How You Can Be Involved In the Cybersecurity Canon

Nov 03, 2014
8 minutes

cybersec canon red

Executive Summary

The Cybersecurity Canon is official, and you can now see our website here. We modeled it after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We formed a committee to get the process up and running and since my company -- Palo Alto Networks-- decided to sponsor the initiative, we’re now live with an official web presence.

We have 20 books on the initial candidate list but we are soliciting help from the cybersecurity community to increase the number to be much more than that. The committee will select inductees to the Cybersecurity Canon each, and we are now seeking books to put on that candidate list.

In order to do that, we need passionate readers like yourself to write book reviews for the website. The Cybersecurity Canon is an exciting idea. If you are a lover of great cybersecurity books – fiction, nonfiction, fanciful, technical -- I hope you will support our cause. If you have a book that you absolutely love -- and everybody that I talk to about this subject does -- then please write a book review and get it nominated for the candidate list. The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!


I have been in the cybersecurity business for a long time and have consumed my fair share of books on the subject. In my basement, I have an entire library of titles that I know you would recognize as being famous at one time or the other in the past 25 years. A while back, I was perusing my collection and feeling superior to no one in particular because I had read these tomes when I suddenly realized that, although I remembered the gist of most of the titles, I did not remember a lot of the details. Frankly, I was a little embarrassed. I used to think that I was well read. The fact that I could not remember the details was a little disheartening and an indicator of how old I was. Right there in the basement, I decided to do something about it.

The Story

I gave myself the task of re-reading some of the more interesting books with the intent to take notes on the details so I could remember them in the future. Those notes eventually turned into book reviews that I published for my customers when I worked at iDefense. When I left iDefense, the new GM, Jason Greenwood, gave me permission to re-publish those reviews on my own personal blog site (Terebrate) as a service to the cybersecurity community. When I joined Palo Alto Networks, I re-published that collection on the Palo Alto Networks public-facing research blog in order to service a wider audience and start to build some community around the idea of a Canon.

After a couple of years of doing those reviews, I had a collection of about 20 that I thought represented the cybersecurity community. The reviews explained how these books told our cybersecurity history, explained our culture or represented the current and best thinking on a myriad of topics like cyber crime, cyber warfare, cyber hactivism, cyber espionage and privacy in a digital age.

I began to get the idea that this collection, and probably about a 100 more books that I had not reviewed or identified yet, made up a set of cybersecurity books that everybody in our community should have read at some point during their careers. Our community really needs a Cybersecurity Canon.

From The Free Dictionary, a canon “is a group of literary works [that the community generally] accepts as representing a field.” I presented this idea at the annual RSA Conference in San Francisco this year (2014) and it was well received -- so much so that Palo Alto Networks decided to sponsor the concept. We decided to build the official Cybersecurity Canon

Not Just Technical Books

As I came up with my initial list, I considered the kinds of books that should be included in the Canon. I originally thought that it would be a collection of technical books. However, I soon discovered that although authors have published many fine books in this area, the technology evolves so rapidly that most of these books are now dated.

The idea of a Cybersecurity Canon, however, is to collect a set of books whose content is everlasting. Books that were very good upon initial publication but are no longer relevant today don’t meet the criteria to be included in the Cybersecurity Canon in most cases. There are technical books on my original list of 20 for sure, but they did not dominate the list like I had expected. So I turned my attention more broadly to non-fiction books; books where the authors detailed an important part of our culture or history or were able to capture the essence of a particular topic.

Finally, I considered novels. I know; that sounds strange that fiction might be included in a canon about a highly technical field. But it occurred to me that the target audience for the Cybersecurity Canon is not just a bunch of grizzled security veteranslike me. We might want to catch the attention of young people who have not decided yet if they want to join our community. If we can get them excited about the topic within a fictional setting, as long as the cyber is accurate and the details are enough to open some interesting discussions about the cyber landscape, then fiction should be eligible to be considered.

At the Palo Alto Networks Ignite 2014, our annual customer event, I selected Parmy Olson’s We Are Anonymous as the first book to induct into the Cybersecurity Canon. I delivered the same talk that I gave at the RSA Conference to the Ignite crowd, but this time we brought Parmy onto the stage at the end for a Q&A session. Afterward, Parmy stuck around and talked to the crowd and signed her book for all comers. We had a blast. All of a sudden, the Cybersecurity Canon had become a real thing.

The Tech

Right after Ignite, I formed a committee of prominent cybersecurity experts (including Parmy) and the team began building the infrastructure and mechanics to annually select one or more books from my initial list of 20, and other books that we have not yet identified or reviewed, into the official Cybersecurity Canon. I am happy to say that we launched the official website just a few weeks ago. Go take a look.

What does this mean to you? Well, we need your help. While the committee will select new inductees from the Candidate list every year, what I need from you is help building the candidate list. I expect the canon to grow over the years to include over 100 titles, which means the candidate list should be at least twice that size.

So here’s the ask: We need you to nominate books for the candidate list, but in order to nominate a book for the candidate list, you must submit a book review. This may seem onerous to you at first but bear with me. A review accomplishes two things: First, the book review will get posted immediately, once approved, and we won’t have to wait for a committee member to read the book and write a review. (A system like that would take months and create a bottleneck). Second, and maybe more importantly, you have to feel strong enough about your nomination to put some skin in the game. If you feel passionately about putting your book on the candidate list, you should at least have enough passion to spend a few hours and tell us why. So please, submit as many nominations as you wish, but first write a book review for each. The requirements for the book reviews are listed on the Cybersecurity Canon website.

We are accepting nominations for the Cybersecurity Canon Candidate list through the end of November 2014. Between December 2014 and February 2015, the committee will finalize the list of books on the candidate list. In February 2015, we will open the candidate list to the community for voting. The committee will consider the will of the cybersecurity community in deciding which books to include into the Canon in 2015. If all goes well, we will announce the winners at Ignite 2015 – taking place March 30-April 1 in Las Vegas -- and we expect to have the winning authors on-hand to sign books. How great is that?


The Cybersecurity Canon is an exciting idea. If you are a lover a great cybersecurity books, I hope you will support our cause. If you have a book that you absolutely love, then please write a book review for it and get it nominated for the candidate list. The Cybersecurity Canon is a real thing for our community and we have designed it so that you can directly participate in the process. Please do so.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.