November 23, 2006
Essential Reading
Information Security, as described by Dan Geer in his May 2008 article "Learn by Analogy or Die Trying," in IEEE Security and Privacy, contains many professionals who have migrated from other domains. The rapid growth of the field has resulted from the hybridization of many various fields, and an essential means of gathering an understanding of the elements that are part of the core of security, one needs to be read in a variety of subject areas.
According to the article, the fields of bacteriology, law enforcement, statistics (actuary), medicine, intelligence, law, and computer science all contribute to the field of information security. I'll add to that the fields of cruyptology, operations research, systems analysis, quality assurance, network engineering, and risk management (engineering and financial). This seems to be a daunting list of skills and understanding needed to be successful in information security. So how does one get there without becoming a recluse? Reading.
Here is a list of recommended reading from the Case CISO. Some items are security related, some are a historical perspective of technology and change, some are IT related, and others are just plain fun. I will eventually write a small review and provide a link to the KSL library index for each book.
A quote from Harry Truman goes:
"Not all readers become leaders. But all leaders must be readers."
What you read will impact your thought process, as well as provide broader perspective to the decisions you make today with security in mind.
- The Great Influenza: John M. Barry
I was reading this over the summer of 2008, but got diverted to another bevy of books, but came back to it in April 2009. Then when the H1N1 (Swine Flu) hit Mexico and heightened alerts began, the reading provided an excellent and timely context to the 21st century response. This story describes the growth of the private research into immunology in the early 20th century, and at the final stages of the Great War, how this virulent virus was propagating in US Army and Navy recruiting encampments and spreading across US cities. The root cause and primary impacts on young and healthy adults is similar to the H1N1. Most interesting it the inadequate public response in major cities, and the Wilsonian Progressive government was too interested in concluding the war in Europe than to battle a major pandemic at home. A must read for those considering a career in medicine or nursing, it also points out how manage public communications (or in some cases, how NOT to manage them), which is necessary when handling the public communications in response to a security incident that either brings about a negative business impact or a data loss.
- Real Education: Charles Murray
A "sequel" to The Bell Curve (Murray and Herrenstein, Proxy-Connection: keep-alive
Cache-Control: max-age=0
92), Murray provides an interesting perspective on K-12 education and its impacts on higher education (IU has an interesting debate on the The Bell Curve . The author offers a data-driven thesis about the core social error in public education- that everybody should go to college- which driving all students to higher education and a mystical "BA Degree" badge regardless of academic ability is a fallacy. The saying that, "You can't get there from here," needs to be applied at the secondary level and vocational curriculum needs bolstering. The largest negative impact is not that more of the truly gifted, who are being lost in schools focused on moving the mean to a higher level and not providing substantive or demanding challenges for these few. He concludes that the "Be All You Can Be" approach is the responsible one, where parents and counselors, the adults in the mixture, need to step up and do the hard things in recognizing unrealistic goals for students and taking action, as well as driving those with unlimited potential to reach their peak, such that each serves society in something they love to do well. Working in security at a research university, this book provides some needed insight into the thinking process of university students, faculty, and researchers.
As information security grows and matures as a field, we will need to consider how and where students are being educated, who will then take on the mantel of leadership in the field. The past checklist mentality of security professionals must be replaced with creative thinking, which is a trait somehow anathema to public schools.
- Declining By Degrees: Richard Hersh and John Merrow
My CIO lent me his copy of this book as a beginning to understanding the multiple forces at work in higher education, both in the public sector and private sector. The book accompanied a PBS documentary, which I later watched, and goes in depth into the market forces driving the strange dichotomy between teaching and research requirements in American universities. I recommend a reader review the excerpts online. I don't believe the challenges to higher education can be considered ex camera from the overall problems of government-sponsored "public" schooling. For that context, it would be valuable to read the following book:
- The Closing of the American Mind: Allan Bloom
- Lateral Thinking: Edward deBono
A good treatise on thinking techniques. Edward deBono is regarded at the 'father of brainstorming'. I also recommend his "Six Thinking Hats" as a guide to enhancing group problem-solving skills. This is available in the Case Kelvin Smith Library.
- Whatever Happened To Penny Candy?: Richard Maybury
I picked this book up as part of our economics curricuulum and was amazed at the simplicity of explanation of major economics topics. It is written in an epistle style, in letters from an uncle to a nephew. I should have understood these topics before taking Macroeconomics in college. According to this article by Bruce Schneier, security is all about economics. A worthwhile and fun book to read.
- Goodbye Darkness: William Manchester
This book was lent to me by a co-worker who was, like the author, a Marine. Actually, one is never a 'former Marine' (Semper Fidelis), one is formerly active duty. Manchester was an author and historian, and this is his personal recollection of the island hopping campaigns of the Marines in the Pacific Theater. It provides a first-hand account of the trials of the War in the Pacific, in particular his experiences being wounded in battle, through the recollections of a veteran visiting the battle scenes of Okinawa 30 years later.
The best story in this entire book resonates with any veteran. During WWII, men of all walks of life joined the USMC, where in boot camp they must all learn to care for the vaunted M1 Garand. Initially, men who have never handled a weapon must become intimate with every detail of this vaunted assault rifle. In Manchester's case, the USMC Drill Instructor introduced the weapon to the newly indoctrinated Marines by quickly breaking one down and reassembling it before their eyes, and then threw the rifle to a relatively unfit looking recruit, fully expecting him to fumble with it, get some appropriate hazing, then carry on with the lesson. However, that day, that recruit was Lawrence Dudley, a former gunsmith, from Maine, who had worked with John Garand to invent and refine the M1, which was new at the time to the Marines. In a poorly timed response, this recruit immediately mirrored the actions of the Drill Instructor as if he knew the weapon inside and out (he did), causing a sever loss of face of the "DI", which resulted in the entire company of recruits being give the 'opportunity to excel' in learning these skills by next morning. See Google Books, p 126 for the summary. Then Laugh.
- Waltzing with Bears, Managing Risk on Software Projects: Tom DeMarco & Tim Lister
This book is about software project risk management. The early background on this book has been helpful to me in the security risk management domain, since the premise that risk accompanies all value in any IT or software project. Chapter 1 has a key quote, "If a project has no risks, don't do it." The authors take some insightful 20/20 hindsight of some famous project failures (e.g., the Denver Airport baggage system) attributed to software. They describe in straightforward and entertaining prose specific methods and social drivers behind some of the risks that plague software projects (e.g. "managed for success"). Tom and Tim are the authors of another powerful software management treatise, Peopleware, which provides a foundation for the growth a manager needs to wrestle with risk.
- Eisenhower: Stephen Ambrose
This single-volume biography is an excellent introduction to Eisenhower, providing his childhood, West Point experience, stateside during the Great War, and seemingly 'going nowhere' Army career that suddenly accelerated like Al Gore's "hockey stick" graph. Of interest is the opportunity that Eisenhower had to chronicle the I recommend a reader follow this work with David Eisenhower's "Eisenhower: The War Years" and "The Crusade In Europe" by Dwight Eisenhower to gain broader picture of Eisenhower, his leadership insights, and his military genius.
- The Professor and the Madman: Simon Winchester
This is an intriguing story of the Oxford English Dictionary, and the amazing contributions of an American. Simon Winchester tells a riveting story. Reserve time in reading this one, it is difficult to put down.
- Secrets and Lies: Bruce Schneier
I received my copy of the first edition of this book from Bruce at an InfraGard meeting, and it has proven to be a resource which I reference regularly. Bruce covers the topic of security from the perspective of business and economics, and if any techn
- True North, Peary, Cook, and the Race to the Pole: Bruce Henderson
- D-Day, Steven Ambrose
- 1421: Gavin Menzies
- Krakatoa: Simon Winchester
- The Wild Blue: Stephen Ambrose
- War in the Time of Peace: David Halberstam
- The History of the Church: Bruce Shelly
- Seashell on a Mountaintop: Alan Cutler
- Band of Brothers: Steven Ambrose
- Getting Things Done: David Allen
- Slander: Liberal Lies About the American Right- Ann Coulter
- Primal Leadership: Goleman, Boyatzis, McKee
- Emotionally Intelligent Parenting
- Hacker Cracker: Ejovi Nuwere
- Secrets and Lies: Bruce Schneier
- Nothing Like It In The World: Stephen Ambrose
- Latin for All Occasions: Stephen Beard
- To America: Stephen Ambrose
- Undaunted Courage: Stephen Ambrose
This book tells the story of the Lewis and Clark expedition. The story is a lesson in resourcefulness, courage, and just plain grit to deal with the untamed frontier, weather, and native populations (some already in decline from disease). The expedition personified the nature of the young nation, and laid a path for all those who follow in thier conceptual footsteps.
- A Mind at a Time: Melvin Levine
- Parenting With Love and Logic: Foster Cline, M.D., Jim Fay
- The Founding Fathers on Leadership: Donald T. Phillips
- Martin Luther, The Lion-hearted Reformer:
- Slack, Getting Past Burnout, Busywork, and the Myth of Total
Efficiency: Tom DeMarco
- Ban the Humorus Bazooka:
- The Experience Economy, Work is Theatre
- Cyberwars: Espionage on the Internet: Jean Guisnel
- The CEO of the Sofa:
- High Five, the Magic of Working Together
- Net Privacy: Michael Erbschloe & John Vacca
- Masters of Deception: Louis Mizell
- How to Lose Friends and Infuriate People: Jonar C. Nader
-
- Spooked: Espionage in Corporate America: Adam Pennengerg/Marc Barry
- Galileo's Daughter: Dava Sobel
- Who Moved My Cheese?: Spencer Johnson
- Gonzo Marketing: Christopher Locke
-The Fifth Discipline Fieldbook: Peter Senge, et.al.
- So You Want to se a Writer: Marge Piersey
- Love is a Killer App: Tim Sanders
- The Man Who Flew the Memphis Belle: Robert Morgan, Col, USAFR, Ret
- Golf and the Spirit: M. Scott Peck
- French Lessons: Peter Mayle
- The Broken Hearth: Wm J Bennett
- Encore Provence: Peter Mayle
- It's Not About the Bike: Lance Armstrong
- When You Come to a Fork in the Road, Take It!: Yogi Berra
- The Bear and the Dragon: Tom Clancy
- Of Mice and Men: John Steinbeck
- Dale Carnegie Leadership Mastery Course
- Martin Luther and the Reformation
- Mark Twain: Geoffrey Ward, Dayton Duncan, Ken Burns
- Jack: Jack Welch
- John Glenn- A Memoir: John Glenn
- Management of the Absurd, Paradoxes in Leadership: Richard Farson
- How to Lead a Team
- When Character Was King: A Memoir of Ronald Reagan: Peggy Noonan
- Reading People: Jo-Ellan Dimitrius
- Shadow Warriors: Tom Clancy & Carl Steiner
- The Tipping Point: Malcom Gladwell
- Power Negotiating: Roger Dawson
- PT-109: Robert J. Donovan
- Comrades: Stephen Ambrose
- Getting to Yes: Roger Fisher
- Kilo Class: Patrick Robinson
-
- Pearl Harbor: Randall Wallace
- The Cost of Discipleship: Dietrich Bonhoeffer
- I, Q : Paul David and John DeLancie
- The Axemaker's Gift by James Burke and Robert Ornstein
- The Hacker Crackdown by Bruce Sterling
- The Terminal Man by Michael Chrichton
- Truman by David McCullough
- Peopleware by Tom DeMarco & Tim Lister
- John Adams by David McCullough
- I Only Say This Because I Love You-Deborah Tannen
- The Greatest Generation Speaks-Tom Brokaw
- Star Wars, Rogue Planet
- Martin Luther King, Jr. on Leadership: Inspiration and Wisdom for
Challenging Times
by Donald T. Phillips
- The Millionaire Mind by Thomas J. Staley
- What if?: The World's Foremost Military Historians Imagine What Might
Have Been. Robert Cowley (Editor),Stephen E. Ambrose, David McCullough
- Emotional Intelligence by Howard Gardener
- The Cuckoo's Egg by Clifford Stoll
This is the classic story of the Hannover Hacker, and the basis for much of the threat basis of networked university computer systems.
- Top Minds of the 20th Century
- What They Still Don't Teach You at the Harvard Business School, Mark
H. McCormick
- War In A Time of Peace, David Halberstam
- On Wings of Eagles, Ken Follett
- The Price of Faith...Dietrich Bonhoeffer
- Holy War, Inc.: Inside the World of Osama bin Laden... Peter Bergen
- First to Fight: Unabridged War Stories...Martin Greenberg, Ed.
- Guide to Earth And Space: Isaac Asimov
Posted by Thomas Siu at 07:33 PM
