Cybersecurity Reading List

1. @War: The Rise of the Military Internet Complex by Shane Harris
2. 1984 by George Orwell
3. 3D Printing will Rock the World by John Hornick
4. A Century of Spies: Intelligence in the Twentieth Century by Jeffrey T. Richelson 
5. A Man Called Intrepid: The Secret War by William Stevenson 
6. A Scanner Darkly by Phillip K. Dick
7. Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies by Ira Winkler and Araceli Treu Gomes
8. Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson
9. Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization by Eric Cole
10. Against the Gods: The Remarkable Story of Risk by Peter L Bernstein
11. America the Vulnerable by Joel Brenner
12. American Spies by Jennifer Stissa Grannick
13. Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier
14. Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals by Paul Mungo and Bryan Clough 
15. Artificial Intelligence: A Modern Approach by Stuart J. Russell and Peter Norvig
16. At Large: The Strange Case of the World's Biggest Internet Invasion by David Freedman and Charles Mann 
17. Blackout by Marc Elsberg
18. Bodyguard by William C. Dietz
19. Brave New World by Aldous Huxley
20. Brave New World Revisited by Aldous Huxley
21. Breaking and Entering: The extraordinary story of a hacker named "Alien" by Jeremy N. Smith
22. Breakpoint by Richard A. Clarke
23. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications by Ivan Ristic, ISBN-13: 978-1907117046
24. Burning Chrome by William Gibson
25. Che Guevara and the FBI: U.S. Political Police Dossier on the Latin American Revolutionary by Michael Ratner 
26. Cheating at Blackjack Squared: The Dark Side of Gambling by Dustin D. Marks 
27. Code of The Cynga Volume 1 by Chase Cunningham, Heather Dahl and Shirow Di Rosso (Illustrator)
28. Code of the Cynga Volume 2 by Chase Cunningham, Heather Dahl and Shirow Di Rosso (Illustrator)
29. Colossus And Crab by D.F. Jones
30. Colossus by D.F. Jones
31. Colossus the Forbin Project by D.F. Jones
32. Colossus Triology: Colossus, The Fall of Colossus and Colossus and the Crab by D.F. Jones
33. Competitive Intelligence : How to Gather, Analyze, and Use Information to Move Your Business to the Top by Larry Kahaner 
34. Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Monica S. Lam, Ravi Sethi, Jeffrey D. Ullman ISBN-13: 978-0201100884
35. Computer Networks (5th Edition) by Andrew S. Tennebaum, ISBN-13: 978-0132126953 
36. Confront and Conceal by David E. Sanger
37. Corporate Espionage: What It Is, Why It's Happening in Your Company, What You Must Do About It by Ira Winkler 
38. Count Zero by William Gibson
39. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter 
40. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses by Ed Skoudis; Tom Liston
41. Counterstrike: The Untold Story of America's Secret Campaign Against Al Qaeda by Eric Schmitt
42. Crack99: The Takedown of a $100 Million Chinese Software Pirate
43. Cracking the Coding Interview: 150 Programming Questions and Solutions by Gayle Laakmann McDowell, ISBN-13: 978-0984782802
44. Credit Power!: Rebuild Your Credit in 90 Days or Less by John Q. Newman 
45. Crypto by Steven Levy
46. Cryptonomicon by Neal Stephenson
47. Cyber Adversary Characterization: Auditing the Hacker Mind by Tom Parker; Marcus H. Sachs; Eric Shaw; Ed Stroz; Matthew G. Devost Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats by Will Gragido; John Pirc
48. Cyber Operations and the Use of Force in International Law by Marco Roscini
49. Cyber War: The Next Threat to National Security and What To Do About It by Richard A. Clarke; Robert Knake
50. Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners  by Jason Andress and Steve Winterfeld
51. Cyberdeterrence and Cyberwar by Martin C. Lubicki
52. Cyberpower and National Security by Franklin D. Kramer (Editor); Stuart H. Starr (Editor); Larry Wentz (Editor)
53. Cyberpunk: Outlaws and Hackers on the Computer Frontier by Katie Hafner and John Markhoff 
54. Cybersecurity and Cyberwar: What Everyone Needs to Know by P.W. Singer
55. Cybersecurity for Business Executives by NTT
56. Cybersecurity Leadership by Mansur Hasib
57. Cyberspace And The State by David J. Betz and Tim Stevens
58. Cyberspace in Peace and War by Martin C. Libicki
59. Daemon by Daniel Suarez
60. Dark Territory:  The Secret History of Cyber War by Fred Kaplan
61. Dark Times in the City by Gene Kerrigan
62. DarkMarket: How Hackers Became the New Mafia by Misha Glenny
63. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier
64. Defeating Adversary Network Intelligence Efforts with Active Cyber Defense Techniques by Keith A. Repik
65. Design and Analysis of Knowledge-Base Centric Insider Threat Models by Qutaibah Althebyan
66. Diamond Age by Neal Stephenson
67. Do Androids Dream of Electric Sheep by Phillip K. Dick
68. Dragnet Nation by Julia Angwin
69. Ender's Game by Orson Scott Card
70. Exploding the Phone by Phil Lapsley
71. Exponential Organizations: Why new organizations are ten times better, faster, and cheaper than yours (and what to do about it) by Salim Ismail
72. Fallout: The True Story of the CIA's Secret War on Nuclear Trafficing by Catherine Collins and Douglas Frantz
73. Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet by Joseph Menn
74. Freedom by Daniel Suarez
75. Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets by Peter Schweizer 
76. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman
77. Future Noir: The Making of Blade Runner
78. Ghost Fleet by P. W. Singer; August Cole
79. Ghost in the Wires by Kevin Mitnick; William L. Simon (As told to); Steve Wozniak (Foreword by)
80. Hackers: Heroes of the Computer Revolution by Steven Levy
81. Hacking Exposed 7: Network Security Secrets and Solutions by Stuart McClure; George Kurtz; Joel Scambray
82. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions by Slava Gomzin 
83. Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson, ISBN-13: 978-1593271442 , available in paperback
84. Heavy Weather by Bruce Sterling
85. How to Investigate Your Friends, Enemies, and Lovers by Trent Sands, John Q. Newman 
86. How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen
87. How to Measure Anything: Finding the Intangibles in Business by Douglas W. Hubbard
88. I, Robot by Issac Asimov
89. Idoru by William Gibson
90. In the Beginning...was the Command Line by Neal Stephenson
91. Industrial Automation and Process Control Security: SCADA, DCS, PLC, HMI, and SIS by Tyson Macaulay; Bryan L. Singer
92. Information Disposition by Robert J. Johnson
93. Information Warfare: Chaos on the Electronic Superhighway by Winn Schwartau 
94. Inside CIA's Private World: Declassified Articles from the Agency`s Internal Journal, 1955-1992 by H. Bradford Westerfield 
95. Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
96. Inside the CIA: Revealing the Secrets of the World's Most Powerful Spy Agency by Ronald Kessler 
97. Interface by Neal Stephenson
98. Internet Police: How Crime Went Online and the Cops Followed by Nate Anderson
99. Islands in the Net by Bruce Sterling
100. Judgment Under Uncertainty: Heuristics and Biases by Daniel Kahneman and Paul Slovic
101. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen 
102. Leadership BS: Fixing Workplaces and Careers One Truth at a Time by Jeffery Pfeiffer
103. Learn You a Haskell for Great Good!: A Beginner's Guide by Miran Lipovaca, ISBN-13: 978-1593272838
104. Legion of the Damned by William C. Dietz
105. Lethal Interface by Mel Odom
106. Level 4: Virus Hunters of the CDC by Joseph B. McCormack, Susan Fischer-Hoch 
107. Lights Out by Ted Koppel
108. Little Brother by Cory Doctorow
109. Lobbying and Policy Change: Who Wins, Who Loses, and Why by Frank R. Baumgartner
110. Locked Down: Information Security For Lawyers by Sharon D. Nelson, David G. Ries, and John W. Simek
111. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code by Michael Ligh and Steven Adair 
112. Man Plus by Frederick Pohl
113. Managing the Insider Threat: No Dark Corners by Nick Catrantzos
114. Mars Plus by Frederick Pohl
115. Masters of Deception: The Gang That Ruled Cyberspace by Michele Slatalla and Joshua Quittner 
116. McMafia: A Journey Through the Global Criminal Underworld by Misha Glenny
117. Measuring and Managing Information Risk: A FAIR Approach by Jack Freund and Jack Jones
118. Metasploit: The Penetration Testers Guide
119. Modern Operating Systems: Global Edition by Andrew Tannbaum and Herbert Bos
120. Mona Lisa Overdrive by William Gibson
121. Navigating the Digital Age
122. Network Forensics: tracking hacker through cyberspace by Sherri Davidoff and Jonathon Ham
123. Network Security Assessment: Know Your Network by Chris McNab
124. Neuromancer by William Gibson
125. Newton's Telecom Dictionary: Telecommunications, Networking, Information Technologies, the Internet, Wired, Wireless, Satellites, and Fiber by Harry Newton
126. No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald 
127. Offensive Countermeasures: The Art of Active Defense by John Strand and Paul Asadoorian
128. Out of the Inner Circle: The True Story of a Computer Intruder Capable of Cracking the Nation's Most Secure Computer Systems (Tempus) by Bill Landreth 
129. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig, ISBN-13: 978-1593272906 
130. Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security by Daniel Jackson; Gary M. Jackson
131. Privacy on the Line: The Politics of Wiretapping and Encryption by Whitfield Diffie, Susan Landau 
132. Privacy Power: Protecting Your Personal Privacy in the Digital Age by Trent Sands 
133. Python Essential Reference (4th Edition) by David M. Beazley, ISBN-13: 978-0672329784
134. Python Forensics by Chet Hosmer
135. Radio Monitoring: The How-To Guide by T.J. Arey 
136. Ready Player One by Ernest Cline
137. Reamde by Neal Stephenson
138. Retrofitting Blade Runner: Issues in Ridley Scott's Blade Runner and Phillip K. Dick's Do Androids Dream of Electric Sheep?
139. Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer; Max Kilger; Gregory Carpenter; Jade Jones; Jeff Jones
140. RFID: MIFARE and Contactless Cards in Application by Gerhard Schalk 
141. Rise of the Machines by Thomas Rio
142. Rtfm: Red Team Field Manual by Ben Clark, ISBN-13: 978-0321444424 
143. Sams Teach Yourself Networking in 24 Hours by Uyless Black; Uyless D. Black; Joseph W. Habraken
144. Scanner Modifications And Antennas by Jerry Pickard 
145. Scanners And Secret Frequencies (Electronic Underground S) by Henry Eisenson 
146. Schismatrix Plus (Complete Shapers-Mechanists Universe) by Bruce Sterling
147. Secrets and Lies: Digital Security in a Networked World by Bruce Schneier
148. Secrets of a Buccaneer-Scholar: How Self-Education and the Pursuit of Passion Can Lead to a Lifetime of Success by James Marcus Bach, ISBN-13: 978-1439109090
149. Security Metrics: Replacing Fear Uncertainty and Doubt by Andrew Jaquith
150. Selected Stories of Philip K. Dick by Phillip K. Dick
151. Skunk Works: A Personal Memoir of My Years at Lockheed by Ben Rich 
152. Smart Card Developer's Kit by Scott Guthery, Timothy Jurgensen 
153. Smart Casino Gambling: How to Win More and Lose Less by Olaf Vancura 
154. Smart Drugs II (Smart Drug Series, V. 2) by Ward Dean, John Morgenthaler, Steven Fowkes 
155. Smashing the Stack for Fun and Profit by Aleph One
156. Snow Crash by Neal Stephenson
157. Social Engineering: The Art of Human Hacking by Christopher Hadnagy 
158. Spam Nation by Brian Krebs
159. Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer by Peter Wright 
160. Starship Troopers by Robert Heinlein
161. Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD by Ryan Russel, Ido Dubrawsky, FX, Joe Grand, Tim Mullen, ASIN: B006NV2EGI
162. Strategy: A History by Lawerence Freedman
163. Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It by John Markhoff and Tsutomu Shimomura 
164. Tallinn Manual on the International Law Applicable to Cyber Warfare
165. TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) (Addison-Wesley Professional Computing Series) by Kevin Fall and W. Richard Stevens, ISBN-13: 978-0321336316
166. The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us And What We Can Do About It by Joshua Cooper Ramo
167. The Art of Computer Virus Research and Defense by Peter Szor
168. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin Mitnick 
169. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, Justin Schuh ISBN-13: 978-0321444424 
170. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson, ISBN-13: 978-0124116443 
171. The Blue Nowhere by Jeffery Deaver
172. The CERT Guide to Insider Threats: How to Prevent, Detect, & Respond to Information Technology Crimes by Dawn M. Cappelli; Andrew P. Moore; Randall F. Trzeciak
173. The Code Book by Simon Singh
174. The Cuckoo's Egg:Tracking a Spy through the Maze of Computer Espionage by Cliff Stoll
175. The Cybersecurity Dilemma by Ben Buchanan
176. The Cyberthief and the Samurai by Jeff Goodell 
177. The Defense of Hill 781: An Allegory of Modern Mechanized Combat by James R. McDonough; John R. Galvin (Foreword by)
178. The Dictator's Handbook: Why Bad Behavior is Almost Always Good Politics by Bruce Bueno de Mesquita
179. The Difference Engine by William Gibson
180. The Failure of Risk Management: Why It's Broken and How to Fix It by Douglas W. Hubbard
181. The Fall of Colossus by D.F. Jones
182. The FBI: Inside the World's Most Powerful Law Enforcement Agency by Ronald Kessler 
183. The Florentine Deception by Carey Nachenberg
184. The Forever War by Joe Haldeman
185. The Fugitive Game: Online with Kevin Mitnick by Jonathan Littman 
186. The Girl With The Dragon Tattoo by Stieg larsen
187. The Grey Line: Modern Corporate Espionage and Counterintelligence by Andrew Brown
188. The Hacker Crackdown: Law And Disorder On The Electronic Frontier by Bruce Sterling 
189. The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim (or The Hacker Playbook 2)
190. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
191. The Illusion of Due Diligence: Notes from the CISO Underground
192. The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future by K. Kelly
193. The Innovator's Dilemma: The Revolutionary Book that Will Change the Way You Do Business by Clayton M. Christensen
194. The Innovators: How a Group of Hackers, Geniuses and Geeks Created the Digital Revolution by W. Isaacson
195. The Lean Startup by Eric Ries
196. The Mossad: Israel's Secret Intelligence Service: Inside Stories by Dennis Eisenberg 
197. The Phoenix Project by Gene Kim, Kevin Behr, and George Spafford
198. The Practice of Network Security Monitoring
199. The Psychology of Information Security by Leron Zinatulin
200. The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization by James Bamford 
201. The Red Web: The struggle between Russia's digital dictators and the new online revolutionaries by Andrei Soldatov and Irina Borogan
202. The Seventh Sense by Joshua Cooper Rand
203. The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America by James Bamford
204. The Shellcoders Handbook:  Discovering and Exploiting Security Holes by Chris Anley, John Heasman, Felix Linder, Geraldo Richarte
205. The Singularity Is Near: When Humans Transcend Biology by Ray Kurzweil
206. The spy catcher trial: The scandal behind the #1 best seller by Malcolm Turnbull 
207. The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations by Ori Brafman
208. The Tangled Web: A Guide to Securing Modern Web Applications by Michael Zalewski, ISBN-13: 978-1593273880
209. The Ultimate Scanner: Cheek 3 by Bill Cheek 
210. The Underground Database (The Electronic Underground, Vol 1) 
211. The VALIS Trilogy by Phillip K. Dick
212. The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen by Jonathan Littman 
213. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws by David Stuttard and Marcus Pinto
214. Theory of Games and Economic Behavior by Oskar Morgenstern and Ariel Rubinstein
215. There Will Be Cyberwar by Richard Stiennon
216. Threat Modelling: Designing For Security by Adam Shostack
217. Trojan Horse by Mark Russinovich
218. True Names...and Other Dangers by Vernor Vinge
219. True Names: And the Opening of the Cyberspace Frontier by Vernor Vinge
220. Universal Scams and Fraud Detection by David Snow
221. Unmasking the Social Engineer by Christopher Hadnagy
222. Unrestricted Warfare: China's Master Plan to Destroy America by Qiao Liang
223. US House Committee on Oversight and Government Reform Report on the Equifax Data Breach
224. Virtual Light by William Gibson
225. War by Other Means: Economic Espionage in America by John J. Fialka 
226. We are Anonymous by Parmy Olsen
227. When Sysadmins Ruled the Earth by Cory Doctrow
228. Where Wizards Stay Up Late: The Origins Of The Internet by Katie Hafner 
229. Windows Internals Part 1 by Mark Russinovich
230. Winning as a CISO by Rich Baich
231. Wired for War by P. W. Singer
232. Wiring Up The Big Brother Machine…And Fighting It by Mark Klein
233. Worm by Mark Bowden
234. Zero Day by Mark Russinovich
235. Zodiac( The Eco-Thriller) by Neal Stephenson

This list was compiled from the professional reading lists of JSOC, US Army, USAF, USN, USMC, DHS, The Small Wars, DefCon and Dark Reading

Stupid Thing I Have Heard Lately

Radio yesterday (Meet the Press, I think) political analyst discussing Howard Schultz, "He is a billionaire with experience and huge negatives.  Hew has no path to the White House" or words very close to that.  I was amazed no one laughed at him and said, "Oh, you mean he is another Trump?"

Organizational Dysfunction costs a company $10,000,000 in sttlement with NERC for CIP violations

Woke up this morning and found this in my mailbox: "$10,000,000 Settlement Agreement for NERC CIP Violations" from the SANS ICS forums. 

The short story here is that the company appears to have had a completely dysfunctional security culture / organization  This dysfunction lead to a 127 separate violations of CIP standards in every area except Incident Reporting and Response.  Settlement cost the company $10,000,000. 

It was basically a shitshow (at least in my first reading of the report).  Anyway it's interesting reading if you work in security.

Report here

Breaking and Entering: The Extraordinary Story of a Hacker Called "Alien"

written by Jeremy Smith, this book is a kind of third person memoir following the life and career of a young woman from entering MIT to eventually founding her own pentest company. 

The story is interesting enough to keep you engaged despite long periods of excruciating detail and outfits, college dorm room dinners (veggie burritos) etc.  I think that detail is added to a) pad out the book length a bit, and  b) help convince you that the story is true, since the author changed names and details - for protection.  It makes it a little hard to judge veracity at times.

Overall the book is a somewhat interesting read on the career path of an infosec / cybersecurity professional but not super exciting.  I recommend it if you are interested in the field but not for general consumption.

Bad Blood - Secrets and Lies in a Silicon Valley Startup

My week three book has been Bad Blood: Secrets and Lies in a Silicon Valley Startup, which covers the rise and fall of Elizabeth Holmes and Theranos from 2003 to 2018. 

For those not aware Theranos, which was founded by Holmes, purported to be revolutionizing clinical laboratory diagnosis.  A claim which turned out to be all smoke and mirrors. 

The book starts kind of slowly but quickly picks up as Holmes (in my unprofessional opinion) psychopathy becomes apparent very early.  On TV this might make a good sitcom, if framed correctly, especially when you consider all the high powered financiers and politicians she hoodwinked.  As a true crime story it just makes you shake your head and wonder what the hell is going on in this country.

Highly recommended.

Aurora Generator Tests - INL

I am planning on attending the Dragos ICS training class this year and so I have been going through their recommended reading list.  One of the items on that list is the test footage from Idaho National Labs Aurora Generator Tests, in which the INL showed that a cyber attack could cause physical damage to an installation.





It's only just over a minute long and doesn't show a lot, but this is the beginning of Stuxnet.

Report on the 2017 Equifax Breach

The House Oversight Committee released a report on the 2017 Equifax Data Breach a couple weeks ago.  I just got around to reading it and it is pretty scathing, although couched in governmentese.  I highly recommend reading it no matter who you are, and if you work in the Information / Cyber Security field it should be mandatory that you read it.

Link

2019 Resolutions

1.  I didn't get to Dubai in 2018 so I am going to put that on the list again for 2019
2.  Read at least one (1) book per week.  Fiction / Non-Fiction doesn't matter.  At least 5 must be books I wouldn't ordinarily read.
3.  Read at least one (1) SANS whitepaper per week
4.  Pass CISM exam in May.
5.  Pass CISA exam by September.
6.  Rebuild my Bug Out Bag (for earthquake preparedness not because I expect a government downfall or something)
7.  Blog at least once per week.