What I’m Reading
This is How They Tell Me the World Ends: The Cyberweapons Arm Race by Nicole Perlroth
Great background for the situation within which we find ourselves in 2023. Pearlroth connects the cyber dots from Stuxnet to the Ukraine and everywhere in between.
OSINT Techniques: Resources for Uncovering Online Information by Michael Bazzell
A comprehensive, step-by-step process (including what lists of Linux commands to run) for creating a computer environment for doing Open Source Investigations that will stand up in court. Plus a comprehensive discussion of many of the tools, websites, and services out there the collect all kinds of information available to anyone.
Extreme Privacy by Michael Bazzell
Written for anyone that needs as much privacy as their situation demands, this book lays out how you as an individual can be as private as possible while living your life in a world based on technology. It provides information to assess your own situation as sell as step by step instructions on how to implement the things that make sense for you. If you’re serious about privacy either by choice or cirucumstance, this book is the most comprehensive out there. While the step by step instructions will age as time goes on and technology changes, the basics will most likely remain the same.
Deep Dive: Exploring the Real-world Value of Open Source Intelligence 1st Edition by Rae L. Baker
More OSINT tools and techniques. Baker has a passion for following ships at sea, which is oddly interesting.
Cybersecurity for Small Networks: A Guide for the Reasonably Paranoid by Seth Enoka.
Want to install a hardware firewall on your home network? How about an Intrusion Detection System (IDS) and use a Security Event and Information Management (SEIM) system to see what’s going on? Then this is the book for you.
While it may seem like overkill to say if you set all that up in your home system you’ll know how they do it at work, it does give you a major leg up in understanding how to defend against threats as you’ll be able to understand what the blue team is doing where you work. Who knows, you may be offered a job on their team.
How Cybersecurity Really Works: A Hands-On Guide for Total Beginners by Sam Grubb
There’s lots of places to start learning about cyber security. This is one. Nice intro if you’re interested to know more because of your job, volunteer position, or friends.
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide by Mike Chappel, et al.
I read this as the cornerstone for studying for my CISSP exam, which I understand has a 20% first time pass rate. While the CISSP has been criticized as a mile wide and a foot deep, that’s also its strength. This study guide is actually a good overview of the whole field, from a manager/director/VP/CISO perspective. I’m sure I’ll refer to it to refresh my memory on things.
What I learned is that it’s only about 75% of all the knowledge I needed to pass the exam. In that sense, it’s not comprehensive. Because the CISSP assumes you already have experience in networking, there’s more to the networking you’ll need than is in this book.
CompTIA Network+ Certification All-in-One Exam Guide, Eighth Edition (Exam N10-008) by Scott Jernigan
Which brings me to book that I read when I was considering the Network+ exam. It’s a fairly comprehensive explanation of all things networking and dives deep into the intricacies of ethernet frames, the OSI model, just about every protocol out there, etc. If you can get through it, it’s a great overview of networking. If you can’t, it’s a great reference as it’s written clearly. To pass the exam, you’ll need hands on work in order to cement the ideas as there’s just so much to digest. But if you’ve ever wanted to know what’s what in networking, this is a great reference.
Linux Basics for Hackers by Occupy the Web
If you want to learn Linux and you fancy yourself a hacker of sorts, this is a good, first book. It covers what you need to know from a reconnaissance perspective. Occupy the Web is the nomme de plume for a former professor who now teaches people the hacking side of things. His site, Hackers Arise has a lot of great info on how to hack all kinds of things, from computers to cars. He puts his skills where his mouth is by providing OSINT to Ukraine’s forces in order defeat Putin.
The Risk Business: What CISOs Need to Know About Risk-Based Cybersecurity by Levy Gundert
A great book on understanding the risks you’re protecting in cybersecurity from a business perspective. This fits well into the CISSP mindset as they’re essentially the same: there’s only so much money and people power avaialble to you to protect what needs to be protected. Look at the risks, calculate their probability of occuring and the damage they can do. Let the results of that assesment guide you in the measures you need to take.
This approach allows you to speak the language of the CEO and the CIO, which makes cybersecurity important to the mission of the company instead of just an expense in and of itself.