One thing any Cyber Security Professional crave is good literature on the subject. While there are many books that cover the basics and introduce the reader to the field, there are few which have the potential to spark a debate. My search for such books led me to Cybersecurity Canon list. Cybersecurity Canon Project was started by Rick Howard, Chief Security Officer, Palo Alto Networks, somewhere around December, 2013. What started out as a hobby project, has now become an internationally accepted list of must-reads on Cyber Security. This include books in fiction, non-fiction and technical categories.
What is Cyber Security Canon list?
A canon is the list of works considered to be permanently established as being genuine and of the highest quality. The Cyber Security Canon list is a list of books that give a rich background and deep insights in the field of Cyber Security. Below is an interesting anecdote on how it came into existence in Rick’s own words.
A while back, I was perusing my collection and feeling superior to no one in particular because I had read these tomes when I suddenly realized that, although I remembered the gist of most of the titles, I did not remember a lot of the details. Frankly, I was a little embarrassed. I used to think that I was well read. The fact that I could not remember the details was a little disheartening and an indicator of how old I was. Right there in the basement, I decided to do something about it.
I gave myself the task of re-reading some of the more interesting books with the intent to take notes on the details so I could remember them in the future. Those notes eventually turned into book reviews that I published for my customers when I worked at iDefense. When I left iDefense, the new GM, Jason Greenwood, gave me permission to re-publish those reviews on my own personal blog site (Terebrate) as a service to the cybersecurity community. When I joined Palo Alto Networks, I re-published that collection on the Palo Alto Networks public-facing research blog in order to service a wider audience and start to build some community around the idea of a Canon.
After a couple of years of doing those reviews, I had a collection of about 20 that I thought represented the cybersecurity community. The reviews explained how these books told our cybersecurity history, explained our culture or represented the current and best thinking on a myriad of topics like cyber crime, cyber warfare, cyber hactivism, cyber espionage and privacy in a digital age.
I began to get the idea that this collection, and probably about a 100 more books that I had not reviewed or identified yet, made up a set of cybersecurity books that everybody in our community should have read at some point during their careers. Our community really needs a Cybersecurity Canon.
The Cybersecurity Canon Porject is now officially sponsored by Palo Alto Netoworks and has also been presented in RSA Conference 2014, San Francisco. The project has been well received by the Cybersecurity community and has the potential to rise further.
What categories are covered in this list?
The best thing about Cybersecurity Canon list is that it isn’t just restricted to technical books. It includes books from non-fiction and fiction genre as well. For a book to make it into the Canon, it must accurately depict the history of the cybercrime community, characterize key places or significant milestones in the community, or precisely describe technical details that do not exaggerate the craft.
The sub-categories covered by this list are as follow:
- Cyber History and Culture
- Cyber Crime
- Cyber Espionage
- Cyber Hacktivism
- Cyber War
How to nominate a book?
The Cybersecurity Canon list is open to all to nominate their favorite book in the field as a candidate to be inducted in the list. All one has to do is to submit a review as per the guidelines established by Rick. Once the review is accepted, the book becomes a potential candidate to be included in the list. The review will be published on the Official Cybersecurity Canon page.
Who has the final call?
Initially, Rick was the sole judge of which book should or should not be included in the list. However, as the project gained traction it became necessary to build a larger committee of industry experts to deliver the final results.
The current list of award winners include:
We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency (2012) by Parmy Olson in Cyber Hactivism Category
Spam Nation: The Inside Story of Organized Cybercrime from Global Epidemic to Your Front Door (2014) by Brian Krebs in Cyber Crime Category
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll in Cyber Espionage Category
Winning as a CISO (2005) by Rich Baich in Cyber History and Culture Category
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter in Cyber Warfare Category
Cybersecurity Canon Candidate List (2015)
Last year’s nominee list can be accessed here. Even though they didn’t make it to the Canon list they are worth a read. For example, Kevin Poulsen’s Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground explains the mechanisms of online credit card fraud.
This is a great initiative by Rick Howard. For reader’s like me it is certainly a boon to have such a list. This saves us a lot time and effort which is otherwise spent in the hunt for good books on the subject.
Uday Mittal (OSCP, Associate CISSP, DCPP) is the founder of Yaksas CSC. He has over 4 years of experience in dealing with various issues related to cyber security. He is actively working towards educating people on cyber security risks and steps to mitigate them. He’s also a member of (ISC)2, ISACA and DSCI.