Since 1998 Richard Bejtlich has defended Western interests from intruders. Mr. Bejtlich promotes Network Security Monitoring solutions to help global organizations stay in business by detecting and responding to digital threats. Visit TaoSecurity Blog or follow @taosecurity for the latest news.
Mr. Bejtlich's newest books are The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice, The Best of TaoSecurity Blog, Volume 2: Network Security Monitoring, Technical Notes, Research, and China and the Advanced Persistent Threat, The Best of TaoSecurity Blog, Volume 3: Current Events, Law, Wise People, History, and Appendices, and The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship.
Since 2003, cybersecurity author Richard Bejtlich has been writing posts on TaoSecurity Blog, a site with 18 million views since 2011. Now, after re-reading over 3,000 posts and approximately one million words, he has selected and republished the very best entries from 17 years of writing.
In the first volume, Mr. Bejtlich shares his thoughts on leadership, the intruder's dilemma, managing burnout, controls versus assessments, insider versus outsider threats, security return on investment, threats versus vulnerabilities, controls and compliance, the post that got him hired at a Fortune 5 company as their first director of incident response, and much more.
In the second volume, Mr. Bejtlich addresses how to detect and respond to intrusions using third party threat intelligence sources, network data, application and infrastructure data, and endpoint data. He assesses government and private security initiatives and applies counterintelligence and counteradversary mindsets to defend digital assets. He documents the events of the last 20 years of Chinese hacking from the perspective of a defender on the front lines, in the pre- and post-APT era.
In the third volume, Mr. Bejtlich addresses the evolution of his security mindset, influenced by current events and advice from his so-called set of "wise people." He talks about why speed is not the key to John Boyd's OODA loop, and why security strategies designed for and by the "security 1%" may be irrelevant at best, or harmful at worst, for the remaining "99%".
In the fourth volume, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Highlights include Congressional testimony, his very first articles on network security, and material never previously published from his abandoned war studies PhD program at King's College London.
He has written new commentaries to accompany each post, some of which would qualify as blog entries in their own right. Read how the security industry, defensive methodologies, and strategies to improve national security have evolved in these new books, written by one of the authors who has seen it all and survived to blog about it.
My latest book on NSM, published by No Starch (use code NSM101 to save 30% when buying from the publisher).
My pioneering book on detecting intrusions by watching outbound traffic, published by Addison-Wesley.
My book on investigating intrusions, co-authored with Keith Jones and Curtis Rose, published by Addison-Wesley.
I wrote the foreword for this ground-breaking book by Michael Sikorski and Andrew Honig, published by No Starch.
I wrote the foreword for this innovative book by Michael Rash, published by No Starch.
I contributed the material for chapter 8 ("Collecting Network-Based Evidence") and chapter 14 ("Analyzing Network Traffic") in the second edition of this book by Kevin Mandia, Chris Prosise, and Matt Pepe. I recommend buying the newer third edition, by Jason Luttgens, Matt Pepe, and Kevin Mandia, published by McGraw-Hill.
I contributed "Case Study: Network Security Monitoring" to the fourth edition of this book by Stuart McClure, Joel Scambray, and George Kurtz. It contained the first discussion of NSM in a book, aside from the academic papers by NSM inventor Todd Heberlein. I recommend buying the newer seventh edition, published by McGraw-Hill.
I contributed the foreword for this collection of essays published by Sqrrl, prior to their acquisition by Amazon. David Bianco hosts a copy at ThreatHunting.net. My last name is spelled correctly on the cover and in my signature, but not elsewhere.