Book Reviews

Book Reviews

Welcome to Book Reviews on sans.edu. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job, and reading books is still one of my favorite ways to learn from others in the industry. I write reviews and post reviews by others of books about security, management and leadership, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Management 512, Security Leadership Essentials and the GIAC Security Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear your suggestions on books that we should review, and send us your own book reviews to post as well. Feel free to drop us a note at stephen@sans.edu.

Click here to subscribe to the Book Reviews Article Feed


PostSeret Confessions on Life, Death, and God

By Stephen Northcutt

First edition was 1964, last updated 2009, this book is the result of sending out postcards and asking people to share secrets that are true and have not been shared before.

View Article

Survival of the Sickest

By Stephen Northcutt

That which does not kill you right now may be what gets you later. A surprising look at the adaptations of all life and how they are related.

View Article

What makes it PAGE

By Stephen Northcutt

This is a review of Enrico Martignetti's book on Windows 7 Virtual Memory Manager.

View Article

Zubulake's e-Discovery

By Laura Zubulake

This is an incredibly compelling story of David and Goliathish proportions. Laura was a trader for a very large bank, got a new boss, he either didn't like her or didn't like any women. They canned her. She claimed discrimination. Case went to trial, she did not accept a settlement. She did most of the clerical work to save money and kept the lawyers for when they were truly needed. The result of an amazing trial is detailed in the book.

View Article

Cisco Firewalls

By Alexandre M.S.P. Moraes

The bottom line: does the book teach enough about firewall/perimeter technology to buy/read it if you are not running ASA? Not to buy it, it is meant for ASA owners and there is nothing wrong with that, but if you have it on the shelf and don't work with networks every day, you can go through the sections I have pointed out, starting with the netflow discussion, in about two hours and I think the investment of time will be beneficial.

View Article

Securing Cisco IP Telephony Networks

By Akhil Behl

This is one of my favorite Cisco Press books. It is thorough and approachable. It starts by clearly identifying the problem (you can get ripped off in a big way) and builds a structured case for IP telephony security.

View Article

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

By Kevin Mitnick with William Simon

Kevin Mitnick gave me his book and I started reading it on the plane ride home from SANS NS2012; the book was gripping and educational. The author team is to be commended and I applaud Kevin for his transparency. It is rare to feel you know someone after reading their book, but that is exactly how I feel.

View Article

The Davis Dynasty: Fifty Years of Successful Investing on Wall Street, by John Rothchild

By Stephen Northcutt

I was given this book by an investing group I am a part of. Their letter recommended the book so I put it first in the queue to take on my next few flights. I cannot say that I liked the book; I really did not like the Davis family from the way they were portrayed, but there are some investing nuggets, and the final chapters are chock full of actionable investing advice

View Article

Book Review: Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software, by Michael Sikorski and Andrew Honig

By Stephen Northcutt

I have been carrying this book around for three weeks and I have only made it to page 604 which is deep in the appendices, but I wanted to jot down some thoughts. The book tries to be self contained in that as little prior knowledge as possible is assumed. They begin by talking about static (not actually executing) and dynamic analysis followed by a malware taxonomy. By page 10 the authors show you something very useful - how to run MD5 on a Windows system.

View Article

Book Review: The Tangled Web - A Guide to Securing Modern Web Applications

By Stephen Northcutt

I had enjoyed Mr. Zalewski's previous book Silence on the Wire so I was looking forward to taking a look at his newest work. What I did not expect was that I would not want to put it down, well, except for a trip down the invisible gorilla rabbithole. But The Tangled Web is about code and html and javascript - how could it be gripping? Mostly because it scared the heck out of me

View Article

Book Review. Who: The A Method for Hiring by Geoff Smart and Randy Street

By Stephen Northcutt

On the flight to Seattle, I finished Who by Geoff Smart and Randy Street. It is about one subject only, hiring. Easy read with a nice blend of research (and it is well researched) and stories to drive home the points. The basic concept is to focus on hiring "A" employees; the best and avoid "B" and "C" employees for the critical jobs.

View Article

Book Review: I live in the future & here's how it works, by Nick Bilton

By Stephen Northcutt

I just finished Nick Bilton’s book, it is very fresh and I think it has some insights for all of business, especially all of SANS and GIAC business. I will talk about Chapters 1 and 2 specifically and then some of the takeaways. Bilton is a good writer, and this is a fantastic choice as an airplane book.

View Article

Book Review: Four Obsessions of an Extraordinary Executive, by Patrick Lencioni

By Stephen Northcutt

Rob Vandenbrink recommended a few Patrick Lencioni books and this was the first one I read. I saw a review on Amazon that says, "concise, compelling, simple, and wise look at the role of a leader in an organization." and that describes the book very well.

View Article

Book Review: The New School of Information Security, by Adam Shostack and Andrew Stewart

By Stephen Northcutt

Quoting another reviewer, Kevin Thompson, gives us an idea about this book on the information security profession: "Not to say that the rest of the book isn't valuable, but if you only had 30 minutes to get the point of the book, I would say read chapter 4."

View Article

Book Review: Crimeware, by Jakobsson and Ramzan

By Stephen Northcutt

Jakobsson and Ramzan, set a new standard for security books with Crimeware; it is both eminently pragmatic and, at the same time, a scholarly work, I thought I knew a bit about malware, but I learned tons from the book.

View Article

Book Review: Dreams from My Father, by Barack Obama

By Stephen Northcutt

Barack Obama's book, Dreams from My Father, is reviewed here by Stephen Northcutt of the SANS Technology Institute. Stephen feels that the book ends better than it begins; in fact, he believes that Mr. Obama was very generous to let so many strangers into his headspace.

View Article

Book Review: LAN Switch Security:What Hackers Know About Your Switches, by Eric Vyncke and Christopher Paggen

By Stephen Northcutt

After reading this book by Vyncke and Paggen, you will never think about layer 2 the same way again. We quickly learn that, from a security perspective, a switch is neither a mindless toaster nor an insignificant appliance.

View Article

Book Review: Made to Stick: Why Some Ideas Survive and Others Die, by Chip Heath and Dan Heath

By Stephen Northcutt

The Blog digest version of Stephen Northcutt's book review for Made to Stick: Why Some Ideas Survive and Others Die.

View Article

Book Review: Geekonomics, by David Rice

By Stephen Northcutt

Geekonomics, by David Rice, is a new book about the real cost of insecure software; this is not a book just for technical people, but every thinking man and woman should read it.

View Article

Book Review: End-to-End Network Security, by Omar Santos

By Stephen Northcutt

If you are an intermediate to expert security practitioner and you want to page through the book to find security topics that you do not know about, that is a great use of Santos' End-to-End Network Security, but there is very little depth beyond that.

View Article

Book alert, Behind the Screen: Hacking Hollywood, by Mark Stone

By Stephen Northcutt

As a computer security author, I am always interested in hearing about other authors and their projects. Here is one from Mark Stone and he has been working on a project called Behind the Screen: Hacking Hollywood. Who knows, he may be a household (SOChold?) name in a year or two.

View Article

Book Review: Linksys WRT54G Ultimate Hacking, by Paul Asadoorian and Larry Pesce; Raul Siles Technical Editor

By Stephen Northcutt

If you are going to be installing wireless it is a good idea to read this book; a lot of the information applies regardless of what brand of equipment you select. And as for me, I don't think I will ever look at a Linksys router in the same way again; from now on I will be wondering just exactly what is going on beneath the hood.

View Article

Book Review: The Black Swan: The Impact of the HIGHLY IMPROBABLE, by Nassim Nicholas Taleb

By Stephen Northcutt

A black swan is a surprising or virtually unpredictable event that can have a massive impact. Nassim Taleb's observation, in his book The Black Swan, is that, after the fact, we concoct a narrative to explain it. His book is hard reading and people are either going to like this book or hate it. I have a thick skin, I choose to like it. He made me work pretty hard to get through it, but the mind is a muscle, and I, for one, thank Taleb.

View Article

The Best Security Books to have in your library

By GIAC Advisory Board

What are the best security books to have in your library? To find out, Stephen Northcutt polled the GIAC Advisory Board. (Students that score over 90 on their GIAC certification exams are invited to join the Advisory Board).

View Article

Book Review: The Age of Speed, by Vince Poscente

By Stephen Northcutt

Poscente creates an easy to memorize taxonomy of people and businesses: Zeppelins that can't achieve speed; balloons that don't have to; bottle rockets, fast, but misguided; and jets, which is what we want to be. It was a good start, but should have been developed more. The book is divided into 36 short essays that are usually about two pages long, yet a lot of the material is redundant.

View Article

Book Review: Virtual Honeypots by Niels Provos and Thorsten Holz

By Stephen Northcutt

Stephen Northcutt discusses Virtual Honeypots by Provos and Holz, and he finds it to be the best security book he's read this year: a perfect blend of well researched information about honeypots as well as plenty of pragmatic how to do it.

View Article

Book Review: Seduced by Success by Robert J. Herbold

By Stephen Northcutt

When companies are successful they tend to hire too many people which raises costs, fractures lines of communications and leads to being unable to respond to changing industry trends. This is the core thought of Herbold, a long time executive at Proctor and Gamble and a seven year stint as Chief Operating Officer at Microsoft.

View Article

Book Review: Selling Blue Elephants, by Moskowitz and Gofman

By Stephen Northcutt

The premise on the cover is: "How to make great products that people want before they even know they want them," and the primary focus of the book is Rule Developing Experimentation (RDE).

View Article

Review of FISMA Certification and Accreditation Handbook by Laura Taylor

By Stephen Northcutt

Laura Taylor's FISMA Certification and Accreditation Handbook is reviewed by Stephen Northcutt. The bottom line from Stephen: this book is complete, comprehensive, and accurate. He could not find one single example of the obtuse writing that tends to show up in the NIST and other government documents, and he believes that the book gives you a real path through the Federal certification and accreditation maze.

View Article

Book Review of Snow Crash leads to Second Life

By Stephen Northcutt

As business leaders, we do not want to repeat history and be like some of the late adopters of the web who were so ignorant of its promise they didn't even register a domain name. Upon reviewing the book Snow Crash, Stephen Northcutt's advise is to buy the book, read the book, visit Second Life andinvest $25.00 to understand this new concept.

View Article

Book Review: Miracle in the Andes, by Nando Parrado and Vince Rause

By Gal Shpantzer and Stephen Northcutt

A colleague and former student of mine sent me a copy of this book to read with the following: The true story of an amazing journey of faith, teamwork and leadership ... and doing the impossible, over and over again.

View Article

Book Review - Information Security Law: Control of Digital Assets

By Stephen Northcutt

This is the longest book on computer security law I have ever read. Every organization in the USA or that has significant dealings with the USA should probably have a copy on the shelves

View Article

Book Review - Cisco Network Admission Control

By Stephen Northcutt

Cisco press was kind enough to send me this book for review and what great timing, I have been thinking about NAC a lot lately. It puts a useful network device management control in the hands of an information security manager and Cisco really does lead the market with their implementation.

View Article

Book Review - The 21 Irrefutable Laws of Leadership, by John Maxell

By Stephen Northcutt

Leadership books remind me of cooking: there are a finite number of common ingredients that make up the majority of dishes, but there seems to be an infinite number of ways to combine and present these ingredients.

View Article

Book Review: The Art of Software Security Assessment

By Stephen Northcutt

This is one of those rare security books that has a chance to revolutionize the industry like Applied Cryptography, Snort 2.0, or Hacking Exposed.

View Article