Cybersecurity Canon 2016: Get Cracking On Your Reviews

I have been negligent. The last time that I published an update to the Cybersecurity Canon Project was when we announced the 2015 inductees at Ignite back in April. Since then, we have been busy, and I am happy to announce that we are kicking off the 2016 Cybersecurity Canon inductee season in style by announcing this year’s slate of committee members. They are:

• Christina Ayiotis: Co-Chair, Georgetown Cybersecurity Law Institute
• Robert Clark: Cyber Law Professor at the United States Military Academy
• Rick Howard: Palo Alto Networks CSO
• Brian Kelly: Quinnipiac University CISO
• Dawn-Marie Hutchinson: Comm Solutions Company CISO
• Hannah Kuchler: Journalist, Financial Times
• Neena Lakhani: Marketing Manager at Data Integration
• Jon Oltsik: Sr. Principal Analyst, Enterprise Strategy Group
• Dan Ragsdale: Program Chair, Cyber Center of Excellence, Texas A&M
• Ben Rothke: Senior eGRC Consultant at Nettitude Group
• Steve Winterfeld: Nordstrom Bank ISO

For the newbies in the crowd, a canon is a list of collected works that the applicable community has accepted as genuine. The Cybersecurity Canon project is an effort to identify all of the cybersecurity books that we, as a community of professionals, should have read by now.

We set up the project similarly to the Baseball Hall of Fame. Like the Baseball Writers' Association of America, the cybersecurity community — that’s us — suggests titles that should be considered as candidates for induction into the Canon. They do that by writing a review of their book and making the case on why the book should be accepted as a candidate. Anybody can write a book review for his or her favorite books.

The Cybersecurity Canon Committee considers each review on merit and decides whether or not the reviewer made a strong enough case to include the book on the candidate list. If so, we add the book and the book review to the Canon page (click on the book covers to read the review).

Today, we have roughly 25 books on the candidate list, including both fiction and non-fiction. Candidate books in the non-fiction category range in topics from crime to espionage, hacktivism, warfare and technical. Candidates in the fiction category qualify if the story the author is telling contains cybersecurity elements that are true or possible. The Committee estimates that there should be at least 125 books on the candidate list at any given time. That is where you come in.

If you have a favorite book that you think everybody in our community should have read by now in order to be a complete cybersecurity professional, get cracking on that book review. This web page describes the criteria for what the committee is looking for in a book review.

Sometime at the beginning of calendar year 2016, we will open the candidate list for community voting. In other words, you get to vote on which books we induct into the Canon for 2016. So far, we have inducted these five books:

• “We Are Anonymous” by Parmy Olson
• “The Cuckoo’s Egg” by Clifford Stoll
• “Countdown to Zero Day” by Kim Zetter
• “Spam Nation” by Brian Krebs
• “Winning as a CISO” by Rich Baich

Most of the authors came to Las Vegas to receive their award during a ceremony on the main stage at Ignite, the annual Palo Alto Networks customer conference. They then participated in a breakout session where committee members interviewed each on stage. It was fantastic!

The 2016 inductee season is officially underway. Please help us grow the Cybersecurity Canon project by reviewing the candidate list, sending me suggestions for other titles that should be there, and, most importantly, writing your own reviews for the books that should be on the candidate list. In the meantime, I will keep you updated throughout the year as we add more titles and get closer to opening up the voting process for 2016 selection.