A collection of books, talks, and papers on security engineering

[veeralpatel979]

OP here. I'm very interested in two things: thinking about new types of security tools and studying how different systems, especially those that are not computer related, are secured.

This repo is for people who also fall into the second camp and are curious about how prisons are secured, how museums are secured, etc. And the techniques used to do this systematically -- kill chains, failure analysis, and so on.

Happy to hear your feedback, and sorry if it's a bit disorganized!

[kinow]

Created an issue about a ToC, as it would be helpful when looking for things in that list.

But looks really good, thanks for creating and sharing it.

I like reading post mortem posts about security incidents too. There's a repo in GitHub that I follow: https://github.com/danluu/post-mortems

A great source for what to do, what to avoid, etc. Not only for security.

[dijksterhuis]

So many config failures!

As an aside -- do you know of any good forensics / incident response books/resources for learning the fundamentals?

Seen some books/courses but they're often the "download this open source library and run these commands" ilk.

Spotted this, but no reviews:

https://www.amazon.co.uk/gp/aw/d/183864900X/

[veeralpatel979]

check out Kevin Mandia's book!

[dijksterhuis]

Thanks for the tip!

[roland35]

As a new security engineer, thank you! I also believe security engineering is not just abiutbweb apps but applies to everything. So far the things I've learned have opened my eyes to a lot of things, such as seeing someone share a Google doc with history enabled (could possibly leak information from a previous revision) to sharing the least amount of information as necessary in my interactions.

All I need is to get a yubi key now!

[dijksterhuis]

That Adam Shostack Threat Modelling book is top knotch.

Nice collection. Thanks for sharing.

[scott31]

for small values of "largest"