Tag Archives: book review

Read “Effective Threat Intelligence: Building and running an intel team for your organization”.

Recently I read the kindle version of “Effective Threat Intelligence: Building and running an intel team for your organization” by James Dietle. I found out after the fact there was a paper back version of it, and even gave one copy away as a Christmas present.

Anyway, this is the book I wish I had in January of 2016, when  I moved from Incident Response / Event Analysis to Threat Intelligence. It’s a good primer on the subject. While it’s not completely new material, it’s the basics in one place. When I started doing TI, I had to learn from the ground up, and things were scattered. Some was easy, other parts were more advanced, and nothing made a good how to. Especially when I wanted to start showing value from the word go.

I think that if I had, had this book and read it when I was starting it would have been very beneficial. While it’s not as in depth as SANS For578,  I do think that it would make a good primer for anyone in IR going to SANS for Cyber Threat Intelligence.

 

 

Book Review: Mass Killers: How you Can Identify, Workplace, School, or Public Killers Before They Strike

I bought this book in December of 2013. I think started to read it, and lost interest / had other things come up. I recently picked this book up to read not that long ago, and went through it. Mike Roche, did a good job of breaking the book up in to parts. He uses his history in Law Enforcement to cover Mass Shootings, the signs, and how HR / Senior Leadership should handle the events leading up to a shooting.

Continue reading

Book Review: The Complete Guide to Shodan

I’ve stumbled around with Shodan.io for a while now. It’s a great tool, but using it effectively has always eluded me. John Matherly has given me some great advice on twitter, and I like Daniel Miessler’s Shodan Primer. But I never really find the information I need at the time.

While I know it is great to find webcams and spying Super Gnomes, that is just something I don’t use Shodan for. A lot of the reason I use Shodan lately is for work. Usually someone in management asks will if anyone knows what Shodan knows about the company. Which of our systems are listed on there.

Today while stumbling around trying to look up the company name and the netblocks, and using Dan’s cheatsheet (linked above), I noticed a new link on the page. Book.

This link goes to Lean Pub’s “The Complete Guide to Shodan” by John Matherly. It is a pay what you want book. They suggest just under $5.00 USD, for the 60 page booklet. I’m saying it’s worth more than that. I paid $10.00, which I still think is too low for this book.

The book can be delivered to your Kindle or downloaded as a pdf, an Epub, or Mobi file. I grabbed the PDF and Kindle copies of the file (too small to read on my phone and never figured out how to get it to show up in the Kindle Cloud reader).

This book is divided up in to Web Interface, External Tools (like the linux command line), Developer API, Industrial Control Systems, Appendices, and Exercise Solution.

There are exercises at the end of the Web Interface, External Tools, and API sections. Not all of them worked the way they were described in the book. For example I couldn’t find the Rastalvskarn Powerplant, even though it shows up with the link in the solution section.

I’ve read some documents on the API and struggled to get them to work. After reading the book, while I still have some questions, I know I can write the Network Alert that management wants.

Get this book, it’s worth more than anything you’ll pay for it. While it is only just over 60 pages, the content is great! Especially especially the Filter list in Appendix B.

p.s. It is worth getting an account, and paying for access.

 

Book Review: Getting An Information Security Job for Dummies

First off, Getting an Information Job for Dummies took way to long for me to read. But that’s because of other commitments. I got the book in May, when a lot of people in the echo chamber were trashing it. I was also looking for advantages in trying to find a new job that went with my B.S. in Information Assurance and after 6 months was feeling desperate.

First, the book isn’t as good as it could have been. Second, it wasn’t as bad as people were making it out to be on Twitter. Third, the author uses too much of his own personal experience in it (something I’m guilty of with this blog). Fourth, he kept equating lock picking to crime. Which I didn’t like at all and being from Washington I thought he’d do better. They are legal there.

Continue reading

Book Review: Meditation for Warriors

I’ve been studying Martial Arts for around 30 years on. I’ve gotten a couple of other books by Loren W. Christensen, mostly on training and diet. However Meditation For Warriors: Practical Mediation for Cops, Solders, and Martial  Artists is the first one that focused on the mental aspect.

This book is written as a practical guide to focus your mind, giving you a calmer demeanor, and allows you to stay cool, calm, and collected when the stuff hits the fan.

I really like that while it’s geared towards “Warriors” (Police, Soldiers, Martial Artists), it’s a really down to earth book that anyone could read and get a better understanding of meditation. Part of the goal of the book was to give non-practitioners a real world view of the importance of meditation.

Continue reading

Book Review: Personal Digital Securty

I read Personal Digital Security: Protecting Yourself From Online Crime by Michael Bazzell. I think this book is a good place to start, if someone wants to learn more about computer security.  A seasoned practitioner of Information Security could use this book as a core component to create a great Security Awareness Training program for users.

Mr. Bazzell starts off as if the reader knows very little information on computer security. However by the end of the book, he’s very conversational in tone, and is suggesting the reader shares what he learned.

The book has a building block approach. Not all readers will need to go chapter by chapter. But starting with Chapters 1 and 2, Mr. Bazzell starts a great foundation for the things in the rest of the book. The book starts with protecting your computer, and then your passwords. From there he goes on to show how to protect your online accounts, your data, and your credit cards, your debit and your banking information. Next is about protecting your telephones, cellular and work. Chapters 8 and 9 go in to always connected devices and wireless networking. Chapter 10 talks about how parents can protect their children online.

If your bank accounts  or credit card has been compromised and you want a deeper understanding read this book. If you want to create a Security Awareness Program, start with this book. If you want to get in to Computer Security, this book covers the basics you should already know by the time you walk in to a class room or entry level job.

 

 

Getting Real book review

When I first started doing the book reviews it was because a professor asked me what books I think should be on every Information Security (Information Assurance) student’s bookshelf. One of the books on that original list was Rework by the guys at 37 signals Basecamp. On my bi-annual reading of the book, I noticed they made comment to a previous book called Getting Real. So I ran out and grabbed a copy of it.

It really felt like a draft version of Rework. It was ok. There were some great quotes in the book from people who have used the same frame of thought to make a new company or run a business.

There were parts of the book that countered what I remembered from Rework (remember I read this book every other year), the biggest being how to deal with the competition, and seeing what they do. It felt that the two books were at odds on how to deal with the competition.

I would only recommend this book for the quotes, but think that Rework is the stronger and better of the two books to read.

Two book reviews on Personal Security.

Two books I read on personal safety recently were “Alone and Afraid” by J.J. Luna (also known for “How to Be Invisible“) and “Escaping the O Zone” by Doug Cummings.

I reviewed both of these books on Amazon. I have “Alone and Afraid” 5 stars, and “Escaping the O Zone” 4 stars.

Continue reading