topic Re: Introductory books or reading for the security curios? in Exam Preparation

Introductory books or reading for the security curios?

Beads — Wed, 14 Mar 2018 15:34:14 GMT

Keep hearing people ask for books or material from people asking to get started in security. Currently, I am recommending Ben Grimes latest book below. Any other suggestions?

https://www.amazon.com/Data-Driven-Computer-Security-Defense-Should/dp/1549836536/ref=sr_1_fkmr0_1?s=books&ie=UTF8&qid=1521041607&sr=1-1-fkmr0&keywords=ben+grimes+security

- Brent

Re: Introductory books or reading for the security curios?

Ben_Mead — Wed, 14 Mar 2018 20:39:11 GMT

Depending on whether you are focusing on technical security, organization security, data security or another domain I'd add these books to the "new to security" reading list as they are informative, without being overly complex and will likely help inspire a dialogue:

Data & Goliath: The Hidden Battles to Capture Your Data, Bruce Schneier, 2016

The Art of Invisibility, Kevin Mitnick, 2017

Everybody Lies, Seth Stephens-Davidowitz, 2017

Future Crimes, Marc Goodman, 2015

If you have someone who wants to go way back in time here are a few oldies (but goodies) that help formulate many of the foundations of insecurity in the hope of espionage:

The Puzzle Palace, James Bamford

Secrets and Lies, Bruce Schneier

...and if you want to cheat and use someone else's list, here's an obligatory DuckDuckGo top result:

https://heimdalsecurity.com/blog/best-cyber-security-books/

Re: Introductory books or reading for the security curios?

JoePete — Thu, 15 Mar 2018 18:13:52 GMT

Lots of possibilities, but for a departure from the purely technical, one of my favorites is Bruce Sterling's "The Hacker Crackdown." Well written account that covers the early days of battle between law enforcement and cyber thieves, vandals and explorers. Sure, it may be a bit dated, but bear in mind that in cybersecurity, the more things change, the more we keep writing passwords on post-it-notes 😉
https://en.wikipedia.org/wiki/The_Hacker_Crackdown

Re: Introductory books or reading for the security curios?

rslade — Thu, 21 Jun 2018 17:39:50 GMT

You want security books? There are tons of security books!

Sometimes there are even security books that I recommend people read!

You want one, single security book? Read "Security Engineering," by Ross Anderson. Best single volume security book I know. (And I know hundreds.)

(You don't even have to buy it, although I recommend you do, since he puts the previous edition up on the Web, so you can read that for free.)

Re: Introductory books or reading for the security curios?

CraginS — Thu, 28 Jun 2018 14:13:55 GMT

I always start the list of books to understand computer-, network-, information-, and cyber-security with Cliff Stoll's The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage.

That book is an easy read, draws the reader in like a good novel, and a great intro to why we all do what we do

Many items of understanding our field are embedded in that real world tale, including the very important fact that "this ain't new, folks." The book was published three decades ago, describing events even farther back.

1. Malicious hacking is not only by geeky introvert teenagers in mom's basement. Foreign nations do it, too. (No longer as an essential lesson to blow out a myth than ten years ago.)

2. It's not always for kicks; real espionage has been online all along.

3. "Lilly pad hopping" using multiple intermediary computers for packet transport to obscure the source is not new. (That term is not used in the book.)

4. Cliff implemented the first publicly known honeypot computer protection program, complete with live out-of-channel alert notification. (That term is not used in the book.)

5. Law enforcement and counter-intelligence agencies of multiple nations are hide-bound organizations resistant to major new information "not invented here," that is, information that is already on the list they already know they need to monitor or investigate.