“This is the ‘bible’ for cybersecurity, which needs to be consulted as we struggle to solve this enormous threat to our national security.”
—John M. Poindexter, PhD, VADM, U.S. Navy (ret.),
Former National Security Advisor to President Reagan
“This book is a technical tour de force! Neatly organized between these covers is a comprehensive review of how to think about designing and building trusted (secure) systems, representing decades of experience and deep thought by the author. Sami presents the material clearly, including diagrams, charts, and extensive pointers to outside references. He has also crafted useful summaries and questions for further thought, making this book useful as either a valued reference or as an advanced textbook. Not only does Sami describe techniques to use in designing trustworthy systems, but he also describes shortcomings—he’s not trying to “sell” a particular method.
This is the book I have wanted for over a decade, for use in my advanced information security systems course. This will occupy an honored position on my bookshelf between Ross Anderson’s Security Engineering and Michael Howard’s Writing Secure Code. If you are involved with any aspect of designing or evaluating trustworthy systems, it should be on your bookshelf too.”
—Eugene ‘Spaf’ Spafford,
Professor of Computer Science and leader of the CERIAS Project, Purdue University
“Sami Saydjari is today’s cybersecurity Renaissance man. Sami was the first to recognize that failed cybersecurity could one day deliver societal existential change equivalent to nuclear warfare. His early tenacity led to DARPA’s first cybersecurity research investment. This book is a definitive textbook on cybersecurity, and will become the instructional foundation for future trustworthy systems. Like the genius of Da Vinci, this book delivers insightful philosophy, deep understanding, practical guidance, and detailed instruction for building future systems that mitigate cybersecurity threats!”
—Dr. Marv Langston, cybersecurity technologies consultant;
former Naval Officer, DARPA office director, U.S. Navy’s first CIO, and
U.S. Defense Department Deputy CIO
“Sami is one of the great experts in our field and he has produced one of the finest and most complete works in our field. It should be your priority to purchase and read this amazing book! For anyone desiring a comprehensive treatment of the cybersecurity discipline, this is definitely the book. It’s an impressive work that covers the important issues in a complete and accurate manner.”
—Dr. Edward G. Amoroso, CEO of TAG Cyber, and former CSO, AT&T
“Sami Saydjari’s career has spanned most of the history of cybersecurity, and in this book he distills the lessons of a lifetime. This book is both comprehensive and easy to read, making its concepts widely accessible. It is notable for its emphasis on looking at a system as a whole, not just an aggregation of components, and for helping readers understand how to value information and how to deal with risk. I urge those building the systems that will be part of tomorrow’s critical cyberinfrastructure, which now extends into our factories, airplanes, cars, and homes, to read this book and apply its techniques. Until we learn to build on the lessons of the past, the future of cybersecurity will continue to resemble the present.”
—Carl Landwehr, IEEE Fellow and member of the National Cybersecurity Hall of Fame
“Saydjari has written an authoritative, timeless, and practical guide to cybersecurity. The architecture of the book allows the reader to gain knowledge across a wide range of areas from strategy and risk management, to the technical design concepts of engineering a trustworthy system with security and safety at its core. Each chapter concludes with a set of critical thinking questions. If organizations—corporate or government—take a disciplined approach in answering these questions, their understanding of the risks to their mission can only increase. We are reminded that society’s dependency on information technology is growing and new technologies are introducing even more risk to our way of life. Saydjari presents multiple methods to assess risk and diagnose an organization’s strengths and weaknesses. He then presents a thoughtful approach to effective risk reduction, taking into account cost and mission impact. This book underscores that our opponent’s reach, speed, and understanding of our vulnerabilities currently outmatch our defenses, which is why we must learn how to invest in engineering the most trustworthy systems. Our future depends on it.”
—Melissa Hathaway, cyber advisor to Presidents George W. Bush and Barack H. Obama,
now President of Hathaway Global Strategies advising countries and companies around the world
“In Engineering Trustworthy Systems, Sami perfectly captures the asymmetrical nature of cyberwarfare. This text will help level the playing field and put the adversary on their heels and is required reading for any organization building or running a security testing team. Focusing on the “hack” is a mistake, and Sami explains how and why bringing the strategist and tactician together builds a truly effective test team. Following the lessons from this text will transform test teams from hackers to cyber guardians.”
—Jim Carnes, former Chief of Security Testing Center at the DOD
“Sami Saydjari’s valuable new book reflects decades of experience in designing and building secure computer systems. His approach to risk management for secure system design is innovative and well worth reading.”
—Steven B. Lipner, Member of the National Cybersecurity Hall of Fame
“This book brings together all of the important aspects in cybersecurity design for the first time to include all of the myriad cybersecurity perspectives, the types and impact of failure, and the latest thinking in mitigation strategy. I can see this book becoming an essential and complete reference for the new student of cybersecurity as well as for the well-experienced professional. Sami’s thoughts and insights give the book an excellent structure and relevant examples that make even the most difficult concepts easy to digest.”
—Tom Longstaff, Chair, Computer Science, Cybersecurity,
and Information Systems Engineering Programs,
The Johns Hopkins University Engineering for Professionals
“As a long-standing proponent of rigorous, first principles design, I can endorse this book with unbridled enthusiasm. Cybersecurity practitioners, designers, and researchers will all find that the lessons in this book add inestimable, tangible value to their missions. The depth and breadth of this book is truly impressive.”
—Roy Maxion, PhD, Research Professor,
Computer Science Department, Carnegie Mellon University
“‘Yet another cybersecurity book’ this is not. Its real strength lies in going beyond the requisite scary attack stories and empty claims straight to the heart of very real operational problems that undermine current defensive capabilities and strategies. It does this to encourage the reader to think more carefully about the kinds of strategic design and planning that are so often lacking in building sustainable, evolvable, and comprehensive cyber protections. I highly recommend this book to those who actually have to make cyber defense work.”
—Kymie Tan, Systems Engineer, Jet Propulsion Lab
“O. Sami Saydjari addresses cybersecurity using a comprehensive and straightforward approach that draws on examples from other fields such as biology and astronomy to enhance clarity and purpose. Engineering Trustworthy Systems is a well-timed tome that strikes a balance between Saydjari’s many years of experience as one of DARPA’s top cybersecurity experts and the ubiquitous nature of technology in our daily lives. His style is personable and digestible for those without any formal computer science training. Read this book—and learn from one of the best.”
—Teri Shors, Professor, Dept. of Biology, University of Wisconsin Oshkosh;
Author of Understanding Viruses
“This book provides a refreshing look at cybersecurity by acknowledging the need for systems engineering. The book also emphasizes that cybersecurity is important for the sake of mission assurance, which is very important, but all too often overlooked by IT security personnel.”
—Joe Weiss, PE, CISM, CRISC, ISA Fellow, IEEE Senior Member,
Managing Director ISA99 (Industrial Automation and Control Systems Security)