a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in a cybersecurity professional’s education that will make the practitioner incomplete.
The Canon candidates include both fiction and nonfiction, and for a book to make it into the canon, must accurately depict the history of the cybercrime community, characterize key places or significant milestones in the community, or precisely describe technical details that do not exaggerate the craft.
It looks like my book is only the second technical book to be included. The first appears to be the CERT Guide to Insider Threats.
The Practice of Network Security Monitoring (PNSM). It is clear Rick spent a lot of time reading the book and digesting the contents. Even the post headings, such as "Network Security Monitoring Is More Than Just a Set Of Tools," "Operate Like You Are Compromised: Kill Chain Analysis," "Network Security Monitoring as a Decision Tool, Not a Reaction Process," "Incident Response and Threat Intelligence Go Together," and so on communicate key themes in my book.
With his background at the Army CERT, Counterpane, and iDefense, it's clear Rick converted his experiences defending significant networks into a worldview that resonates with that in PNSM.
Rick also emphasizes one of the goals of the book, which is to get anyone started on the road to network instrumentation. I wrote the book, and teach a class -- Black Hat, 8-9 December, near DC -- for this very purpose.
I wanted to add a bit more detail to the last section of the blog for the benefit of those who have not yet read PNSM. Rick mentions some of the tools incorporated in Security Onion, but I wanted to be sure readers understand the full spectrum of SO capabilities. I captured that in Figure 6-1, reproduced below.
If you would like a copy of PNSM, consider buying from the No Starch Web site, using discount code NSM101 to save 30%. One benefit over buying from the publisher is getting the digital and print editions in a bundle.
Thank you again to Rick Howard and Palo Alto Networks for including PNSM in the Cybersecurity Canon.