Rejoice! Eight New Books Inducted into the Cybersecurity Canon

I am very excited today to announce the 2016 inductees into the Cybersecurity Canon: our hall of fame for cybersecurity books.

2016 March Madness Winner & Cybersecurity Canon Inductee

• “Zero Day” by Mark Russinovich

2016 Inductees selected by the Cybersecurity Canon Committee

• “@War” by Shane Harris
• “The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes” by Dawn M. Cappelli, Andrew P. Moore, and Randall F. Trzeciak
• “Cyber War” by Richard Clarke
• “Future Crimes” by Marc Goodman
• “Kingpin” by Kevin Poulsen
• “Measuring and Managing Information Risk: A Fair Approach” by Jack Jones & Jack Freund
• “Tallinn Manual on the International Law Applicable to Cyber Warfare” by Michael N. Schmitt (Editor)

The goal of the Cybersecurity Canon Project is to identify a list of must-read books for all cybersecurity practitioners — be they from industry, government or academia — where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.

The Cybersecurity Canon Project is not simply a list of books you should read. Indeed, no book makes it onto the candidate list unless a security practitioner makes the case in a book review that we publish on the website, proving the case that this book should be read by all members of the cybersecurity community. Then, a committee of 10 security professionals decides which books make it into the Canon each year. Anybody can submit a book review for consideration. If the committee thinks you made the case, then we add the book to the candidate list.

The Cybersecurity Canon Project has been going on for three years now. The first year, 2014, we had approximately 20 books in the candidate list and selected one to be inducted into the Canon: “We are Anonymous” by Parmy Olson. The second year, 2015, we had approximately 30 books in the candidate list and selected four (See the 2015 list below). This year, we had 45 books in the candidate list and selected eight. We added a twist to the selection process this year by opening up the voting to the Internet in a March Madness type competition. After six rounds of voting, “Zero Day” by Mark Russinovich emerged as the clear and popular winner.

At the awards ceremony, some of the authors received their awards on stage, signed their books for the Ignite 2016 crowd, and shared details about their books in video interviews with members of the Cybersecurity Canon Committee (Stay tuned for videos from the interviews):

• Dawn M. Cappelli
• Richard Clarke
• Marc Goodman
• Jack Freund
• Jack Jones
• Andrew P. Moore
• Kevin Poulsen
• Randall F. Trzeciak
• Liis Vihul

Winners From Previous Years

2015 Inductees selected by the Cybersecurity Canon Committee

• “Countdown to Zero Day” by Kim Zetter
• “The Cuckoo’s Egg” by Clifford Stoll
• “Spam Nation” by Brian Krebs
• “Winning as a CISO” by Rich Baich

2014 Inductees selected by the Cybersecurity Canon Committee

• “We are Anonymous” by Parmy Olson

Get Involved

The Cybersecurity Canon Project is a worthy educational endeavor. If you know someone who is trying to learn about what it means to be a cybersecurity professional, consider pointing him or her to our list of books for professional development. If you have a book that guided you in your career, please consider writing a book review for it so that we might get it on the candidate list. Finally, the 2017 Cybersecurity Canon season begins in June. We have a couple of open slots left for the committee. If you are as passionate about cybersecurity books as we are, please reach out to the Cybersecurity Canon committee and tell them you want to volunteer.

Rick Howard

[Palo Alto Networks Research Center]