Photo by Ashim D’Silva on Unsplash
You may have been discovering this slowly over the last few years as you’ve read me talking about books, but I really do enjoy reading!
In short, during this year, 2022, I’ve done a lot of reading, some of which doesn’t deserve your attention, but others that do!
So here are the books I recommend:
– Spam Nation by Brian Krebs.
This author has been blogging about the information security field for years, shamefully I hadn’t read his book published in 2014.
The author does an excellent job as an investigative journalist, recounting his adventures, anecdotes and gossip from the unscrupulous world of “internet pirates” and “spammers”.
I’m also glad to remember that things have come a long way since then, but there’s still so much to do in the field of information security. (internet connected targets, smart cars and for AI)
I read this book like a history book about how things were done in the good old days. He visits spammers in Russia, explains how spam works, fake pharmacies, but most of all, who buys this stuff on the Internet!
**– “When McKinsey comes to town – The hidden influence of the world’s most powerful consulting firm”. By Walt Bogdanich and Michael Forsythe. **
This book is an all-out attack on the consulting firm McKinsey. It asks whether the firm has values, whether it is ethical for a firm to advise a tobacco company and the country’s health agency at the same time!
The 278-page book tells the horrific stories of McKinsey clients who have defrauded, abused, manipulated and killed people to achieve their financial goals.
I ask myself, who’s to blame, the consulting firm or the companies that just follow the recommendations without thinking?
– “On vous tromper” written by the information security colleagues at Crypto.Québec.
I recommend reading this book to help discussions about online manipulation and disinformation. Since these topics are critical for the future of a healthy democracy, and to avoid sinking into thoughts not anchored in reality.
It’s a real problem, how to make up one’s mind, quickly and simply when the media doesn’t tell the whole truth, there are biases and, on top of that, governments aren’t a reliable source of information. It’s panic-inducing for the average person, and the tendency to slip into conspiracy theories is easy, simple and quick.
What I particularly like are the chapter endings, which cover the issues and possible solutions, as well as several references for further reading on a particular point.
– The betrayal – The true story of my brush with death in the world of narcos and launderers”.
It was at the ISC2 conference on information security that I met DEA undercover agent Robert Mazur.
His book contains the adventure of his second infiltration into the world of money laundering for Pablo Escobar’s Medellín cartel. Did you know that the government sees only 2% of all money laundered each year?
What touched me most in his presentation was his relationship with his children. He was absent for many years from their lives while he was undercover, and above all he had to protect them from his work. It was only 30 years later that his daughter, after reading his books, forgave him.
The book’s conclusion is called “Hope”, with 3 tips for public policy:
– “Establish zero tolerance for corruption at all levels.”– “Vigorously prosecute and imprison launderers and individuals in the banking, business, and financial service communities that facilitate crime.”– “Effectively fight the demand for illicit drugs by requiring government to fund and implement unfettered access to quality education and economic opportunity in underprivileged and underserved communities.”
But it was another sentence in his presentation that touched me the most: “as long as law enforcement underestimates the criminals, the criminals will win the battle.”
– “The President Has Disappeared” written by James Patterson and Bill Clinton.
It’s a thriller about a crisis in the United States caused by a computer virus.
The 593-page book is easy to read, with short chapters that make it possible to read a little every day. Not at all complex, the characters are easy to recognize and find.
From a technical point of view, we’re talking about a new kind of virus, which appears and disappears from a computer, and when it activates it overwrites all the files on the computer without any possibility of recovery, then when it’s finished, the virus disappears, destroying the computer.
I was drawn to this reading because it touches on my field, and I’m glad I read it if I take off my information security specialist glasses. Otherwise I keep getting hung up on technical details that don’t make sense to me.
I enjoyed the political aspects, the president’s decision-making and learning a little about how the American government works (the Senate, etc.).
**– “The cyber Attack – Survival Manual”. By Heather Vescent and Nick Selby. **
This is a book for beginners, to raise awareness and provide an overview of the field of information security.
The book is divided into 3 main sections:
“Hack your life” – about identity, money, privacy, children, the Internet of Things and surveillance.
Then “Hack Society” – For small business security, future money, manipulation, love in the modern age, trolls.
And finally “Hack the world” covering DarkWeb topics, whistleblowers and international security.
It’s an excellent book for understanding concepts, with lots of examples. What makes this book so special is that it’s very graphic and visual, with lots of color.
Very well-written, popularized without diminishing the information. I wish I could have written a book like this that was accessible to everyone. The angle is interesting, providing tips for 3 levels of people (beginner, intermediate and paranoid).
– The checklist manifesto” by Atul Gawande
This book talks about the usefulness and purpose of having checklists in our lives.
He explains how a list saves lives, and it starts with American aviation. Flying a plane used to be easy, one person could do it easily. But the USAF decided to buy a super-powerful plane at the time of the 2nd World War. Unfortunately, after the first test – the plane crashed.
We realize that flying this plane is too complex for just one person. The army was about to cancel its orders when we introduced a simple checklist… No more crashes!
A checklist can be “READ-DO” – you read the item and do it… or “DO-CONFIRM” where after doing the tasks you check that everything is done.
We learn that these checklists are not for all problems. Only the “complicated” ones.
The three types of problem: – Simple – have a recipe which, once mastered, brings a high probability of success.
– Complicated – can sometimes be broken down into a series of simple problems, but no direct recipe; usually requires teams of people and specialized expertise; may present coordination difficulties.
– Complex – each problem is unique in its own way, so that experience does not guarantee the success of the next problem; results remain highly uncertain. Such as having children.
Why are checklists important?
- They dramatically reduce the potential cost of human error.2) They force the mind to think about all the parties involved in completing a task.3) They create a ritual that eliminates thinking about routine tasks – so you can concentrate more on non-routine tasks.4) To create control mechanisms, you need to transform tacit knowledge into explicit knowledge that can be understood and applied by all team members. Lists therefore help people to communicate better and work better together.
Conclusion – excellent book, I thought it was crazy that they were talking about checklists for 200 pages, but at the end. I better understand the nuances and pitfalls to avoid. I’d definitely recommend it.
– “Surely your Joking, Mr. Feynman!”
This book is an autobiography of the scientist Richard P. Feynman 1918-1988. Published in 1985.
At the back of the book is his description, which in 3 short lines describes the scope of the character: “Was a professor at Cornell University and caltech and received the nobel prize for physics in 1965. In 1986 he served with distinction on the rogers commission investigating the space shuttle Challenger disaster.
This book starts with his story of his youth and his desire to understand how radios work, then moves on to his time at Los Alamos helping to build the atomic weapon, and talks about the consequences of his 1965 Nobel Prize in Physics for his work in quantum electrodynamics.
This book is easy to read and understand, I enjoyed reading it and discovering this character (3 marriages, a thirst for learning, experimenting and above all a great intelligence for popularizing his ideas).
This book is divided into 5 parts of his life, including a dozen stories
This larger-than-life character forces me to reflect on my life, my achievements and what I still have to learn in my own life. He was so intense, in his encounters, in his feelings, the efforts he makes in his life are inspirations.
– “The Unicorn project” by Gene Kim.
What an excellent story demonstrating the evolution of a company, a transformation towards the “Dev/Sec/Ops” model. These three teams need to work as a team, not against each other. For those unfamiliar with these approaches, this basically means automating and harmonizing resource communication, as well as sharing responsibility for the smooth running of information systems.
People in all industries have been talking about digital transformation for years without really knowing what it is or why, but this book explains as much about the means, objectives and techniques a company should be using today.
To illustrate the beauty of the book, it’s a fictional story based on five values:Locality and SimplicityFocus, flow and joyImprovement of daily workPsychological safetyCustomer focus
Really excellent book, like the first, an easy read, extremely well written, easy to understand for all!
– Countdown to Zero day” by Kim Zetter.
Investigative journalist Kim Zetter tells the story of the discovery and surprising origins of the Stuxnet virus, which attacked Iran’s uranium enrichment facilities, crippling their nuclear capabilities.
This virus would be the first cyberweapon. There is a world before Stuxnet and a world after, similar to the use of atomic weapons.
This virus is surprising in its power(well programmed), precision(to target a particular system) and delivery method(which consists of taking control of a system quickly and easily with Zero Day exploits).
This book covers the politics behind the operation, the security firms that decoded the virus, how Iran’s nuclear program was affected, how vulnerabilities are present in our systems and the place of the “gray” market in zero-days and viruses.
IT security attacks the real world and can kill real people.
Reading this book was very enjoyable and informative!
What are your reading suggestions for the coming year?