I first met cybersecurity veteran, Rick Howard, when he joined Palo Alto Networks as Chief Security Officer. During our discussion, Rick mentioned an idea he was promoting for a cybersecurity canon: A list of must-read books for all cybersecurity practitioners -- be they from industry, government, or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and that, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.
Rick’s notion of a cybersecurity canon hit home for a few reasons. I am an avid reader of cybersecurity books and am usually reading or re-reading something. And whenever someone asked me how they could learn about cybersecurity concepts, I told them that they should eschew text books to start and begin their education by reading books like Cyberwar by Richard Clarke, Fatal System Error by Joseph Menn, Worm by Mark Bowden, and Kingpin by Kevin Poulsen.
Since our first meeting, Rick has formalized the cybersecurity canon process and recruited a committee of likeminded cybersecurity industry professionals to help him review and nominate cybersecurity books. In my humble opinion, this is an extremely worthwhile effort that the cybersecurity community at large should embrace.
It is important to note that while Rick works at Palo Alto Networks, the cybersecurity canon is really a benevolent industry effort. Because of Rick, Palo Alto is acting as a sponsor, but there is absolutely no proprietary or commercial agenda here at all.
Given our Vulcan mind-meld about the value of cybersecurity book reading, I am pleased, proud, and humbled to say that I’ve recently joined Rick to become a member of the cybersecurity canon. Furthermore, I just posted my first book review of the 2015 cybersecurity novel, The Florentine Deception, by Carey Nachenberg.
The entire review can be viewed here, but allow me to present a few highlights:
The book begins when cybersecurity expert, Alex Fife, is asked to clean up an old PC his father purchased at an estate sale, only to discover a piece of rather sophisticated malware that captures the user’s keystrokes and sends them to an e-mail server in Russia. To Fife, this situation doesn’t compute; and after a bit of forensic analysis and some sleuthing about the PC’s previous owner, he determines that this system compromise is no accident. During his investigation, Fife also discovers a mysterious detail he can’t quite figure out – something about an item known as the Florentine.
Once Fife becomes fanatical about the Florentine, he gets increasingly engaged in this cybersecurity adventure. As the book unfolds, his investigation evolves from the obsessive hobby of a rich, out-of-work technology executive to an international incident with potentially devastating national security implications.
Beyond its entertainment value, The Florentine Deception is a worthwhile read from an educational perspective as well. The author is an experienced cybersecurity professional and Symantec Fellow who certainly has in-depth experience with cyberattacks. This knowledge is clearly evident in his detailed but comprehendible descriptions of social engineering techniques, threat actors, and malware. The story also includes a credible, albeit frightening cyberwar-like ending. Thus the reader is forced to internalize the fact that a seemingly pedestrian computer infection could actually act as a puzzle piece in a Stuxnet-like offensive cyber-attack.
I highly recommend The Florentine Deception. It was a fun and easy book to read while also providing some real-world descriptions of the shadowy cybersecurity world we occupy. It is also worth noting that Nachenberg is donating the proceeds from this book to a number of children’s and veteran’s charities so purchasers/readers of this book will be entertained, educated, and altruistic at the same time. Cybersecurity professionals who enjoy reading the works of authors like Dan Brown (Digital Fortress) and Mark Russinovitch (Trojan Horse, Zero Day) will find this book particularly worthwhile.