The Cuckoo's Egg - Cliff Stoll
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage Paperback, 2005 (Audio available)
Cliff Stoll's captivating narrative unfolds the remarkable tale of an astronomer who transitioned into an adept cyber investigator. It all began with the discovery of a minuscule billing discrepancy, mere cents, within the computer systems under his purview. This incident took place in 1986, a time predating what we now recognize as the era of modern cybersecurity and the Internet.
What elevates this book to cult classic status within the realm of Cybersecurity Incident Response (IR) is Stoll's adept adoption of the very principles that define a great cyber investigator. In essence, he methodically questions anomalies that defy logic and constructs controlled test conditions to scrutinize his hypotheses.
For those intrigued by Stoll's journey, PBS has immortalized it in a documentary titled 'The KGB, the Computer, and Me.' This documentary is accessible on YouTube at https://www.youtube.com/watch?v=PGv5BqNL164.
Ghost in the Wires - Kevin Mitnick
Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker (Audio available)
This is the remarkable narrative of the renowned hacker, Kevin Mitnick. It unfolds as a captivating tale, brimming with humor, tracing his early foray into the world of phone phreaking—tampering with the archaic Bell telephone system—and his subsequent evolution into a computer system hacking prodigy.
The Unicorn Project - Gene Kim, Frankie Corzo
The Unicorn Project: A Novel About Developers, Digital Disruption, and Thriving in the Age of Data (Audio available)
This sequel to "The Phoenix Project" offers an engaging portrayal of a business enterprise and its Information Technology (IT) department, vividly illustrating the myriad organizational challenges they grapple with. Nearly every reader or listener is bound to identify some striking parallels between this fictional organization and their own experiences. While not a cybersecurity-centric tome, it underscores the critical importance of cybersecurity professionals possessing a robust comprehension of DevOps. Such understanding is pivotal in enabling them to effectively bolster their organizations and ensure the seamless delivery of cybersecurity systems.
Amidst the narrative's humor, one standout character is the head of IT security. His character serves as a comical embodiment of obstructionism, as he inadvertently becomes a hindrance rather than a help to the IT team. His actions are marked by arbitrary roadblocks, earning him the label of an impediment. He ends up going on a multi-day-bender. Eventually, he undergoes a transformation, after a multi-day hiatus, he returns to the office with a newfound willingness to assist the team. The underlying message here is clear: Let's strive to avoid becoming that kind of obstacle and go on multi-day-benders for more enjoyable reasons.
The Threat Intelligence Handbook: Recorded Future, Chris Pace, et al.
The Threat Intelligence Handbook: A Practical Guide for Security Teams to Unlocking the Power of Intelligence (Audio available)
Cyber Threat Intelligence (CTI) stands as an indispensable cornerstone of cybersecurity, warranting its inclusion in this curated list. This particular book hails from Recorded Future, a recognized leader in the realm of CTI. What sets this book apart is its availability in audio format, making it accessible to a broader audience. Additionally, for those seeking to explore CTI further, I recommend exploring Recorded Future's podcast, "CyberWire Daily." These resources collectively enrich your understanding of the vital field of Cyber Threat Intelligence.
How to Measure Anything in Cybersecurity Risk - Douglas W. Hubbard, Richard Seiersen
How to Measure Anything in Cybersecurity Risk (Audio available)
Cyber Risk Analysis (CRA) constitutes an indispensable pillar of cybersecurity, warranting its rightful place in this curated collection. Douglas Hubbard, acclaimed for his book "How to Measure Anything," has extended his expertise to produce this follow-up work, which delves deeper into the nuanced domain of cyber risk measurement. While there are numerous cybersecurity risk books that provide extensive insights into the multifaceted realm of cyber risk, this book distinguishes itself by being available in an audio format. This accessibility factor broadens its appeal to a wider audience. Thus, it earns its spot on this list as a valuable resource for those seeking to enhance their understanding of the intricate field of cyber risk.
Comments