As a teenager I read so many novels, to help me through that time in my life. It was as if I had other worlds to escape to, learn from, and understand different perspectives. Later on, I felt like books didn’t have a place in my busy schedule, and stopped reading novels almost altogether. In the last few years, I have started listening to audiobooks, whilst not the same type of books I read in my teens, I have felt a sense of viewing the world from another’s point of view. This knowledge share has benefited me drastically, in business, security, but also life. At times re-affirming what I already knew, other times highlighting aspects I absolutely never considered.
Cybersecurity has always been a knowledge sharing industry, whether wanting to or not, technical persons have to validate their needs against the business risks and requirements. In order to have these needs met, in budget requests or investment business cases, they must educate the senior leadership in making the decisions. Want users to adopt security practices? teach them why these processes are important to them; bring that risk closer to home, through knowledge sharing.
Historically people would ask, what’s the best book to read for someone getting into security? I literally never had an answer, I would provide books others considered, and made it clear I didn’t really know. However, finally, after years of looking, I have curated a list of my personal favourites, along with other industry recognised experts.
My top six influential books completed in 2020:
1. The Brain: the story of you by David Eagleman – I chose this as my top book because it highlighted some critical points to me. David looks at how our brains develop, how we learn, examples of real life situations within criminal justice, robotics, gut feelings, genocide, and more. This book demystified so many aspects of human nature to me, and ultimately I think it helps me understand working with others, and definitely how to effectively train others. David Eagleman also wrote Incognito, which is also a brilliant book I highly recommend.
2. Phishing Dark Waters: the offensive and defensive side of malicious emails by Christopher Hadnagy, and Michele Fincher – the value of security operations teams is not to work against the ‘users’ and ‘fix what they don’t understand’ or ‘force them to use controls.’ Not only does this book go over phishingWhat is Phishing?Phishing is a type of cyberattack in which attackers send fraudulent communications, or direct people to counterfeit websites in order to trick those individuals into revealing sensitive information,..., but it also looks at the core of my industry, to work hard to educate consumers, to empower them to take back control. To do this in the most effective, at times, means warning them you’re sending a phishing email first. You do not need to be technical to understand this book, and I personally recommend this to everyone, including senior leadership.
3. Lost Connections: Uncovering the real causes of depression ― and the unexpected solutions by Johann Hari – in a recent survey by the Saïd Business School took six months, and approximately 1,800 employees, to compare their productivity against their mood. They found that employees reporting to be happy were noticeably more productive. Depression is a global issue, it disrupts business, ruins relationships, and can even cause someone to take their life. If you’re motivated for financial reasons, this survey clearly highlights the value of investing time to understand how we can build better environments for workers. If you’re motivated such as I was, it’s an eye opening book that demystifies how we as a society have forgotten foundational requirements of being human.
4. Extreme Privacy: what it takes to disappear in America by Michael Bazzell – whilst also one of my favourite privacy experts, Michael shares his guide into building a robust privacy system for living in the United States. Some lessons can be directly applied to outside of the U.S. and others can lead to local discoveries. Michael has written multiple books, shares knowledge, and hosts a podcast dedicated to privacy – all done in an effort to support others. I highly recommend these resources, even if you aren’t privacy focused as it’s well interesting.
5. Hello World: How to be human in the age of the machine by Hannah Fry – not only is this book bloody brilliant in highlighting both technical and ethical limitations to ‘AI’, Hannah uses real life situations to make it real for all of her readers. If you’re struggling to express to others or understand yourself, regarding algorithms and automation, this book does an excellent job at this. It also covers a variety of topics from autonomous vehicles, criminal justice systems, healthcare and coverage, and onwards. If I could recommend one book to read at any technology school, to help understand its impact on our daily lives, it would be this book. As a final piece, anyone looking for a female role model in technology, maths, and general life stuff, Hannah is my recommendation.
6. Ted Talks by Chris Anderson – whilst I don’t agree with every aspect of this book, Chris highlights some extremely valuable points on speaking. Notably, remove your ego. If you’re speaking to be praised, you’re going in for the wrong reasons. Having written a lot on public speaking, providing mentoring, and assisting others – I know everyone is different and what works for one may not work for others. Therefore, if looking to enhance your persuasive arguments, present to an audience of any size – such as presenting an investment business case investing time to understand how good presentations are done is going to be beneficial.
Speaking with the community, I had the opportunity to ask other security and privacy experts their opinions on the most Influential books to their career. Check out the list below, and reach out if you have further opinions to share!
7. The Girl with the Dragon Tattoo by Stieg Larsson “gave me the strength and inspiration to start @TheBADASS_army” – Katelyn. If you have never heard of The BADASS Army, I also recommend checking them out. Created to support victims of revenge porn/image abuse, it’s a team of dedicated individuals who work hard to get justice, change the perception and the laws to make a safer world.
8. Thinking Fast and Slow by Daniel Kahneman, recommended by Lisa Forte “really useful to understand how humans make decisions and that helped me work out how security behaviours have to fit in with existing psychology.”
9. Snakes in Suits by Paul Babiak, recommended by Lisa Forte “a great book that examines how the minds of highly successful psychopaths work. Not the killers but how people in the top positions are often on the psychopath spectrum and how they think is vital to understand for your own success and to communicate with these highly driven people.”
10. Endurance by Scott Kelly, recommended by Lisa Forte “he describes his year spent in space and the challenges he had to face and endure. Nothing to do with cyber but is so hugely inspiring and motivating to overcome your challenges it is worth a read.”
11. Social Engineering: the art of human hacking by Paul Wilson (forward) and Christopher Hadnagy, recommended by Lisa Forte “pretty much the foundation of all social engineers knowledge journey from the king of social engineeringWhat is Social Engineering? Social engineering is a manipulative tactic cybercriminals use to deceive individuals into divulging confidential information or performing actions that compromise security. Unlike technical attacks, which exploit software...”. Hadnagy’s book is also recommended by Alethe Denis “This book is a fantastic overview of not only social engineering but also how to break into it. I’m a fan of all of Chris’s work but this book, if you only read one of his, would be the one.”
12. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick, recommended by Alethe Denis “I loved this book because I’m a 90s kid and the technology and exploits were a lot of what I was interested in at the time. The pretexts and sense of risk were fun and Kevin tells a great story.
13. The Code of Trust by Robin Dreeke, recommended by Alethe Denis “This book is IMPORTANT and really speaks to my philosophy of leading by positive influence as opposed to manipulations and bold faced lies. Robin is a great storyteller and has a wealth of experience and knowledge to share.”
14. A Life in Parts by Bryan Cranston, recommended by Alethe Denis “Not all the books you need to become a great social engineer are about social engineering. Bryan Cranston is probably one of the most incredible actors of all time. And I truly believe his success is in his ability to lay himself bare and be vulnerable and accessible to the other players in the scene. You BELIEVE him. And through his autobiography, you earn a lot about what made him who he is and how he became so accomplished in his field. I talk about this on the Layer 8 podcast that is yet to be published too.”
15. Violent Python by T. J. O’Connor, recommended by MadameHoneyPot “In my opinion, it’s one of the finest books on Python for anyone to read, inside or outside of infosec. Purely because it helps you think outside the box of how you could USE python. I ended up using things in that book for very benign purposes like workflow automation and SEO tools.”
16. The Code Book by Simon Singh recommended by Per Thorsheim
17. Fermat’s Last Theorem by Simon Singh recommended by Per Thorsheim
18. The Cuckoo’s Egg by Clifford Stoll recommended by Per Thorsheim
For the next two recommendations, DAkacki shares his reasons books together below.
19. Shoe Dog by Phil Knigh
20. The Hard Thing About The Hard Things by Ben Horowitz
“My reasons for both of those are, oftentimes as rank and file analysts, we do the technical things. Mostly we love what we do, so leave us alone to go do it but we neglect to pay attention to the business sides of things.
What the powers that be think is important can be vastly different than what an analyst thinks is important. Which is why we have things like budget and salary fights. Learning to think of things from an executive’s perspective, to REALLY understand what the business needs to care about can help technical people narrow their focus and it can teach them to speak a shared language. It’s also armor for the analyst, there are decisions that need to be made that they’ll have NO power over. Layoffs, budget cuts, etc. If you can prepare for those, understand why they happen, you can arm yourself for your next moves.”
Further book recommendations by security persons who wish to not be named are:
21. People Styles at Work by Dorothy and Robert Bolton
22. Fluent in 3 Months by Benny Lewis
23. Hitchhikers Guide to the Galaxy by Douglas Adams
24. Defensive Security Handbook by Brotherston and Berlin
25. Web Application Hacker Handbook by Stuttard
26. Breaking into Information Security (LTR 101) by Andy Gill
27. Dawn of the Code War by John P. Carlin and Garrett M. Graff
28. Red Team Field Manual by Ben Clark
29. Blue Team Field Manual by Alan J White and Ben Clark
30. Bash Cookbook by Carl Albing and JP Vossen
31. Pocket Linux Guide by Daniel J Barrett
32. Clean Code by Bob Martin
Want more suggestions for books? Check out the DarkNet Diaries booklist as well.
What would be on your list? Tweet us @welcometobora and share your favourites