Whether it's ransomware or a
data breach, it feels like every day we read about a new cyberattack that
leaves our organizations - or us, as individuals - at risk for cybertheft. Understanding
the threat landscape is critical to prevent cyberattacks, and regardless of
your title within the organization, understanding more of that landscape
contributes to the well-being of the organization. October is National Cyber Security
Awareness Month, so I sat down with Rick Howard, CSO at Palo Alto Networks to
talk about the top five cybersecurity books that he recommends every CIO read
to learn more about the cyberthreat playing field.
VMblog: October is National Cyber Security
Awareness Month. Why is this month so important and what does it mean for
organizations?
Rick Howard: When it comes to cybersecurity, I'd say
knowledge is power, and in this case simply being cyber-aware of the threat
landscape and potential risks is key to driving prevention. National Cyber Security
Awareness Month is a reminder for organizations to evaluate their cybersecurity
posture and evaluate their current strategy. Are you approaching cybersecurity with
prevention in mind? How prepared are your employees are as cyber defenders? Is
your cybersecurity playbook is current? How are you measuring cybersecurity risk? With the
answers to these questions, organizations can then determine how to move
forward and implement strategies to prevent cyberattacks.
VMblog: What is one of the best ways for CIOs
to stay up-to-speed on the cybersecurity threat landscape?
Howard: It sounds very simple, but one of the best ways
to stay current on the cybersecurity threat landscape is to continue your
education, and part of that is reading. Whether it's through newspapers,
magazines, blogs or a book, oftentimes I find that network defenders, including
CIOs, are not finding the time - or setting aside the time - to continue their
education by reading. Trust me, as a
fellow practitioner and CSO, I understand time is valuable and at a minimum.
However, at its very core, cybersecurity awareness begins with reading and
understanding the playing field, and it is the easiest way for the CIO to
remain in-the-know about cyberthreats, new methodologies and industry shifts.
To make it even easier for
CIOs to make their reading time count, in 2013 Palo Alto Networks launched the Cybersecurity
Canon, and it really is the one
place that everyone from the C-suite and Board of Directors to the day-to-day
network defender and cybersecurity enthusiast can identify the best
cybersecurity books to read based on interest and knowledge base.
VMblog: You mentioned the Cybersecurity Canon -
could you share more on what it is?
Howard: In the spring of 2013, Palo Alto Networks began
to create a Rock and Roll Hall of Fame-type collection of cybersecurity books
that we call The Cybersecurity Canon Project. The goal of creating the
Cybersecurity Canon was to identify a list of must-read books for all
cybersecurity practitioners- whether they are from industry, government or
academia- where the content is timeless, genuinely represents an aspect of the
community that is true and precise, reflects the highest quality and, if not
read, will leave a hole in the cybersecurity professional's education.
VMblog: How are books selected to be included
in the Cybersecurity Canon?
Howard:
Similar to The Rock and Roll "Hall
of Fame" that evaluates music artists who have been nominated by committee, we
have a list of candidate books that are nominated by the network defender
community at large. This is not a book list per se. Books are nominated to
become part of the Cybersecurity Canon only if a network defender has written a
book review - which we publish as part of the Canon activity - that makes the
case that all network defenders should have read the nominated work by now.
Most reviews come from the Cybersecurity Canon Committee, but the committee considers
reviews from any network defender who has the passion to submit a review for
consideration for the Candidate List. The Candidate List is the collection of
book reviews on various topics in the cybersecurity domain that make the case
that a specific book is a must read for all security practitioners. Then, they become
nominees for the "Hall of Fame".
VMblog: Who decides what books go into the
"Hall of Fame?"
Howard: Each year, the Canon Committee selects a
handful of books for "Hall of Fame" consideration. As part of the process of
determining who is inducted, the committee opens up voting for the month of
October and welcomes anyone and everyone interested in cybersecurity to read
the reviews and submit their votes on who should be inducted into the "Hall of
Fame" that year.
VMblog: How can I vote for books to be included
in the Cybersecurity Canon?
Howard: If you would like to read any
reviews or vote for this year's inductees, you can visit: https://cybercanon.paloaltonetworks.com/
VMblog: Thanks for that information - sounds
interesting! Getting back to the CIO - we all know that CIOs are incredibly
busy and they may not always have time to read every book that comes their
way. When it comes to cybersecurity, if
you had to help them to prioritize, what are the books you recommend?
Howard: First, any book listed on the Cybersecurity
Canon is definitely worthy of being checked out by the CIO, but knowing their
time is limited, here are the top five books I'd recommend that they consider
reading:
VMblog: This list really helps the CIO focus
their reading list - thanks for sharing! I have to ask, does the Cybersecurity
Canon have books that are also good reading for the C-suite?
Howard: Yes - the Cybersecurity Canon is meant for
anyone who has an interest or stake in cybersecurity. Whether it is learning more details about a
specific attack method or simply wanting a novel to read while on vacation that
helps them to better understand the threat landscape, the Cybersecurity Canon
includes books for everyone from the cybersecurity expert to the novice.
For interested readers who
want to ease themselves into cybersecurity, I'd recommend the following "beach
reads":
##