One of the nice things about not having constant deadlines is that I can “chillax”. I’ve been getting a lot of reading done on my Kindle/iPad combination. And the latest book I’ve read is Zero Day, the debut novel by famous Windows insider guru Mark Russinovich.
The book centres around an independent IT security consultant who stumbles on a worldwide IT security threat, and then goes on from there. I normally cannot stand any form of entertainment that features IT. There are usually so many holes in the technology that is the centre of the plot that I focus on those rather than on the story. Not so here, as you would expect. The IT stuff appears accurate to me, and technical terms like a rootkit are dealt with at a high enough level that your granny will know all about them when she finishes the book.
The story is OK. I think it was missing a little something, a hook, … I dunno, I’m no novelist! It’s just that I finished it and was left wanting something more from it. But that’s just my opinion; lots of others have loved it and Mark Russinovich broke the news yesterday that a publisher has agreed to publish a follow up.
Where the book scores points is that it gets across that businesses are failing to get the most basic IT security practices right. Things like patching and antivirus still are not being done. And that probably goes back to an old soapbox rant of mine: many decision makers don’t value IT, and therefore don’t understand how it can benefit a business if dealt with strategically or put it at the risk of complete destruction if the right staff aren’t hired and best practices aren’t implemented. So if you are in IT and want a Secret Santa gift for the CIO/CEO, give them a copy of Zero Day 
I’m now reading Daemon by Daniel Suarez. I’m just a short way into it but it’s started out well. Leo Laporte and Steve Gibson both recommended it on the TWiT security podcast a few weeks ago. I’ll blame them if it sucks 
