Security Engineering Notes

"Security engineering isn't electrical engineering; you can't reduce it to Maxwell's equations. You need many more mathematical tools: the crypto, the protocols, the information flow models, the game theory and maybe the emsec too. And then there's the human factors. Security is a fox subject, and getting more so."
- Ross Anderson, comment on schneier.com

Recommended Authors and Speakers

Ross Anderson - Homepage
Books: Security Engineering
Youtube: Playlist

Peter Gutmann - Homepage
Books: Engineering Security (PDF)
Tutorials: Godzilla Crypto Tutorial
Youtube: Playlist

Bruce Schneier - Homepage
Books: Complete List (All recommended reading)

Marcus Ranum - Homepage
Papers: Six Dumbest Ideas in Computer Security (one of many listed here)

Recommended sites

NIST Computer Security Special Publications

Additional books and papers

Reflections on Trusting Trust - Ken Thompson
Personal observations on the reliability of the Shuttle - R. P. Feynman
How Complex Systems Fail - Richard Cook, MD
To Engineer Is Human: The Role of Failure in Successful Design - Henry Petroski
The Twelve Networking Truths

Do not neglect the psychology behind security.

Boyd: The Fighter Pilot Who Changed the Art of War
The Art of War - Sun Tzu
Just 2 Seconds - Gavin de Becker

Certifications

CISSP-ISSEP - Security Engineer concentration for CISSPs
CISSP-ISSAP - Security Architect concentration for CISSPs

Videos

MIT Computer Systems Security (Fall, 2014)

Security Engineering: That Which Is Not Expressly Permitted, Is Denied