Acknowledgments
We’re kind of shy about putting our names on this book. Chris and I did all the writing, but the ideas we’re describing didn’t originate with us. They represent the work started by Gavin Reid, Cisco CSIRT’s boss and FIRST rep, back in 2003. Gavin built the CSIRT team, assembled from proven network engineers, system administrators, and application developers. You’ll find examples of scripts written by Dustin, Mike, and Dave, tuning developed by Jeff, Jayson, and Nitin, investigations led by Chip and Kevin, and procedures written by Lawrence. In many ways, the whole team wrote this book. They’re the ones who deployed the gear, wrote the tools, hired the staff, built the processes, and investigated the incidents that form the basis for the ideas presented here.
The book seemed fine until Jeff Bollinger looked at it. He discovered all kinds of inconsistencies and technical gaps, and was kind enough to tell us about them before we published the book. Jeff gave room for Devin Hilldale to school us on style and grammar. Devin pointed out the inconsistencies that derive from multiple authors, and helped smooth out the writing style. He told me to stop leaving two spaces after periods, but my eighth grade typing teacher still controls my fingers. Mark Lucking gave input throughout the book, drawing from his experience in information security for banking.
Good security requires good community. Cisco CSIRT participates in security organizations of our peers in industry and government. ...