When I'm not trying to make one of the products that I work with do something new, or spending time with my family, or playing Call of Duty on the XBox; you can often find me reading. My family thinks I read a lot. I do like to have two or three good books nearby so that I can pick them up at home or when I'm traveling. What I read tends to get split between science fiction and spy novels (Clancy and Crichton) and good technical books. Three technical books that I enjoyed recently are 'Crafting the Infosec Playbook' by Jeff Bollinger, Brandon Enright, and Matthew Vailtes; 'Network Security with NetFlow and IPFIX' by Omar Santos; and 'Security Operations Center' by Joseph Muniz, Gary McIntyre, and Nadhem AlFardan.
Let me start off by saying I've known Jeff Bollinger and Matt Vailtes for years. They were speakers at Cisco Live telling to customers about how to build people who could be just like themselves; rock stars of Infosec. Their book 'Crafting the Infosec Playbook' (ISBN 978-1-4919-4940-5) is a great read by anyone who wants to learn about the types of skills that a person needs to be successful in incident response and security investigations. Infosec managers should be buying copies of this book and handing it out to new hires. They taught me something critically important. The need for an incident response playbook (what you do to find an incident) versus an incident response handbook (what you do to handle an incident). That's what I found important about this book; in that it talks time and again about what a good infosec investigator should know and also how a good infosec organization should be structured and work.
My friend Omar Santos wrote 'Network Security with NetFlow and IPFIX' (ISBN: 1-58714-438-7) at an interesting time for me; when I was leaving Cisco to join the commercial network based anomaly detection and NetFlow product company, Lancope. I bought a copy as soon as I could and I was sort of disappointed in that Omar was very fair; he covers both commercial and open source products. He was fair to Lancope's product StealthWatch and also included a competitors product. Overall this is a good book that provides a good introduction and view into how statistics and analytics is becoming more and more important to security practitioners each day. Chapters 4 and 5 are very important in that they introduce and explain the differences between different products and approaches. My only wish is that when he does the next revision of the book he expands on the introduction to big data analytics for security. Chapters 3 and 4 on the history and development of NetFlow, IPFIX and Cisco's Flexible NetFlow are great as his chapter on NetFlow troubleshooting.
In the book 'Security Operations Center' () ISBN: 0-13-405201-3) by Joey Muniz (The Security Blogger), Gary McIntyre , and Nadhem AlFardan you have three people with rich diverse backgrounds coming together to explain how to build, operate and maintain a security operation center. This is a Cisco Press book that I wouldn't expect from Cisco Press. If 'Crafting the Infosec Playbook' was for staff working in infosec ; 'Security Operations Center' is the book a C-level executive is handing to a director or senior manager with the orders to 'build this' or use this to improve existing security operations. That's what I saw as an important part of this book; that it can be used to assess an existing security operations center and offer ways to make it better.
