When I do something, I always attempt to do it to the fullest, or at least to the best of my abilities. An old boss used to tell me, To be the best at something, you have to Live It” InfoSec is no different. To be a better information security practitioner, I surround myself with varying types of infosec media. Books, podcasts, comics, tv shows, movies, and more. Surrounding yourself with this media allows you to learn from different angles, solidify topics you are learning about, and broaden your horizons.
Books
Let’s start with books. If you’re busy or hate reading, I recommend trying out audiobooks. They’re an excellent way to link two habits together. I always listen to something while driving, walking the dog, or running. I usually listen to more casual books via Audible, where I buy the hardcopy of technical books to study and take notes. For example, I bought the hard copy of “Operationalizing Threat Intelligences” by Kyle Wilhoit & Joseph Opacki but purchased the audiobook of “Sandworm” by Andy Greenberg. The books I will be recommending are for casual listens/reads. Nothing super technical. There are some overlaps in topics as well as breaches they cover, but there always seem to be new facts I never knew before.
The Cuckoo’s Egg
The “Cuckoo’s Egg” is a non-fiction book by Cliff Stoll, a systems administrator and astronomer. The book chronicles Stoll’s efforts to track down a hacker who had broken into a computer system at the Lawrence Berkeley National Laboratory, where Stoll worked. The story begins when Stoll discovers a minor accounting error in the system’s log files and sets out to find the cause. As he investigates further, he realizes that the mistake was caused by a hacker who had gained access to the system. Stoll spends months tracking down the hacker, piecing together clues from log files and other sources.
This book demonstrates the logical thinking of a security analyst before there were security analysts. Thinking outside the box to find and track the threat within the network. It also provides an excellent history lesson on computer networks and their limitations of the time. It’s a good mystery novel, and it’s a true story. You can find the Cuckoo’s Egg official publishere page Here
Sandworm
Andy Greenberg’s “Sandworm” is a non-fiction book that tells the story of a hacker group known as Sandworm. This group is responsible for some of the most damaging cyber attacks in history, including the Ukrainian power grid attack in 2015 and “NotPetya” in 2017. The book explores the motivations and tactics of Sandworm and the efforts to track them down and bring them to justice. Sandworm is a compelling and detailed account of the ongoing threat of cyber warfare and the steps to defend against it.
Sandworm helped me understand the motives of nation-state-level hacking from a new angle. The book explains the threats to industrial control systems and operational technology(OT) hacking. After reading it, I had a clear picture of how these systems could make our lives much harder if hacked. I couldn’t find an offical website for Sandowrm, so here’s a quick link to amazon Here
This Is How They Tell Me the World Ends
This Is How They Tell Me the World Ends by Nicole Perlroth examines the growing threat of cyber warfare and the proliferation of cyber weapons. The book focuses on the development and use of such weapons by governments, militaries, and criminal organizations. The book also explores the potential consequences of a significant cyber attack, including the disruption of critical infrastructure, financial losses, and the potential for physical harm to individuals. The book was a thought-provoking and informative look at the risks and consequences of the cyber arms race. It covers similar topics as “Sandworm” but explores other points of view and other significant breaches. Where Sandworm felt like a story was being told about a singular character, This Is How They Tell Me the World End felt like world-building, like an epic fantasy world. Check out the books website Here
Cybersecurity Canon
These three books are fantastic in their own way. If none of them pique your interest, I highly suggest checking out the Ohio State University “Cybersecurity Canon” book reviews. They have reviewed many infosec books, including the three mentioned today. Check out the Hall of Fame Winners to narrow your search. test