Top 10 Security, Technology and Business Books of 2019

My annual compilation of best books for the year 2019 is now live at OODA Loop.  I read over 100 books to select the ten best of the year.  Also, please consider subscribing to my weekly email newsletter that tracks the top cyber and technology stories of the week and provides one book review per week as well.  Subscribe at www.globalfrequency.com - Thanks!

https://www.oodaloop.com/archive/2019/12/02/top-10-security-technology-and-business-books-of-2019/


The Third Decade Problems

Meaningful work is the opus of a successful career and over the past two decades, I’ve had the humbling honor of working impactfully on important issues.  

In the early and mid-90’s, I helped identify the next generation of conflict in the cyber domain and worked to prepare the United States and our Allies for cyber-enabled operations.  I was a founding executive at iDefense which spearheaded the cyber intelligence field and would guide iSight Partners through a critical growth period a decade later. At the Terrorism Research Center we worked tirelessly on counterterrorism related issues and when the world shifted on September 11, we were well positioned to provide valuable training, research, analysis and other critical services.  In 2010, FusionX was created to address the next generation of cyber threats through advanced red teaming and incident response.

By focusing on meaningful issues and accurately predicting future risks, these were also successful entrepreneurial endeavors as each company was acquired.  

As I look toward the next decade of my professional career, it is important that my future entrepreneurial efforts are also tied to meaningful issues.

To that end, I’m starting a new company called OODA LLC.  At OODA, we will be working in the broader advisory market and providing high value to our clients, but we will also be focusing on three big meaningful problems.  The measure of our success will not be constrained to revenue and profits, but by also working towards impactful solutions to three of the next decade’s most pressing challenges.   Here are three areas where we want to make an impact.

Problem One - AI Integrity

We are about to make a great leap forward in disruptive technology in the areas of machine learning and Artificial Intelligence.  Given the potential for autonomy around these technologies it is incredibly important that we develop and adopt them in a manner that allows us to realize the benefits of the technology while also managing the risk.

At OODA we will be working on AI security issues in several significant ways.  For example, what does a FusionX style red team look like for an AI environment?  How do we appropriately test the security profile of an AI system? How do you red team for algorithmic bias or unintended consequences?  An attacker making a change in a machine learning algorithm or the data it learns from can have a disproportionate impact on the future security of that system.  Like interest in a bank account, mistakes in AI and machine learning have a compounding effect.

We will draw upon our extensive cyber experience and expertise, coupled with deep data science expertise, to address these critical issues in the market with what we are calling a Turing Integrity Assessment.

Problem Two - Cybersecurity

Over the past two decades, the cybersecurity industry has accomplished much, but there is still so much work to be done.  While our greatest concerns regarding cyber attacks against critical infrastructure have not yet been realized, it is highly likely that capability and intent will align over the next decade and a consequential attack will happen.  Additionally, attackers have adapted over the past decade to target trust and reduce our confidence in information and institutions. The very information and institutions that serve as the foundation for future prosperity.

We need to make sure that we design security into our next generation of systems and technologies.  It will require a deliberate approach to build security into the design process and ensure we don’t repeat the mistakes we’ve made over previous iterations of systems and networks.  As the impact of technology amplifies, so do the risks and we can’t afford to sleepwalk through the next decade.

We need to actively counter efforts to disrupt our social integrity and diminish our trust not only in technology, but in each other.  This will require new thinking and approaches and dependencies on new technologies like AI.

We need to impose greater costs on cyber attackers by creating a next generation of cyber security solutions and approaches.  We need to make sure those approaches are adopted in the market and a successful cybersecurity ecosystem exists.

As you can imagine, the phone rings with a lot of cyber opportunities and we intend to answer it and continue to apply our experience and expertise in this domain.

Problem Three - Objective Decision Making

Everything we do at OODA will be geared towards enabling intelligent action.  It is, after all, the tagline for the company. When you name a company after Colonel John Boyd’s OODA Loop (Observe Orient Decide Act), enabling decision-making becomes a guiding ethos.

In addition to our consulting, advisory, and intelligence services, we will also be operating several resources geared towards bridging the gap between domain expertise and applied expertise in modern organizations.  

The OODA Loop site

Operating at OODALoop.com, this site engages experts, practitioners, and analysts to provide objective research and analysis that can inform your decision making.  We seek to identify and explore those critical security, technology, and business issues that should be on your radar screen.

A core component of the site will be the OODA Network where members are seeking to obtain high-integrity information, intelligence, and insight curated by trusted experts.  This network will also foster collaboration and cooperation to address global issues, identify new trends, and create opportunities.

I’ve always felt that the problems we face are greater than any one organization is going to solve.  It is no coincidence that one of my favorite graphic novels is the Global Frequency, where an network of 1001 experts are asked to respond to global crises. At the Terrorism Research Center we had an expert network and helped build a network of Terrorism Early Warning Groups in 56 cities in the United States (that served as the foundation for the DHS Fusion Centers).  After 20 years, we’re able to optimize the design of an expert network and expect the OODA Network to be very high yield for all involved.

When it comes to global risk issues, none of us is as smart as all of us and our solutions must mirror the network enabled architectures of our threats.  While we don’t expect to make a profit operating this network, membership will not be free to ensure everyone has skin in the game.

CTO Vision

While we intend to track broad technology issues at OODALoop.com, we will also be operating an enhanced CTOVision.com portal to track enterprise technology and the technology trends and developments taking place in the global technology environment.  My partner Bob Gourley has operated CTO Vision for over a decade and it has been on the forefront of identifying and analyzing emerging technology trends.

The Future Proof event series

Drawing upon our five years of successfully operating the FedCyber conference, Bob and I will be launching a new event series called Future Proof.

Society, technology, and institutions are at the precipice of unprecedented change.  Rapid acceleration of innovation, disruptive technologies and infrastructures, and new modes of network-enabled conflict require leaders to not only think outside the box, but to think without the box.

The Future Proof conference brings together the hackers, thinkers, strategists, disruptors, and creators with one foot in the future to discuss the most pressing issues of the day and provide insight into the ways technology, risk, and opportunity are evolving.  Future Proof is not just about understanding the future, but developing the resiliency to thrive and survive in an age of disruption.

We expect to host one big annual event, coupled with quarterly regional events.

OODA Ventures

Years ago I recognized that I derive much happiness from the success of others and I have mentored or invested in dozens of entrepreneurs over the years.  Through OODA Ventures we will advise, mentor, and invest in early stage cybersecurity and technology start-ups.

We won’t just write checks. We will work with entrepreneurs to mature their market approach and develop momentum for their product or service by leveraging our extensive network. We study and look to understand the environmental, technological, scientific, and geopolitical factors that will impact the future as well as the gray area phenomena on the fringe that could present unexpected challenges or opportunities.

In addition to investing our own capital, we will be raising a small seed fund, allowing investors to capitalize on our diligence process and understanding of future market opportunities.

Bringing It All Together

If you’ve ever worked for me or follow me on social media, you know that I prioritize people over organizations and view the human element to be the most critical component of success.

To this end, I’ve partnered with Bob Gourley on the launch of OODA.  Bob has been a close friend and colleague since 1996 and we’ve worked together on dozens of projects in the U.S. government and commercial sectors.  His energy and enthusiasm for these issues mirrors my own. Together, we’ll build out a world-class team that I’m sure will include a lot of familiar faces over time.  

There is lots to do, so let’s get to it.  If we haven’t touched base recently, please get in touch and let’s figure out how we can collaborate in 2019. In the meantime, take a look at OODA.com and let me know what you think.


Top 10 Security, Business, and Technology books of 2017

I've compiled my annual list of top books.  Not your typical top ten list.  Check it out at OODA Loop


Best Security, Business, and Technology Books of 2016

"Dozens of times per year, I get asked to recommend my favorite books so I couldn’t say no when the OODA Loop team asked me to build on Mark Mateski’s popular Red Teaming book list by providing my top 10 books for 2016. I have very eclectic interests, so I’ve focused my list on the top security, business, and technology books of 2016. Given that I’ve always drawn on fiction for both inspiration and insight, the list also includes three very compelling works of fiction that should be of interest to those in the security and technology fields. Please feel free to share your thoughts and recommendations with me via twitter @MattDevost. Happy reading!"

Source: OODA Loop - Best Security, Business, and Technology Books of 2016


Autonomous AI guards to stalk the internet fighting hackers

"The Grand Cyber Challenge at the Black Hat cybersecurity conference in Las Vegas pitted artificial intelligences against each other, while their human creators sat back and watched. Fighting for a $4 million prize pot from the US Defense Advanced Research Projects Agency (DARPA), each AI tried to hack its opponents’ computer systems. They sought weak spots and figured out how to exploit them while defending their own computers.

The sophistication of the artificial hackers impressed many of those present. ‘This really caught me by surprise,’ says Matt Devost of cybersecurity firm FusionX in Washington DC. It could transform the security scene in the next 10 years, he says."

Source: Autonomous AI guards to stalk the internet fighting hackers | New Scientist


Ransomware: Lucrative, fast growing, hard to stop

"'I imagine it will hit into the millions of dollars, if they are able to infect some of the right types of targets in an enterprise environment,' said Devost.
Like smart start-up CEOs, the hackers are testing the market and refining the business model. As the vast majority of attacks are likely settled without going public, more research is needed to figure out just how profitable the business really is, said experts. Unlike the criminal networks, which often share information freely, many of the victims do not."

Source: Ransomware: Lucrative, fast growing, hard to stop


Ransomware Poses a Rising Threat to Hospital Operations

"Because of the potential to disrupt their operations, hospitals are logical targets for attacks. If infected, they may have little choice but to pay the ransom—and quickly, said Matt Devost, CEO of security consultancy FusionX, which is now owned by Accenture.
'If I target a midtier, medium-sized business and encrypt their data, there is probably a period of time during which they can operate without access to their data,' he told eWEEK. 'With hospitals, that is not the case, and that makes them a ripe target.'"

Source: Ransomware Poses a Rising Threat to Hospital Operations


How accurate is Mr. Robot? The show’s data, password, and smart home dangers.

"It’s often as simple as that. When I was researching my book, Dark Territory: The Secret History of Cyber War, Matt Devost, president and CEO of the cybersecurity firm FusionX, told me about his days running the ‘red team’ in war games that tested the vulnerability of NATO communications systems. In one game, Devost was having a hard time cracking the commanding general’s password. So he looked up his biographical sketch on a military website, tried out some of the personal details it cited, and finally hit gold by combining ‘Rutgers,’ where the general’s son was attending college, with a two-digit number, which a commercially available random-numbers generator guessed in less than a second."

Source: How accurate is Mr. Robot? The show’s data, password, and smart home dangers.


Can hackers sway public opinion with DNC and NSA leaks?

"'The first entree into cyberconflict isn’t physical destruction,' says Matthew Devost, President of FusionX, a cybersecurity and risk management company. 'If an airplane with 200 people falls out of the sky, it’s very easy to determine our response. But with the DNC hack, the impact isn’t as tangible.'"

Source: Can hackers sway public opinion with DNC and NSA leaks? - CSMonitor.com