amp templates


Since 1998 Richard Bejtlich has defended Western interests from intruders. Mr. Bejtlich promotes Network Security Monitoring solutions to help global organizations stay in business by detecting and responding to digital threats. Visit TaoSecurity Blog or follow @taosecurity for the latest news.

Since 2004, Mr. Bejtlich has authored or co-authored nine books, and contributed to seven others. His Amazon Author Page has more details.

    Mr. Bejtlich's newest books are The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice, The Best of TaoSecurity Blog, Volume 2: Network Security Monitoring, Technical Notes, Research, and China and the Advanced Persistent Threat, The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices, and The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship.

Since 2003, cybersecurity author Richard Bejtlich has been writing posts on TaoSecurity Blog, a site with 18 million views since 2011. Now, after re-reading over 3,000 posts and approximately one million words, he has selected and republished the very best entries from 17 years of writing.

In the first volume, Mr. Bejtlich shares his thoughts on leadership, the intruder's dilemma, managing burnout, controls versus assessments, insider versus outsider threats, security return on investment, threats versus vulnerabilities, controls and compliance, the post that got him hired at a Fortune 5 company as their first director of incident response, and much more.

In the second volume, Mr. Bejtlich addresses how to detect and respond to intrusions using third party threat intelligence sources, network data, application and infrastructure data, and endpoint data. He assesses government and private security initiatives and applies counterintelligence and counteradversary mindsets to defend digital assets. He documents the events of the last 20 years of Chinese hacking from the perspective of a defender on the front lines, in the pre- and post-APT era.

In the third volume, Mr. Bejtlich addresses the evolution of his security mindset, influenced by current events and advice from his so-called set of "wise people." He talks about why speed is not the key to John Boyd's OODA loop, and why security strategies designed for and by the "security 1%" may be irrelevant at best, or harmful at worst, for the remaining "99%". 

In the fourth volume, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Highlights include Congressional testimony, his very first articles on network security, and material never previously published from his abandoned war studies PhD program at King's College London.

He has written new commentaries to accompany each post, some of which would qualify as blog entries in their own right. Read how the security industry, defensive methodologies, and strategies to improve national security have evolved in these new books, written by one of the authors who has seen it all and survived to blog about it.

Reach Your Goal Book Cover

Reach Your Goal

My book on stretching, available in a color-photo Collector's Edition, or a black-and-white-photo Amazon Edition.


The Practice of Network Security Monitoring

My latest book on NSM, published by No Starch (use code NSM101 to save 30% when buying from the publisher).

The Tao of Network Security Monitoring Book Cover

The Tao of Network Security Monitoring

My breakthrough book on NSM, published by Addison-Wesley.

Extrusion Detection Book Cover

Extrusion Detection

My pioneering book on detecting intrusions by watching outbound traffic, published by Addison-Wesley.

Real Digital Forensics Book Cover

Real Digital Forensics

My book on investigating intrusions, co-authored with Keith Jones and Curtis Rose, published by Addison-Wesley.

Security Onion Documentation Book Cover

Security Onion Documentation

I wrote the foreword to the printed version of the Security Onion documentation book.

Cyber War in Perspective Book Cover

Cyber War in Perspective

I wrote chapter 18, a case study which examines the Ukraine crisis between 2013-2015, demonstrating that cyber attacks have been used in a broader strategy of information warfare. The entire book, edited by Kenneth Geers, is available online and was published by the CCDCOE.

Practical Malware Analysis Book Cover

Practical Malware Analysis

I wrote the foreword for this ground-breaking book by Michael Sikorski and Andrew Honig, published by No Starch.

Linux Firewalls Book Cover

Linux Firewalls

I wrote the foreword for this innovative book by Michael Rash, published by No Starch.

Incident Response and Computer Forensics Second Edition Book Cover

Incident Response and Computer Forensics Second Edition

I contributed the material for chapter 8 ("Collecting Network-Based Evidence") and chapter 14 ("Analyzing Network Traffic") in the second edition of this book by Kevin Mandia, Chris Prosise, and Matt Pepe. I recommend buying the newer third edition, by Jason Luttgens, Matt Pepe, and Kevin Mandia, published by McGraw-Hill.

Hacking Exposed Fourth Edition Book Cover

Hacking Exposed Fourth Edition

I contributed "Case Study: Network Security Monitoring" to the fourth edition of this book by Stuart McClure, Joel Scambray, and George Kurtz. It contained the first discussion of NSM in a book, aside from the academic papers by NSM inventor Todd Heberlein. I recommend buying the newer seventh edition, published by McGraw-Hill.

American Ulysses Book Cover


I contributed the foreword for this collection of essays published by Sqrrl, prior to their acquisition by Amazon. David Bianco hosts a copy at My last name is spelled correctly on the cover and in my signature, but not elsewhere.

© Copyright 2000-2021 TaoSecurity - All Rights Reserved - As an Amazon Associate I earn from qualifying purchases.