Skip to main content

About this Blog

My name is Rick Howard and I am a cyber security geek[1]. I have been thinking about computer security issues for well over two decades now. Like most of my colleagues, one of the things I love about the subject is that it is constantly changing. If you want to keep up, you have to work at it. Many of us do that by reading (among other things). The number of security blogs in my current weekly reading rotation is north of 55. Most of those fall into two broad content categories: News Analysis and Technical Explanation. In the Technical Explanation category, some bloggers review the latest and greatest technical books that hit the market. All of that content is invaluable to the Cyber Security Geek.

What I have discovered in the current manifestation of the blogosphere is a lack of content in three specific areas:

1: Cyber Security Book Reviews regarding

  • Canon (Books that you should have read by now if you are a cyber security professional)
  • Historical Context (Books that explain where we have been as a community so that we can understand where we are going).
  • Intelligence Collection (Fiction and Non-Fiction that explains the current thinking and where the community might go).
  • Novels about Hackers and Hacking (Stories that describe real hacking techniques and the people behind the hacks).
  • Communication (Books that have helped me in my career communicate highly technical information to non-technical people).

2: Assessments of the current state of Actor motivations
  • Espionage
  • Crime
  • Warfare
  • Terrorism
  • Hacktavism

3: Future Mitigation Strategies (Ideas about what we might do in the future to mitigate the cyber security threat).

Instead of News and Analysis or Book Reviews for highly technical topics, I am interested in writing about broader subjects. I still need the other stuff and I am grateful that there are good writers out there addressing those needs. But this blog (Terebrate) will try to fill that niche that is missing in my humble opinion. The word, "Terebrate," is an uncommon word meaning "to pierce" or "to perforate [2]." My intent is to pierce through the fog on some of these cyber security content areas that are not typically covered by the community in blog form.

I hope that you will enjoy it.

Rick Howard
Cyber Security Geek
15 December 2012


[1]: Websters Online Dictionary, "Speciality Definition: geek," Domain: Computing.

[2] "terebrate." STANDS4 LLC, 2012. Web. 15 Dec. 2012. <>.

Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.

This i…

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of…

Book Review: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll

Executive Summary

This book is a part of the cyber security canon. If you are a cyber security professional, you should have read this by now. Twenty years after it was published, it still has something of value to say on persistent cyber security problems like information sharing, privacy versus security, cyber espionage and the intelligence dilemma. Rereading it after 20 years, I was pleasantly surprised to learn how pertinent that story still is. If you are not a cyber security professional, you will still get a kick out of this book. It reads like a spy novel, and the main characters are quirky, smart, and delightful.


The Cuckoo’s Egg is my first love. Clifford Stoll published it in 1989, and the first time I read it, I devoured it over a weekend when I should have been writing my grad school thesis. It was my introduction to the security community and the idea that somebody had to protect these new-fangled gadgets called computers. Back in those days, authors put their …