Sunday, December 30, 2012

2012: The Year I Changed What I Read

If you've been reading this blog for a while, you probably know that reading and reviewing technical books has been a key aspect since the blog's beginning in January 2003. In fact, my first blog post announced a review of a book on Border Gateway Protocol (BGP).

Looking at my previous reviews, it's clear that my interest in reading and reviewing technical books expired in the summer of 2011. Since then, the only technical book I wanted to read and review was Michael W. Lucas' excellent SSH Mastery. MWL is such a great author that I read just about anything he writes, and I was interested in his first self-published technical work.

So what happened? Becoming CSO at Mandiant in April 2011 contributed to my changing interests. Since that time I've spoken to almost a hundred reporters and industry analysts, and hundreds of customers and prospects, answering their questions about digital threats and how best to live in a world of constant compromise. (I listed some of the results of talking to the reporters on my press page.)

For me, the most interesting questions involved history, political science, and public policy. Probably not be accident, these are the three subjects in which I have degrees.

Accordingly, I bought and read books to add the historical, political, and policy content I needed to balance my technical understanding of the threat landscape. I also read a few books based purely on personal interest, without a work connection.

I thought you might want to know what these books were, despite my lack of interest in reviewing them at

The books on Chinese topics included:

Of these five, the first was probably the most interesting. The way Chinese intelligence agencies work today appears very much the same way that the author described them almost twenty years ago.

I read three books on intelligence and Russia:

Of these three, the first was exceptional. It combined a history of the US with a history of intelligence through the end of Bush 41's term.

Finally, I read two other books; one related to security, and one completely unrelated:

The first was Bruce Schneier's latest, which I found largely interesting. I recommend reading it, because it may convince you that all the technical safeguards our industry pursues contribute probably less than 10% of the risk mitigation we need in the real world.

The second was another biography of my favorite historical figure, US Grant.

I'm trying to finish Tim Thomas' latest book, Three Faces of the Cyber Dragon, by the end of tomorrow, as well.

In my last post of 2012 I'll announce my Best Book Bejtlich Read in 2012 winner.


Michael W Lucas said...

Out of all the computer books he's reviewed, I'm the sole surviving author?

I'm honored, thank you.

Jared said...

Michael Lucas, you're one of my favorite tech authors as well. I hope we'll see more books from you in the future.

Richard said...

Richard, it's interesting to note that your career has shifted from "pure" technology to more of a thought leadership role where you can leverage your training and interest in history, political science, etc. I wonder if you ever expected to become such a public figure in the whole debate about China when you first started with infosec?

Your career path is an encouraging example for others to follow. Even though I work in technology, I also have a sociology/political science background and I've been wondering how I can leverage those interests, especially as I get older and cheaper/hungrier techies continue to enter the industry.

Richard Bejtlich said...

Richard, thanks for your comment. I will write a new blog post to address your question.