Cybersecurity is a complex and boundless domain and as I joined AMATAS, I had to quickly get to the speed of my colleagues. But apart from a shallow understanding of security in the digital world, I lacked the general perspective — the concepts, the nature of the problems and challenges people and organisations face, the incentives that push them in a particular direction. I needed something to step on. Here is the list of what I have found useful.
Click here to kill everybody by Bruce Schneier (book)
Bruce is a renowned security technologist. His latest book, "Click here to kill everybody", is an entertaining and worthwhile read. For someone like me, looking for the broader picture, the book provides the general understanding of risks and security implications of all Internet-connected things. It is easy to read, with examples from our daily life used to support his arguments. Data and Goliath will most likely be the next book I will read.
Social engineering — the science of human hacking by Christopher Hadnagy (book)
As I immersed myself in cybersecurity, social engineering was the topic that was closest to me. People are usually the weakest security element, with flaws that can easily be exploted by bad actors. In this book, Christopher talks about social engineering techniques and methods, and supports them with stories from his personal experience as a social engineer. The book is fun to read, eventhough it could have been more concise.
Schneier on Security (blog)
In his blog, Bruce Schneier often shares his take on recent news and developments in the security domain — the risks of password managers and the way Apple's new "Find My" feature works in the context of privacy and security.
There are as well many of his essays.
Daniel Miessler (blog)
Daniel's website helped me better understand the cybersecurity terms and the idea behind them — red, blue and purple teams; events, alerts, incidents; vulnerability assessment and penetration testing. His blog posts focus on some of the most intriguing aspects of cybersecurity, the web in general, and other matters beyond that.
Dark Reading (news website and online community)
Dark Reading is a good source of news from the industry — recent developments, breaches, know-how shared by providers of cybersecurity solutions and other experts in the field.
Cyber by Motherboard (podcast)
Every episode of Motherboard's Cyber podcast takes on a story — the ASUS supply chain attack, the memories of a penetration tester, and more — and gives colour and substance to it. It is really enjoyable start of the day, on the way to work.