Book Review: The Woman Who Smashed Codes

One of the challenges of working for the NSA, is that employees don’t have the freedom to share what they do with the professional community at large. Whether it is blogging, writing articles, participating in industry meetings or the like, NSA employees simply can’t do that. It’s not just the NSA, it pretty much every security agency of most countries. While many people think that public-key cryptography was created by Rivest, Shamir and Adleman (RSA), it was actually created a few years earlier by James Ellis, Clifford Cocks and Malcolm Williamson of the GCHQ, the UK equivalent of the NSA. …
Read more

Ben’s Book of the Month: Review of “Hacking the Hacker: Learn From the Experts Who Take Down Hackers”

As 2017 closes, this month’s theme is hackers and threats. We focus on the growing underground economy, advanced threats, APTs, new classes of vulnerabilities, exploitation techniques, reverse engineering and how to combat these growing information security problems. When it comes to learning the ins and outs of hacking, the various editions of Hacking Exposed are a great resource. The assorted titles in the series provide the reader with a hands-on and tactical approach to learning how to hack and perform penetration testing. There are also webinars and articles with catchy titles such as How to…
Read more

Book review: Serious Cryptography: A Practical Introduction to Modern Encryption

Philosopher Alfred North Whitehead noted that modern philosophy is simply a series of footnotes to Plato. When it comes to cryptography, much of it is simply footnotes to Bruce Schneier’s classic work Applied Cryptography: Protocols, Algorithms and Source Code in C. In Serious Cryptography: A Practical Introduction to Modern Encryption (No Starch Press 978-1593278267), Jean-Philippe Aumasson has written not just some good footnotes to Schneier, but a valuable work on modern encryption and cryptography. A lot has changed since Applied Cryptography came out over 22 years ago and Aumasson does a…
Read more

Ben’s Book of the Month: Review of “How Healthcare Data Privacy Is Almost Dead … and What Can Be Done to Revive It!”

This month’s theme is security strategy & operations. Some questions include: what makes a good cybersecurity strategy? What policies and procedures should you have in place to ensure your employees, customers and sensitive data remain safe? If you believe John Trinckes in How Healthcare Data Privacy Is Almost Dead ... and What Can Be Done to Revive It! (Auerbach Publications 978-1498783958), the healthcare industry is running on the information security equivalent of life support. Perhaps no other industry has so much highly personal data than the healthcare sector. And it’s likely that no…
Read more

Book Review: Why CISOs Fail: The Missing Link in Security Management–and How to Fix It

A recurring complaint of many executives when berating their CISO, is that they’ve spent exorbitant amounts on information security and often don’t have a lot to show for it. In Why CISOs Fail: The Missing Link in Security Management--and How to Fix It (Auerbach Publications 978-1138197893) author Barak Engel shows how these executives are at times correct. Engel has been in the information security field for decades and this is his soliloquy on many of the bigger problems in information security management. At 125 pages, he lays out what is wrong; and he does that with a combination of humor, …
Read more

Ben’s Book of the Month: Review of “From CIA to APT: An Introduction to Cyber Security”

It’s unclear if Albert Einstein really said that if “you do not really understand something unless you can explain it to your grandmother”. Explaining information security is often a challenge. Many try to explain it to the uninitiated, and often don’t do that great of a job. For those looking for a technical introductory text, by authors who could explain it to your grandmother, consider From CIA to APT: An Introduction to Cyber Security (ISBN 978-1522074946) by Edward Amoroso and Matthew Amoroso. At 100 pages, the book provides a solid introduction to the topics for those with a basic…
Read more