What Books do you think should be in the Cyber Security Canon?

For the past decade, I have had this notion that there must be a definitive Cyber Security Canon; a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, will leave a hole in the cyber security professional’s education that will make the practitioner incomplete. I would call this booklist the Cyber Security Canon. Here are my criteria for books that should be considered for the Cyber Security Canon:

1. A group of literary works that are generally accepted as representing a field: "the durable canon of American short fiction" (William Styron)

2. A list of writings officially recognized as genuine.

3. The list of works considered to be permanently established as being of the highest quality: “Hopkins was firmly established in the canon of English poetry.”

The Canon would include non-fiction and fiction books as long as the content met the definition and the books on the list would not necessarily be purely technical. By purely technical, I mean books that are how-to-manuals about the inner workings of security protocols, coding practices, standard operating procedures and the like. No. We have plenty of books in those categories that are covered by the various technical and security certification programs. And unless they describe some timeless aspect of the community, some technology that has not changed and will not change, then they do not meet the definition.

To qualify, these books should accurately depict the history of the cyber security community, characterize key players or significant milestones in our community or precisely describe technical details that do not exaggerate the craft. The best ones will do all three.

With that in mind, I propose the following 20 books for consideration. You can read book reviews of all of these books at my website:


or on the Palo Alto Networks site:


In the survey below, you can vote on as many books as you like from my list that you think should be in the Canon and offer other suggestions for books I might have missed.

The top three books from this survey will be included in the first annual Cyber Security Canon Induction Ceremony at the Palo Alto Networks Ignite Conference in Las Vegas from 31 March to 4 April.


--Rick Howard, @raceBannon99

Question Title

* 1. Do you consider yourself to be ....

Question Title

* 2. How old are you?

Question Title

* 3. Are you male or female?

Question Title

* 4. Which books should be included in the Cyber Security Canon?

Question Title

* 5. Which Books should be on the list that are not currently?