Virtualization Technology News and Information
VMblog Expert Interview: Palo Alto Networks Talks Cybersecurity Awareness and the Cybersecurity Books Every CIO Should Read

interview palo alto networks 

Whether it's ransomware or a data breach, it feels like every day we read about a new cyberattack that leaves our organizations - or us, as individuals - at risk for cybertheft. Understanding the threat landscape is critical to prevent cyberattacks, and regardless of your title within the organization, understanding more of that landscape contributes to the well-being of the organization. October is National Cyber Security Awareness Month, so I sat down with Rick Howard, CSO at Palo Alto Networks to talk about the top five cybersecurity books that he recommends every CIO read to learn more about the cyberthreat playing field.

VMblog:  October is National Cyber Security Awareness Month.  Why is this month so important and what does it mean for organizations?

Rick Howard:  When it comes to cybersecurity, I'd say knowledge is power, and in this case simply being cyber-aware of the threat landscape and potential risks is key to driving prevention. National Cyber Security Awareness Month is a reminder for organizations to evaluate their cybersecurity posture and evaluate their current strategy. Are you approaching cybersecurity with prevention in mind? How prepared are your employees are as cyber defenders? Is your cybersecurity playbook is current? How  are you measuring cybersecurity risk? With the answers to these questions, organizations can then determine how to move forward and implement strategies to prevent cyberattacks.

VMblog:  What is one of the best ways for CIOs to stay up-to-speed on the cybersecurity threat landscape?

Howard:  It sounds very simple, but one of the best ways to stay current on the cybersecurity threat landscape is to continue your education, and part of that is reading. Whether it's through newspapers, magazines, blogs or a book, oftentimes I find that network defenders, including CIOs, are not finding the time - or setting aside the time - to continue their education by reading.  Trust me, as a fellow practitioner and CSO, I understand time is valuable and at a minimum. However, at its very core, cybersecurity awareness begins with reading and understanding the playing field, and it is the easiest way for the CIO to remain in-the-know about cyberthreats, new methodologies and industry shifts.     

To make it even easier for CIOs to make their reading time count, in 2013 Palo Alto Networks launched the Cybersecurity Canon, and it really is the one place that everyone from the C-suite and Board of Directors to the day-to-day network defender and cybersecurity enthusiast can identify the best cybersecurity books to read based on interest and knowledge base. 

VMblog:  You mentioned the Cybersecurity Canon - could you share more on what it is?

Howard:  In the spring of 2013, Palo Alto Networks began to create a Rock and Roll Hall of Fame-type collection of cybersecurity books that we call The Cybersecurity Canon Project. The goal of creating the Cybersecurity Canon was to identify a list of must-read books for all cybersecurity practitioners- whether they are from industry, government or academia- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional's education.

VMblog:  How are books selected to be included in the Cybersecurity Canon?

Howard:  Similar to The Rock and Roll "Hall of Fame" that evaluates music artists who have been nominated by committee, we have a list of candidate books that are nominated by the network defender community at large. This is not a book list per se. Books are nominated to become part of the Cybersecurity Canon only if a network defender has written a book review - which we publish as part of the Canon activity - that makes the case that all network defenders should have read the nominated work by now. Most reviews come from the Cybersecurity Canon Committee, but the committee considers reviews from any network defender who has the passion to submit a review for consideration for the Candidate List. The Candidate List is the collection of book reviews on various topics in the cybersecurity domain that make the case that a specific book is a must read for all security practitioners. Then, they become nominees for the "Hall of Fame".

VMblog:  Who decides what books go into the "Hall of Fame?"

Howard:  Each year, the Canon Committee selects a handful of books for "Hall of Fame" consideration. As part of the process of determining who is inducted, the committee opens up voting for the month of October and welcomes anyone and everyone interested in cybersecurity to read the reviews and submit their votes on who should be inducted into the "Hall of Fame" that year.

VMblog:  How can I vote for books to be included in the Cybersecurity Canon?

Howard:  If you would like to read any reviews or vote for this year's inductees, you can visit:

VMblog:  Thanks for that information - sounds interesting!  Getting back to the CIO - we all know that CIOs are incredibly busy and they may not always have time to read every book that comes their way.  When it comes to cybersecurity, if you had to help them to prioritize, what are the books you recommend?

Howard:  First, any book listed on the Cybersecurity Canon is definitely worthy of being checked out by the CIO, but knowing their time is limited, here are the top five books I'd recommend that they consider reading:

VMblog:  This list really helps the CIO focus their reading list - thanks for sharing!  I have to ask, does the Cybersecurity Canon have books that are also good reading for the C-suite?

Howard:  Yes - the Cybersecurity Canon is meant for anyone who has an interest or stake in cybersecurity.  Whether it is learning more details about a specific attack method or simply wanting a novel to read while on vacation that helps them to better understand the threat landscape, the Cybersecurity Canon includes books for everyone from the cybersecurity expert to the novice.

For interested readers who want to ease themselves into cybersecurity, I'd recommend the following "beach reads":


Published Monday, October 09, 2017 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2017>