector to breach any organization." --Morey J. Haber, Privileged Attack Vectors

Who This Book Is For:

Security management professionals, new security professionals, and auditors looking to understand and solve privilege access management problems.

What You'll Learn:

  • How identities, accounts, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack
  • How to implement defensive and monitoring strategies to mitigate privileged threats and risk
  • A 10-step privilege management implementation plan to guide you through a successful privilege access management journey
  • How to develop a comprehensive model for documenting risk, compliance, and reporting based on privilege session activity.

Authored by: Morey J. Haber

Asset Attack Vectors

Building Effective Vulnerability Management Strategies to Protect Organizations

"In the modern enterprise, everything connected to the network is a target." --Morey J. Haber, Asset-Based Attack Vectors

Who this book is for

New and intermediate security management professionals, auditors, and information technology staff looking to build an effective vulnerability management program and defend against asset-based cyberattacks.

What you’ll learn:

  • How to create comprehensive assessment and risk identification policies and procedures
  • How to implement a complete vulnerability management workflow in nine easy steps
  • The implications of active, dormant, and carrier vulnerability states
  • How to develop, deploy, and maintain custom and commercial vulnerability management programs
  • The best strategies for vulnerability remediation, mitigation, and removal
  • Hot to automate credentialed scans that leverage least-privilege access principles
  • Read real-world examples from case studies that share successful strategies and reveal potential pitfalls.

Authored by: Morey J. Haber and B. Hibbert

Additional Resources on Attack Vectors

Inside Cloud Security Threats and Attack Vectors

An interview with the authors of Cloud Attack Vectors

The shift to the cloud in enterprise computing has contributed to an evolution of the cybersecurity landscape—one that has pushed it well beyond the boundaries of the traditional perimeter. Work from anywhere, shadow cloud IT, overextended VPNs and remote access—these new challenges are all contributing to a continuous and exponential increase of attack vectors that are adding to the threats organizations have been battling against for years. Read on for a conversation with the authors as we explore the thought process that went into the writing of the book.

LinkedIn Live Roundtable: Securing Cloud Identities

The authors of Cloud Attack Vectors explain why accelerated adoption of the cloud is changing the path of least resistance for attackers, and how organizations need to adapt to the shifting threat landscape. Watch this roundtable discussion to learn:

• How & why today’s threat actors are targeting cloud environments
• Top 5 strategies for securing identities in the cloud
• How the CIEM market has evolved
• Some of the most frequently asked questions we’re hearing from organizations as they secure their cloud infrastructure

Cloud Attack Vectors: Build Cyber-Defense Strategies to Protect Cloud Resources

In this session cybersecurity experts and co-authors of Cloud Attack Vectors offer best practices for addressing cloud attack vectors. Learn cutting-edge strategies for building the optimal cloud defense for your organization’s unique cloud environment. Watch this webinar to learn:

  • Key definitions of modern cloud technologies, threats, and cybersecurity solutions
  • How entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
  • How to implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
  • How to develop models for documenting risk, compliance, and reporting based on your cloud implementation

Identity Attack Vectors Book Pairs Insights from Two IT Security Leaders

An overview of Identity Attack Vectors

Almost every successful (that means the threat actors win) cyberattack today exploits identity as an attack vector. In particular, privileged access management (PAM)—a key component of identity and governance administration (IGA)—plays a critical role in the attack chain. While part of the identity security challenge is technological, another part is organizational. At many enterprises, identity management and security run as parallel and separate entities, each with their own teams, budgets, and priorities. Read this blog for key highlights from the book and an overview of what organizations need to do to ensure the most basic levels of security for corporate identities and assets.

Deconstructing Identity as a Cyberattack Vector

In this webinar, two of the world’s foremost thought leaders on identity management (IAM) and privileged access management (PAM), and co-authors of the new book, Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution, Morey J. Haber and Darran Rolls, explain how to mature your identity program, the pitfalls to watch out for, and proactive methods to ensure long-term viability of your identity lifecycle. Watch this webinar to learn how you can successfully:

  • Identify techniques threat actors use to exploit gaps in IAM processes and compromise identities
  • Optimize identity governance and privilege management processes to deliver a better user experience
  • Manage both privileged and non-privileged identities
  • Provide certification for regulatory compliance
  • Use identity governance and privilege management controls to play a critical part in the cyber kill chain

Identity-Centric Security: The New Agency Perimeter

As remote agency workforces expand, there is little question that Privileged Identity Management will play an increasingly crucial role in mitigating cyber-attacks. Recent cyber breach news is a reminder that privileged credentials are highly targeted by threat actors. Watch this webinar to learn:

  • Why Privileged Identity Management is a cornerstone of modern IT security, and how it enables agencies to dramatically mitigate risk
  • How PIM helps agencies align with evolving compliance mandates and programs such as the Continuous Diagnostics and Mitigation (CDM) Program and Identity, Credential, and Access Management (ICAM)
  • Who, what, where, when, and why for prioritization of PIM

New Privileged Attack Vectors Book: Q&A with Author Morey Haber

An interview with the Author of Privileged Attack Vectors

While privileged access posed a security threat for decades, it’s only in the last 5-7 years that the privileged attack surface has exploded and become the most dangerous IT security threat. Yet, a knowledge gap existed with regards to understanding the scope of privileged threats and how to programmatically address that prodigious risk. In the completely revised and expanded second edition of Privileged Attack Vectors reflects the significantly changing world of Privileged Access Management (PAM). Read on for a summary of what is covered in the latest edition of the book, followed by an insightful Q&A on the book, cybersecurity and PAM trends, and more with the author himself!

New Book "Asset-Based Attack Vectors"... And How to Prepare the Right Defensive Strategies

Today’s network environments are dynamic and perimeters are expanding, requiring multiple layers of defense to mitigate vulnerabilities and stop data breaches. In the modern enterprise, everything connected to the network and cloud is a target. In Privileged Attack Vectors, Morey Haber and Brad Hibbert explain how to build an effective vulnerability management strategy to protect an organization’s assets, applications, and data. Read this blog for an overview of the book and the key highlights that can help you build a vulnerability management program designed to work in the modern threat environment.

Looking for Your Next Speaker? Contact Us

Request Morey Haber, Chris Hills, or a subject matter expert from BeyondTrust to speak at your next event. Contact us to receive more information.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Prefers reduced motion setting detected. Animations will now be reduced as a result.