Breaking Badness Book Club #2
We’re sharing the next installment of our Book Club! If you haven’t had a chance, go back and listen to Episode 1. In our Book Club, we dive into books we’ve found helpful or interesting in our cybersecurity/infosecurity careers. Listen to the episode for full details, but catch where to find our top picks if you’d like to read them yourself here:
Kali’s Top Cybersecurity Book Picks
For this iteration of Book Club, Kali’s top Cybersecurity pick is Bluenomicon: The Network Defender’s Compendium published by Splunk. If you’re wondering about the title, “nomicon” means a book of knowledge on a specific topic, which makes sense – this is a book of knowledge from luminaries in the industry regarding Blue Teaming.
The eBook is comprised of essays and is divided into three sections:
- Counsel of Sages: essays written by those recognized as leaders in the industry regarding the importance of good leaderships in the field
- Wisdom of Cybersecurity Wizards: this section contains stories from practitioners in the field
- Tales of Blue Team Heroism: this section is more esoteric strategies needed to protect oneself from threats
It’s definitely an interesting read with imaginative graphics that fit the theme of the eBook. If you haven’t checked it out already, you can download it on Splunk’s website, but it is a longer eBook – Kali printed it at her local library (shout out to libraries!)
Kali’s Non-Cybersecurity Picks
While she’s still working through these books, Kali is currently reading The Far Traveler: Voyages of a Viking Woman and Missing Witches: Recovering True Histories of Feminist Magic. Here’s another plug for libraries – Kali’s actually listening to both of these on audiobook using the Libby app.
Kali’s Local Bookstore Recommendation
As Kali is a Clevelander, she is recommending another Cleveland bookstore: Loganberry Books. It’s got an old-timey feel to it – kind of a combination between Hogwarts and the Beast’s library from Beauty and the Beast. And there’s usually a cat wandering around, which is always a plus.
Ian’s Top Cybersecurity Book Picks
Ian went through the books discussed in Episode 1 and noticed that we hadn’t mentioned any female or nonbinary authors! That was remiss of us. Especially because Kim Zetter is well-known to anyone who pays attention to the infosecurity space – she’s been a powerhouse journalist for more than two decades now.
With that, Ian’s pick is Countdown to Zero Day by Kim Zetter. Countdown tells the story of Stuxnet in detail that wasn’t available previous – exhaustively researched, and compellingly told. In a larger macro sense, Zetter lays out one of the first deep dives on the idea of a digital weapon and the philosophy and debates surrounding it. Countdown also relates the steep rise in offensive cyber operations – mostly of a surveillance sort – and the development of both government and private-sector ways of understanding and mitigating this new environment.
At the same time, Zetter also makes clear how deeply connected cybersecurity is to geopolitics (in this case, Iran and nuclear proliferation) and how important it is to understand and keep current on real-world developments as well.
She’s also a compelling and thoughtful speaker, and Ian got to hear her keynote Black Hat 2022 in fine style. Highly recommended to seek out her book, her talks, and her articles.
Ian also recommended Normal Accidents, which was originally a recommendation by @SwiftOnSecurity. Written in 1984 by Yale Sociologist Charles Perrow, it has nothing to do with infosec, and at the same time, everything. Perrow goes through a number of industrial accidents rather painstakingly, from the nuclear industry, to air travel, petrochemical plants, marine accidents, and more. Perrow does an excellent job at understanding accidents as results of system interactions, including the humans involved, and how complex systems in particular are prone to surprising and unexpected interactions – this plays deeply into technology in general, IT in particular, and security almost perfectly.
Perrow highlights “interactive complexity” as a system characteristic that increases the likelihood of the system performing, or not performing, in unexpected ways especially during a critical incident. He also outlines the importance of loosely and tightly-coupled systems; he explains “tightly coupled” as “…processes happen very fast and can’t be turned off, the failed parts cannot be isolated from other parts, or there is no other way to keep the production going safely.” Ian having come into his own in technology as someone on the sidelines – in IT – but having the privilege of watching things like Farsight Security engineering standups or the DomainTools scrum of scrums, it’s a way of observing that appeals greatly to him. “If interactive complexity and tight coupling… inevitably will produce an accident, I believe we are justified in calling it a normal accident.”This refers not to frequency of the accident, but that it’s an integral characteristic of a system – and such accidents are a deep part of IT and security.
Ian’s Non-Cybersecurity Picks
Ian is a bookworm and has a lot on his shelf that he has read and is currently reading, but he trimmed it down to fit the length of a standard podcast episode. The first that he’s reading is The Autistic Brain, by Temple Grandin. Temple Grandin is an animal cognition researcher who’s also autistic. She’s turned her incredibly insightful observations around sort of on herself to talk more about autistic cognition. Ian’s just started it as someone who’s autistic. A lot of the reading Ian does is actually trying to figure out how people tick or how people perceive things.
The next on his list is Metaphors We Live By by George Lakoff, who is a linguistics professor. He’s very deeply into the science of cognitive linguistics, in particular cognitive framing and how subtle shifts in foundations can completely change the way people both construct their reality and react to stimuli from outside that either threatens or aligns with it.
Another book he’s reading is The Perception of Risk by Paul Slovic, and obviously in security we do a whole lot of coverage about risk. Slovic is one of the leading researchers specifically on risk perception. Understanding how people see risk, how people process it, and if it affects them or not is incredibly helpful going forward in security.
Ian’s Local Bookstore Recommendation
Ian recommends Tatnuck Bookseller in Westborough, MA. He likens it to Kali’s recommendation in that it’s got a kind of magical vibe to it where you go in and wander around and feel surrounded by knowledge.
His other recommendation is also to use the aforementioned Libby app and get loans from libraries.
Daniel’s Top Cybersecurity Book Picks
Daniel’s top pick is This Is How They Tell Me The World Ends: The Cyberweapons Arms Race by Nicole Perlroth. He could not put this book down (or rather, he couldn’t hit pause, as he listened to the audiobook). Perlroth is an investigative reporter and she’s done a number of keynotes. This book deals with the early days of zero days and cyber warfare involving nation states along with the early access brokers who would buy and then resell zero days, which oftentimes would turn them into being weaponized.
Daniel has been in the infosec world for almost 25 years now and his various work prior to coming to DomainTools dovetails nicely into the contents of this book. He learned about some things and how they were happening that make so much sense based on what he’s seen. He highly recommends this book if anyone is interested in a brief history of infosec. Perlroth does a nice job of summarizing how certain things came to be like Stuxnet, WannaCry, and more.
Daniel’s Non-Cybersecurity Picks
For Daniel’s non-cybersecurity recommendation, we’ll modify the title slightly as this is a family show: Leslie F-ing Jones by Leslie Jones. She’s well-known for being a cast member on Saturday Night Live, but also does movies. It’s a memoir discussing her life and career and he recommends listening to the audiobook, as Jones reads the book herself and it’s more conversational rather than someone reading straight from a book.
Daniel’s Local Bookstore Recommendation
Daniel’s pick is Phinney Books in the Seattle/Greenwood neighborhood. As the name Finney Books implies, they probably claim Finney, but it’s right on the border between Finney and Greenwood on Greenwood Avenue in Seattle. It’s not exactly a small bookstore, but certainly an independent bookstore.
He also recommends Elliott Bay Book Company, that’s sort of the granddaddy in Seattle of the independent bookstores. They used to be down in Pioneer Square, but some years ago they moved up to Capitol Hill. They’ve also managed to stay independent all this time and that’s pretty impressive.
That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!