Over the last two years, I’ve read 25+ cyber security books to invest in understanding as many parts of our field (including the history of the industry) as I can. I’ve learned a ton and have been quite entertained in the process. Many have asked for a list of my favorite books in the space. With the world on lockdown from Covid-19 I figured now was a good time to share my shortlist.
If you chose to read one or more of these books, here’s what to expect:
Upside: You’ll learn and be entertained!
Downside: This isn’t the most uplifting topic! And sadly I think may be the subject of the next global impacting event.
Either way, this list is not just for security professionals. I’ve suggested these to complete cyber security outsiders and almost across the board they’ve really enjoyed them, and I hope you do too.
For those interested in a VERY short crash course on the security industry, I published an O’Reilly book titled Cracking Security Misconceptions: Untangling Common Myths About Modern Information Security that we made freely accessible online. It’s roughly 35 pages of content and written to be easily digestible—you can find it here.
My Top Five Cyber Security Books
1. The Cuckoo’s Egg by Cliff Stoll
The “OG” of cyber security books. The Cuckoo’s Egg is the only book on this list that is essential for cyber security professionals, but may be a little esoteric for the layperson. The book follows the experience of an academic-turned-systems manager and his true story of tracking down hackers infiltrating Lawrence Berkeley National Laboratory at the very beginnings of the Internet.
This book has inspired many of the infosec professionals I know, but is less known by the more recent wave of cyber security folks. Add this to your list if you’re in infosec and haven’t read it. You’ll learn a ton about how the industry was born and be entertained along the way by Cliff’s personal and technical journey tracking some of the world’s first hackers.
2. The Perfect Weapon: How the Cyber Arms Race Set the World Afire by David Sanger
David Sanger covers cyber security for the New York Times and he crushes this one. Good for any and all, Mr. Sanger provides a great history of where cyber warfare started, how it’s developed, and how our political response has developed. He gives a glimpse into the most recent administration’s handling of cyber security attacks (hint: they’ve handled better than you might think). If you read one book on security, I’d start with this one.
3. LikeWar: The Weaponization of Social Media by P.W. Singer
This one is silly good as well, and covers a different angle of cyber security that is less technical hacking but just as (if not much more) impactful in terms of the damage inflicted. It covers how organizations and nation states—namely Russia—have used social media platforms to spread misinformation and attack America and other countries.
I really had my eyes opened to the unintended use cases of new forms of technology. We’re excited about what new things the Internet has enabled us to do, but it’s also left us open to attacks that technology companies nor society have planned for or protected against. This is the new normal, so learning about how these systems are being abused is both fascinating and extremely socially relevant.
Kim Zetter’s book is a fascinating exposé about America’s most well known (and likely first) use of cyber weapons that caused physical destruction—not just stealing intel or digital data but actually destroying machinery in nuclear facilities in Iran.
The creation of the weapon was an incredible feat of innovation and ingenuity that clearly showed off America’s offensive cyber prowess at the time. That said, this was also a clear turning point in global cyber policy. In a realm of warfare where the rules of engagement were not (and still aren’t) clearly defined, it established a new standard for what is acceptable cyberwarfare.
5. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg
Released very recently (May 2019), Andy Greenberg not only has some of the most contemporary and recent information included in his book, but he builds on where Countdown to Zero Day finishes so it’s a great thematic follow-up.
While the U.S. opened the floodgates by building and using the Stuxnet cyber weapon, Russia has taken it to an entirely new level. Mr. Greenberg tracks the escalating uses of cyberweapons by Russia and the incredibly slow (and oftentimes non-existent) response from America and the international community to their ever-more aggressive and deadly behavior. This book raises incredibly important and pressing issues around how the international community defines acts of cyberwar and where and when to draw the line.
If you want to continue reading more after getting through the books above, here’s a few great ones that narrowly missed the cut:
- Future Crimes: Everything Is Connected, Everyone Is Vulnerable, and What We Can Do About It by Marc Goodman
- Dawn of the Code War: America’s Battle Against Russia, China, and the Rising Global Cyber Threat by John P. Carlin
- Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door by Brian Krebs
- Kingdom of Lies: Unnerving Adventures in the World of Cybercrime by Kate Fazzini
- Gray Day: My Undercover Mission to Expose America’s First Cyber Spy by Eric O’Neill