About the Author

Morey J. Haber

Morey J. Haber is the Chief Security Advisor at BeyondTrust. As the Chief Security Advisor, Morey is the lead identity and technical evangelist at BeyondTrust. He has more than 25 years of IT industry experience and has authored four books: Identity Attack Vectors, Privileged Attack Vectors, Asset Attack Vectors, and Cloud Attack Vectors. Morey has previously served as BeyondTrust’s Chief Security Officer, Chief Technology Officer, and Vice President of Product Management during his nearly 12-year tenure with the company.

Morey regularly contributes to the growth of the IT security industry through his contributions to:

  • Transparency in Cyber (founding member)
  • Identity Defined Security Alliance (IDSA) (Executive Advisory Board member).

About the Attack Vector Series

The Attack Vector series provides a detailed examination of common and emerging threat vectors that are increasingly being exploited by threat actors and used in attacks on organizations. The purpose of the series is to arm IT leaders with the insights and best practices they need to better manage cyber risk.

The series consists of 4 books:

  • Identity Attack Vectors (2024, 2020) – The first edition (2020) details the risks associated with poor identity management practices, the techniques that threat actors and insiders leverage, and the operational best practices that organizations should adopt to protect against identity theft and account compromises, and to develop an effective identity governance program. The revised second edition (2024) expands on these areas to uncover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization, and how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate modern identity threats across an organization's entire Identity Fabric.
  • Cloud Attack Vectors (2022) – Details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and how to improve detection of malicious activity.
  • Privileged Attack Vectors (2020, 2017) – The first edition (2017) details the risks associated with poor privilege management, the techniques that threat actors leverage, and the defensive measures that organizations should adopt to protect against an incident, protect against lateral movement, and improve the ability to detect malicious activity due to the inappropriate usage of privileged credentials. The revised and expanded second edition (2020) also covers new attack vectors, has updated definitions for privileged access management (PAM), new strategies for defense, tested empirical steps for a successful implementation, and includes new disciplines for least-privilege endpoint management and privileged remote access.
  • Asset Attack Vectors (2018) – Details how to build an enterprise-class vulnerability management program, drawing on proven techniques for threat analysis, risk measurement, and regulatory reporting. Asset Attack Vectors also outlines practical service level agreements (SLAs) for vulnerability management and patch management.

Learn More

Read on to learn more about each of the books in the Attack Vector series.

Identity Attack Vectors

Strategically Designing and Implementing Identity Security

"It is easier for a threat actor to login versus hack in." --Morey J. Haber, Identity Attack Vectors

Who This Book Is For:

Management and implementers in IT operations, security, and auditing looking to understand and implement an Identity and Access Management (IAM) program, manage privileges in these environments, and harden their identity attack surface.

What you'll learn:

  • The concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vector
  • How to implement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accounts
  • Where identity security controls play a part in the cyber kill chain and how privileges should be managed as a potential weak link
  • How to build upon industry standards and strategies, such as Zero Trust, to integrate key identity security technologies into a corporate ecosystem
  • How to plan for a successful identity and access security deployment based on real-world strategies to prevent identity attack vectors

Authored by: Morey J. Haber and D. Rolls

Cloud Attack Vectors

Building Effective Cyber-Defense Strategies to Protect Cloud Resources

"No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity." --Morey J. Haber, Cloud Attack Vectors

Who this book is for:

This book is for new security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud.

What you'll learn:

  • The key definitions pertaining to cloud technologies, threats, and cybersecurity solutions
  • How entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
  • How to implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
  • How to develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementation

Authored by: Morey J. Haber and Chris Hills

Privileged Attack Vectors

Building Effective Cyber-Defense Strategies to Protect Organizations

"Privileges, insecure passwords, administrative rights, and remote access can be combined as an attack vector to breach any organization." --Morey J. Haber, Privileged Attack Vectors

Who This Book Is For:

Security management professionals, new security professionals, and auditors looking to understand and solve privilege access management problems.

What You'll Learn:

  • How identities, accounts, credentials, passwords, and exploits can be leveraged to escalate privileges during an attack
  • How to implement defensive and monitoring strategies to mitigate privileged threats and risk
  • A 10-step privilege management implementation plan to guide you through a successful privilege access management journey
  • How to develop a comprehensive model for documenting risk, compliance, and reporting based on privilege session activity.

Authored by: Morey J. Haber

Asset Attack Vectors

Building Effective Vulnerability Management Strategies to Protect Organizations

"In the modern enterprise, everything connected to the network is a target." --Morey J. Haber, Asset Attack Vectors

Who this book is for

New and intermediate security management professionals, auditors, and information technology staff looking to build an effective vulnerability management program and defend against asset-based cyberattacks.

What you’ll learn:

  • How to create comprehensive assessment and risk identification policies and procedures
  • How to implement a complete vulnerability management workflow in nine easy steps
  • The implications of active, dormant, and carrier vulnerability states
  • How to develop, deploy, and maintain custom and commercial vulnerability management programs
  • The best strategies for vulnerability remediation, mitigation, and removal
  • Hot to automate credentialed scans that leverage least-privilege access principles
  • Read real-world examples from case studies that share successful strategies and reveal potential pitfalls.

Authored by: Morey J. Haber and B. Hibbert

Additional Resources on Attack Vectors

New Identity Attack Vectors Book: A Q&A With The Authors

In this Q&A style blog, we sit down with authors of the latest second edition of Identity Attack Vectors, Morey and Darran, to explore the thought process that went into the writing of the book—and to learn more about why detecting and defending against identity threats should be the basis of all modern cybersecurity initiatives. Read on to hear from Morey and Darran exploring how identity security has emerged as a cornerstone of modern enterprise security, and much more.

Identity Attacks: The New Frontier of Cybersecurity

In this session, join BeyondTrust’s Chief Security Advisor, Morey Haber and Founder of Cloud 10, Darran Rolls authors of the second edition of "Identity Attack Vectors," as they delve into the evolving landscape of identity-based threats and explore practical strategies for defense.

Inside Cloud Security Threats and Attack Vectors

An interview with the authors of Cloud Attack Vectors

The shift to the cloud in enterprise computing has contributed to an evolution of the cybersecurity landscape—one that has pushed it well beyond the boundaries of the traditional perimeter. Work from anywhere, shadow cloud IT, overextended VPNs and remote access—these new challenges are all contributing to a continuous and exponential increase of attack vectors that are adding to the threats organizations have been battling against for years. Read on for a conversation with the authors as we explore the thought process that went into the writing of the book.

Cloud Attack Vectors: Build Cyber-Defense Strategies to Protect Cloud Resources

In this webcast session, cybersecurity experts and co-authors of Cloud Attack Vectors offer best practices for addressing cloud attack vectors. Learn cutting-edge strategies for building the optimal cloud defense for your organization’s unique cloud environment.

Identity Attack Vectors Book Pairs Insights from Two IT Security Leaders

An overview of Identity Attack Vectors

Almost every successful (that means the threat actors win) cyberattack today exploits identity as an attack vector. In particular, privileged access management (PAM)—a key component of identity and governance administration (IGA)—plays a critical role in the attack chain. While part of the identity security challenge is technological, another part is organizational. At many enterprises, identity management and security run as parallel and separate entities, each with their own teams, budgets, and priorities. Read this blog for key highlights from the book and an overview of what organizations need to do to ensure the most basic levels of security for corporate identities and assets.

New Privileged Attack Vectors Book: Q&A with Author Morey Haber

An interview with the Author of Privileged Attack Vectors

While privileged access posed a security threat for decades, it’s only in the last 5-7 years that the privileged attack surface has exploded and become the most dangerous IT security threat. Yet, a knowledge gap existed with regards to understanding the scope of privileged threats and how to programmatically address that prodigious risk. In the completely revised and expanded second edition of Privileged Attack Vectors reflects the significantly changing world of Privileged Access Management (PAM). Read on for a summary of what is covered in the latest edition of the book, followed by an insightful Q&A on the book, cybersecurity and PAM trends, and more with the author himself!

New Book "Asset Attack Vectors"... And How to Prepare the Right Defensive Strategies

Today’s network environments are dynamic and perimeters are expanding, requiring multiple layers of defense to mitigate vulnerabilities and stop data breaches. In the modern enterprise, everything connected to the network and cloud is a target. In Privileged Attack Vectors, Morey Haber and Brad Hibbert explain how to build an effective vulnerability management strategy to protect an organization’s assets, applications, and data. Read this blog for an overview of the book and the key highlights that can help you build a vulnerability management program designed to work in the modern threat environment.

Looking for Your Next Speaker? Contact Us

Request Morey Haber, Chris Hills, or a subject matter expert from BeyondTrust to speak at your next event. Contact us to receive more information.

Prefers reduced motion setting detected. Animations will now be reduced as a result.