Reading List

Useful Links

SANS

SANS Institute (“SysAdmin, Audit, Network and Security”) provides training and information, white papers and information, most of which is free, I can highly recommend their newsletters, especially @RISK, which will give you clear unbiased, non-sensationalised information about emerging threats and cyber risks.

https://www.sans.org/newsletters/

CISA

The US Cybersecurity and Infrastructure Security Agency. The website is full of useful information about how to keep your business safe, and they publish weekly bulletins on their National Cyber Awareness System.

https://www.cisa.gov/uscert/ncas/bulletins

Krebs On Security

Brian Krebs is an American Cybersecurity Journalist. While perhaps this website is written from more of a journalist point of view, it complements the above two by giving a different perspective. 

https://krebsonsecurity.com/

Schnier on Security

Bruce Schnier is a lecturer at the Harvard Kenedy school, his insights help us understand the “intersection of security, technology, and people.”

https://www.schneier.com/

Podcasts

I listen to these regularly. My interest mainly focuses on the human element of cybersecurity, throughout my research I have noticed that the weakest link in any security chain is the human. Almost all breaches begin with a lapse in human security, and whilst we will never “fix” the human, we can at least understand how humans are used to infiltrate, and use this information to focus our defence resources, to make them more effective.

I like to fill my commute to work with Cybersecurity, so I get to work ready to work.

Hacking Humans

Released by The Cyberwire, this podcast focuses on the weakest link in Cybercrime, the human factor. It’s well worth a listen, it’s not only entertaining, but informative, and helps keep you aware of the Social Engineering scams that are currently being used.

https://thecyberwire.com/podcasts/hacking-humans

8th Layer Insights

Another excellent podcast from The Cyberwire focussing on how human nature effect security and risk, this time, looking at things from a psychology perspective.

https://thecyberwire.com/podcasts/8th-layer-insights

Down the Security Rabbithole

This is a more informative discussion on various areas of security aimed at security and technology leaders.

http://podcast.wh1t3rabbit.net/

The Social-Engineer Podcast

This podcast again focuses on Social Engineering, discussing human aspects of cybersecurity, and how to get the message across within your organisation.

https://www.social-engineer.org/podcasts/

Malicious Life

More of a storytelling approach to Cybersecurity, telling the stories from the perspective of hackers, allowing us to understand their motivations.

https://malicious.life

Darknet Diaries

Darknet Diaries again takes more of a storytelling approach, interviewing and discussing hackers, breaches, shadow government, and other areas that are not usually exposed.

https://darknetdiaries.com/

Books

I’ve found the following books interesting reads:

Thinking in Systems – A Primer

Donella H. Meadows

All cybersecurity programs are an inherent part of the business and also with the external world of cyber threats. This book will help you to start to understand systems thinking, and as a result, gives a cybersecurity professional an understanding of how a cyber security program is a pat of a system, and is a system in itself.

https://www.goodreads.com/book/show/3828902-thinking-in-systems

Tracers in the Dark

Andy Greenberg

How the Blockchain has been deanonymised and how IRS agents are now chasing down illegal transactions and undertaking research that has resulted in multiple arrests worldwide.

https://www.goodreads.com/book/show/60462182-tracers-in-the-dark

Start With Why

Simon Sinek

Why are some people and organizations more innovative, more influential, and more profitable than others? Why do some command greater loyalty from customers and employees alike? Even among the successful, why are so few able to repeat their success over and over?

https://www.goodreads.com/book/show/7108725-start-with-why

Noise

Daniel Kahneman, Olivier Sibony, Cass R. Sunstein

An exploration of why people make bad judgments and how to make better ones

https://www.goodreads.com/book/show/55339408-noise

Human Hacking

Christopher Hadnagy

From the presenter of the Social Engineer podcast, this is an interesting insight into how psychology can play a part in influence.

https://www.goodreads.com/book/show/50622186-human-hacking

Transformational Security Awareness

Perry Carpenter

A deep dive into creating a more effective security awareness program for your enterprise.

https://www.goodreads.com/book/show/45589091-transformational-security-awareness

Influence: The Psychology of Persuasion

Robert B. Cialdini

Understanding the means by which we can be persuaded is a number 1 tool for a successful leader, in Cybersecurity or out.

https://www.goodreads.com/book/show/56419468-influence-new-and-expanded

The Art of Deception: Controlling the Human Element of Security

Kevin Mitnick

Kevin Mitnick is the self-declared “world’s most infamous hacker”. Nevertheless, understanding things from a hackers perspective is essential for finding and patching weaknesses in our cybersecurity processes.

https://www.goodreads.com/book/show/18160.The_Art_of_Deception

Sandworm

Andy Greenberg

Telling the story of nation-state actors and how they have waged secret wars to disrupt entire nations.

https://www.goodreads.com/book/show/41436213-sandworm

The Phoenix Project

Gene Kim, Kevin Behr, George Spafford

A fictitious story to help us understand how to marry IT Operations, DevOps and Security operations successfully.

https://www.goodreads.com/book/show/17255186-the-phoenix-project

Predictably Irrational

Dan Ariely

A look into how decision making can be influenced by our environment without our knowledge.

https://www.goodreads.com/book/show/1713426.Predictably_Irrational

Thinking Fast and Slow

Daniel Kahneman

A look at our different modes of thinking are employed (System 1 thinking – Fast thinking based on assumptions, is how breaches occur. I’m interested in how we can slow our thinking down to System 2 thinking at the times we need to, to prevent breaches – Even seasoned cybersecurity professionals are guilty of employing system 1 thinking during their work. Looking for short cuts to get the work done faster.)

https://www.goodreads.com/book/show/11468377-thinking-fast-and-slow

 

And many more…..