Skip to main content

Books You Should Have Read By Now




When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.

This is all preamble to say that I have decided not to duplicate the Canon content on both the Palo Alto Network's Canon Page and the Terebrate sight. I will still post the individual book reviews, but if you want to follow along with what is happening with the Canon Project, please read the Canon page.







Comments

  1. Of your list, I've read two...the book about Anonymous and Cyber War. I agree both should be on a list like this. I'm going to look into reading your other suggestions.

    ReplyDelete
    Replies
    1. That is fantastic. Let me know if you think of any other that should be on the list.

      Delete
  2. Ghost in the Wire - Mitnik, Digital Fortress - Dan Brown

    ReplyDelete
    Replies
    1. I have read both of these but when I ran them through my criteria, they did not hold up. They just are not written that well. They are great stories, don't get me wrong, but they were written by amateur writers. Brown got better (obviously), but Digital Fortress was one of his early efforts.

      Delete
  3. Try Jurassic Park - it contains numerous issues relating to information security failures and vulnerabilities.

    ReplyDelete
    Replies
    1. Totally agree. Especially with mgmt (Hammond) not valuing the talent (specifically Nedry).

      Delete
  4. I don't know if 20 is enough. I've read 5 of these. I HAVE to read the others now. I too would suggest Digital Fortress by Dan Brown.

    ReplyDelete
    Replies
    1. I agree that 20 is not enough. 20 is just the number I could get through in a year :)

      Delete
  5. Here are the books I would add:
    Against the Gods by Peter Bernstein
    Social Engineering by Christopher Hadnagy
    The Art of Intrusion by Kevin Mitnick
    Beyond Fear by Bruce Schneier
    The Failure of Risk Management by Douglas Hubbard
    How to Measure Anything by Douglas Hubbard
    Thinking Fast and Slow by Daniel Kahneman
    Security Engineering by Ross Anderson

    ReplyDelete
    Replies
    1. I added the following to my reading queue:
      : Against the Gods by Peter Bernstein
      : Thinking Fast and Slow by Daniel Kahneman


      I already had these in my reading queue
      : Social Engineering by Christopher Hadnagy
      : The Failure of Risk Management by Douglas Hubbard
      : How to Measure Anything by Douglas Hubbard


      I have read these and do not think they meet the criteria:
      The Art of Intrusion by Kevin Mitnick; Both of his books are not written very well.
      Beyond Fear by Bruce Schneier; I think Secrets and Lies (his first) should go here instead. Beyond Fear is just a rehash of Secrets and lies told at the next level.
      Security Engineering by Ross Anderson

      Delete
  6. Heidi, Geek Girl Detective!

    ReplyDelete
    Replies
    1. That is a great suggestion. I just added it to my reading queue.

      Delete
  7. Do you have a review of The Girl with the Dragon Tattoo? (The photo link goes to your main page, and I wasn't able to find one within your site on my own.) I appreciate this interesting undertaking and your extensive reviews. I will be checking out the books I have not read.

    ReplyDelete
    Replies
    1. Ah - you caught me. I did not have my review of The Girl with the Dragon Tattoo ready before I presented this idea at RSA last week. I have it about done and expect to publish it in a week or so. Stand by ....

      Delete
    2. Here it is finally:

      http://terebrate.blogspot.com/2014/03/book-review-girl-with-dragon-tattoo.html

      Delete
  8. YOU READ MY MIND! THANK YOU!!!

    I was just asking a cyber security researcher (who everyone knows and reads every day and is considered top in his field) about a reading list he might recommend for me as I reinvent myself on career path in cyber security. Instead, he pointed me to his "blogroll". Bottom line - he couldn't give me a list of literature that would spark my interest, add to my passion, and develop me into a true innovator and practitioner of cybersecurity.

    I've read some of these books on your list, but there are many more that I haven't. Thank you for providing this.

    Regards,
    Steve

    ReplyDelete
  9. As an avid Neal Stephenson fan, I've read all his books on your list and wholeheartedly concur with their inclusion. If I may, I'd like to also suggest that those of us with cyber interests need to agree on a set of terminology - a common lexicon - of cyber technologies and practices. And as an extension of your efforts to build a Cyber Security Canon you might consider an associated Cyber Security Dictionary.

    ReplyDelete
    Replies
    1. What a great idea. I think I have seen this online before though. Do you have an example where a word or phrase in our community has ambiguous meaning?

      Delete
  10. Enigma (Robert Harris), The Code Breakers (David Kahn), Network and Internetwork Security: Principles and Practice (Stallings), Security Engineering (Ross Anderson)...

    ReplyDelete
    Replies
    1. I just put Enigma and Security Essentials into my reading queue.

      I had Code Breakers and Security Engineering in there already.

      Thanks for the feedback.

      Delete
  11. This is a great idea, and needs to be better publicized. There are many well-written books out there relevant to our field. I tend to lean towards the human aspect of cyber security and would propose David Lacey's 'Managing the Human Factor in Information Security: How to win over staff and influence Business Managers' (Wiley, 2009). It may not reach the level for canon, but I think it provides a welcome balance.

    ReplyDelete
  12. Great list of books here. I would recommend you take a look at Cory Doctorow's "Little Brother" and "Homeland" as potential additions.

    ReplyDelete
    Replies
    1. I have read Little Brother and loved it; kind of scary; but loved it especially in our post-"Snowden" lives.

      Delete
  13. Hi Rick,

    Thanks for a great post! I took a few of your recommended books on holiday. I'd agree about adding Secret and Lies by Bruce Schneier. I would also recommend John Naughton's From Gutenberg to Zuckerberg and Simon Singh's The Code Book.

    ReplyDelete
  14. Gail,

    Thanks for the suggestions. I have The Code Book in my reading queue already but I will add Naughton's book to the list.

    ReplyDelete
  15. River of Gods and Dervish House by Ian McDonald are good techno novels for your list

    ReplyDelete
  16. And I forgot Homeland, Cory Doctorow's sequel to Little Brother

    ReplyDelete
  17. Have you tried

    A bug hunter`s diary
    Grayhat python

    ReplyDelete
    Replies
    1. I will put them into my reading queue.

      Delete
    2. I spoke too soon. It was already on my list. :)

      Delete
  18. Lethal Code by Thomas Waite, while a fictional "worst case" scenario, is a good cautionary tale. It isn't deep technology, but rather an entertaining and frightening thriller that serves as a wake-up call for average Americans.

    ReplyDelete
  19. Rick Howard, I am fond of reading Novels and I have read almost all books. You have described list very beautifully. You know most of these books would be in top 10 novels list for everyone.

    ReplyDelete
  20. Lisa - Thanks for those kind words and thanks for sharing the Ranker Site.

    ReplyDelete
  21. This is really tremendous that the way you desceibe. This information is so much more than I needed!keep it up .
    tech policy government

    ReplyDelete

Post a Comment

Popular posts from this blog

Book Review: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll

Executive Summary This book is a part of the cyber security canon. If you are a cyber security professional, you should have read this by now. Twenty years after it was published, it still has something of value to say on persistent cyber security problems like information sharing, privacy versus security, cyber espionage and the intelligence dilemma. Rereading it after 20 years, I was pleasantly surprised to learn how pertinent that story still is. If you are not a cyber security professional, you will still get a kick out of this book. It reads like a spy novel, and the main characters are quirky, smart, and delightful. Introduction The Cuckoo’s Egg is my first love. Clifford Stoll published it in 1989, and the first time I read it, I devoured it over a weekend when I should have been writing my grad school thesis. It was my introduction to the security community and the idea that somebody had to protect these new-fangled gadgets called computers. Back in those days, author

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin , Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the