JTS LTD // RESOURCES

Risk Management Resources

Many of the items that I've either found or developed over the years are available in the DHARMA section of HARDAC. Additional security and risk management resources are included (linked) here.

NATIVE RESOURCES
>> Tom's Education and Training Log // My professional certifications (highlighted in my curriculum vitae require me to accrue, and track, continuing professional education (CPE) credits. This spreadsheet includes the vast bulk of my post-2017 professional development line items, save for a few that were lost when my spreadsheet was corrupted. Either the items themselves, or the basic format, may be of interest to other security professionals who are also required to track their CPE credits.

>> The Atomic Employment Spreadsheet™ // After completing my postgraduate studies, I applied for nearly eight hundred posted vacancies before eventually landing a position. Eventually, I got extremely efficient about the process. I ramped this up again in 2016/'17, when I was working on finding an opportunity that would allow me to move home to Oregon. The result was my Atomic Employment Spreadsheet™, which is presented here. If you're a technology or security professional who's looking for work, you may find value in this resource. In the next major update, I intend to make a list of all of the vendors who have tried to sell me unwanted services and tools in my current job.

>> Feedly OPML file // For more than a decade, I've used Feedly, an RSS feed aggregator, to make my daily news reviews more efficient. This OPML file includes my favorite security websites, blogs, and podcasts, in addition to the remainder of the RSS feeds that I follow - podcasts, photography, news sources, and such. If you've created a Feedly account, you can find online instructions on how to import the feeds by loading the OPML file.

BOOKS
  • The Design and Evaluation of Physical Protection Systems by Mary Lynn Garcia // This is the standard textbook for anyone who pursues the Physical Security Professional certification from ASIS International. Readers may derive additional benefit from reading ATP 3-39.32 Physical Security (formerly FM 3-19.30).
  • Cyber War Will Not Take Place by Thomas Rid // The vast majority of people with whom I discuss cyber security, and virtually everyone whose writing on the topic I've consumed, could be described by a 2015 article entitled No Patch for Incompetence: Our Cybersecurity Problem has Nothing to do with Cybersecurity. Dr. Thomas Rid is one of the most noteworthy exceptions to this trend, and his 2013 book echoed many of my own thoughts, except that they were better organized. I can't recommend this book highly enough; anyone with an interest in the intersection of statecraft with digital networks should read it immediately.
  • The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll // In 1986, physicist and system administrator Cliff Stoll was assigned to investigate a minor billing discrepancy on the supercomputer network at the Lawrence Berkeley Laboratory. His tenacity, and scientific approach, led to the eventual arrest and conviction of a German hacker operating on behalf of the KGB. Stoll wrote his legendary book, The Cuckoo's Egg, which was later dramatized in an episode of the PBS series Nova (which is available to watch on YouTube). Stoll's book is entertaining and comprehensible, and someday I hope to use it in conjunction with NIST SP 800-53 to teach a course on why information security professionals manage networks in the way that they do. (I got to meet Cliff during the Summer of 2022!)
  • Choose Adventure: Safe Travel in Dangerous Places by Greg Ellifritz // I've supported travel security requirements in several of my jobs, and found Ellifritz's guidebook for safe travel in the developing world to be an excellent reference. If you plan to travel outside the safe confines of the developed world, I definitely recommend it.
  • Rajneeshpuram: Inside the Cult of Bhagwan and Its Failed American Utopia by Russell King // I list this particular book mostly for academic purposes, but it's a great study in security intelligence, and how terrorist groups, criminal organizations, and hostile cults operate.
  • The Siege: 68 Hours Inside the Taj Hotel by Cathy Scott-Clark and Adrian Levy // Scott-Clark and Levi's book on the 2008 Mumbai hotel siege is a detailed, albeit unsettling, study in how terrorist (particularly active shooters) operate.
  • The Siege of Mecca: The Forgotten Uprising in Islam's Holiest Shrine & the Birth of Al-Qaeda by Yaroslav Trofimov // Aside from providing a fascinating history of a number of key events in the modern history of the Islamic world, Trofimov's book provides security practitioners with a riveting case study in both counter-terrorism operations, and anti-terrorism preparation.
  • 13 Hours: The Inside Account of What Really Happened in Benghazi by Mitchell Zuckoff // In different ways, Zuckoff's book mirrors the value of the previous books by Scott-Clark and Levy, and Trofimov, by describing the tradecraft of terrorists operating in the Islamic world, and a mixture of both successful and unsuccessful countermeasures aimed at keeping high risk foreign personnel safe.
  • When Terror Comes to Main Street: A Citizens' Guide to Terror Awareness, Preparedness, and Prevention by Joseph A. Ruffini // I met Lieutenant Colonel Ruffini in 2008, and while I have yet to read his book, it comes highly recommended by several respected colleagues. I hope to read it in the near future.
  • The Complete Idiot's Guide to Risk Management by Annetta Cortez // I have yet to read this book. It may very well be rubbish, but for the time being, it's on my reading list, waiting to be read and evaluated.

    PODCASTS
  • Risky Business
  • Embargoed!

    YOUTUBE CHANNELS
  • LockPickingLawyer
  • DEFCONConference
  • Black Hat
  • U.S. National Archives

    OTHER WEB LINKS
  • NIST Computer Security Resource Center

    Click here to return to JTS, Ltd.