I am a cybersecurity risk management thought leader and subject matter expert with hands-on experience in managing and measuring large-scale cybersecurity programs, system security architecture, cybersecurity tools and techniques, cybersecurity forensics, audit of information systems and networks, and technology control processes. I have spent my career educating others in cybersecurity, mostly because it has always been necessary to educate staff; and colleagues soon recognized that I was easily able to handle the transition from staff training to external classroom environments. But my main motivation for external cybersecurity education is to get feedback from the cybersecurity professional community on my approaches to today’s cybersecurity issues.
It is a reporter’s account of a cybersecurity entrepreneur stumbling into criminal and nation-state level cyberattacks, assisting in the investigation, and ultimately becoming a target. The writing is clear and accessible to the non-technical reader but it still conveys a good sense of what it is like to witness and investigate cyber-crime. It is a suspenseful human drama.
In 2004, a California computer whiz named Barrett Lyon uncovered the identity of a hacker running major assaults on business websites. Without fully grasping the repercussions, he set on an investigation that led him into the heart of the Russian mob. Cybercrime was evolving. No longer the domain of small-time thieves, it had been discovered by sophisticated gangs. They began by attacking corporate websites but increasingly stole financial data from consumers and defence secrets from governments. While Barrett investigated the cutting edge of technology crime, the U.S. government struggled to catch up. Britain, however, was a different story. In the…
I’m a theologian who started out as a computer scientist. Teaching classes on AI got me wondering, not just whether we’d ever be able to create a human-like AI, but why we wanted to do so in the first place. It seemed to me that computers were the most helpful when they did the things we are not very good at—crunching big calculations, or exploring Mars—stuff we can’t do. That got me thinking that there might be something spiritual going on, that in a world where we increasingly no longer believed in God or angels, we were lonely. That we didn’t want a tool but a companion.
Brevini gives us something real to worry about—climate change. Did you know that using ChatGPT to look something up can take up to ten times as much energy as doing a Google search?
To most of us, AI seems like something that just happens in thin air (the cloud). But, in reality, the data centers needed to train and run AI rely on a variety of scarce resources and eat up vast amounts of energy in doing their calculations. This little book of just 109 small pages lays out the many ways in which AI is contributing to climate change.
An AI-centric world will be a hot and stormy one, increasingly inhospitable for both humans and machines. And that has me worried.
Artificial intelligence (AI) is presented as a solution to the greatest challenges of our time, from global pandemics and chronic diseases to cybersecurity threats and the climate crisis. But AI also contributes to the climate crisis by running on technology that depletes scarce resources and by relying on data centres that demand excessive energy use.
Is AI Good for the Planet? brings the climate crisis to the centre of debates around AI, exposing its environmental costs and forcing us to reconsider our understanding of the technology. It reveals why we should no longer ignore the environmental problems generated by AI.…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
Gary McGraw has been an advocate for the importance of developing secure software during the more than 15 years that I have known him, and before that! He has written a number of books, but this one captures his philosophy on how to develop secure software. It’s an excellent resource for practitioners and management.
"When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies
"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor
"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF…
I have worked in cybersecurity for over 20 years and think it’s one of the most important topics in our modern world. Everyone needs to be secure–from young kids to elderly people avoiding online scams. As a practicing Chief Security Officer, I work with security technology and people every day, and I’m getting to live my childhood dream of being a writer helping people understand these complex challenges. Security is a part of the foundation of Maslow’s Hierarchy of Needs and allows everyone to live up to their full potential as humans. People are the most important part of security, and you don’t need a degree in computer science to be cyber secure.
This book was one of the biggest inspirations for me when I wrote my book.
Running a team of technology experts is really hard, so instead of writing a reference manual or an inspirational leadership memoir, Kim tells the story of a group of people who work together to learn the same best practices that have been in use for decades in the manufacturing and project management industries.
This hits close to home since I can recognize myself and many of my colleagues in each of the vivid characters.
***Over a half-million sold! And available now, the Wall Street Journal Bestselling sequel The Unicorn Project***
"Every person involved in a failed IT project should be forced to read this book."-TIM O'REILLY, Founder & CEO of O'Reilly Media
"The Phoenix Project is a must read for business and IT executives who are struggling with the growing complexity of IT."-JIM WHITEHURST, President and CEO, Red Hat, Inc.
Five years after this sleeper hit took on the world of IT and flipped it on it's head, the 5th Anniversary Edition of The Phoenix Project continues to guide IT in the DevOps revolution.…
I’m just a book-loving girl working in a corporate world who’s sick to death of the inaccurate representations of technology in fiction. FYI, tracing a phone call is instantaneous, no need to keep that pesky murderer on the line these days. Technology is so ingrained in our daily lives and most people have very limited knowledge of what it actually does, so I became fascinated with the idea of using real modern-day tech in murder mysteries. I got so obsessed with the idea I decided to write it. No Sci-Fi of future tech, it may seem farfetched, but all the electronic wizardry used in my novels is real and accurately represented.
Ah, Dan Brown. Love him or hate him, he’s a paragon of the modern thriller. Let’s go way back to 1998. It was pre-DaVinci Code, and he released his first novel, Digital Fortress. For the time period, it was a unique idea. A woman cryptologist at the NSA gets embroiled in a high-stakes murder mystery and the only way through is to solve the code. There are a lot of issues with this book, primarily that the author couldn’t be bothered to check his work and misuses bits and bytes throughout the whole novel which makes the code-breaking premise ridiculous. But to be fair, this was 1998 and for a first novel, it’s still a fun ride. So, if you’re a Dan Brown fan or love a fast-paced easy read give it a try. If you have even a basic understanding of how encryption works you may…
A former National Security Agency programmer threatens to release a mathematical formula that will allow organized crime and terrorism to skyrocket, unless the code-breaking computer that is used to keep them in check but that violates civil rights is not exposed to the public.
I started learning cryptography in the early 2000s with books borrowed from my university’s library, and with information I could find online. Since then I’ve practiced cryptography for 15 years in a variety of contexts: as an academic researcher, while working on my PhD; as a cryptography engineer for software and hardware pay-TV systems; as a consultant for private and public sector clients; as a vulnerability researcher in my spare time; as a code auditor for cryptography projects; as a start-up founder in the domain of IoT security; and as CSO (chief security officer) of a fintech start-up. I live in Lausanne, Switzerland, and besides crypto I enjoy literature, rock climbing, and playing classical guitar.
Although David is a friend, I only recommend his book because it’s great, both in terms of content and presentation. Real-World Cryptography is today’s reference book about cryptographic tools and applications: Modern schemes such as the SHA-3 hash function and the Noise protocol framework, end-to-end encryption protocols, cryptocurrencies’ cryptography mechanisms, as well as emerging techniques like fully-homomorphic encryption and multi-party computation; Wong’s book delivers a practice-oriented, accessible introduction, enriched by many visual illustrations (including original comics strips!), and exercises (with their solutions).
If you're browsing the web, using public APIs, making and receiving electronic payments, registering and logging in users, or experimenting with blockchain, you're relying on cryptography. And you're probably trusting a collection of tools, frameworks, and protocols to keep your data, users, and business safe. It's important to understand these tools so you can make the best decisions about how, where, and why to use them. Real-World Cryptography teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications. about the technologyCryptography is the foundation of information security. This simultaneously ancient and emerging…
I’ve been passionate about science as a way of learning how nature works and approaching truth since I was a pre-teen. After five decades of basic research, teaching, and management in physics, I can distinguish good science from pseudoscience even beyond my own areas of expertise. I am greatly disturbed by attempts to undermine science in public policy-making when its findings conflict with ideology, religious beliefs, or business bottom lines. My passion project, via my blog debunkingdenial.com, is to explain to teachers and the public the underlying science and the flaws in science denial across a wide range of topics at the interface with public policy.
I love this book because Perlroth chronicles the proliferation of cyberweapons, which began in the hands of mischievous young hackers exploiting vulnerabilities in widely used software. Once some of those hackers joined the NSA, their tools were developed into sophisticated weapons to undercut technological developments in enemy states like Iran.
Once NSA’s hacks leaked to the wider world, they spawned an arms race and fueled rampant criminal ransomware attacks on vulnerable institutions. Informed by Perlroth’s book, I see a future in which dwindling human fertility and the ballooning costs of advanced weaponry will enhance the military role of cyber-attacks, leading to Mutually Assured Cyber Destruction, in which many countries have cyberweapons deeply embedded in the critical infrastructure of their adversaries, just waiting to activate them.
THE NEW YORK TIMES BESTSELLER * Winner of the Financial Times & McKinsey Business Book of the Year Award * Bronze Medal, Arthur Ross Book Award (Council on Foreign Relations)
"Written in the hot, propulsive prose of a spy thriller" (The New York Times), the untold story of the cyberweapons market-the most secretive, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
Zero-day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy's arsenal, a zero-day has the power…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
The title says it all. This is probably one of the first, if not the first book on secure
coding, by a pioneer in the field. Robert
worked tirelessly to make this happen. Although the book has been superseded by
the secure coding standards that evolved from it, it is still a good read and
contains a lot of useful information for developers.
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them
Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.
Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow's attacks, not…
Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
This book captures lessons from many authors at Google, some of whom I’ve worked with over the years. The chapters on availability (7, 8, 9) were a revelation to me. I had no idea how Google approaches the topic of resilience and recovery in their systems, and I now think of the whole topic very differently. The biggest takeaway is how to think about the design of systems.
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.
Two previous O'Reilly books from Google-Site Reliability Engineering and The Site Reliability Workbook-demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain…
I have worked in cybersecurity for over 20 years and think it’s one of the most important topics in our modern world. Everyone needs to be secure–from young kids to elderly people avoiding online scams. As a practicing Chief Security Officer, I work with security technology and people every day, and I’m getting to live my childhood dream of being a writer helping people understand these complex challenges. Security is a part of the foundation of Maslow’s Hierarchy of Needs and allows everyone to live up to their full potential as humans. People are the most important part of security, and you don’t need a degree in computer science to be cyber secure.
I loved this one because there are so many really influential people in the world today who started out as hackers. Former Texas Legislator and presidential candidate Beto O’Rourke was a member of one of the first hacker groups, The Cult of the Dead Cow.
What really makes this one stand out for me was how Menn was able to illustrate how our culture of cybersecurity today, things like responsible disclosure of security vulnerabilities, was shaped by the hacker ethos as a response to mega corporations actively trying to ignore the problem or even suing researchers to prevent them from talking rather than to fix the issues.
Cult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. With its origins in the earliest…
