On May 3, Palo Alto Networks hosted the 5th<\/sup> Annual Cybersecurity Canon Hall of Fame Awards Dinner at the beautiful Washington Oriental Hotel in D.C. It was a great crowd, including students, book lovers, Palo Alto Networks employees and customers, members of the Cyber Threat Alliance, and partner organizations that share our passion for great cybersecurity books, like the Army Cyber Institute and Cybrary.<\/p>\n Rick Ledgett, the former Deputy Director of the National Security Agency keynoted the event and the inductee authors all showed up to receive their awards. It was a magical night \u2013 our work on the Canon gets bigger and more visible every year.<\/p>\n Without further ado, here are the four books and associated authors that we inducted into the Cybersecurity Canon Hall of Fame at the 2018 ceremony:<\/p>\n <\/p>\n Metasploit: The Penetration Tester\u2019s Guide<\/span><\/p>\n by David Kennedy, Jim O\u2019Gorman, Devon Kearns, and Mati Aharoni\u00a0 \u00a0<\/em><\/p>\n Summary:<\/strong><\/p>\n Learning to think like a criminal is a requirement for all penetration testers. Fundamentally, penetration testing is about probing an organization\u2019s systems for weakness. While the goal of Metasploit: The Penetration Tester\u2019s Guide is to provide a useful tutorial for beginners, it also serves as a reference for practitioners.\u00a0The authors write in the Preface that, \u201cThis book is designed to teach you the ins and outs of Metasploit and how to use the Framework to its fullest.\u201d While the book is focused on using the Metasploit Framework, it begins by building a foundation for penetration testing and establishing a fundamental methodology.<\/p>\n Using the Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. While Metasploit has been used by security professionals for several years now, the tool can be hard to grasp for first-time users. This book fills the gap by teaching readers how to harness the Framework and interact with the active community of Metasploit contributors.\u00a0While the Metasploit Framework is frequently updated with new features and exploits, the long-term value of this book is its emphasis on Metasploit fundamentals, which, when understood and practiced, allow the user to be comfortable with both the frequent updates of the tool and also the changing penetration testing landscape.<\/p>\n Brian Kelly\u2019s Book Review<\/a><\/p>\n <\/p>\n Site Reliability Engineering: How Google Runs Production Systems<\/span><\/p>\n by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy\u00a0 \u00a0<\/em><\/p>\n Summary:<\/strong><\/p>\n Site Reliability Engineering: How Google Runs Production Systems is the consummate DevOps how-to manual. Where one of last year\u2019s Cybersecurity Canon Hall of Fame books, The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business, discusses the overarching DevOps concepts in a novel form, Site Reliability Engineering, written by Google engineers, provides all the practical knowledge necessary for how to build your own DevOps program. The only shortcoming is that the authors don\u2019t consider security operations as part of their SRE team and only barely mention how SRE might improve security operations. That said, this is an important book and should be part of the Cybersecurity Canon. It shows the way that we all should be thinking about deploying and maintaining our IT and security systems.<\/p>\n Rick Howard\u2019s Book Review<\/a><\/p>\n <\/p>\n Worm: The First Digital World War<\/span><\/p>\n by Mark Bowden \u00a0\u00a0<\/em><\/p>\n Summary:<\/strong><\/p>\n Worm: The First Digital World War is the story of how the cybersecurity community came together to do battle with what seemed at the time to be the largest and most significant cyber threat to date: the Conficker worm.\u00a0It was the time of the Estonian and Georgian distributed denial of service (DDoS) attacks, and the Conficker botnet was growing to be the largest DDoS delivery system ever created. A white hat group of cyber \u00fcbergeeks formed the Conficker Cabal to stop the worm because most of the world could not even understand it, let alone do something about it.\u00a0Mark Bowden, who wrote Black Hawk Down: A Story of Modern War, among other books, accurately captures the essence of our cybersecurity community in times of crisis. He compares us all to cybersecurity superheroes, like the X-Men of Marvel Comics fame, because of what he sees as our superhuman ability to work with computers and our desire to help each other.<\/p>\n Seasoned security professionals will learn nothing new here in terms of technology and craft, but they will remember that time and how we were all very worried about 1 April 2009: the day that the world thought that Conficker would come to life.\u00a0I think freshmen security practitioners will get a lot out of this book, however. Bowden does a great job of simply and clearly explaining many of the key technical pieces that make the Internet run. If you\u2019re new to the community, this book makes a great introduction. It is canon-worthy material, and you should have read it by now. (But more importantly, how can you not like a book where the author favorably compares the cybersecurity community to the X-Men? As Stan Lee likes to say, \u201c\u2019Nuff said.\u201d)<\/p>\n Rick Howard\u2019s\u00a0Book Review<\/a><\/p>\n <\/p>\n Unmasking the Social Engineer: The Human Element of Security\u00a0<\/span><\/p>\n by\u00a0Christopher Hadnagy<\/em><\/p>\n Summary:<\/strong><\/p>\n The winner of this season\u2019s Cybersecurity Canon People\u2019s Choice Awards was\u00a0\"Unmasking the Social Engineer: The Human Element of Security\" by\u00a0Christopher Hadnagy.\u00a0After five rounds of voting and 33 books, Mr. Hadnagy\u2019s work emerged as the\u00a0popular winner.\u00a0Ben\u00a0Rothke, the\u00a0Cybersecurity Canon Committee\u00a0member who\u00a0reviewed the book, said this:\u00a0\u201cFor serious readers who want to understand everything they can about the topic of social engineering, Unmasking the Social Engineer should be one of references in the cybersecurity reading arsenal.\u201d\u00a0 Congratulations Christopher!<\/p>\n