Over the last several weeks I’ve been reading a lot of Richard Bejtlich’s material – books and blogs. Richard is a frequent Black Hat speaker and emphasizes network security monitoring. He officially lists himself has “Director of Incident Response, General Electric”, but has been a former Air Force intelligence officer (described as a soldier who protects national security data.)

He’s posted a good essay on using open source security tools and specifically open source infrastructure like OpenDNS in order to battle large malware threats like Conficker.

I really like Bejtlich’s way of thinking – particularly his NMS framework he writes about in The Tao of Network Security Monitoring. He’s got several other books which I own but haven’t plowed through yet, but I can highly recommend:

“The Tao of Network Security Monitoring: Beyond Intrusion Detection” (Richard Bejtlich)

I’ve bought a 3 foot stack of books on security tools over the last few months, but out of all of them, “The Tao” is by far the best money spent. So, if you need a crash course in how to think about network security and you could only buy one book, that would be it.

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org