The last time you were in a library, or a bookstore, you probably noticed how quiet it was. This doesn’t mean that people weren’t excited, or downright celebrating, they were engaged in a different method of celebration; the kind that takes place between the covers of a good book.
April 23rd marks the celebration of World Book and Copyright Day. As eloquently stated on the UNESCO web page, “through reading . . . we can open ourselves to others despite distance, and we can travel thanks to imagination.”
We asked a selection of Tripwire friends, and security experts for their recommendations for books that lift, educate, and inspire. We hope you can use this list, not only to gain more knowledge, but to also strike that spark of insight that lies within.
Chloe Messdaghi | @CHLOEMESSDAGHI | (LINKEDIN)
Our industry needs to come together and recognize hackers in the space, and why they are critical to understand. Tribe of Hackers provides information about the hacker community, written by the hacker community. It showcases red teamers, purple teamers, blue teamers, and leaders. Most importantly, it reminds people that hackers are not the enemies, they are the ones protecting and serving every single moment of the day.
Sophia McCall | @SPOOKPHIA | (LINKEDIN)
The book features various security professionals in the field, including myself. Confident Cyber Security showcases cybersecurity at its best, and is an essential component of any cybersecurity library at home.
Anastasios Arampatzis | @TASSOSARAMP | (LINKEDIN)
During the pandemic lockdowns, our children transferred their social activities from the school playgrounds and the parks to their smartphones and laptops. With the pervasiveness of digital technology in our lives and families, it becomes extremely important for parents to switch to “digital parenting” to manage these new challenges. As the authors note, it is not just about managing technology. It is about family practices and values around technology to explore dilemmas over how to live, what is wellbeing, and what is the hoped for “good life”. Parents may elect to embrace, balance or resist change but at the same time they have to confront the lack of state support, and their kids’ arguments for a democratic family. This book is a must have for any parent looking to raise responsible digital citizens.
Mitch Parker | (LINKEDIN)
In the book Click Here to Kill Everybody, Bruce Schneier elucidates that our hyper-connected world leaves lots of reason for security doubt, especially if you consider the motivations of everyone involved. Companies focus on taking full advantage of profits, and security (or the lack thereof) is often ignored, leaving the consumer to bear the burden.
Schneier raises questions on criminal behavior and broader, government policy considerations in order to try and figure out where we draw the line between the free market, and consumer security. Questions such as, how much security is needed, what are the correct algorithms, and how will these all be enforced? There is much more to this book, and Bruce builds the basis for much deeper thought, and need for oversight in a completely connected world filled with ongoing synchronization of opportunity and tragedy.
David Gilmore | @DAVEG_TRIPWIRE | (LINKEDIN)
If you are starting out in cybersecurity and you are looking for an interesting read that provides some fundamentals, then I recommend this book. Just remember that these techniques have now been around for over a decade, and new ones are being developed every day. Hope you find it a good read.
Raymond Kirk | @RAYMOND_THE_PM | (LINKEDIN)
It's extremely interesting because it details how several attack surfaces were all chained together to make such a sophisticated cyber weapon. This ranged from common social engineering tactics, to secret USB files that in turn, created Kernel root kits that then masked payloads behind executable packers in dynamic link library (dll) files that followed strict converting algorithms and sandboxing techniques with the addition of DNS masking and encrypted phone-home communication abilities. This was all carefully designed to target Critical Infrastructure Operational Technology in a particular region of the world.
I enjoyed this book because it demystifies the how, and why security is so important along with how it can have life changing financial, organizational, and political effects.
Cybersecurity is of course very much a product of this third wave, and an understanding of how we have got to where we are and where we may yet go, should inspire and interest many of its practitioners. Today, the book still works on many levels. It is packed with ideas which not only foresaw many of the technological developments we take for granted, but it also anticipated the irreversible impact they would have on the way we think, act, and live. Other developments may just be emerging. Whilst signaling the warnings of such advancement for those displaced, and acknowledging the inevitable conflict as the third wave awkwardly collides with the last, Toffler’s vision was not of some dystopian future, however, but more one of cautious hope, and new possibilities. In popular culture, the book is also recognised as having a profound impact on Detroit’s highly influential ‘Techno’ music pioneers and innovators.
Using the same well-chosen set of questions for each expert, the comments range from specific security viewpoints to career advice. The full series is great, but I recommend starting with the first in the series Tribe of Hackers. The interview format was easy to consume in short bursts, say over my morning coffee!
While reading specific individual opinions was valuable, I especially found fascinating the overall trends that came from having 70 experts opine on the same questions. In particular, how many experts still point to basic security hygiene such as; strong passwords, 2FA, asset inventory, change management, and, how many companies are still ‘waiting for a breach’ to justify the budget to create a security program based on recommendations such as the Top 20 CIS controls.
In the long run, using my favorite way of learning – reading - this series improved my personal knowledge around cyber security and is a great resource to have on hand.
Ary Widdes | (LINKEDIN)
While it's technically a young adult novel, the presentation of programming and hacking as magic really struck my fancy when I first caught sight of the book a few years ago. The author has a good enough understanding of cyberspace and the terminology to transform it into this magical world where a web “spider” is in fact shaped like a spider, and a laptop is also a sentient goblin familiar. This is the first book in a series that has continued to delight, as McCullough expands on the unique universe he created, and Ravirn goes from small-time hacker kid to a power in his own right.
Craig Young | @CRAIGTWEETS | (LINKEDIN)
In this book, Greenberg uses interviews with key players to peel back the curtain of international cyber-espionage and warfare with a specific focus on entities of the Russian federal government. The book is full of interesting accounts of pivotal events like the Aurora Generator Test, attacks against Estonia, and the aftermath on the ground in the wake of NotPetya. I really liked the historical context included in the book and how this can tie together various seemingly disparate events into a cohesive story. The book is absolutely eye-opening with regard to just how badly a sophisticated adversary could disrupt society through a cyberattack, as well as to understand some of the mechanisms and motives of Russian cyber aggression.
Jihana Barrett |@IAMJIHANA | (LINKEDIN)
This resonated with me because my career in cybersecurity began while I was serving in the United States Air Force stationed at Ft. Meade in Maryland. During my career, I worked many roles on the NSA campus and was a witness the beginnings of CYBERCOM. I was part of the government that was “figuring out this cyber thing.” I became a Digital Network Exploitation Analyst, where we learned about STUXNET and various cyberattacks, to help us better understand the cyber threat from which we were being charged to protect America.
Reading Sanger’s perspective on the United States’ response or lack of response to the cyber threat was very real for me. I lived it. It is a good read for those who are technology-dependent, but clueless about how deep cyber warfare actually is and who the threat actors are in the work arena. Overall, definitely worth reading.
Ambler T. Jackson | @AMBLERJACKSON | (LINKEDIN)
The author weaves in the history of cybersecurity, cybersecurity teaching, training and awareness models, historical references to leadership, including historical figures who were considered ethical leaders, and connects the dots between types of leaders and types of leadership, and the narrower topic of cybersecurity leadership. Throughout the book, you will read very simple and practical definitions of leadership, as well as examples of what constitutes good leadership and bad leadership.
In addition to those who aspire to the role of CIO, the book is a practical resource for individuals who may be responsible for serving in an advisory role to the CIO or who would like to understand how to successfully collaborate with the current CIO within their organization. The book includes high-level information related to developing a cybersecurity program, as well as some very specific recommendations related to education, healthcare, and technology. I like that the author focused on the evolution of the CIO’s role from an operational one to a strategic one, and I think those individuals participating in the CIO or CISO hiring process will appreciate the discussion of salary negotiations and reporting structures.
When we step away from technical books, I’ve loved a lot of books over the years and tend to be loyal to authors more than genres. When I was younger it was Clive Cussler and as I grew out of those it was Dean Koontz, Christopher Moore, and Jim Butcher. In recent years, a Tripwire colleague, Christopher Minori has taken up space on my bookshelf. His book Little Idiots, from 2018, was a joy to read, and his new book, Stealing Destiny, is next on my reading list. Minori’s work, technical books, and comics, have been my main go-to books for the past few years, so I’d be remiss not to mention my own comic, Captain Tripwire as a great read. You can check it out for free right here on our blog.
We hope that you can enjoy some of the recommendations from our experts. No matter what genre you like to read, or whether your preference is a digital reader, a printed and bound book, or an audio book, you can join in the festivities of World Book and Copyright Day. Happy reading!