I’m always looking for interesting books to read. These are the books that I enjoyed enough to recommend in Q2. Cyber Zero Days, Thousands of Nights, by Lillian Ablion and Andy Bogart. (Also, thanks to RAND for releasing their books with an epub version.) Nonfiction, not security Narrative and Numbers, Aswath Damodaran. Presents a compelling…Read More Worthwhile Books: Q2 2017
There’s a really interesting podcast with Robert Hurlbut Chris Romeo and Tony UcedaVelez on the PASTA approach to threat modeling. The whole podcast is interesting, especially hearing Chris and Tony discuss how an organization went from STRIDE to CAPEC and back again. There’s a section where they discuss the idea of “think like an attacker,”…Read More Threat Modeling the PASTA Way
One of the themes of The New School of Information Security is how other fields learn from their experiences, and how information security’s culture of hiding our incidents prevents us from learning. Today I found yet another field where they are looking to learn from previous incidents and mistakes: zombies. From “The Zombie Survival Guide:…Read More Learning from Our Experience, Part Z
[Update, Feb 20 2017: More reading: Trump and the ‘Society of the Spectacle’.]Read More Current Reading
I always get a little frisson of engineering joy when I drive over the Tacoma Narrows bridge. For the non-engineers in the audience, the first Tacoma Narrows bridge famously twisted itself to destruction in a 42-mph wind. The bridge was obviously unstable even during initial construction (as documented in “Catastrophe to Triumph: Bridges of the…Read More Tacoma Narrows and Security
I’m excited to say that Threat Modeling: Designing for Security is now available in Chinese. This is a pretty exciting milestone for me — it’s my first book translation, and it joins Elevation of Privilege as my second translation into Chinese. You can buy it from Amazon.cn.Read More Threat Modeling, Chinese Edition!
One of the most interesting security books I’ve read in a while barely mentions computers or security. The book is Petroski’s The Evolution of Useful Things. As the subtitle explains, the book discusses “How Everyday Artifacts – From Forks and Pins to Paper Clips and Zippers – Came to be as They are.” The chapter…Read More The Evolution of Secure Things
I was irked to see a tweet “Learned a new word! Pseudoarboricity: the number of pseudoforests needed to cover a graph. Yes, it is actually a word and so is pseudoforest.” The idea that some letter combinations are “actual words” implies that others are “not actual words,” and thus, that there is some authority who…Read More On Language
Simson Garfinkel and Heather Lipford’s Usable Security: History, Themes, and Challenges should be on the shelf of anyone who is developing software that asks people to make decisions about computer security. We have to ask people to make decisions because they have information that the computer doesn’t. My favorite example is the Windows “new network”…Read More Usable Security: History, Themes, and Challenges (Book Review)
Bruce Schneier says nice things about my latest book.Read More Thanks, Bruce!