Background
While writing a note about My Reading Journey, I was reminded that I hadn’t put a section on list of books related to Computer Science in My Reading List. Was reminded of that again when I read today’s WSJ. The paper had a section towards the end dedicated to Cybersecurity. It had interesting articles like “The industries most vulnerable to cyberattack and why”, “How and when to teach kids to use passwords”, “The dangerous secrets our photos reveal”, “The added security risks of working from home”, etc. Each article was well articulated and thought provoking.
What caught my attention was an article named “A cybersecurity reading list”. I checked online and the same article was titled “Five Cybersecurity Books That Everyone Should and Can Read”. Though I’ve linked the article here, you might not be able to see it since it is probably paywalled.
I was eager to see if the list had books that I’ve read or heard about. Unfortunately, I’d heard of only 2 books - “Countdown to Zero Day” by Kim Zetter and Stoll - The Cuckoo’s Egg by Clifford Stoll. The Cuckoo’s Egg is on my Amazon wishlist but haven’t gotten around to buying or reading it yet. I’d read of Cyberattack being referred to as the “Fifth Domain” of warfare but didn’t know about the book. But I haven’t read any and surely must read a couple before the end of the year.
Top 5 books from WSJ article
The 5 books are as follows -
-
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter. Stuxnet is regarded as the world’s first digital weapon. It is the malware that crippled Iran’s nuclear-fuel enrichment program. In the book, Kim Zetter investigates the malware and provides a detailed account of the timeline from origin to release. Along the way, she explains key cybersecurity concepts.
-
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll. Lawrence Berkeley Lab is less than an hour’s drive from my home. So it actually feels like something that happened right here. In the book, Stoll is assigned to investigate an accounting error of 75 cents and that leads into a computer espionage story of chasing after an unauthorized user who was in their systems. I’m excited at the thought of reading this.
-
The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats by Richard Clarke and Robert Knake. The authors are former government cyber officials from the past 3 administrations. They describe the current efforts to advance security and prevent cyberwarfare and also analyze incidents from the past. The book is a warning as well as a study guide for everyone to understand the looming threat of cyber warfare.
-
Cult of the Dead Cow by Joseph Menn. I have a newfound respect for Beto O’Rourke after learning that he was part of cDc (Cult of the Dead Cow) which is the oldest, most respected, and most famous American hacking group of all time.
-
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg. I’m not sure if the title is a reference to the giant sandworms in Dune/Arrakis. Those are huge and dangerous beings with mouth as large as 40 meters (over 100 ft!!). For a description of Dune’s sandworms see Ultimate Guide To Dune (Part 1) The Introduction(12:13). In Sandworm (the book), Andy Greenberg, a journalist for Wired, writes about cyber incidents from 2014 to the release of NotPetya malware in 2017. Causing over $10 billion in damage, the malware destroyed public utilities (especially Electric grids) in Ukraine and other European countries.
Thought I’d do a Google search of “Cybersecurity Books That Everyone Should Read” to add to this list, or may be make it to 10.
Other top security book lists
The Best Cyber Security Books recommended by Josephine Wolff has the following -
- Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door by Brian Krebs
- Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter
- Worm: The First Digital World War by Mark Bowden
- Dark Territory: The Secret History of Cyber War by Fred Kaplan
- Bytes, Bombs, and Spies: The Strategic Dimensions of Offensive Cyber Operations by Amy Zegart & Herbert Lin
The 11 Best Cyber Security Books — Recommendations from the Experts from HashedOut has the following
- Hacking: The Art of Exploitation (2nd Ed.) by Jon Erickson
- The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick
- Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick, William L. Simon
- The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh
- Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World by Joseph Menn
- Social Engineering: The Science of Human Hacking by Christopher Hadnagy
- Practical Malware Analysis by Michael Sikorski
- The CERT Guide to Insider Threats by Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak
- The Cyber Effect by Mary Aiken
- Hacking Exposed 7: Network Security Secrets and Solutions by Stuart McClure, Joel Scambray, George Kurtz
- Threat Modeling: Designing for Security by Adam Shostack
I was glad to see Simon Singh’s “The Code Book”, though. I think WSJ’s 5-book recommendation is great for a beginner and covers a lot of topics to get some real insights.
Of course, there are always thousands of lists and a lot of choices. But a better strategy to get through the books is to have a smaller set to read or to have a couple of text books that you read over and again. For e.g. CLRS book on Algorithms.