My dear fellow colleagues,
After having passed CISSP last year I would like to get more knowledge on cryptography. Practical stuff like lifecycle, key management, crypto-period, best type of algo for specific usage, cloud & in-house HSM for keygen and signing etc...
The intro in CISSP was great but I want more hands on, use-case knowledge etc... Any books or online courses that you could recommend me ? Fyi, I'm less interested in the mathematical side of things.
Thank you for your advice
Some great resources listed in this thread. I would add NIST's guidance on:
key management (SP 800-57 parts 1, 2 and 3 as well as SP 800-131A) https://csrc.nist.gov/projects/key-management/key-management-guidelines
and key establishment https://csrc.nist.gov/Projects/Key-Management/Key-Establishment
The Cloud Security Alliance is accepting contributions to their draft Cloud Key Management charter up until the end of next month. https://cloudsecurityalliance.org/group/cloud-key-management/#_overview If you have time, you may want to get involved in that working group. I learned a great deal from my involvement in the NIST Cloud Computing Security working group and the NIST Cloud Forensic Science working group.
More stuffs here:
http://download.pgp.com/pdfs/Intro_to_Crypto_040600_F.PDF chapter two is a a bit of a product pitch, but even though it’s long in the tooth it’s a nice primer. Written by some interesting folks it’s a nice read in of itself.
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip Didn’t see this added by previous posters, and it’s in the rabbit hole, so I’ll put it in. A lot of conference material was put online as well, and is pretty searchable.