SANS Technology Institute: Musings
Welcome to the Musings on sans.edu. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job. These musings are an informal set of articles, book reviews and whitepapers, almost a blog, about security, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Management 512, Security Leadership Essentials and the GIAC Security Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu.
Click here to subscribe to the Musings Article Feed
- Book Reviews
Here we are gathering book reviews on information and network security, management, and leadership.
Book Review: Dreams from My Father, by Barack Obama - February 4th, 2008
By Stephen Northcutt
Barack Obama's book, Dreams from My Father, is reviewed here by Stephen Northcutt of the SANS Technology Institute. Stephen feels that the book ends better than it begins; in fact, he believes that Mr. Obama was very generous to let so many strangers into his headspace.
Book Review: LAN Switch Security:What Hackers Know About Your Switches, by Eric Vyncke and Christopher Paggen - January 11th, 2008
By Stephen Northcutt
After reading this book by Vyncke and Paggen, you will never think about layer 2 the same way again. We quickly learn that, from a security perspective, a switch is neither a mindless toaster nor an insignificant appliance.
Book Review: Made to Stick: Why Some Ideas Survive and Others Die, by Chip Heath and Dan Heath - January 2nd, 2008
By Stephen Northcutt
The Blog digest version of Stephen Northcutt's book review for Made to Stick: Why Some Ideas Survive and Others Die.
Book Review: Geekonomics, by David Rice - December 27th, 2007
By Stephen Northcutt
Geekonomics, by David Rice, is a new book about the real cost of insecure software; this is not a book just for technical people, but every thinking man and woman should read it.
Book Review: End-to-End Network Security, by Omar Santos - December 6th, 2007
By Stephen Northcutt
If you are an intermediate to expert security practitioner and you want to page through the book to find security topics that you do not know about, that is a great use of Santos' End-to-End Network Security, but there is very little depth beyond that.
Book alert, Behind the Screen: Hacking Hollywood, by Mark Stone - November 27th, 2007
By Stephen Northcutt
As a computer security author, I am always interested in hearing about other authors and their projects. Here is one from Mark Stone and he has been working on a project called Behind the Screen: Hacking Hollywood. Who knows, he may be a household (SOChold?) name in a year or two.
Book Review: Linksys WRT54G Ultimate Hacking, by Paul Asadoorian and Larry Pesce; Raul Siles Technical Editor - October 31st, 2007
By Stephen Northcutt
If you are going to be installing wireless it is a good idea to read this book; a lot of the information applies regardless of what brand of equipment you select. And as for me, I don't think I will ever look at a Linksys router in the same way again; from now on I will be wondering just exactly what is going on beneath the hood.
Book Review: The Black Swan: The Impact of the HIGHLY IMPROBABLE, by Nassim Nicholas Taleb - October 27th, 2007
By Stephen Northcutt
A black swan is a surprising or virtually unpredictable event that can have a massive impact. Nassim Taleb's observation, in his book The Black Swan, is that, after the fact, we concoct a narrative to explain it. His book is hard reading and people are either going to like this book or hate it. I have a thick skin, I choose to like it. He made me work pretty hard to get through it, but the mind is a muscle, and I, for one, thank Taleb.
The Best Security Books to have in your library - October 25th, 2007
By GIAC Advisory Board
What are the best security books to have in your library? To find out, Stephen Northcutt polled the GIAC Advisory Board. (Students that score over 90 on their GIAC certification exams are invited to join the Advisory Board).
Book Review: The Age of Speed, by Vince Poscente - October 2nd, 2007
By Stephen Northcutt
Poscente creates an easy to memorize taxonomy of people and businesses: Zeppelins that can't achieve speed; balloons that don't have to; bottle rockets, fast, but misguided; and jets, which is what we want to be. It was a good start, but should have been developed more. The book is divided into 36 short essays that are usually about two pages long, yet a lot of the material is redundant.
Book Review: Virtual Honeypots by Niels Provos and Thorsten Holz - August 21st, 2007
By Stephen Northcutt
Stephen Northcutt discusses Virtual Honeypots by Provos and Holz, and he finds it to be the best security book he's read this year: a perfect blend of well researched information about honeypots as well as plenty of pragmatic how to do it.
Book Review: Seduced by Success by Robert J. Herbold - June 26th, 2007
By Stephen Northcutt
When companies are successful they tend to hire too many people which raises costs, fractures lines of communications and leads to being unable to respond to changing industry trends. This is the core thought of Herbold, a long time executive at Proctor and Gamble and a seven year stint as Chief Operating Officer at Microsoft.
Book Review: Selling Blue Elephants, by Moskowitz and Gofman - June 25th, 2007
By Stephen Northcutt
The premise on the cover is: "How to make great products that people want before they even know they want them," and the primary focus of the book is Rule Developing Experimentation (RDE).
Book Review of Snow Crash leads to Second Life - April 18th, 2007
By Stephen Northcutt
As business leaders, we do not want to repeat history and be like some of the late adopters of the web who were so ignorant of its promise they didn't even register a domain name. Upon reviewing the book Snow Crash, Stephen Northcutt's advise is to buy the book, read the book, visit Second Life andinvest $25.00 to understand this new concept.
Book Review: Miracle in the Andes, by Nando Parrado and Vince Rause - February 20th, 2007
By Gal Shpantzer and Stephen Northcutt
Version 1.1A colleague and former student of mine sent me a copy of this book to read with the following: The true story of an amazing journey of faith, teamwork and leadership ... and doing the impossible, over and over again.
Book Review - Information Security Law: Control of Digital Assets - February 19th, 2007
By Stephen Northcutt
This is the longest book on computer security law I have ever read. Every organization in the USA or that has significant dealings with the USA should probably have a copy on the shelves
Book Review - Cisco Network Admission Control - January 1st, 2007
By Stephen Northcutt
Cisco press was kind enough to send me this book for review and what great timing, I have been thinking about NAC a lot lately. It puts a useful network device management control in the hands of an information security manager and Cisco really does lead the market with their implementation.
Book Review: The Art of Software Security Assessment - December 19th, 2006
By Stephen Northcutt
This is one of those rare security books that has a chance to revolutionize the industry like Applied Cryptography, Snort 2.0, or Hacking Exposed.
