The 5 Books Every Cybersecurity Professional Should Read

Why a Cyber Book Club

Earlier this year, a group of industry professionals I know started talking about interesting books they'd read. One title sparked a particularly lively conversation. We all wanted each other's perspectives on what we read, and thus our very own cyber book club began. It doesn't have a flashy name yet, but I’ll refer to it as the Cyber Book Club (CBC). Free time and focused reading are at a premium in my life, so joining a book club meant finding something more productive than quietly reading in a corner with some wine. I decided to lean on Audible (not an ad). Since I commute and traveled quite a bit (pre-COVID), it let me listen and get through books in that fashion.

If you are interested in Audible, here's a referral link if you're interested. (PLUG/AD) -> When you try Audible, you will get 2 free audiobooks: https://amzn.to/39tAv3v

The CBC convenes every month. We meet to talk about the book we selected, our opinions, and an overall review of the content. After the discussion, we look at the wish list of books other members have added in a shared document, set a date for the next meeting, and start reading the next pick. It's a simple system that helps us broaden our horizons. Participating in a group environment adds just enough peer pressure and accountability to finish the book instead of promising you will and never following through.

Essential Reads

Participating in the book club has given me a broad selection of titles I might never have discovered. The club pushed me to keep a running, ever-evolving list of books that I genuinely believe EVERYONE in the field should read. The books I chose aren't overly difficult to understand, and you don't have to be deeply technical to enjoy them—they break down many concepts well. I will say, however, that being in the industry helps you appreciate them even more. The list below mixes history, entertainment, shared knowledge, and perspectives on events in the community that some may not know. Not all of the books are "full-on" cyber, but they relate and offer lessons that help a cybersecurity professional navigate the profession.

Note: This list is just an overall recommendation list; the books ranked below are from 1-5. If you are only going to read a couple, start at #1. If you are going to read all five, then ingest them in any order. I promise there are no spoilers in my brief reviews below.

1. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

If you ever wondered how cybersecurity could go from being just about computers, bit, and ones and zeros to actual kinetic and realized consequences, in the physical realm, this is the book for you that will answer those questions. This book follows the journey of the group called Sandworm. It follows the professional's and the firm's experiences that dealt with and discovered a lot of their activity. The book goes over how they got their name and some of the other events that follow around that time. This book goes over Stuxnet, Shadow Brokers, Project Aurora, and much more. This book should allow you to understand why critical infrastructure and industrial control systems have been discussed a lot in the past decade. If you are familiar with some of the big players in the community, you will notice a lot of the names from the book.

2. Mindf*ck: Cambridge Analytica and the Plot to Break America

I had heard about this book as the accounting of how Facebook allowed the mishandling of their data, but it turned out to be much more. You hear all of the time, I am sure, about the presence of information warfare, fake news, and deep fakes. This book gives you an accounting of an actuation organization that operationalized it, and it lays out a bit of how they did it. It even lays out a bit around the science around the concept. It touches on the politics and the perspectives of some of the whistleblowers and their experiences. Lastly, it talks about the downfall of the organization as well. The book will give you an account of how it's possible for things like data weaponization and manipulation. After reading the book, it should allow you to have a better understanding to be more conscious of the tools, programs, and other works you allow your organizations to have.

3. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

This book accounts for an adventure of cat and mouse from system administration (SysAdmin) point of view of trying to catch a hacker in his network. My incident response (IR) and sysadmin guys will get a kick out of this one. Some nostalgic parts accompany some of the technology used during that period and throughout the book. It's told in a pretty entertaining way that keeps you wanting more and what the next thing that is going to happen. It is not as predictable as you might think, and some of the players and organizations involved will keep you interested as well. It's a serious book that professionals can relate to, while at the same time being a story that you can truly enjoy.

4. Permanent Record

I won't comment on my stance on Edward Snowden and what he did was right or wrong. However, I think his perspective and how he reached the conclusions and decisions he did is worth hearing. The book does an exciting job of laying out that story, background on him as a person, and ends with the challenges he dealt with after making the decisions he made. I think the bonus piece that I liked about the book is the accounting from his significant other on how it affected her life and some of her accounting of events. The book allows you to keep in mind some of the things some "whistleblowers" might have to deal with internally. It also provides you insight around what could happen as a result of "blowing the whistle."

5. Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World

This book I struggled to enjoy as a story. Still, I think it's essential to understand history because it gives us a look at one of the entry points to how the information security (InfoSec) community formed and how some of the tools we used today came to existence. Some of the infamous people that we know in the community mentioned in this book. It follows one group and a subset of people, but it's a good representation of how the community began and flourished throughout time.

Honorable Mentions

I am only recommending five books, but there are still others that are worth mentioned and that are pretty good as well. Below are a few more that I have read that are worth mentioning.

• @War
• The Phoenix Project
• The Fifth Domain
• The Ghost Ship

Upcoming Reads

• Small Wars, Big Data: The Information Revolution in Modern Conflict
• LikeWar: The Weaponization of Social Media
• Red Team: How to Succeed By Thinking Like the Enemy
• The Watchers: The Rise of America's Surveillance State
• Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
• Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door
• Hacking the Hacker: Learn From the Experts Who Take Down Hackers

Recommendations

So! What'd I miss? What books should be added to my list?