CSO Perspectives is a weekly column and podcast where Rick Howard discusses the ideas, strategies and technologies that senior cybersecurity executives wrestle with on a daily basis.
Students of the game.
Last year about this time, I started a series of essays called “Students of the Game.” I got the idea from watching the ESPN Documentary, “Man in the Arena,” about the greatest American football quarterback of all time, Tom Brady.1 I’m not a sports guy at all, but even people like me, who have trouble walking and chewing gum at the same time, can appreciate the dedication and endurance of this guy. At the time of this writing, Brady is a 45-year-old NFL quarterback playing in a league where most quarterbacks retire before they are 35.2 He has won seven Super Bowl rings playing for two different teams3 (the New England Patriots and the Tampa Bay Buccaneers). That’s extraordinary.
One of the keys to his success, and there are many, is that he studies the game. He doesn’t just attend practice during the week and then roll out to the stadium each Sunday to play. He analyzes what the other teams and players are doing constantly. Brady says he watches opponent game film 4-5 hours a day.4 That’s dedication and a good example for the rest of us regarding how to stay at the top of our own particular games.
I have said for years that the reason I love cybersecurity so much is because it's never boring. It’s constantly changing. I love the implications of that; the persistent element of always having to learn something new. It keeps the job exciting. No offense to toll booth operators, a good job for a decent wage, but doing the exact same thing, eight hours a day, every day, would drive me bonkers. I'm not wired that way.
On the flip side, I have also said that the thing I hate about cybersecurity is that it’s never boring. It’s constantly changing. It’s almost impossible to stay current on all the latest developments, new ideas, and the retirement of old ideas. The implication is that most security professionals are constantly seeking and consuming some kind of cybersecurity content to help them be better at their jobs, like Tom Brady.
Where I diverge from Mr. Brady is his myopic focus on only football. And I hear what you’re saying. “Rick, didn’t you just say that one of the reasons that Tom Brady is the GOAT of all NFL quarterbacks is his singular focus on the study of the game?” Well, you got me there. But I'm not trying to be the GOAT of cybersecurity. I'm trying to be good enough at a lot of things. Looking back over my career, I have found that anybody in this business who only consumes information about cybersecurity lives in a small world. There are other topics to consider that will widen your aperture on different points of view, and in turn, will make you a better security professional. To quote Robin Williams in the old Apple commercial (and the movie “Dead Poets Society), “… medicine, law, business, engineering. These are noble pursuits, and necessary to sustain life. But poetry, beauty, romance, love, these are what we stay alive for.5” Which begs the question, what content are we all consuming to make us better security professionals, make us better humans, and at the same time, will bring a little joy to our lives?
For me, I typically use books and podcasts. I generally listen to the material first and then, If I thought it was particularly interesting, I would go back and actually read the book in my Kindle App or read the podcast transcript to study it. I use the Kindle App for books because it allows me to highlight passages and export them when I’m taking notes. And for those interested, I use a program called Evernote as my note taker. There are lots of note taker apps out there but I started using Evernote over a decade ago. Everything that I think is important to remember is in there. It acts as the Howard-brain-hard-drive for business and for my personal life.
As a student of the game, for me, it really helps if I take a moment and write a sentence or two about the book or podcast that I just consumed. That act helps me remember the important parts. Unlike my lovely wife who reads way more books than I do each year but doesn’t retain much of the information within. Sometimes she is reading a book, gets half way through it, and says, “Hey, I think I’ve read this before.”But she’s doing it for entertainment only. When you’re a student of the game, the point is to remember the important parts.
My daughter and I have a ratings system for books that we read together:
- 5 Stars: We know we will likely read the book again sometime in the future.
- 4 Stars: We will recommend the book to everybody.
- 3 Stars: We like and will likely recommend the book to some people.
- 2 Starts: We didn’t like it.
- 1 Star: We closed the book before we finished reading it. Hey life is too short to read bad books.
For all of the material I'm covering here, I have rated each 4 stars or better.
8 cybersecurity books.
“Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency” by Andy Greenberg6
This is the best cyber crime book I have read in the past 10 years. According to Greenberg in my interview with him last year, “The story of this book is about how, over the last decade, it slowly became apparent that Bitcoin is incredibly traceable. That it is actually far more traceable once you know how to crack the code of the blockchain Bitcoin addresses, than even the traditional financial systems. And a small group of detectives who were really the main characters of this book figured this out, first in the research world, then the tech industry, then law enforcement. And this group went on a spree of one massive cyber criminal takedown after another, each one bigger than the last, that is still persisting to this day7.”
“This Is How They Tell Me the World Ends: The Cyberweapons Arms Race” by Nicole Perlroth8
Perlroth’s book is everything that you ever wanted to know about the software exploitation market but were afraid to ask. Admittedly, I may be a bit biased about this one. I used to buy software exploits when I worked for the government and I sold exploits to the government when I ran a commercial cyber intelligence shop back in the day. After a 30 year career, in hindsight, I don’t think I would do that again. Perlroth explains why. There is also an account of the Chinese government's infiltration of the Google networks back in 2010, to my knowledge, the only detailed account of the incident in public (besides Google’s version) and the catalyst to Google for redesigning their security architecture to fully incorporate the Zero Trust philosophy. There is also a detailed account of the NSA's Project Gunman, the 1984 classified six-month operation to remove every single piece of electrical equipment from the U.S. embassy in Moscow, bring it back to Fort Meade for examination, and replace it with equipment the agency could guarantee was not bugged.
“Superforecasting: The Art and Science of Prediction,” by Philip E. Tetlock and Dan Gardner9
I re-read this book in 2022 preparing for the risk forecasting series I did in season 10.10 It’s even better than I remembered. The first time I read it (around 2017), Tetlock and Gardner convinced me it was possible to forecast highly complex questions like, what is the probability of material impact to my organization due to a cyber event? But I couldn’t figure out how to make it work in any practical sense. On this reading, five years later, I’ve finally figured it out. Combining Superforcasting techniques with Fermi estimates and Bayes’ Rule is the way to go. If you’re just dipping your toes into the risk forecasting arena, Tetlock and Gardner’s book is a good place to start. If you’re a veteran of the risk forecasting discipline and you haven’t read this yet, you have a hole in your education. It’s a candidate book for the Cybersecurity Canon Project11 already. I fully expect it to be inducted into the Hall of Fame at some point.
“Spies, Lies, and Algorithms: The History and Future of American Intelligence,” by Amy Zegart12
Full disclosure, Dr. Zegart is a friend of mine. When I heard that she had published this book, I couldn’t wait to get my hands on it. Her thesis is that most Americans have no clue about how the U.S. “intelligence community,” or the IC as the cool kids call it, conducts business or even whether or not the IC is succeeding. IC Leaders are so worried about protecting sources and methods that there is no room for a discussion of strategic objectives in the public sphere. For Dr. Zegart, that means there is no way for outside organizations, like academia, to help. I would be more blunt. I would say that there is no way for the public to hold them responsible for their actions. She says that her students are so ill-informed that they get most of their ideas about how the IC works from TV shows and movies. Her course, and this book, covers the history of American intelligence starting all the way back to General Washington and the Revolutionary war up to the modern day. But until the conclusion of WWII, the U.S. didn’t have a permanent intelligence capability. That changed when President Truman signed into law the creation of the CIA. Dr. Zegart isn’t shy either about covering the mistakes the CIA has made over the years like its failure to predict 9/11 and their incorrect prediction that Iraq had WMD. Her criticism comes from a stern but gloved hand compared to the bare knuckled takedown by Tim Weiner’s “Legacy of Ashes: The History of the CIA.”13 According to Weiner, The CIA was a clown car for its first 40 years with no oversight about what they were doing and why they were doing it. Dr. Zegart explains Counterintelligence, covert action, congressional oversight, using open source intelligence to assess the nuclear threat, and cyber. And I was pleased to see that she recommends Dr. Tetlock’s Superforecasting techniques as a way to improve the IC’s batting average for predicting the next thing. It’s well worth the read.
“The Cybersecurity Path: Insider Advice to Navigate a Successful Career in Security from Beginning to End," by Helen Patton14
Helen is another friend of mine, a regular visitor to the CyberWire Hash Table, and she has just recently stepped down as the Cybersecurity Canon’s Committee Chair. Since most of the things that I read on cybersecurity tend toward the high level technical issues of the day, I was pleased to find this book of wisdom that would actually help the people in the trenches who work, struggle, and thrive in the infosec community today. I’m so glad that she wrote this book. I have had hundreds of conversations over the years from newbies trying to break into the field, mid-career professionals seeking advice, or senior leaders comparing notes about navigating the rough waters of the infosec community. At the end of each session, I always said to myself, I should write some of this stuff down. Well, that's no longer an issue. Helen has done it for us. She explains in articulate detail the habits, traits, and best practices that we should all follow to be the best security professionals we can be.
“ Project Zero Trust: Ategy for Aligning Security and the Business,” George Finney15
I know this sounds like a broken record, and at the risk of being accused of nepotism, George is also a friend of mine. Hey, don’t blame me. I have a bunch of smart friends and a lot of them like to write books. As you all know, zero trust is one of my first principle strategies. When I heard that George published a book on the topic and that he got John Kindervag (The father of zero trust) to write the forward, I knew it was going to be good. I immediately dove in. But, I had a bit of trepidation. George is one of the smartest cybersecurity practitioners on the planet. I was worried that he and I might not characterize zero trust in the same way and that wouldn’t be good. That would likely mean that I was barking up the wrong tree and I would have to start over. Thankfully, George and I are almost completely aligned. And what makes his book unique is he followed the model of previous technical writers who wanted to reach a wider audience by creating a novel as a vehicle to express the technical ideas he wanted to cover. This puts him in the same category as Gene Kim and his book, “The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win16” and Eliyahu Goldratt and his book, “The Goal: A Process of Ongoing Improvement17” If you are still struggling with the concept of zero trust, this book is for you.
“The Theory That Would Not Die: How Bayes' Rule Cracked the Enigma Code, Hunted Down Russian Submarines, and Emerged Triumphant from Two Centuries of Controversy,” Sharon Bertsch McGrayne18
Finally, here’s a book not written by one of my friends and it’s another one that I read to prepare for the risk forecasting series I did in season 10.19 The author, Sharon McGrayne, did a Google Talk in 2014 if you want the Reader’s Digest version.20 Bayes' Rule is the mathematical foundation that allows us to use Superforecasting techniques and Fermi estimates to calculate the probability of material impact to our organizations due to a cyber event with enough precision to make resource decisions. The basic concept is that a forecaster makes an estimate of the initial probability. We call that the prior. Then, we collect new evidence in the form of outside-in analysis (statistics on the general purpose question like what is the probability that any company will be materially impacted by a cyber event) and adjust the initial estimate up or down with this new information. Then, we do an inside-out analysis of our own organization around how well we implement our first principle strategies and adjust the assessment up or down again. As we gain new evidence, we repeat the process. That’s how Bayes’ Rule works. McGrayne’s book is a delightful history of the theory’s evolution from creation to modern day, its successes and failures, and blood feuds between mathematicians over the years. I highly recommend it if this subject intrigues you, and it should. Risk forecasting is something that we should all be comfortable with.
The Rose Code,” by Kate Quinn 21
My favorite cybersecurity novel last year was “The Rose Code,” by Kate Quinn. It’s a historical fiction novel set during World War II at Bletchley Park, the British codebreaking facility where Alan Turing and other brilliant minds worked to crack the German Enigma code. Turing even makes a cameo appearance. I love that. Through fiction, Quinn tells the story of the 10,000 real women (about three-quarters of the total workforce) who worked at Bletchley Park during the war. There’s romance, intrigue, and of course, Alan Turing. It feels like Quinn wrote this story specifically for me.
8 cybersecurity podcasts.
CSO Perspectives (Pro): Host Rick Howard22
This is my main show about the ideas, strategies, and technologies that senior security executives wrestle with on a daily basis. This is on the pro side (The Netflix Side) of the Cyberwire house; meaning there are no ads but you have to pay for a subscription. In 2022, the show covered mostly topics related to cybersecurity first principles like zero trust, intrusion kill chain prevention, resilience, and automation.
Word Notes: Host Rick Howard23
This is just a little weekly five minute show that attempts to explain that word salad that is inherent in the cybersecurity industry. I have to tell you. We went over a 1 hundred episodes last year and I have learned more technical details about how cybersecurity stuff works working on that show then I did in my entire 30 years career. If you want a quick hit on words and phrases like Secure Service Edge, Identity and Access management, and DMARC, just to name three, this is your show.
Cyberwire-X: Hosts Rick Howard and Dave Bittner24
This is the Dave Bittner and Rick Howard talk show. A sponsor throws a current topic on the Cyberwire Hash Table and Dave and I bring in subject matter experts in to discuss. It’s a free wheeling conversation and a lot of fun to listen to.
CSO Perspectives (Public): Host Rick Howard 25
This is a public version of CSO Perspectives. There is no subscription. That’s the good news. The bad news is that it has ads and the episodes are roughly a year old. We use it as a teaser to lure new listeners over to the pro side. If you’re like me and hate ads, then the Cyberwire Pro is for you. You get all of the Cyberwire’s shows without commercials. But, if you can tolerate the commercials and you don’t mind being a year behind, then CSO Perspectives (Public) is for you.
Hacking Humans goes to the Movies: Hosts Dave Bittner and Rick Howard26
Dave and I started doing this for fun back in 2021. We take a movie or TV show that has some sort of con man scheme going on, play the clip, and then discuss the social engineering aspects of what they did. So far we have covered "The Simpsons,” "The Sting," "Key & Peele," and "Sneakers," just to name four. It’s a lot of fun and you might learn a thing or two in the process. Also, we are always on the lookout for new clips to play. If you have any suggestions, send them our way (CSOP@theCyberwire.com)
The Cyberwire Daily: Host Dave Bitner 27
This is the Cyberwire’s flagship podcast. It’s short and provides an update on the major cybersecurity news items of the previous day. I started listening to this podcast years before I started working here as my sole source of news. It’s still the first thing I listen to every morning.
Risky Business: Host Patrick Grey 28
Another news program that I have been listening to for years. This one is weekly. The two hosts go into a lot more detail than Dave does on the Daily, but that contributes to the one criticism I have for the show. It tends to run a bit long. That said, the content is always top notch.
The Lazarus Heist: BBC29
A limited run podcast (11 episodes), almost like a short book but with music and interviews, about the leadup and execution of the North Korean hacker campaign in 2016 to steal $81 Million from the Bangladesh Central Bank. The North Korean government gives its hacking crews permission to dabble in cyber crime to fund their own operations and to bring revenue into the country. The Bangladesh Central Bank job is one of their most famous.
8 non-cybersecurity books.
"Case Closed: Lee Harvey Oswald and the Assassination of JFK," by Gerald Posner, Narrated by Scott Aiello30
I'm a fan of conspiracy theories; not that I believe in them, just the entire stew-of-crazy in it all. I think they are fascinating story telling devices. And I have been a fan of the JFK assassination conspiracy since I was a wee lad. In books, I poured over still-frames of the original 1963 8mm Zapruder film looking for clues before the film was first broadcast to a national audience on ABC in 1975. And I love Oliver Stone's 1991 movie, "JFK;" fantastic story telling. It still holds up 30 years later, not as proof of conspiracy but just a damn fine movie. Donald Sutherland's Mr. X is pitch perfect. But I was never sold on the crazy ideas concocted by conspiracy theorists over the years about massive secret plots to kill President Kennedy: the CIA, the KGB, the Mafia, President Johnson, Castro, etc. Occam's razor argues against any of those elaborate plots. Still, I had an open mind because I couldn't get past the explanation for two specific things. The first was that I didn’t buy the idea that Oswald, with his low marksmanship skills and crap bolt action rifle, could actually hit the president twice (missing the first shot but hitting two times after) in a short amount of time. That always sounded implausible to me. The second was how President Kennedy’s head flies backward after being hit from behind. I could never rectify that either. Well, Posner convinced me I was wrong. He is a lawyer and a former prosecutor and he writes like that. The language is clear and precise. As he lays out his evidence, brick by brick, he delivers his arguments like mortar holding it all together. It really is quite impressive and he utterly destroys every objection to all the conspiracy theories including my two. If you’re a JFK conspiracy fan, this book is for you.
“The Premonition: A Pandemic Story," by Michael Lewis31
Two of my favorite re-watchable movies in the last decade are "The Big Short32" and "Moneyball33." I vaguely knew that Lewis authored the original books, but then I discovered his "Against the Rules34" podcast on the Pushkin network and it all clicked together. This book, "The Premonition," is about how the U.S. Government (and state and local governments too) responded to the pandemic in the early days. This is to say, they didn't respond very well. Lewis is quick to point out that this was not entirely President Trump's fault. He says that the systems to manage these existential threats (not just the pandemic response) had been deteriorating for years , decades even, before President Trump took office. The Trump Administration exacerbated the situation for sure; but, Lewis says that his administration was a comorbidity, not the cause. Here’s the thing that I learned when reading this book. In terms of any kind of government pandemic response, because of the exponential nature of it, government leadership has to make decisions about what to do about it long before the seriousness of the situation becomes apparent to the general public. Those remedies, those inconveniences, are hard to take even in dire situations. Our experience with Covid 19 is that even when we were averaging well above 1,000 deaths a day for almost three years, half the country didn't like government mandates like masks, school closings, vaccinations, and spatial distancing. Trying to enforce those remedies before the situation gets dire, before the notion of a pandemic is obvious, is a tough political position to be in. Even if the prescribed remedies worked and prevented a pandemic, in the aftermath, most people would say that the government overreacted with all the mandates. It’s a tough situation to be in politically. Lewis published this book in May of 2021. It was early days in the Covid 19 response. I expect that there will be many more books later critiquing how the United States and the rest of the world responded to Covid 19 in years to come; rightly so. Over a million Americans died as a result of the virus and the number is still rising. In hindsight, most experts think the country could have done much better. This book was a first-draft of the story. I recommend it to anybody puzzled about why the American response to Covid 19 was so ineffective. It will scare the crap out of you.
“The Method: How the Twentieth Century Learned to Act” by Isaac Butler 35
On a lighter note, here’s a book about acting. I know. I know! This is such a nerdy thing to include on my list of best reads of the year. If you think about it though, most of us spend way too much time watching movies and TV shows in our spare time with, you know, actors portraying characters. Even if you don’t notice it, the good shows are the ones where the actors are phenomenal. The Marvel Universe wouldn’t be nearly as good as it is if Chris Evans, the actor that played Captain America for almost a decade, couldn’t deliver his inspirational speeches in a believable way. “Silence of the Lambs” wouldn’t be nearly as good without Jodie Foster and Anthony Hopkins playing the leads. So, I appreciate a well acted scene. When William Shakespeare was writing and performing plays in the late 1500s though, acting wasn’t what it is today. It was big, over exaggerated, and cartoony. The actors had to play-to a big house where the sound wasn’t good and not every audience member could see the stage clearly. Enter Konstantin Stanislavski, a Russian actor, director and theorist born in 1863 who changed the game. His system, which came to be known as "method acting," describes techniques designed to help actors access their emotions and inner thoughts in order to create more authentic and effective performances; to to create a sense of truth and reality on stage. Stanislavski brought his system to America in the early 1900s and it caught on. In 1947, Famous members of the famous Actor’s Studio (like Montgomery Clift and Marlon Brando) were taught those techniques. Later, other well respected actors (like Dustin Hoffman, AL Pacino, and Robert De Niro) used those techniques for their most famous roles. if you’re a movie nerd, and if you like a bit of Russian history, this book is for you.
“Twilight of Democracy: The Seductive Lure of Authoritarianism,” by Anne Applebaum36
Looking through the lens of the "glass is half full," the good news is that America is not the only country trying to reject liberal democracy in favor of authoritarianism. I mean, we're not by ourselves. We belong to a set of countries that have seemed to have lost our way. According to the author, Anne Applebaum, Poland, Hungary, Britain, Spain, England, Philippines, and Brazil are all walking down that path. Some are further along than others, that's true. I personally think that America is one presidential election away from completely adopting authoritarianism as the future of the country. If that happens, it might take an entire generation to reverse the course if ever. What Applebaum is writing about is this growing trend and tries to answer why.
When I say liberal democracy, that's not "the left's liberalism" that Fox news bashes every day on its TV channel. It's the idea that originated during the enlightenment during the 18th Century. According to William Galston37, author of nine books and more than 100 articles in the fields of political theory, liberal democracy is made up of four big ideas: 1 - that government works for the people (republicanism); 2 - that all citizens are equal (democracy), 3 - that the basis for conducting day-to-day life is codified in laws (constitutionalism), and 4 - that all citizens expect independence and privacy (liberalism). According to Leigh McGowan38, the host of the Politics Girl podcast, authoritarianism on the other hand "is the idea of blind submission to authority as opposed to individual freedom of thought and action and can be either autocratic or oligarchic in nature. Government authoritarianism means a political system that concentrates power into the hands of a leader or a small elite that is not constitutionally responsible to the body of people."
All my life I have believed in liberal democracy as a fact, a first principle if you will, that no matter how much we disagreed as a nation across the political spectrum on the goals for the country and the projects that we took on, we were all working to improve our liberal democracy in the name of "a more perfect Union." That simply isn't true. It might never have been but it's absolutely not true now. Applebaum says that these are the contributing reasons we are seeing this movement rise now: personal gain, cultural despair, resentment, envy, nostalgia, and finally, the “cantankerous nature of modern discourse itself.” One thing she does highlight is the fact that all the people like me, who thought liberal democracy was a first principle and was as solid as granite, realize now that after four years of President Trump, the institutions that held up that belief are fragile and easily toppled over. The unfortunate thing is that she has no answers and offers no strategy to reverse the trend.
"Artemis,” by Andy Weir 39
Weir is the author behind the run-away hit book and movie, “The Martian.”40 This book is a murder mystery set on a moon colony in the near future.
“Seveneves,” by Neal Stephenson 41
Stephenson is my all-time favorite modern day SCI-FI author. He is also a Cybersecurity Canon Hall of Fame lifetime achievement winner for his two novels “Cryptonomicon42,” and “Snow Crash43.” His books are so full of ideas that one reviewer, Charles Yu, described him this way: "A copy of Cryptonomicon has more information per unit volume than any other object in this universe. Any place that a copy of the book exists is, at that moment, the most information-rich region of space-time in the universe." “Seveneves” is a tome in two parts. The first part is how does the earth respond when the moon is about to explode (for reasons). How do you put a colony of humans in space quickly before humanity dies? The second part is set many years in the future and covers the ramifications of those early decisions made during the crisis.
"The Lesser Dead," by Christopher Buehlman44
A rollicking good vampire story set in NYC during the 1970s. It’s about a clan of vampires who run into a new clan of child-vampires (meaning they were turned when they were kids) moving into the city who don’t know the rules, don’t care about the rules, and are ruthless to whomever gets in their way.
“Fairy Tale,” by Stephen King45
Mr. King’s preference in the horror genre is not everybody’s cup of tea. I get that. But man, can he write. He knows how to move a story along. Before he published his first big hit, “Carrie,”46 in the 1970s, he was a high school English teacher. In 2000, he published “On Writing,”47 about the craft of writing and my practice is to hand that book and “The Elements of Style,”48 by William Strunk and E.B. White to every new employee that walks in the door. My advice to them is to keep those books close while they are writing email messages and reports for me. “Fairy Tale” is Mr. King’s latest book and it’s not a horror story at all. As the title suggests, it’s a completely original fairy tale in the same vein as “The Lion, the Witch and the Wardrobe” by C.S. Lewis49 and the Harry Potter series.50 Even my daughter, who hates fantasy stories, couldn’t put this one down.
8 non-cybersecurity podcasts.
The Great Books Podcast: Host John Miller51
I love this little podcast. It’s short, usually less than 25 minutes, and the host brings on literary scholars to discuss all of those classic books that we should have read in high school and didn’t. Many times, I would listen to the show, get inspired, and go right out and read the book. Three of my favorites this year were “Antony and Cleopatra52,” “Something Wicked this way Comes53,” and “The Lord of the Rings Trilogy54.”
Ultra: Host: Rachel Maddow 55
If the impact of the 6 January riots on the U.S. capitol have gotten you down, and you’ve read “Twilight of Democracy” and think that the current flirtation in America and the world with authoritarianism is the worst it could be, rest assured that this just isn’t true. In a limited run podcast series (8 episodes), Maddow covers eerily similar events that happened before and during WWII where sitting members of Congress aided and abetted a plot to overthrow the government and insurrectionists plotted to end American democracy for good. They didn’t cover that story when I was sitting through my high school history class.
All-In: Hosts Chamath Palihapitiya, Jason Calacanis, David Sacks & David Friedberg 56
This is probably my favorite new discovery this year. These four guys are successful silicon valley investors, board members, good friends, and their political views range across the entire spectrum from liberal to conservative. Sometimes the conversation gets quite heated, but the reason I like it so much is that their discussions illuminate how capitalist entrepreneurs think about running businesses. For example, they were talking about the massive silicon valley layoffs long before they actually happened. If you’re a techie and the business world mystifies you, you might try listening to a few episodes. It might add some perspective to your worldview that you are missing. I know it’s done that for me.
Land of the Giants: Hosts Shirin Ghaffary and Alex Heath57
This has been one of my favorite shows for the past couple of years. Each season is a limited run series covering the history and philosophy of one of the famous silicon valley success stories like Apple, Google, and Uber. In 2022, they covered Facebook and this year, they are going after the dating app industry.
The Rewatchables: Host Bill Simmons 58
You all know that I'm a movie nerd and this podcast feels like it was made just for me. The host is just a little younger than me so he grew up loving all of the same 1980s and 1990s movies that I loved. He defines a rewatchable as any movie that you stumble on as you’re flipping channels and you say to yourself, “Oh, that scene that I love is coming up in a few minutes? I’ll stick around for that.” The thing is, he’s a sports guy. He has been writing about sports for years, worked at ESPN, and was a producer for their famous “30 for 30” series. So, he views movies through that lens. He has special categories that make the show unique like the “Dion Waiters/heat check performance” when someone in a small role makes the most of it and “Who won the movie?” This can be an actor, adirector, the studio, the score, really anybody or anything is eligible. My favorite episodes this year were “Batman” with Michael Keaton, “Titanic,” and “A League of their own.”
The Plot Thickens: Host Ben Mankiewicz59
A “documentary podcast about the movies and the people who make them” from the folks at Turner Classic Movies (TCM). Each season is dedicated to a specific topic. They’ve covered the famous director, Peter Bogdanovich, the making of “Bonfire of the Vanities,” and the life story of Lucille Ball. This season, they covered the history of Pam Grier, the famous blaxploitation actress of the 1970s.
On the Media: Host Brooke Gladstone60
I’ve been listening to this podcast for years. It’s not so much a news podcast as it is a podcast about how the news covers the news.
Freakonomics: Host Stephen Dubner61
This is another podcast that has been in my rotation for years. It’s a spinoff of the book, “Freakonomics: A Rogue Economist Explores the Hidden Side of Everything”62 by economist Steven Levitt and writing partner Stephen Dubner. If you’re a fan of my risk forecasting episodes from last season, this podcast is more of the same. It uses common sense around economic incentives to explain why the world works the way that it does or, more specifically, why it doesn't work the way you think it does. My favorite episodes in 2022 include a discussion of nuclear power, Michael Lewis’ book, “Moneyball,” and what exactly is college for?
Conclusion.
There you have it, my second edition of being a student of the cybersecurity game for 2022 and heading into 2023. Do yourself a favor and emulate the NFL Quarterback GOAT, Tom Brady. Spend some time, besides the day-to-day grind of the job and handling the crisis of the moment, to enrich your understanding of the profession. And then, branch out to other areas of interest that are not cybersecurity. Expand your world. It will make you a more rounded person, a better leader, and will consequently make you a better cybersecurity practitioner.
References.
1 ESPN staff, 2021. How to watch the Tom Brady documentary series “Man in the Arena” on ESPN+ [WWW Document]. ESPN. URL https://www.espn.com/nfl/story/_/id/32584736/how-watch-tom-brady-documentary-series-man-arena-espn+.
2 Joseph, 2022. What Is the Average Retirement Age for an NFL Quarterback? [WWW Document]. Forever Rebuilding. URL https://foreverrebuilding.com/what-is-the-average-retirement-age-for-an-nfl-quarterback/.
3 Robinson, D., 2022. How many Super Bowls has Tom Brady won? (Updated 2022) [WWW Document]. Pro Football Network. URL https://www.profootballnetwork.com/how-many-super-bowls-has-tom-brady-won/.
4 Brady, T., 2022. [Highlight] Tom Brady discusses watching film for 4-5 hours a day [WWW Document]. reddit. URL https://www.reddit.com/r/AZCardinals/comments/w8q10v/highlight_tom_brady_discusses_watching_film_for/.
5 Wiliams, R., 2014. Robin Williams Apple iPad Air Commercial [Video]. YouTube. URL https://www.youtube.com/watch?v=Ep2_0WHogRQ&list=FLsk27LeJTzOxef7tAH5ogtg&index=41.
6 Greenberg, A., 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Doubleday. URL https://www.goodreads.com/book/show/60462182-tracers-in-the-dark?ref=nav_sb_ss_1_19.
7 Howard, R., 2022. Andy Greenberg Interview: Tracers in the Dark. [Podcast]. CSO Perspectives Podcast. URL https://thecyberwire.com/podcasts/cso-perspectives/95/notes.
8 Perlroth, N., 2021. This Is How They Tell Me the World Ends: The Cyberweapons Arms Race [Book]. Bloomsbury Publishing. URL https://www.goodreads.com/book/show/49247043-this-is-how-they-tell-me-the-world-ends?ref=nav_sb_ss_1_39.
9 Tetlock, P.E., Gardner, D., 2015. Superforecasting: The Art and Science of Prediction [Book]. National Geographic Books. URL https://www.goodreads.com/book/show/23995360-superforecasting?ref=nav_sb_ss_1_51.
10 Howard, R., 2022b. Infosec teams risk assessment. [Podcast]. CSO Perspectives Podcast. URL https://thecyberwire.com/stories/e9830596ceec4f769a2fb4a52a149bd2/infosec-teams-risk-assessment
11 Committee, n.d. Cybersecurity Canon Project [WWW Document]. Ohio State University. URL https://icdt.osu.edu/cybercanon/bookreviews.
12 Zegart, A.B., 2022. Spies, Lies, and Algorithms: The History and Future of American Intelligence [Book]. Princeton University Press. URL https://www.goodreads.com/book/show/57813553-spies-lies-and-algorithms?ref=nav_sb_ss_1_76.
13 Weiner, T., 2007. Legacy of Ashes [WWW Document]. Doubleday Books. URL https://www.goodreads.com/book/show/970488.Legacy_of_Ashes?ac=1&from_search=true&qid=uovEILuLzX&rank=1.
14 Patton, H.E., 2021. Navigating the Cybersecurity Career Path [Book]. John Wiley & Sons. URL https://www.goodreads.com/book/show/59701522-navigating-the-cybersecurity-career-path?ref=nav_sb_ss_1_2.
15 Finney, G., 2022. Project Zero Trust: A Story about a Strategy for Aligning Security and the Business [Book]. John Wiley & Sons. URL https://www.goodreads.com/book/show/62061375-project-zero-trust.
16 Kim, G., Behr, K., Spafford, G., 2013. The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win [WWW Document]. Goodreads. URL https://www.goodreads.com/book/show/17255186-the-phoenix-project?ref=nav_sb_ss_1_19
17 Goldratt, E.M., Cox, J., 1984. The Goal: A Process of Ongoing Improvement [WWW Document]. North River Press. URL https://www.goodreads.com/book/show/113934.The_Goal?ref=nav_sb_ss_2_8
18 McGrayne, S.B., 2011. The Theory That Would Not Die: How Bayes’ Rule Cracked the Enigma Code, Hunted Down Russian Submarines, & Emerged Triumphant from Two Centuries of Controversy [Book]. Yale University Press. URL https://www.goodreads.com/book/show/10672848-the-theory-that-would-not-die.
19 Howard, R., 2022b. Infosec teams risk assessment. [Podcast]. CSO Perspectives Podcast. URL https://thecyberwire.com/stories/e9830596ceec4f769a2fb4a52a149bd2/infosec-teams-risk-assessment
20 McGrayne, S.B., 2011. The Theory That Would Not Die [Video]. Talks at Google. YouTube. URL https://www.youtube.com/watch?v=8oD6eBkjF9o.
21 Quinn, K., 2021. The Rose Code: A Novel [Book]. HarperCollins. URL https://www.goodreads.com/book/show/53914938-the-rose-code?ref=nav_sb_ss_1_13.
22 Howard, R., CSO Perspectives (Pro) [Webpage]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives.
23 Howard, R., Word Notes [Webpage]. The CyberWire. URL https://thecyberwire.com/podcasts/word-notes.
24 Howard, R., Bitner, D., CyberWire-X [Webpage]. The CyberWire. URL https://thecyberwire.com/podcasts/cyberwire-x.
25 Howard, R., CSO Perspectives (public) [Webpage]. The CyberWire. URL https://thecyberwire.com/podcasts/cso-perspectives-public.
26 Bittner, D., Howard, R., n.d. Hacking Humans Goes to the Movies [WWW Document]. The CyberWire. URL https://thecyberwire.com/podcasts/hacking-humans-goes-to-the-movies.
27 Bitner, D., CyberWire Daily [Webpage]. The CyberWire. URL https://thecyberwire.com/podcasts/daily-podcast.
28 Gray, P., Risky Business [Webpage]. Independent. URL https://risky.biz/.
29 Staff, The Lazarus Heist [Webpage]. BBC. URL https://www.bbc.co.uk/programmes/w13xtvg9.
30 Posner, G., 2013. Case Closed: Lee Harvey Oswald and the Assassination of JFK [Book]. Open Road Media. URL https://www.goodreads.com/book/show/38107.Case_Closed.
31 Lewis, M., 2021. The Premonition: A Pandemic Story [Book]. W. W. Norton & Company. URL https://www.goodreads.com/book/show/56790170-the-premonition.
32 Lewis, M., 2010. The Big Short [WWW Document]. W. W. Norton Company. URL https://www.goodreads.com/book/show/26889576-the-big-short?ref=nav_sb_ss_1_13.
33 Lewis, M., 2003. Moneyball [WWW Document]. W. W. Norton Company. URL https://www.goodreads.com/book/show/1301.Moneyball?ref=nav_sb_ss_1_9.
34 Lewis, M., 2023. Against the Rules [Podcast]. Pushkin Industries. URL https://www.pushkin.fm/podcasts/against-the-rules.
35 Butler, I., 2023. The Method: How the Twentieth Century Learned to Act [Book]. Bloomsbury Publishing. URL https://www.goodreads.com/book/show/57693266-the-method?ref=nav_sb_ss_1_52.
36 Applebaum, A., 2020. Twilight of Democracy: The Seductive Lure of Authoritarianism [Book]. National Geographic Books. URL https://www.goodreads.com/book/show/50155421-twilight-of-democracy?ref=nav_sb_ss_1_61.
37 Galston, W.A., 2018. The populist challenge to liberal democracy [WWW Document]. Brookings. URL https://www.brookings.edu/research/the-populist-challenge-to-liberal-democracy/.
38 McGowan, Leigh , 2022. A Brief History of How We Got Here [Podcast]. Politics Girl Podcast. URL https://podcasts.apple.com/us/podcast/a-brief-history-of-how-we-got-here/id1595408601.
39 Weir, A., 2018. Artemis: A Novel [Book]. Ballantine Books. URL https://www.goodreads.com/book/show/34928122-artemis.
40 Weir, A., 2011. The Martian [Book]. Crown. URL https://www.goodreads.com/book/show/18007564-the-martian.
41 Stephenson, N., 2016. Seveneves [Book]. Borough Press. URL https://www.goodreads.com/book/show/22816087-seveneves.
42 Stephenson, N., 1999. Cryptonomicon [Book]. William Morrow. URL https://www.goodreads.com/book/show/816.Cryptonomicon
43 Stephenson, N., 1992. Snow Crash [WWW Document]. Bantam. URL https://www.goodreads.com/book/show/40651883-snow-crash.
44 Buehlman, C., 2014. The Lesser Dead [Book]. Penguin. URL https://www.goodreads.com/book/show/20893407-the-lesser-dead.
45 King, S., 2022. Fairy Tale [Book]. Scribner. URL https://www.goodreads.com/book/show/60177373-fairy-tale.
46 King, S., 1974. Carrie [Book]. Pocket Books. URL https://www.goodreads.com/book/show/10592.Carrie.
47 King, S., 2000. On Writing [Book]. Pocket Books. URL https://www.goodreads.com/book/show/10569.On_Writing.
48 Strunk, W., Jr., 1918. The Elements of Style [Book]. Allyn & Bacon. URL https://www.goodreads.com/book/show/33514.The_Elements_of_Style.
49 Lewis, C.S., 1950. The Lion, the Witch and the Wardrobe (Chronicles of Narnia, #1) [Book]. HarperCollins Publishers. URL https://www.goodreads.com/book/show/100915.The_Lion_the_Witch_and_the_Wardrobe.
50 Rowling, J.K., 2007. Harry Potter Series Box Set (Harry Potter, #1-7) [Book]. Arthur A. Levine Books. URL https://www.goodreads.com/book/show/862041.Harry_Potter_Series_Box_Set.
51 Miller, John, The Great Books [Webpage]. National Review. URL https://www.nationalreview.com/podcasts/the-great-books/.
52 Shakespeare, W., 1606. Antony and Cleopatra [Book]. Washington Square Press. URL https://www.goodreads.com/book/show/104837.Antony_and_Cleopatra.
53 Bradbury, R., 1962. Something Wicked This Way Comes (Green Town, #2) [Book]. Harper Voyager. URL https://www.goodreads.com/book/show/248596.Something_Wicked_This_Way_Comes.
54 Tolkien, J.R.R., 1955. The Lord Of The Rings Trilogy (The Lord of the Rings, #1-3) [Book]. Harper Collins. URL https://www.goodreads.com/book/show/8167434-the-lord-of-the-rings-trilogy.
55 Maddow, R., Ultra [Webpage]. MSNBC. URL https://www.msnbc.com/rachel-maddow-presents-ultra.
56 Calacanis, J., Palihapitiya, C., Sacks, D., David Friedberg, All-In [Webpage]. Independent. URL https://podcasts.apple.com/us/podcast/all-in-with-chamath-jason-sacks-friedberg/id1502871393.
57 Ghaffary, S., Heath, A., Land of the Giants [Webpage]. Vox. URL https://www.vox.com/land-of-the-giants-podcast.
58 Simmons, Bill , n.d. The Rewatchables [Webpage]. The Ringer. URL https://www.theringer.com/the-rewatchables.
59 Mankiewicz, B., The Plot Thickens [Webpage]. TCM. URL https://theplotthickens.tcm.com/season-four/about/
60 Gladstone, B., On the Media [Webpage]. WNYC Studios. URL https://www.wnycstudios.org/podcasts/otm.
61 Dubner, S., Freakonomics [Webpage]. Freakonomics Radio. URL https://freakonomics.com/series/freakonomics-radio/.
62 Levitt, S.D., 2005. Freakonomics [Book]. William Morrow. URL https://www.goodreads.com/book/show/1202.Freakonomics.