Commander's Reading List

Last month a squadron commander asked me to recommend books for his commander's reading list. After some reflection I offer the following.

I've divided the list into two sections: technical and nontechnical. My hope for the technical books is to share a little bit of technical insight with the commander's intended audience, while not overwhelming them. The plan for the nontechnical items is to share some perspective on history, policy, and contemporary problems.

The list is in no particular order.

Nontechnical books:

• America the Vulnerable by Joel Brenner
• Cyber War by Richard Clarke and Robert Knake
• Crypto by Steven Levy
• Geekonomics by David Rice
• Security Metrics by Andrew Jaquith
• The Victorian Internet by Tom Standage
• The Cuckoo's Egg by Cliff Stoll
• Tiger Trap by David Wise

Technical books:

• Software Security by Gary McGraw
• The Art of Computer Virus Research and Defense by Peter Szor
• Real Digital Forensics by Keith Jones, Curtis Rose, and Richard Bejtlich
• Incident Response by Kevin Mandia, Matt Pepe, and Chris Prosise
• The Internet and Its Protocols by Adrian Farrell
• The Tao of Network Security Monitoring by Richard Bejtlich
• Hacking Exposed 7 by Joel Scambray, George Kurtz, Stuart McClure, and a ton of contributors

I also recommend any books by Timothy L Thomas.

Update: For the more technically-minded reader, I'm adding the following:

Practical Malware Analysis by Michael Sikorski and Andrew Honig.

Note: The above do not necessarily constitute my "best" or "favorite" books. Please see Best Books for blog posts on that subject.

Tweet