SANS Technology Institute - Book Reviews

Book Review: Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software

I have been carrying this book around for three weeks and I have only made it to page 604 which is deep in the appendices, but I wanted to jot down some thoughts. The book tries to be self contained in that as little prior knowledge as possible is assumed. They begin by talking about static (not actually executing) and dynamic analysis followed by a malware taxonomy. By page 10 the authors show you something very useful - how to run MD5 on a Windows system.

Book Review: The Tangled Web - A Guide to Securing Modern Web Applications

I had enjoyed Mr. Zalewski's previous book Silence on the Wire so I was looking forward to taking a look at his newest work. What I did not expect was that I would not want to put it down, well, except for a trip down the invisible gorilla rabbithole. But The Tangled Web is about code and html and javascript - how could it be gripping? Mostly because it scared the heck out of me

Book Review. Who: The A Method for Hiring by Geoff Smart and Randy Street

On the flight to Seattle, I finished Who by Geoff Smart and Randy Street. It is about one subject only, hiring. Easy read with a nice blend of research (and it is well researched) and stories to drive home the points. The basic concept is to focus on hiring "A" employees; the best and avoid "B" and "C" employees for the critical jobs.

Book Review: I live in the future & here's how it works, by Nick Bilton

I just finished Nick Bilton’s book, it is very fresh and I think it has some insights for all of business, especially all of SANS and GIAC business. I will talk about Chapters 1 and 2 specifically and then some of the takeaways. Bilton is a good writer, and this is a fantastic choice as an airplane book.

Book Review: Four Obsessions of an Extraordinary Executive, by Patrick Lencioni

Rob Vandenbrink recommended a few Patrick Lencioni books and this was the first one I read. I saw a review on Amazon that says, "concise, compelling, simple, and wise look at the role of a leader in an organization." and that describes the book very well.

Book Review: The New School of Information Security, by Adam Shostack and Andrew Stewart

Quoting another reviewer, Kevin Thompson, gives us an idea about this book on the information security profession: "Not to say that the rest of the book isn't valuable, but if you only had 30 minutes to get the point of the book, I would say read chapter 4."

Book Review: Crimeware, by Jakobsson and Ramzan

Jakobsson and Ramzan, set a new standard for security books with Crimeware; it is both eminently pragmatic and, at the same time, a scholarly work, I thought I knew a bit about malware, but I learned tons from the book.

Book Review: Dreams from My Father, by Barack Obama

Barack Obama's book, Dreams from My Father, is reviewed here by Stephen Northcutt of the SANS Technology Institute. Stephen feels that the book ends better than it begins; in fact, he believes that Mr. Obama was very generous to let so many strangers into his headspace.

Book Review: LAN Switch Security:What Hackers Know About Your Switches, by Eric Vyncke and Christopher Paggen

After reading this book by Vyncke and Paggen, you will never think about layer 2 the same way again. We quickly learn that, from a security perspective, a switch is neither a mindless toaster nor an insignificant appliance.

Book Review: Made to Stick: Why Some Ideas Survive and Others Die, by Chip Heath and Dan Heath

The Blog digest version of Stephen Northcutt's book review for Made to Stick: Why Some Ideas Survive and Others Die.

Book Review: Geekonomics, by David Rice

Geekonomics, by David Rice, is a new book about the real cost of insecure software; this is not a book just for technical people, but every thinking man and woman should read it.

Book Review: End-to-End Network Security, by Omar Santos

If you are an intermediate to expert security practitioner and you want to page through the book to find security topics that you do not know about, that is a great use of Santos' End-to-End Network Security, but there is very little depth beyond that.

Book alert, Behind the Screen: Hacking Hollywood, by Mark Stone

As a computer security author, I am always interested in hearing about other authors and their projects. Here is one from Mark Stone and he has been working on a project called Behind the Screen: Hacking Hollywood. Who knows, he may be a household (SOChold?) name in a year or two.

Book Review: Linksys WRT54G Ultimate Hacking, by Paul Asadoorian and Larry Pesce; Raul Siles Technical Editor

If you are going to be installing wireless it is a good idea to read this book; a lot of the information applies regardless of what brand of equipment you select. And as for me, I don't think I will ever look at a Linksys router in the same way again; from now on I will be wondering just exactly what is going on beneath the hood.

Book Review: The Black Swan: The Impact of the HIGHLY IMPROBABLE, by Nassim Nicholas Taleb

A black swan is a surprising or virtually unpredictable event that can have a massive impact. Nassim Taleb's observation, in his book The Black Swan, is that, after the fact, we concoct a narrative to explain it. His book is hard reading and people are either going to like this book or hate it. I have a thick skin, I choose to like it. He made me work pretty hard to get through it, but the mind is a muscle, and I, for one, thank Taleb.

The Best Security Books to have in your library

What are the best security books to have in your library? To find out, Stephen Northcutt polled the GIAC Advisory Board. (Students that score over 90 on their GIAC certification exams are invited to join the Advisory Board).

Book Review: The Age of Speed, by Vince Poscente

Poscente creates an easy to memorize taxonomy of people and businesses: Zeppelins that can't achieve speed; balloons that don't have to; bottle rockets, fast, but misguided; and jets, which is what we want to be. It was a good start, but should have been developed more. The book is divided into 36 short essays that are usually about two pages long, yet a lot of the material is redundant.

Book Review: Virtual Honeypots by Niels Provos and Thorsten Holz

Stephen Northcutt discusses Virtual Honeypots by Provos and Holz, and he finds it to be the best security book he's read this year: a perfect blend of well researched information about honeypots as well as plenty of pragmatic how to do it.

Book Review: Seduced by Success by Robert J. Herbold

When companies are successful they tend to hire too many people which raises costs, fractures lines of communications and leads to being unable to respond to changing industry trends. This is the core thought of Herbold, a long time executive at Proctor and Gamble and a seven year stint as Chief Operating Officer at Microsoft.

Book Review: Selling Blue Elephants, by Moskowitz and Gofman

The premise on the cover is: "How to make great products that people want before they even know they want them," and the primary focus of the book is Rule Developing Experimentation (RDE).

Book Review of Snow Crash leads to Second Life

As business leaders, we do not want to repeat history and be like some of the late adopters of the web who were so ignorant of its promise they didn't even register a domain name. Upon reviewing the book Snow Crash, Stephen Northcutt's advise is to buy the book, read the book, visit Second Life andinvest $25.00 to understand this new concept.

Book Review: Miracle in the Andes, by Nando Parrado and Vince Rause

A colleague and former student of mine sent me a copy of this book to read with the following: The true story of an amazing journey of faith, teamwork and leadership ... and doing the impossible, over and over again.

Book Review - Information Security Law: Control of Digital Assets

This is the longest book on computer security law I have ever read. Every organization in the USA or that has significant dealings with the USA should probably have a copy on the shelves

Book Review - Cisco Network Admission Control

Cisco press was kind enough to send me this book for review and what great timing, I have been thinking about NAC a lot lately. It puts a useful network device management control in the hands of an information security manager and Cisco really does lead the market with their implementation.

Book Review - The 21 Irrefutable Laws of Leadership, by John Maxell

Leadership books remind me of cooking: there are a finite number of common ingredients that make up the majority of dishes, but there seems to be an infinite number of ways to combine and present these ingredients.