"Security engineering isn't electrical engineering; you can't reduce it to Maxwell's equations. You need many more mathematical tools: the crypto, the protocols, the information flow models, the game theory and maybe the emsec too. And then there's the human factors. Security is a fox subject, and getting more so."
- Ross Anderson, comment on schneier.com
Ross Anderson - Homepage
Books: Security Engineering
Youtube Playlist
John Strand - Homepage
Youtube Channel
Peter Gutmann - Homepage
Books: Engineering Security (PDF)
Tutorials: Godzilla Crypto Tutorial
Youtube Playlist
Marcus Ranum - Homepage
Papers: Six Dumbest Ideas in Computer Security (one of many listed here)
NIST Computer Security Special Publications
Reflections on Trusting Trust - Ken Thompson (PDF)
Personal observations on the reliability of the Shuttle - R. P. Feynman
How Complex Systems Fail - Richard Cook, MD
To Engineer Is Human: The Role of Failure in Successful Design - Henry Petroski
The Twelve Networking Truths
Do not neglect the psychology behind security.