Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
Loren’s been contributing to security for over 40 years, and this book captures his hard-won wisdom in a way that’s both humble and accessible. It scales from principles and design approaches to in-depth explanations of exactly how things go wrong and how to avoid those problems. (Also, I was honored to write the foreword.)
Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts. The second part, perhaps this book's most important contribution, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written…
I am a cybersecurity risk management thought leader and subject matter expert with hands-on experience in managing and measuring large-scale cybersecurity programs, system security architecture, cybersecurity tools and techniques, cybersecurity forensics, audit of information systems and networks, and technology control processes. I have spent my career educating others in cybersecurity, mostly because it has always been necessary to educate staff; and colleagues soon recognized that I was easily able to handle the transition from staff training to external classroom environments. But my main motivation for external cybersecurity education is to get feedback from the cybersecurity professional community on my approaches to today’s cybersecurity issues.
Amoroso’s experience started with academic research at Bell Labs and Stevens Institute of Technology but moved quickly to practically fill voids at AT&T and NSA. His book reduces technical concepts in cybersecurity to basic principles and explains generically how they are effectively implemented. For the true techy who wants to fully understand all the formal logic behind the theories in Cyber Attacks, reach back to Ed Amoroso’s Fundamentals of Computer Security Technology (1994).
Cyber Attacks takes the national debate on protecting critical infrastructure in an entirely new and fruitful direction. It initiates an intelligent national (and international) dialogue amongst the general technical community around proper methods for reducing national risk. This includes controversial themes such as the deliberate use of deception to trap intruders. It also serves as an attractive framework for a new national strategy for cyber security, something that several Presidential administrations have failed in attempting to create. In addition, nations other than the US might choose to adopt the framework as well.
This book covers cyber security policy development for…
Austen-inspired works are nothing new (think the movie Clueless or "The Lizzie Bennet Diaries" vlog) but unless you’re walking around the Austen fan world, you might not realize just how many books are out there. I became immersed in that world around 2006, and since then, I’ve written four Austen retellings, one Austen-inspired original novel, and several short stories. I’ve read countless other works (both published and on the internet,) and now run a little website called Austen Through the Ages. Below I list 5 Pride & Prejudice-inspired novels that ring true for me—they bring Austen’s themes and characters into modern settings, each putting a unique spin on the classic tale.
Whereas Darcy caught more of my attention in the last book pick, a modern, resilient Elizabeth drew me into this story. This is the first of three volumes in a trilogy about ex-Marine, terrorism survivor, and cybersecurity expert Elizabeth and businessman Darcy. Not as much angst between the two principal characters, but plenty of action to be had in this one.
Elizabeth Bennet never wanted to be a hero. She'll just have to deal with it.
A few months after teaming up with Major Richard Fitzwilliam to thwart a terrorist attack in Europe, USMC Staff Sergeant Elizabeth Bennet is back in the States as a civilian. Her training in cyber-security makes finding work easy, and she’s learning to fit into her new life. But there is lingering fallout both from the attack and her life before it that she's not yet prepared to face.
Complicating matters is the major’s handsome cousin.
Co-owner of Darcy Acquisitions, CEO of FORGE, and guardian to…
I am a cybersecurity risk management thought leader and subject matter expert with hands-on experience in managing and measuring large-scale cybersecurity programs, system security architecture, cybersecurity tools and techniques, cybersecurity forensics, audit of information systems and networks, and technology control processes. I have spent my career educating others in cybersecurity, mostly because it has always been necessary to educate staff; and colleagues soon recognized that I was easily able to handle the transition from staff training to external classroom environments. But my main motivation for external cybersecurity education is to get feedback from the cybersecurity professional community on my approaches to today’s cybersecurity issues.
The book portrays a scenario in which nation-state adversaries launch a sophisticated cyberattack against the United States.Though it is science fiction, the political scenario it depicts is a realistic description of how today’s nation-states consider technology options when they are engaged in traditional war. For people interested in cybersecurity and attracted to that genre, it will be an eye-opening experience because the basic scenarios it describes are very easy to project into the near future. It is also a tale of adventure.
Ghost Fleet is a page-turning imagining of a war set in the not-too-distant future. Navy captains battle through a modern-day Pearl Harbour; fighter pilots duel with stealthy drones; teenage hackers fight in digital playgrounds; Silicon Valley billionaires mobilise for cyber-war; and a serial killer carries out her own vendetta. Ultimately, victory will depend on who can best blend the lessons of the past with the weapons of the future. But what makes the story even more notable is that every trend and technology in book - no matter how sci-fi it may seem - is real. The debut novel by…
I have been an information technology and cybersecurity professional for over two decades. I’ve learned over and over again that “people are the weakest link.” You can build the most secure system in the world, with stringent password requirements. But if the user writes their password down and leaves it where someone else can see it, system security is irrelevant! The easiest way to gain access to a system is via “social engineering” – to trick a human being into giving you the access you need, rather than trying to hack the systemitself. The books on this list will help the reader lower their chances of being exploited like this.
This book focuses on cybersecurity for parents and teenagers, specifically focusing on social media. As a parent of a teenager myself, I know how critical this area really is. Teens are often using social networks and communication channels that their parents are mostly or completely unfamiliar with. Due to that lack of familiarity, parents have a hard time monitoring or setting appropriate limits on the ways their children use social media. Author Effie Manolas wrote this book for both parents and teens, enabling an open conversation on both the benefits and the risks of social media.
Do you feel your child isn’t using social media correctly?
Social media is a powerful platform that can either make the world better–or more dangerous. When a person doesn’t know how to use social media the right way, they can break relationships, disseminate false information, or even tarnish their own reputation.
As a parent, the last thing you want is for your child to be using social media in a way that can hurt them. But parents can hardly help their children if they themselves remain oblivious to the repercussions of their behavior on social media.
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.
"This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle."
-Steve Riley, senior security strategist, Microsoft Corporation
"There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one."
I am a cybersecurity risk management thought leader and subject matter expert with hands-on experience in managing and measuring large-scale cybersecurity programs, system security architecture, cybersecurity tools and techniques, cybersecurity forensics, audit of information systems and networks, and technology control processes. I have spent my career educating others in cybersecurity, mostly because it has always been necessary to educate staff; and colleagues soon recognized that I was easily able to handle the transition from staff training to external classroom environments. But my main motivation for external cybersecurity education is to get feedback from the cybersecurity professional community on my approaches to today’s cybersecurity issues.
A reporter’s account of nation-states' relentless pursuit of superior offensive capability. Although former NSA officials may not agree with every word, it is generally acknowledged to be a true trail of facts available to reporters. Most cybersecurity staff are routinely muzzled by legal confidentiality agreements in the same manner as staff who have access to business trade secrets. There are few reporters who have had as much access as Perlroth to those individuals.
THE NEW YORK TIMES BESTSELLER * Winner of the Financial Times & McKinsey Business Book of the Year Award * Bronze Medal, Arthur Ross Book Award (Council on Foreign Relations)
"Written in the hot, propulsive prose of a spy thriller" (The New York Times), the untold story of the cyberweapons market-the most secretive, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
Zero-day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy's arsenal, a zero-day has the power…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
The title says it all. This is probably one of the first, if not the first book on secure
coding, by a pioneer in the field. Robert
worked tirelessly to make this happen. Although the book has been superseded by
the secure coding standards that evolved from it, it is still a good read and
contains a lot of useful information for developers.
Learn the Root Causes of Software Vulnerabilities and How to Avoid Them
Commonly exploited software vulnerabilities are usually caused by avoidable software defects. Having analyzed tens of thousands of vulnerability reports since 1988, CERT has determined that a relatively small number of root causes account for most of the vulnerabilities.
Secure Coding in C and C++, Second Edition, identifies and explains these root causes and shows the steps that can be taken to prevent exploitation. Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow's attacks, not…
I’m a theologian who started out as a computer scientist. Teaching classes on AI got me wondering, not just whether we’d ever be able to create a human-like AI, but why we wanted to do so in the first place. It seemed to me that computers were the most helpful when they did the things we are not very good at—crunching big calculations, or exploring Mars—stuff we can’t do. That got me thinking that there might be something spiritual going on, that in a world where we increasingly no longer believed in God or angels, we were lonely. That we didn’t want a tool but a companion.
Brevini gives us something real to worry about—climate change. Did you know that using ChatGPT to look something up can take up to ten times as much energy as doing a Google search?
To most of us, AI seems like something that just happens in thin air (the cloud). But, in reality, the data centers needed to train and run AI rely on a variety of scarce resources and eat up vast amounts of energy in doing their calculations. This little book of just 109 small pages lays out the many ways in which AI is contributing to climate change.
An AI-centric world will be a hot and stormy one, increasingly inhospitable for both humans and machines. And that has me worried.
Artificial intelligence (AI) is presented as a solution to the greatest challenges of our time, from global pandemics and chronic diseases to cybersecurity threats and the climate crisis. But AI also contributes to the climate crisis by running on technology that depletes scarce resources and by relying on data centres that demand excessive energy use.
Is AI Good for the Planet? brings the climate crisis to the centre of debates around AI, exposing its environmental costs and forcing us to reconsider our understanding of the technology. It reveals why we should no longer ignore the environmental problems generated by AI.…
Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.
This book captures lessons from many authors at Google, some of whom I’ve worked with over the years. The chapters on availability (7, 8, 9) were a revelation to me. I had no idea how Google approaches the topic of resilience and recovery in their systems, and I now think of the whole topic very differently. The biggest takeaway is how to think about the design of systems.
Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.
Two previous O'Reilly books from Google-Site Reliability Engineering and The Site Reliability Workbook-demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain…
