Announcing the 2018 Cybersecurity Canon Hall of Famers!

Share and earn Cybytes
Facebook Twitter LinkedIn Email

On May 3, Palo Alto Networks hosted the 5th Annual Cybersecurity Canon Hall of Fame Awards Dinner at the beautiful Washington Oriental Hotel in D.C. It was a great crowd, including students, book lovers, Palo Alto Networks employees and customers, members of the Cyber Threat Alliance, and partner organizations that share our passion for great cybersecurity books, like the Army Cyber Institute and Cybrary.

Rick Ledgett, the former Deputy Director of the National Security Agency keynoted the event and the inductee authors all showed up to receive their awards. It was a magical night – our work on the Canon gets bigger and more visible every year.

Without further ado, here are the four books and associated authors that we inducted into the Cybersecurity Canon Hall of Fame at the 2018 ceremony:


Metasploit: The Penetration Tester’s Guide

by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni   


Learning to think like a criminal is a requirement for all penetration testers. Fundamentally, penetration testing is about probing an organization’s systems for weakness. While the goal of Metasploit: The Penetration Tester’s Guide is to provide a useful tutorial for beginners, it also serves as a reference for practitioners. The authors write in the Preface that, “This book is designed to teach you the ins and outs of Metasploit and how to use the Framework to its fullest.” While the book is focused on using the Metasploit Framework, it begins by building a foundation for penetration testing and establishing a fundamental methodology.

Using the Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. While Metasploit has been used by security professionals for several years now, the tool can be hard to grasp for first-time users. This book fills the gap by teaching readers how to harness the Framework and interact with the active community of Metasploit contributors. While the Metasploit Framework is frequently updated with new features and exploits, the long-term value of this book is its emphasis on Metasploit fundamentals, which, when understood and practiced, allow the user to be comfortable with both the frequent updates of the tool and also the changing penetration testing landscape.

Brian Kelly’s Book Review


Site Reliability Engineering: How Google Runs Production Systems

by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy   


Site Reliability Engineering: How Google Runs Production Systems is the consummate DevOps how-to manual. Where one of last year’s Cybersecurity Canon Hall of Fame books, The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business, discusses the overarching DevOps concepts in a novel form, Site Reliability Engineering, written by Google engineers, provides all the practical knowledge necessary for how to build your own DevOps program. The only shortcoming is that the authors don’t consider security operations as part of their SRE team and only barely mention how SRE might improve security operations. That said, this is an important book and should be part of the Cybersecurity Canon. It shows the way that we all should be thinking about deploying and maintaining our IT and security systems.

Rick Howard’s Book Review


Worm: The First Digital World War

by Mark Bowden   


Worm: The First Digital World War is the story of how the cybersecurity community came together to do battle with what seemed at the time to be the largest and most significant cyber threat to date: the Conficker worm. It was the time of the Estonian and Georgian distributed denial of service (DDoS) attacks, and the Conficker botnet was growing to be the largest DDoS delivery system ever created. A white hat group of cyber übergeeks formed the Conficker Cabal to stop the worm because most of the world could not even understand it, let alone do something about it. Mark Bowden, who wrote Black Hawk Down: A Story of Modern War, among other books, accurately captures the essence of our cybersecurity community in times of crisis. He compares us all to cybersecurity superheroes, like the X-Men of Marvel Comics fame, because of what he sees as our superhuman ability to work with computers and our desire to help each other.

Seasoned security professionals will learn nothing new here in terms of technology and craft, but they will remember that time and how we were all very worried about 1 April 2009: the day that the world thought that Conficker would come to life. I think freshmen security practitioners will get a lot out of this book, however. Bowden does a great job of simply and clearly explaining many of the key technical pieces that make the Internet run. If you’re new to the community, this book makes a great introduction. It is canon-worthy material, and you should have read it by now. (But more importantly, how can you not like a book where the author favorably compares the cybersecurity community to the X-Men? As Stan Lee likes to say, “’Nuff said.”)

Rick Howard’s Book Review


Unmasking the Social Engineer: The Human Element of Security 

by Christopher Hadnagy


The winner of this season’s Cybersecurity Canon People’s Choice Awards was “Unmasking the Social Engineer: The Human Element of Security” by Christopher Hadnagy. After five rounds of voting and 33 books, Mr. Hadnagy’s work emerged as the popular winner. Ben Rothke, the Cybersecurity Canon Committee member who reviewed the book, said this: “For serious readers who want to understand everything they can about the topic of social engineering, Unmasking the Social Engineer should be one of references in the cybersecurity reading arsenal.”  Congratulations Christopher!

Ben Rothke’s Book Review


Congratulations to all the hall of fame inductees and thank you to everyone who made our Gala awards dinner a success. Head to the Cybersecurity Canon website for more on the Canon and an introduction to the 2019 Canon review season, which kicks off this month.

The post Announcing the 2018 Cybersecurity Canon Hall of Famers! appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?