One thing any Cyber Security Professional crave is good literature on the subject. While there are many books that cover the basics and introduce the reader to the field, there are few which have the potential to spark a debate. My search for such books led me to Cybersecurity Canon list. Cybersecurity Canon Project was started by Rick Howard, Chief Security Officer, Palo Alto Networks, somewhere around December, 2013. What started out as a hobby project, has now become an internationally accepted list of must-reads on Cyber Security. This include books in fiction, non-fiction and technical categories.

What is Cyber Security Canon list?

A canon is the list of works considered to be permanently established as being genuine and of the highest quality. The Cyber Security Canon list is a list of books that give a rich background and deep insights in the field of Cyber Security. Below is an interesting anecdote on how it came into existence in Rick's own words.

A while back, I was perusing my collection and feeling superior to no one in particular because I had read these tomes when I suddenly realized that, although I remembered the gist of most of the titles, I did not remember a lot of the details. Frankly, I was a little embarrassed. I used to think that I was well read. The fact that I could not remember the details was a little disheartening and an indicator of how old I was. Right there in the basement, I decided to do something about it.

I gave myself the task of re-reading some of the more interesting books with the intent to take notes on the details so I could remember them in the future. Those notes eventually turned into book reviews that I published for my customers when I worked at iDefense. When I left iDefense, the new GM, Jason Greenwood, gave me permission to re-publish those reviews on my own personal blog site (Terebrate) as a service to the cybersecurity community. When I joined Palo Alto Networks, I re-published that collection on the Palo Alto Networks public-facing research blog in order to service a wider audience and start to build some community around the idea of a Canon.

After a couple of years of doing those reviews, I had a collection of about 20 that I thought represented the cybersecurity community. The reviews explained how these books told our cybersecurity history, explained our culture or represented the current and best thinking on a myriad of topics like cyber crime, cyber warfare, cyber hactivism, cyber espionage and privacy in a digital age.

I began to get the idea that this collection, and probably about a 100 more books that I had not reviewed or identified yet, made up a set of cybersecurity books that everybody in our community should have read at some point during their careers. Our community really needs a Cybersecurity Canon.

The Cybersecurity Canon Porject is now officially sponsored by Palo Alto Netoworks and has also been presented in RSA Conference 2014, San Francisco. The project has been well received by the Cybersecurity community and has the potential to rise further.

What categories are covered in this list?

The best thing about Cybersecurity Canon list is that it isn't just restricted to technical books. It includes books from non-fiction and fiction genre as well.  For a book to make it into the Canon, it must accurately depict the history of the cybercrime community, characterize key places or significant milestones in the community, or precisely describe technical details that do not exaggerate the craft. 

The sub-categories covered by this list are as follow:

• Cyber History and Culture

• Cyber Crime

• Cyber Espionage

• Cyber Hacktivism

• Cyber War

• Novels

• Technical

How to nominate a book?

The Cybersecurity Canon list is open to all to nominate their favorite book in the field as a candidate to be inducted in the list. All one has to do is to submit a review as per the guidelines established by Rick. Once the review is accepted, the book becomes a potential candidate to be included in the list. The review will be published on the Official Cybersecurity Canon page.

Who has the final call?

Initially, Rick was the sole judge of which book should or should not be included in the list. However, as the project gained traction it became necessary to build a larger committee of industry experts to deliver the final results.

Current Inductees

The current list of award winners include:

2014

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency (2012) by Parmy Olson in Cyber Hactivism Category

• Read Rick's Review

• Buy the book

2015

Spam Nation: The Inside Story of Organized Cybercrime from Global Epidemic to Your Front Door (2014) by Brian Krebs in Cyber Crime Category

• Read Rick's Review

• Buy the book

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll in Cyber Espionage Category

• Read Rick's Review

• Buy the book

Winning as a CISO (2005) by Rich Baich in Cyber History and Culture Category

• Read Rick's Review

• Buy the book

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter in Cyber Warfare Category

• Read Rick's Review

• Buy the book

Cybersecurity Canon Candidate List (2015)

Last year's nominee list can be accessed here. Even though they didn't make it to the Canon list they are worth a read. For example, Kevin Poulsen's Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground explains the mechanisms of online credit card fraud.

Conclusion

Till date there have been two rounds of Cybersecurity Canon List inductions. The process for 2016 has already started. Interested reader's can submit their nominations using this link.

This is a great initiative by Rick Howard. For reader's like me it is certainly a boon to have such a list. This saves us a lot time and effort which is otherwise spent in the hunt for good books on the subject.