I read 20-30 books per year. I've been keeping track of my readings on my web-site since started experimenting with HTML (needed some reason to update the content regularly). Lately I've been using Goodreads as well. I read to keep myself up-to-date professionally. It means topics from security, risk management, business and leadership. When I need something more relaxing, I turn to scifi, fantasy or crime mostly.
I went through my list and decided to give some book recommendations for Chief Security Officers and Chief Information Security Officers. We all need more to read right? First tried to keep the list short with 10 books, but quickly realized that it's too hard and settled with 15 recommendations.
So, here you are, 15 great books I recommend.
Probably the best security book ever and should be found on every security professional's bookshelf. The book covers security topics broadly including not only technical security, but also topics like psychology and economics. First and second editions are available online and Anderson is just writing third edition.
πThinking, Fast and Slow by Daniel Kahneman
Nowadays it's more and more understood that good security solutions must take human behavior into account. Unusable security guidelines are disregarded and bad solutions are circumvented. Kahneman's book explains thoroughly human biases and behavior. It's also helps CSO/CISO to understand what may affect his own decision making and how better influence others. If Kahneman's feel a bit too heavy, try first Dan Ariely's Predictably Irrational, The Upside of Irrationality and The (Honest) Truth About Dishonesty.
Nowadays it's more and more understood that good security solutions must take human behavior into account. Unusable security guidelines are disregarded and bad solutions are circumvented. Kahneman's book explains thoroughly human biases and behavior. It's also helps CSO/CISO to understand what may affect his own decision making and how better influence others. If Kahneman's feel a bit too heavy, try first Dan Ariely's Predictably Irrational, The Upside of Irrationality and The (Honest) Truth About Dishonesty.
πUnsecurity by Evan Francen
After working couple of decades as a security professional one starts to wonder why same problems exists year after year and general information security level seems to decrease instead of getting better. Increasing complexity of digital world is of course one reason, but security industry and profession has also failed in many areas. Francen's book nicely summarize what's wrong with information security.
After working couple of decades as a security professional one starts to wonder why same problems exists year after year and general information security level seems to decrease instead of getting better. Increasing complexity of digital world is of course one reason, but security industry and profession has also failed in many areas. Francen's book nicely summarize what's wrong with information security.
πWeaponized Lies - How to Think Critically in the Post-Truth Era by Daniel J. Levitin
We are choking to information, data, statistics and infographics. All this can presented - accidentally or on purpose - in a misleading way. Skills to navigate through all figures, tables and graphics are critical as well as an ability to evaluate their trustworthiness. As Levitin says in his book: There are not two sides to a story when one side is a lie.
πGeekonomics, The Real Cost of Insecure Software by David Rice
Software is running the world and code is law as Lawrence Lessig has famously said. We tend to concentrate too much on devices and networks when protecting digital world. We must focus more on software, applications, code. Rice's book is about software industry and reasons why we have so much bad software. It's also good to check Gary McGraw's classic Software Security: Building Security In.
Software is running the world and code is law as Lawrence Lessig has famously said. We tend to concentrate too much on devices and networks when protecting digital world. We must focus more on software, applications, code. Rice's book is about software industry and reasons why we have so much bad software. It's also good to check Gary McGraw's classic Software Security: Building Security In.
πTransforming NOKIA: The Power of Paranoid Optimism to Lead Through Colossal Change by Risto Siilasmaa
Excellent and rare inside look how the Board of large, global company works. Useful for CSOs and CISOs who are working with executive teams and boards - interesting to everyone. Siilasmaa coined the term paranoid optimism, which means combining vigilance and a healthy dose of realistic fear with a positive, forward-looking outlook expressed via scenario-based thinking.
πTeam of Teams: New Rules of Engagement for a Complex World by Stanley McChrystal
Organizations want to be agile and move from hierarchical organizations to networked models where employees and teams get more autonomy. Modern communication tools, network and data enables that, but not without leader's deliberate efforts to allow and nurture decision making at all levels. McChrystal writes about his experiences how traditional, hierarchical military organization was changed to a network of empowered individuals and teams.
πFactfulness: Ten Reasons We're Wrong About The World - And Why Things Are Better Than You Think by Hans Rosling
Organizations want to be agile and move from hierarchical organizations to networked models where employees and teams get more autonomy. Modern communication tools, network and data enables that, but not without leader's deliberate efforts to allow and nurture decision making at all levels. McChrystal writes about his experiences how traditional, hierarchical military organization was changed to a network of empowered individuals and teams.
πFactfulness: Ten Reasons We're Wrong About The World - And Why Things Are Better Than You Think by Hans Rosling
Rosling explains why our world view is mostly wrong and how to avoid common misconceptions. When thinking of poverty, education, population growth, income, life-expectancy, etc. the world is much better place than generally thought. Even highly educated people, business leaders and decision makers often don't understand what the world is like today - neither did I.
πThe Lean Startup: How Today's Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses by Eric Ries
A startup can be defined as a human institution designed to create a new product or service under conditions of extreme uncertainty. A startup can also be a part of large organization, not only a new, small company. The book explains Build → Measure → Learn loop and how to minimize the total time through this feedback loop. Today almost everything imaginable is possible to build (with enough time, money and other resources), so the question today is not can it be done, but should it be done. There's also a bestseller This Is Lean by Modig & Γ hlstrΓΆm,
πHomo Deus: A Brief History of Tomorrow by Yuval Noah Harari
Homo Deus is amazing look at the human history and predictions of the future of human evolution with algorithms, robotics and artificial intelligence. I would also recommend reading Harari's Sapiens to put current state of world in perspective and 21 Lessons for the 21st Century for today's challenges.
Homo Deus is amazing look at the human history and predictions of the future of human evolution with algorithms, robotics and artificial intelligence. I would also recommend reading Harari's Sapiens to put current state of world in perspective and 21 Lessons for the 21st Century for today's challenges.
Most of Schneier's books are good. For here I picked Outliers, since it gives a thorough look at trust and what makes us trustworthy. The role of trust is increasingly important in our digital environment - organizations, products, applications and services cant success without employees, customers and citizens to trust them. Interesting claim in the book was that some level of rule-breaking is needed in the society in order to innovation and social progress become impossible. Schneier's latest Click Here to Kill Everybody is good read about Internet of Things challenges.
πHow to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen
It's a common argument that security can not be measured properly, hence we have lots of qualitative metrics instead of quantitative ones. Hubbard argues that anything can be measured, also security and cybersecurity. Good reading to understand how statistical models can help measuring the security status with raw data. The Failure of Risk Management is another Hubbard's book worth reading.
πThe Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries by Andrei Soldatov and Irina Borogan
So much is written about US NSA surveillance methods that it's refreshing to have a look what Russia is doing. The book documents the history of Russia's surveillance system development. It starts from the pre-Internet era, explains how the SORM system was developed, describes Russia's attempts to change Internet governance via ITU and ICANN, documents the Sochi Olympics surveillance efforts and didn't forget the story of Snowden getting an asylum at Russia
πFatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet by Joseph Menn
If you have been in business long enough, you may remember CarderPlanet and Russian Business Network. It's useful to read a bit about criminals and law officers trying to catch them. Especially because Menn tells the story from the perspective of the good guys.
πThe Adventures of an IT Leader by Robert D. Austin, Shannon O'Donnell and Richard L. Nolan
This is fictional story where a business manager is appointed as a new CIO of the company. Since he doesn't have any ICT background he needs to learn how everything works and how he can keep track of ICT functionality and business requirements. Useful from security management point of view to read how a new CIO gradually finds ways for better communications and metrics. Also, the biggest challenge the fresh CIO faces is a serious security incident.
Many great books left out so you better check my site or Goodreads where I have more books with ratings. My ratings are of course timebound. How I've rated the book depended on my knowledge, skills and interest at the time of reading. Goodreads also creates nice yearly statistics.
Happy reading and let me know what I should read (or nowadays also listen) next.
No comments:
Post a Comment