CSO Perspectives (Pro) 1.24.22
Ep 66 | 1.24.22

Pt 1 – Students of the game: What are your go-to information sources for 2022?

Transcript

Rick Howard: Hey, everybody. Welcome back. This is the kickoff for Season 8. And I'm so glad that it's finally here and we can finally put 2021 in the rearview mirror. We've got some great issues we're going to tackle this season. And as usual, we'll be checking in with our subject matter experts at the CyberWire's Hash Table to get their thoughts and experiences.

Rick Howard: On today's show, we're going to be talking about information sources. In other words, where do I go to get up to speed on what's going on in the cybersecurity world? Let's get started. 

Rick Howard: My name is Rick Howard. And I'm broadcasting from the CyberWire's secret Sanctum Sanctorum Studios, located underwater, somewhere along the Patapsco River near Baltimore Harbor - located in the state of Maryland, in the good old US of A. And you're listening to "CSO Perspectives," my podcast about the ideas, strategies and technologies that senior security executives wrestle with on a daily basis. 

Rick Howard: When I was a young lad growing up in the Los Angeles suburbs late 1960s, I wasn't much of a football fan, professional or otherwise. Games were too long and boring to my 10-year-old mind. And come to think of it, they still are for me. But I stumbled upon this odd, little sports highlight show called "This Week in Pro Football," produced by the now-famous Sabol family of NFL films. They broadcast it on the one UHF channel we got, Channel 33. 

Rick Howard: Now for you youngsters out there - back in the day, we didn't have any internet. And we only had three nationwide TV channels - ABC, CBS and NBC. Cable was at least a decade away. 

(SOUNDBITE OF ARCHIVED RECORDING) 

Unidentified Person #1: Oh, the humanity. 

Rick Howard: I know. How did we ever fill the time? It was a burden. But local broadcasters used ultra-high frequency channels for area programming. Where I lived, UHF gave me access to my first anime experiences, like "Speed Racer" and "Kimba the White Lion," and introduced me to the horror genre with crazy shows like Seymour's "Fright Night," broadcast from TV station KTLA out of Los Angeles. 

Rick Howard: The NFL highlights show took all the boring stuff out, added a voice track that explained what was going on, and overlaid a music track that was a mix of 1960s jazz and classical music. You're listening to one of the themes they used in the show right now, a song called "The Raiders Theme." 

Rick Howard: This stuff was inspiring. Because of the way they told the stories, NFL films took rough and tough football players - perhaps not the most articulate people on the planet - and turned them into mythic gods, at least for me. It personally took me from not interested in the game to a student of the game. And I think that's when I started to realize that being able to tell a compelling story is a useful skill. 

Rick Howard: Over my career, I tried to hone that skill. And I began to appreciate those other people trying to convey information who were especially good at it. After all, we're all students of the cybersecurity game, too, but with no time to waste. We seek to find sources of information we can quickly and efficiently consume that will provide insight into how we should do our jobs. 

Rick Howard: In 2022, we have an embarrassment of riches for this kind of thing right at our fingertips. I can roll out of bed, fire up the Google machine and instantly find intelligence on the latest APT29 attacks, useful explanations about the progress and availability of the sassy architecture for startups and the latest outages from my cloud provider. 

Rick Howard: All of that is key information. But there is also a need for longer form thinking, too. It's good to get a summary of the headlines. But to really learn something, it's also good to dive deep, sometimes, into important topics. And I'm not just talking about cybersecurity topics, either. If all you're doing is drinking from the same infosec well over and over again, you don't provide yourself the opportunity to expand your horizons a bit - you know, shock your system, so to speak, with invigorating and new ideas that might cross-pollinate your cybersecurity thinking. It's OK if everything you consume is not about cybersecurity. 

Rick Howard: Over the years, I've tried various form factors to get my summary information and my long-form, big ideas - conferences, one-on-one calls, intelligence briefings from my own staff, YouTube videos, podcasts and books. I still do all of these things. But my two preferred form factors are podcasts and books. 

Rick Howard: I've been a podcast guy since before we had a name for them, mostly because I hate commercials. For at least the last 20 years, I've had to commute to work anywhere from 30 to 45 minutes each way. And I don't know about you, but I don't enjoy being alone with my thoughts. I have to be entertained. 

Rick Howard: Before podcasts, all I had to keep me from falling asleep at the wheel was drive-time radio, with 20 minutes' worth of commercials for every hour. And in the Washington, D.C., area where I live, the choices are limited - talk radio, soft rock and local headline news that repeats every 20 minutes. 

(SOUNDBITE OF ARCHIVED RECORDING) 

Unidentified Person #2: Oh, no. 

(LAUGHTER) 

Rick Howard: When I found podcasts and, later, audiobooks in the early 2000s, I began to relish my commute time, not hate it. I actually enjoyed the ride. Back then, they didn't have commercials. Today, though, as podcast producing has become more mature and slick, commercials are everywhere. But since it's all digital, it's so easy to fast-forward through all of that noise that it's if they weren't really there. (Hushing) Don't tell my sponsors. They would really hate me saying that. 

Rick Howard: My listening habit eventually followed me everywhere, not just my commute. If I'm walking the dogs or doing the laundry or washing the dishes, I'm catching up on a podcast or listening to a book. 

Rick Howard: I know. My loathing of commercials sounds hypocritical since I work for a podcast company that sells them. But, hey, if you hate them as much as I do, then subscribing to the CyberWire Pro side cuts all of that out of your feed. And that's a good deal. I don't mind that companies have to sell advertising to make money. I mind the method. So for me, subscription services are the way to go. You might be able to tolerate commercials. And that's OK, too. 

Rick Howard: In the podcast universe, there's content for anything that might be interesting to you. There are literally hundreds of security podcasts. The CyberWire has 10 ad-supported podcasts and four subscription podcasts by ourselves on a wide range of topics - news, law, social engineering, thought leadership, security awareness, executive strategy, careers and jargon. But there are thousands of other kinds of podcasts, too, not cybersecurity related. 

Rick Howard: If the podcast you're listening to is boring, turn it off. Not mine, of course. Always play my podcast first because, you know, I have mouths to feed. But for those other podcast professionals, you can turn them off as soon as they stop being interesting. 

Rick Howard: Going into 2022, I have a bunch of things I'm looking for in a podcast - cybersecurity and infosec, of course; security and general news - you know, headlines; news and science analysis - some deep dives there; storytelling because we're all storytellers - listening to people who do it well is what I call essential training; tech like, what's on the horizon; pop culture because I'm a geek; history because I like understanding how we got into our current situation; books - you know, anything smart people say about recommending books that they are reading and why, I love that; and interviews, listening to what smart people have to say about anything. 

Rick Howard: But that's just scraping the surface of what's out there. If you think the science and technique of milking snakes is the coolest thing in the universe, I guarantee you there's a podcast for it. If you have a fascination with lizard Illuminati conspiracy, there are probably five. For me, I group all of my favorite podcasts into two general buckets. The first bucket is filled with shows that I'm going to listen to regardless of the subject because they're always good and I can't wait to hear what's next. So here are some of the shows that fit into that category for me last year. 

(SOUNDBITE OF MONTAGE) 

Unidentified Person #3: It's "Common Sense" with Dan Carlin. 

Rick Howard: My name is Rick Howard. And you are listening to "CSO Perspectives," my podcast about the ideas... 

Brooke Gladstone: From WNYC in New York, this is "On the Media." Has it really been a year? 

Rick Howard: The word is Log4j vulnerability. "Word Notes" is written by Nyla Gennaoui... 

Jad Abumrad: Wait. Wait. You're listening (laughter)... 

Julia Longoria: OK? 

Jad Abumrad: All right. 

Julia Longoria: OK? 

Jad Abumrad: All right. 

Julia Longoria: You're listening... 

Jad Abumrad: Listening... 

Julia Longoria: ...To "Radiolab." 

Unidentified Person #4: "Radiolab." 

Julia Longoria: From... 

Jad Abumrad: WNYC. 

Malcolm Gladwell: My name is Malcolm Gladwell. You're listening to the final episode of Season 6 of "Revisionist History," my podcast about things... 

Patrick Gray: Hey, everyone. And welcome back to "Risky Business" for another year. This is, of course... 

Dave Bittner: From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, January 10, 2022. 

Rick Howard: The second bucket is filled with shows that are always high quality, but I'm only going to listen to them if I'm interested in the topic or the guest. After all, there's a finite set of hours in the day. Even I can't listen to all of that content. 

Rick Howard: Currently, I have about 14 shows that fit into that bucket. And there'll be a link in the show notes so you can get the entire list. But I think my Top 3 are "The Lawfare Podcast," by the Lawfare Institute - this is a deep-dive analysis show on complicated subjects viewed through a legal lens; "The Daily," from The New York Times - more deep-dive analysis, and I got to say, their coverage of COVID this past year has been outstanding; and finally, "The Great Books" podcast, by the National Review. These are really smart people talking about some very important books. 

Rick Howard: Now, I know that podcasts are not everybody's bag. I get it. Auditory content is not their thing. They have to read it themselves. Or they don't like it. Or they can't be bothered with making the technology work every time they go for a walk. My wife is like that. Or as my editor, John Petrik, points out, they can read faster than they can listen. So I totally understand. I'm just saying that there's a rich mine of good content out there. You should at least check it out. 

Rick Howard: Now, to get over the technology hurdles, there are many ways to listen, from right off the show's website to Spotify to dedicated phone apps designed specifically for podcast nerds. That's my preferred way. I use an app called Pocket Casts. But there are many different apps to choose from. So I recommend just taking an hour and trying a couple and see if this podcast thing can be useful for you in the future. 

Rick Howard: You know what the best thing about books is? They don't have commercials. OK. OK. Maybe that's not the best thing, but it is the least annoying part for sure. I remember exactly the day when I realized the value of books in my personal life. I was a lieutenant colonel in the U.S. Army, and the powers that be were about to roll out a PKI program, public key infrastructure, across the entire service. And back then, I was in charge of the big army network at the time, somewhere around 1999. And I realized that I didn't understand how PKI worked. I knew my bosses were going to ask me about it, so I needed to get up to speed quickly. 

Rick Howard: The internet wasn't a rich treasure trove of information back then compared to how it is today, so I was kind of at a loss. I looked up from my desk and noticed the bookshelf where I had proudly displayed my grad school books - you know, the optional ones that you didn't actually get around to reading but that were so important to have. I found this title, "Mathematical Cryptology for Computer Scientists and Mathematicians" by Wayne Patterson, and my world opened up. This little container of ideas covered the entire thing. It gave me enough knowledge to be dangerous, for sure. But I could explain, at least in part, how PKI worked and why we were going to expend resources trying to install it. 

Rick Howard: Ever since, my first move on trying to learn anything new, cybersecurity or otherwise, is to find a book about it. What I've learned is that usually, if you read one book, you're the smartest person in the room on that subject because most people don't read books that much anymore. Oh, they might read the technical paper associated with the topic, but that's not quite the same thing. Read two books, and you're an expert in the field. 

Rick Howard: And that doesn't just apply to boring textbooks that you don't want to read from grad school. Novels count. If you can find some historical fiction or near-term science fiction that tells a compelling story, you might learn a little something along the way. Michael Crichton, probably most famous for writing "Jurassic Park," may have invented the genre, but since his death, other authors have joined the fray. Neal Stephenson, Peter Singer and Daniel Suarez are some of my favorites. 

Rick Howard: Here's the thing about a book. The author probably spent a year or two writing it, and the authors who don't write books for a living, they most likely based the content on their entire lifespan of experience. So for the price of a family meal at McDonald's and roughly 20 hours of study, anybody can learn the highlights of what it took an expert a lifetime to acquire. As Socrates said, quote, "employ your time in improving yourself by other men's writings so that you shall gain easily what others have labored hard for," end quote. And as President Harry Truman said, quote, "not all readers are leaders, but all leaders are readers," end quote. 

Rick Howard: I found this to be a truism in every job I've had. Look back on your career and the leaders you respected. I guarantee you that they were big readers, and they didn't just read about topics in their field, either. Steve Jobs read Shakespeare, poetry and books about yoga and health. Bill Gates thinks reading is so important that he takes a week or two every year to visit his cabin by himself to catch up. And as my favorite "Game of Thrones" character Tyrion Lannister says... 

(SOUNDBITE OF TV SHOW, "GAME OF THRONES") 

Peter Dinklage: (As Tyrion Lannister) Well, my brother has a sword, and I have my mind. And a mind needs books like a sword needs a whetstone. That's why I read so much, Jon Snow. 

Rick Howard: Now, I realize that most of this sounds like more work that you have to do, something you get through, a mandatory task. Let me tell you it doesn't have to be that way. If you're reading a book and it feels like a slog, close it. Find a different book. I know you feel guilty because you spent money on a book and you didn't read it. I give you permission to forgive yourself. Even if everybody says the book is great, it may not be for you. And if you can't bear to part with money for a book you didn't read, well, that's what libraries are for. 

Rick Howard: Besides, there are lots of crap books out there. Don't push yourself to read that bad one, and there are resources out there that help you find the good ones. I use Goodreads to keep track of the books I'm interested in. It's like Facebook for book nerds. And I've been involved in the Cybersecurity Canon project since its inception some seven years ago. That's a volunteer effort to find the cybersecurity books that everybody should read. 

Rick Howard: Reading bad books just reinforces the wrong notion that reading is work and not fun and makes you not want to do it, especially on the weekend when you would rather watch the latest episode of "Hawkeye" on the Disney Channel. I hear you. First, I'm watching the latest episode of "Hawkeye" regardless. But once it's done, if I get the strong feeling that the book I'm reading isn't interesting or good, I'll close it. Life is too short to waste time on bad books, and there are so many good ones out there and so many ways to consume them. 

Rick Howard: You can still read a physical paper-and-ink book. It's a little old-fashioned, but hey; if that's what you like, go for it. My wife is like that. She needs the tactile experience of feeling the paper between her fingers. Or you can read digital books or e-books in various formats. I prefer the Amazon Kindle format because I like the convenience of it, but there are others out there. 

Rick Howard: You don't need the Amazon hardware device for this, either. The Kindle Reader app is free and will run on practically any platform. I've installed it on both my laptop and my phone. I use the laptop version when I'm studying a book. I use the phone version to kill time when I'm stuck in a line somewhere. 

Rick Howard: What's especially nice is that the Kindle Reader allows me to highlight passages and easily lift quotes from the book to use in my own writing, and the search feature is a huge time-saver. What was that thing that Tyrion said in "Game of Thrones" about reading? That search capability makes it easy to find those types of things. 

Rick Howard: But I think the most interesting way to read a book is to listen to it. I use the Audible service, again, because it's convenient. But like podcasts, listening to a book while doing mindless chores around the house is a good way to plow through a lot of material quickly. And the production quality has gotten so good, too. 

Rick Howard: I listened to the entire "Harry Potter" series last summer - seven books and over 4,000 written pages. The narrator, an actor by the name of Jim Dale, did the voices for all seven. He did women, men, children, adults and various forms of the big three - Harry, Hermione and Ron - from when they were young children to when they became old geezers. It was truly a virtuoso performance. For me, it was like listening to a better version of the movie. 

Rick Howard: But there is joy in whatever format suits you. As Neil Gaiman said, quote, "a book is a dream that you hold in your hand," end quote. If your book dreams aren't causing you joy, find another dream. Or as J.K. Rowling says, quote, "if you don't like to read, you haven't found the right book," end quote. 

Rick Howard: Let me make one last point about why reading books should be something that we all do as a matter of course, as a form of adulting in the real world. Here it is. It makes your world a bigger, richer environment. In other words, it gets you out of your own bubble. As Confucius says, quote, "no matter how busy you may think you are, you must find time for reading or surrender yourself to self-chosen ignorance," end quote. That's the nicer way to say that. Mark Twain was more blunt. Quote, "if you don't read, you're not any better than people who can't read," end quote. Ouch. That hurts a little bit. 

Rick Howard: With all of that said, I read or listened to a bunch of books in 2021. I enjoyed most of them, but there are only a handful that I would recommend to friends and peers. For cybersecurity books, I would recommend four. The first one is "Code Girls," a Cybersecurity Canon Hall of Fame winner written by Liza Mundy about the World War II codebreaking efforts done by the United States, with the bulk of the operational work done by American women. Here's Ms. Mundy in an interview I did with her last year. 

Liza Mundy: Once I learned about the story of 10,000 women being recruited to come to Washington during World War II, many of them former schoolteachers and/or college seniors, I couldn't resist telling the story. I couldn't believe that the story hadn't already been told in the many books that existed on World War II codebreaking. 

Rick Howard: The second cybersecurity book that I'd really liked this year was "Crypto" by Steven Levy about the history of modern-day cryptology, especially public-key encryption, and the fight to keep backdoors away from governments. This is another Cybersecurity Canon Hall of Fame winner from 2017, and this was my second reading of it. Here's Mr. Levy talking about how he came to write the book. 

Steven Levy: So I got an assignment in the early 1990s to write about this group of people called cypherpunks. And they were very much in the spirit of hackers, which is a subject I wrote a lot about over the years. And it was an assignment from a brand-new magazine called WIRED, which hadn't appeared yet. And I thought, you know, this sounds like an interesting magazine, but I'm not quite sure they're going to make it. 

Unidentified Person #5: (Laughter) That's great. 

Steven Levy: But I did it anyway. And I found not only the people fascinating, but the subject itself was fascinating. And it really introduced me to something that I had been somewhat aware of but not to any serious extent, which was the revolution that took place in cryptography over the past 20 years and certainly of the political situation that had enveloped this subject matter. So it turned out to be an amazing continuing story. So all throughout the '90s, I would be writing about it for this new magazine, WIRED, which turned out to be a viable proposition there - writing about crypto and eventually doing a book about it. 

Rick Howard: My third favorite cybersecurity book from 2021 is "LikeWar" by Peter Singer and Brooking Emerson (ph), another Cybersecurity Canon Hall of Fame winner about the current state of influence operations and what we can do about it. Here's Mr. Emerson describing why they wrote the book from an interview I did with him last year. 

Emerson Brooking: Because we saw something coming down the pipeline. We had our first conversation about what would become "LikeWar" in the summer of 2013, back when everyone in D.C. was talking about a terrorist group called al-Shabab out of Kenya. And they were particularly famous for using Twitter and using it very effectively. But even then, we saw that it wasn't just going to be Shabab. It wasn't just going to be limited to Africa. There are going to be other terrorist groups that are going to use this tool and that, maybe over time, there would be more national militaries to be using this as an instrument of warfare as well. 

Emerson Brooking: But when we had these initial framing conversations, I don't think we even anticipated that it would be the Russians, it would be these clandestine information campaigns targeting the United States, that there would be a rise of, you know, white extremism and white nationalism also fomented by social media and that soon it would consume our politics to the extent that it has. 

Rick Howard: The last cybersecurity book I want to recommend from 2021 is "This is How They Tell Me the World Ends" by Nicole Perlroth, about the short history and evolution of the exploitation market. This was a Cybersecurity Canon Hall of Fame candidate book from last year, and when she published it, I kind of put it into the niche category. It was really good, but maybe everybody not interested in the topic needs to read it. 

Rick Howard: And then all the news started to emerge late last year about the NSO Group building commercial spying tools, like Pegasus, and selling them to anybody willing to buy, like nefarious governments. And all of a sudden, Perlroth's book becomes more relevant. Here's Ms. Perlroth talking about a major milestone in the history of the exploitation market. 

Nicole Perlroth: Some of the major milestones there were - you know, not directly, but Stuxnet - just in that it opened up the world's eyes to the potential for code not just for espionage but for destruction. And, you know, we've never seen a Stuxnet come back and hit us. You know, we did see Stuxnet show up on our computers. But it was really - it was so carefully crafted, clearly with lawyers standing behind these coders' shoulders, saying, make sure this only executes on this exact configuration of centrifuges at a time and nothing else. 

Nicole Perlroth: You know, but that zipped around the world. It hit Chevron. It hit all of these companies throughout Asia. And then what it did was allowed everyone to dissect this code and see, whoa, this is what a digital weapon of destruction looks like. 

Nicole Perlroth: And a lot of governments over the last decade since Stuxnet was discovered - you know, most governments now, with the exception of maybe Antarctica - someone added the Vatican to my list recently - you know, are investing in these capabilities, most of them for surveillance and espionage but some for destruction. You know, that's why you see companies like REvil pop up that sell zero-day exploits in ICS technology to governments. Clearly, there is a business there. Otherwise, they would go bankrupt. 

Rick Howard: For other books I read in 2021 not related to cybersecurity, I have a few favorites. The first one is "Sapiens" by Yuval Noah Harari. This is my second reading of it, and it still blows my mind. I'm still thinking about it months later. It's about many things. But his ideas about the myths we tell ourselves are eye-opening - humanism, capitalism, religion, the U.S. Constitution. His point about historical empires failing when they stop believing in their own myths seems apropos for our current world situation today. 

Rick Howard: "The Innovators" by Walter Isaacson about the history of digitization and the life stories of the people who made it happen. You all know that I love me some historical timelines. And Mr. Isaacson goes all the way back to Blaise Pascal in the 1640s, the French mathematician who created the first ever mechanical calculator, and works his way forward through to the 1800s with Charles Babbage's difference and analytical engines and Ada Countess of Lovelace's first ever programming efforts and all the way up through modern times with the invention of the first computers, the transistor and the internet - fascinating. 

Rick Howard: "A Man Called Intrepid" by William Stephenson about counterespionage and influence operations prior to World War II and all through it. This is an unbelievable but real-life tale about a non-governmental - meaning privately funded - spy organization called the British Security Coordination, or BSC, and the man that ran it, Sir William S. Stephenson, codename Intrepid. 

Rick Howard: "The Bomber Mafia" by Malcolm Gladwell about a small handful of army pilots aghast at the carnage wrought during World War I sought to create a more moral way to conduct war, a precise way to drop bombs. The audio book version is fantastic, and Gladwell's description of Air Force General LeMay, who - you may or may not agree with his political views, but you must agree that he was certainly a man among men and an amazing combat leader with few peers. 

Rick Howard: "Forget the Alamo" by Bryan Burrough, Chris Tomlinson and Jason Stanford about the historically inaccurate and egregious myths that Texans tell each other about the formation of their state. 

Rick Howard: And the last nonfiction book I really liked in 2021 is "High Conflict" by Amanda Ripley about strategies to bring polarized groups together. 

Rick Howard: For fiction, I liked "The Hunger" by Alma Katsu. What a great idea. Take the infamous, ill-fated Donner Party, add a bit of creative fiction about a disease that creates zombie-like creatures as the cause for cannibalism and see where it goes - fantastic. 

Rick Howard: "Horrorstor" by Grady Hendrix, a haunted house story set in an IKEA. How great is that? 

Rick Howard: And "Salem's Lot" by Stephen King - my fourth or fifth time through this book and still the best vampire story ever. 

Rick Howard: "The Lord of the Rings" by J.R.R. Tolkien - my first reread of it since high school and still a better version of the story than the movies but not by much. 

Rick Howard: And "Hail Mary" by Andy Weir, the author of "The Martian" and is another "MacGyver"-like space engineering story about a spider-like alien and a human trying to save two worlds from destruction. 

Rick Howard: "Neuromancer" by William Gibson, my second reading of the classic that gave us cyberpunk, the origination of the word cyberspace, the singularity in artificial intelligence, the idea that hacktivism can be a thing and the prediction that a Google-like search capability would be the norm years before it would actually happen. 

Rick Howard: And "Termination Shock" by one of my favorite authors, Neal Stephenson, about the science of geoengineering. 

Rick Howard: "Master And Commander" by Patrick O'Brian, a historical fiction set in the British Navy around 1800, happening in and around the war of the second coalition, England's war against the French. 

Rick Howard: And finally, another historical fiction called "The Apollo Murders," written by Chris Hadfield. President Nixon cancelled the real-life Apollo 18 mission. Hadfield, a real-life Canadian astronaut, creates a story about an Apollo 18 military mission to go to the moon but to also recon and disable a Russian military satellite. 

Rick Howard: One last thing. I've noticed a trend in the publishing industry that I think will change forever the meaning of what a book is. For the time being, we still have physical paper and ink books. We got digital versions in 2007, when Amazon released the first Kindle reader. 

Rick Howard: But the history of audiobooks started way earlier. In 1932, the American Foundation for the Blind created the first audiobook. By the 1960s, we were listening to books captured on cassette tapes. Remember those? And by the 1980s, we had moved on to compact discs or CDs. But in 1995, Audible made it possible to download books onto your desktop to listen to. And in 2008, Amazon bought Audible, combining their physical book sales with this new digital format. Now, in parallel, the first podcast emerged in 2004 when MTV VJ Adam Curry - yes, that Adam Curry... 

(SOUNDBITE OF ARCHIVED RECORDING) 

Adam Curry: Hi, Adam Curry, back with you on MTV. Well, here's the story. They've been called rowdy, raunchy, gut-level rockers and the next band that everybody tries to copy... 

Rick Howard: ...Wrote some software called iPodder that extracted audio files from RSS feeds and inserted them into our music players called iPods back then. Since then, podcasts and audible books have been traveling sort of in parallel by themselves, not really crossing paths. 

Rick Howard: That all started to change last year when Malcolm Gladwell published his latest book, "The Bomber Mafia." In so doing, he leveraged all of the available formats - the traditional book that you might find at a Barnes & Noble bookstore, the digital book from Amazon, the book on tape from audible.com, the podcast version that he sold from his website and distributed through his podcast feed for "Revisionist History." 

Rick Howard: The Audible book version and the podcast version did something extraordinary. In a traditional book on military history, you might quote a dusty old general like General Curtis LeMay and footnote it heavily. Gladwell takes it a step further and found the archival audio files wherever they existed. Instead of reading the quote, listeners can hear the generals speaking it. In this manner, Gladwell has converted his book into a longform podcast complete with musical interludes. I think that's the direction the book publishing business will be going in the near future. 

Rick Howard: And on the podcast side, we are starting to see podcast documentaries - limited one or two-season series on a specific subject. The production quality in some of these shows is really good too. They could be books in their own right, but they are enhanced with interviews, sound effects and music, kind of like a podcast. 

Rick Howard: Some of my favorites from 2021 are "The 1619 Project" by The New York Times. It reframes the country's history by placing the consequences of slavery and the contributions of Black Americans at the very center of our national narrative. 

Rick Howard: Dolly Parton's "America" from WNYC Studios is the story of this great singing legend at the crossroads of American culture wars. 

Rick Howard: "Halloween Unmasked" by The Ringer celebrates my favorite horror film of all time, "Halloween." 

Rick Howard: "Hunting Warhead" by CBC Productions - it follows the journalist and police on a global mission to expose child abusers and pornographers hiding on the dark web. 

Rick Howard: "Land of the Giants" by Recode - miniseries seasons on the tech companies that have greatly impacted our lives. They've done five seasons so far on Amazon, Google, Apple, Netflix and the food delivery services. 

Rick Howard: "The Lazarus Heist" by the BBC World Service - this is the story of the North Korean Lazarus Group hacking team from the Sony hacks all the way to the attacks against the Swift banking system. 

Rick Howard: "The Plot Thickens" by TCM - a miniseries seasons on Hollywood stories like Lucille Ball, Peter Bogdanovich and the movie "The Bonfire of the Vanities." 

Rick Howard: And finally, "Wind of Change" by Pineapple Street Studios - they ask the simple question, did the CIA write a power ballad that ended the Cold War? 

Rick Howard: In our lifetimes, I think the definition of what we call books will expand into a multiform experience that is a cross between written books and podcasts, and I can hardly wait. 

Rick Howard: So that's my take on podcast and book sources for 2021 and going into 2022. If podcasts haven't been your thing, maybe that could be your New Year's resolution, to spend some time with the medium to see if it really works for you. For books, especially if you're looking for good cybersecurity books, check out the "Cybersecurity Canon Project," sponsored by Ohio State University. But remember, I give you my permission to close a book or stop listening to it if, after a chapter or two, you just can't get into it. As I said, life is too short to fight through a bad book. 

Rick Howard: And that's a wrap. Welcome back to the "CSO Perspectives" podcast, and we have some great stuff for you this season. Next week, we will be sitting at the Hash Table with some of our regulars talking about their information sources they liked this past year. You don't want to miss that. 

Rick Howard: And as always, if you have any thoughts about the show, send them our way. We'd really like the feedback. You can reach us at csop@thecyberwire.com. 

Rick Howard: The CyberWire's "CSO Perspectives" is edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound design and original score. And I am Rick Howard. Thanks for listening.