Category: Book Reviews

Book Review: The Phoenix Project

PPhardcoverI was sent an advanced review copy of The The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by co-author Gene Kim and I can honestly say that it was one of the most enjoyable books I’ve read in a long time. The novel, written by Gene Kim, Kevin Behr, and George Spafford, not only combines an interesting story with sound business practices, it also teaches the reader about risk evaluation, critical thinking, and how manufacturing processes can translate to IT operations, development, and, of course, DevOps.

The characters in the book were easy to relate to and I suspect that if you have not yet worked for or with an individual depicted in the book in your career, you likely will at some point. Both the heroes and protagonists were easy to spot and I found myself genuinely rooting for the heroes throughout the course of the book.

If I have one criticism about the combined work, it’s that throughout the book the characters had very negative views towards developers and the historic disconnect between IT ops, security, developers, and the senior decision makers. This was something that I had hopped would evolve into, at the very least, a sense of mutual respect and appreciation for their skills, talents, and issues by the end of the novel. Part of me would like to see a parallell sequel written that depicted the same story from the view of the software people.

I recommend that anyone involved in any line of business read this book. Similarly, any person working within an organization will be able to learn something new about how their business operates. It shows the inner workings of how business decisions are prioritized and will help people relate to the decisions made in their own company.

Business leaders will almost certainly find a gem or two to help them optimize their existing business practices and perhaps even streamline their IT operations and product deliverables. I wouldn’t be surprised to see this book as the basis for future MBA or executive education tracks as I think, though the individual concepts may currently be presented, the combined work presents itself as a seminal case study into optimizing business by automating IT.

Book Review: Windows Registry Forensics

digforFour chapters. You might think that with only four chapters the author could in no way write a book that covers Windows registry forensics. I was a bit skeptical at first too but was quickly proven wrong. I’ve known Harlan for a few years now and I know that his knowledge of the Windows registry is in the 99th percentile when compared to his peers. Do not think of this as a four-chapter book. Think of this as a continuation of the concepts that Harlan presented in Chapter 4 of his Windows Forensic Analysis DVD Toolkit, Second Edition. With only roughly 100 pages in which to describe the valuable artifacts that reside in the Windows registry, Harlan obviously felt that he needed more room to spread his wing – hence the new book.

Chapter 1 provides a very detailed overview of registry analysis. Harlan really wants analysts to first consider the types of information they need prior to starting a forensic exercise. The ‘what’ and ‘where’ of the registry is detailed at great length in addition to its structure. Though this book shows you where to find the registry and some important keys, the author is careful to not present this as the Bible of registry information – knowing full well that the minutiae will change from Windows release to Windows release. What this chapter does provide, however, is a good sense of what types of information can be found within the Windows registry. Chapter 2 provides in-depth coverage of several tools to not only conduct forensic investigations on the Windows registry but also how to interact with the registry (both on the target systems and remotely). The author describes tools that he has crated (and that are freely available) in addition to tools and applications from others.

Perhaps the most valuable chapters in the entire book are the last two chapters. In chapters 3 and 4 the author provides numerous case studies that illustrate the kinds of information that can be found within the Windows registry. The various hives are discussed at length (the treasure chest of Windows artifacts) and numerous steps for tracking user activity are also discussed.

I cannot recommend this book enough. If you’re looking for this book to be the Bible of registry information – you’re not looking at the right book. If you want to know exactly what kind of information is stored within the Windows registry, however, this is an excellent map to get you to the finish line.

Book Review: Security Information and Event Management (SIEM) Implementation

siemOne of the contributors (Chris Blask – thanks Chris) gave me a copy of this book to review and I was very excited to start reading it. Unfortunately, this book did not deliver. The content was light and the filler content, to make the total page count appear impressive, felt artificially inflated. The first 3 chapters have little to nothing to do with SIEM implementation but rather with general security concepts that really add nothing to the book. Those chapters echo content presented within some of Shon Harris’ other publications and made me feel as though I was studying for my CISSP all over again. The CIA triad… really? Not only is the CIA triad discussed but the importance of each three letters are mapped to each business vertical (or buyer) in which SIEM systems are used. These mappings (low, medium and high affinity) feel very subjective and I disagreed with many of them.

It took roughly 53 pages (the start of chapter 4) before the team even starts ‘talking SIEM’. Starting with Chapter 4, the authors review SIEM concepts and components. Chapter 5 talks about the pieces and technology that comprise a SIEM – such as data collection, parsing, normalization, correlation, rules and storage. Perhaps the most valuable (not to mention ‘SIEM’) part of this book has a grand total of 40 pages over 2 chapters. Chapter 6 talks about incident response (more theory and conceptual thinking) but fail to describe how using a SIEM makes this easier/better/good. The final chapter in the section (7) talks about using SIEM for Business Intelligence (BI) but barely tells the reader what BI and SIEM have in common. In fact, only 5 pages of the chapter talk about using SIEM for BI. The third part of the book (pages 139 through 381) detail specific SIEM tools such as AlienVault/OSSIM, Cisco MARS, Q1 Labs QRadar and ArcSight ESM with implementation tips and ‘advanced techniques’. When I first saw the section I thought ‘Cisco MARS? Really?!?’ Who needs 2 chapters dedicated to a defunct SIEM product that hasn’t been prominent for several years? The authors would have been better off including a relevant SIEM product that people a) can still buy and b) still use. Also, much of the information presented could be gleaned from the product documentation available from the vendors and, therefore, should not make up the bulk of the book.

I sat on this review several days after reading the book so that my review might be a little more lenient…but I couldn’t bring myself to give this book anything higher than 3 stars. The only reason I was able to give this book 3 out of 5 stars is that it’s really the only published reference on the topic out there. If there were a competing work, any competing work, this would likely have been a 2 star review. This book could have been so much better than it was and makes me reconsider writing a book on the topic myself.

Scroll to top