March 3, 2015

Last Updated on March 3, 2015

Rick Howard, the Chief Security Officer at Palo Alto Networks, has a project going called The Cybersecurity Canon. It’s a list of “must-read” books that “…if not read, leaves a hole in a cybersecurity professional’s education that will make the practitioner incomplete.”
Provocative words! Who is Rick Howard to say that you or I am incomplete as a practitioner just because we haven’t read the books he recommends? These must be some pretty darn good books…
And, indeed, they are good books. Maybe even great books. To make it into Rick’s canon, a book “must accurately depict the history of the cybercrime community, characterize key places or significant milestones in the community, or precisely describe technical details that do not exaggerate the craft.”
This isn’t about technical how-to—it’s about “books that not only tell us how something works, but why.” As a global society and a cybersecurity “culture,” how did we get here? What are cybercrime, hacktivism, nation-state espionage and all-out cyber war really all about, from the standpoint of human history and human motivations? How and why do hackers hack?
Rick himself nominated twenty books to the original candidate list, and lots of other folks have recommended others. They include both fiction and nonfiction—everything from Spam Nation to The CERT Guide to Insider Threats to The Girl with the Dragon Tattoo.
You can make your own recommendations to the canon, too! This is intended to be a “community event,” so step right up and get involved. Books are added to the current canon as part of an ongoing process that includes voting and non-voting membership, a team of official reviewers and an official submission schedule.
Check out the current list of nominee titles. Public Internet voting opens on February 1, 2015 and the winners will be inducted into the canon during the Ignite Conference in Las Vegas on April 1, 2015.
Also of interest are Rick’s reviews of the books he’s nominated, which appear in the Palo Alto Networks blog. For example, his thoughts on The Practice of Network Security Monitoring by Richard Bejtlich tell me exactly why this is a book that will elevate my professional practice. Rick asks: “Can you work through all the examples in this book and make sense of it all? … If you can, you may have a future in the cybersecurity industry… If you can’t, then cybersecurity might not be for you.” In other words: this book defines the basic skills you need to succeed in our field.
As professionals, we owe it to ourselves and our clients to be well rounded and well read. The Cybersecurity Canon takes a lot of the work out of deciding what to read and why, and it’s a ton of fun to boot. I recommend you check it out.
Meanwhile, to check out a state-of-the-art practice in information security assurance, audits and ISO 27001 certification, and talk over how we can assist your organization with security and compliance, contact Pivot Point Security.