With the announced retirement of Justice David Souter, President Obama gets his first chance to impact the court. The good news is that Justice Souter was a terrible judge, so I’m glad to see him go. The bad news is that Obama has repeatedly shown disdain for the Constitution, Federalism, Original Intent, and the general qualifications that most Conservatives require of prospective judges.

In discussing Souter’s departure, Obama stated “I will seek someone who understands that justice isn’t about some abstract legal theory or footnote in a casebook… I view that quality of empathy, of understanding and identifying with people’s hopes and struggles, as an essential ingredient for arriving at just decisions and outcomes.” Actually, the role of the court is to apply the law dispassionately and uniformly. Feelings don’t matter. The Constitution and the framer’s intent matters. Abstract legal theory matters. Empathy is not a qualification for a Justice.

Mark Levin’s new book “Liberty and Tyranny: A Conservative Manifesto” does a brilliant job of defining the original intent of the Constitution and why it matters. If you have not read this book, buy it immediately. It should be required reading in every high school civics class. In his book, Levin states “the Constitution sets forth certain terms and conditions for governing that hold the same meaning today as they did yesterday and should tomorrow… There really is no other standard by which the Constitution can be interpreted without abandoning its underlying principles altogether. If the Constitution’s meaning can be erased or rewritten, and the Framer’s intentions ignored, it ceases to be a constitution but is instead a concoction of political expedients that serve the contemporary policy agendas of the few who are entrusted with public authority to preserve it…”

“To say that the Constitution is a ‘living and breathing document’ is to give license to arbitrary and lawless activism… where the Constitution is silent, states and individuals need not be. The Constitution and, more particularly, the framework of the government it establishes are not intended to address every issue or answer every perceived grievance.” (read more…)

I recently was asked by some colleagues how an IT admin can get into infosec. It’s a tough question for 3 reasons: 1) Most administrators are not wired to be security professionals. The goal of admins is to provide services to users. The goal of infosec is to limit services to only authorized users. These goals often conflict. 2) Most admins specialize in a single technology; good security pros need to be fluent in a wide range of technologies. 3) Security requires a deep knowledge of computing and networking theory, which many admins lack. Modern operating systems provide a high level of abstraction from issues such as the proper format of TCP headers. I know some very skilled systems engineers who do not fully understand a 3-way handshake, nor do they need to. But for a security engineer, understanding this process, how to exploit it, and how to recognize when someone else is exploiting it is critical.

My best advice for those crazy enough to desire a career in infosec is always to start with the technology they already know, learn how it works at a low level and how to break it, and then learn how to protect it. After that, security is a non-stop learning process. The best security guys I know spend hours reading, surfing, and studying every night. Sleep is for the weak!

I compiled the list of books below as a representative sample of the books on my shelf that I reach for regularly. In my (never) humble opinion, every infosec professional should own (and read) each of these, or others in the same category. Originally, I intended this to be a Top 10 list, but I had too many books on my list. 20 is the shortest I could get it and still be representative.

(read more…)