TaoSecurity Blog

It's time to name the winner of the Best Book Bejtlich Read award for 2012 ! I started seriously reading and reviewing digital security books in 2000. This is the 7th time I've formally announced a winner; see my bestbook label for previous winners. I posted yesterday that 2012 was the year I changed what I read . For example, in 2011 I read and reviewed 22 technical books. In 2012, which a change in my interests, I only read and reviewed one technical book. Thankfully, it was a five star book, which means it is my BBBR 2012 winner! As you might have figured out yesterday, this year's winner is SSH Mastery by Michael W Lucas . Feel free to read my Amazon.com review for details. Note that I bought a Kindle version from Amazon.com, and later MWL mailed me a print copy. Besides the excellent style and content, one of the reasons I read the book was to experience MWL's first release of a self-published technical book. I think it was a successful endeavor, although I...

If you've been reading this blog for a while, you probably know that reading and reviewing technical books has been a key aspect since the blog's beginning in January 2003. In fact, my first blog post announced a review of a book on Border Gateway Protocol (BGP). Looking at my previous reviews , it's clear that my interest in reading and reviewing technical books expired in the summer of 2011. Since then, the only technical book I wanted to read and review was Michael W. Lucas' excellent SSH Mastery . MWL is such a great author that I read just about anything he writes, and I was interested in his first self-published technical work. So what happened? Becoming CSO at Mandiant in April 2011 contributed to my changing interests. Since that time I've spoken to almost a hundred reporters and industry analysts, and hundreds of customers and prospects, answering their questions about digital threats and how best to live in a world of constant compromise. (I listed some...

No Starch was kind enough to send me five books for kids, which I asked my 6- and 8-year-old daughters to read. (I didn't need to "ask," really -- like my wife and I, our daughters think reading is something you have to be told "not" to do, e.g., "put the book down; we don't read at the dinner table.") I did have to encourage my daughters to review the books. Although the older one writes book reports for school, she's not accustomed to writing reviews for books sent by publishers. The five books, with links to the Amazon.com reviews, are: Python for Kids The Unofficial LEGO Technic Builder's Guide The Unofficial LEGO Builder's Guide The LEGO Adventure Book, Vol. 1: Cars, Castles, Dinosaurs & More! Wonderful Life with the Elements: The Periodic Table Personified I agree with my daughters: all five of these books are excellent. However, for readers of this blog who have kids, I would most strongly recommend the Python boo...

At the risk of stirring the cyber pot (item 3, specifically) I wanted to post a response to a great mailing list thread I've been following. A reader asked about the value of the CISSP certification. Within the context of the mailing list, several responders cited their thoughts on SANS certifications. Many mentioned why the CISSP tends to be so popular. I'd like to share my thoughts here. In my opinion, the primary reason the CISSP is so successful is that it is easy to understand it , which facilitates marketing it. It is exceptionally easy for a recruiter to search LinkedIn profiles, other databases, or resumes for the term "CISSP." If you encounter a person with the CISSP, you basically know what the person had to do to get the certification. Before continuing, answer this quick question: what are the following? 1) SSCP, 2) CAP, 3) CSSLP? Let me guess -- you didn't recognize any of them, just like I did? Now, let me see if you recognize any of the fo...