Get with the New School

Submitted by justin on Thu, 06/05/2008 - 12:52.

A recent post on the Tao Security Blog got me thinking about what I feel is probably the most important book on computer security in the market today. Whether overt or by influence, this book is making waves in the computer security industry and hopefully changing things for the better. In the case of the Tao Security Blog it seems that Richard Bejtlich borrows directly from the book. In fact his entire post appears to be a synopsis of Chapter 3. Bejtlich swears he hasn't read the book - which for me is just further evidence of how accurate the book is in reflecting emerging trends and new philosophies evolving in computer security.

The book is The New School of Information Security, by Adam Shostack and Andrew Stewart. Essentially it's a collection of interwoven essays that concern themselves with the approach we use to computer security. Tightly bound with ideas proposed by the New Skeptic movement and the Scientific Process (and empiricism), The New School of Information Security seeks to redefine how practitioners of information and computer security conceptualize their field. Shostack and Stewart's work is poised to kick off a paradigm shift in information security, one which is long overdue in a field that has matured as much as infosec.

I haven't finished the book yet, so I'm remiss in writing an article, but I thought I'd point the work out because it deserves all the praise it is getting. Adam Shostack recently did an interview in the Silver Bullet podcast 026 with Gary McGraw that provides additional insight into the book an his method and I highly recommend it. I'll post a more thorough review as soon as I finish the book - should be soon.

Your email address?

Submitted by Andrew Stewart (not verified) on Thu, 06/05/2008 - 17:16.

Hi Justin, this is Andrew Stewart here. Thank you very much for your kind words about the book! I wanted to email you and follow up, but couldn't seem to find your email address. Would you mind sending me a quick email on the address that I entered when I submitted this comment? Once I get your email I'll reply. Very best, Andrew

I emailed you

Submitted by justin on Fri, 06/06/2008 - 16:57.

Hello, I emailed you back at the address you indicated. I'm almost through with the book so hopefully I can write a complete review early next week.

Great!

Submitted by Andrew Stewart (not verified) on Sun, 06/15/2008 - 20:51.

Hi Justin; it's strange - I didn't receive your email. But, I have been having some email problems recently!

I hope that you enjoyed the book in its entirety. Would it be possible for you to post your review on Amazon? Adam and I are trying to use Amazon as the canonical source for reviews regarding the book.

Thanks again for supporting us and the book!

- Andrew

Reviewed on Amazon

Submitted by justin on Wed, 07/02/2008 - 20:03.

Hello,

I'm posting my review of the book to Amazon now, as well as an expanded review here on the blog. Best of luck with the book. As I said, I was extremely impressed and I'll be looking forward to your next work!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Captcha Image: you will need to recognize the text in it.
Please type in the letters/numbers that are shown in the image above.