Cyber Book Club
Earlier this year, a group of industry professionals that I know started to talk about interesting books they've read. There was a book, in particular, that sparked a particularly interesting conversation. We all wanted each other's perspectives around what they read and thus own our very own cyber book club began. It doesn't have a sexy name yet, but I will refer to it as the Cyber Book Club (CBC). Free time and focused reading are at a premium in my life, so to accomplish participating in something like a book club, required something more productive than just reading quietly in a corner with some wine. So, I decided to utilize Audible (not an ad). Since I have a commute and traveled quite a bit (pre-COVID), it served me very well to be able to listen and get through books in that fashion.
If you are interested in Audible, here's a referral link if you're interested. (PLUG/AD) -> When you try Audible, you will get 2 free audiobooks: https://amzn.to/39tAv3v
The CBC convenes every month. We have a meeting to talk about the book we staged for the month, our opinion, an overall review of the content in the book. After the review and discussion, we look at the wish list of books the other members have added in a shared environment, then we set a date for the next meeting and start reading the decided novel. It's a pretty simple system, and that's how we get through it and continue to broaden our horizons. Participating in a group environment layers a sense of peer pressure and accountability to read and get through the book, instead of saying you will do something and not following through with it.
Participating in the book club has given me a broad selection of books that I would have possibly never have discovered. The club has started me to now keep track of a running and ever-evolving list of books that I genuinely believe EVERYONE in the field and industry should read. The books I have chosen aren't overly difficult to understand, and you don't have to be an overall technical person to enjoy them, as they break down many concepts within the books pretty well. I will say, however, that I do believe you should be in the industry to get an appreciation for them. The list I am providing below demonstrates the right mix of things from history, entertainment, shared knowledge, and perspectives on some of the events that have taken place in the community that many might not know, and some may know. All of the books are not "full-on" cyber, but they relate and have knowledge that will help a cybersecurity professional navigate the profession.
Note: This list is just an overall recommendation list; the books ranked below are from 1-5. If you are only going to read a couple, start at #1. If you are going to read all five, then ingest them in any order. I promise there are no spoilers in my brief reviews below.
#1 - Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
If you ever wondered how cybersecurity could go from being just about computers, bit, and ones and zeros to actual kinetic and realized consequences, in the physical realm, this is the book for you that will answer those questions. This book follows the journey of the group called Sandworm. It follows the professional's and the firm's experiences that dealt with and discovered a lot of their activity. The book goes over how they got their name and some of the other events that follow around that time. This book goes over Stuxnet, Shadow Brokers, Project Aurora, and much more. This book should allow you to understand why critical infrastructure and industrial control systems have been discussed a lot in the past decade. If you are familiar with some of the big players in the community, you will notice a lot of the names from the book.
#2 - Mindf*ck: Cambridge Analytica and the Plot to Break America
I had heard about this book as the accounting of how Facebook allowed the mishandling of their data, but it turned out to be much more. You hear all of the time, I am sure, about the presence of information warfare, fake news, and deep fakes. This book gives you an accounting of an actuation organization that operationalized it, and it lays out a bit of how they did it. It even lays out a bit around the science around the concept. It touches on the politics and the perspectives of some of the whistleblowers and their experiences. Lastly, it talks about the downfall of the organization as well. The book will give you an account of how it's possible for things like data weaponization and manipulation. After reading the book, it should allow you to have a better understanding to be more conscious of the tools, programs, and other works you allow your organizations to have.
#3 - The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage
This book accounts for an adventure of cat and mouse from system administration (SysAdmin) point of view of trying to catch a hacker in his network. My incident response (IR) and sysadmin guys will get a kick out of this one. Some nostalgic parts accompany some of the technology used during that period and throughout the book. It's told in a pretty entertaining way that keeps you wanting more and what the next thing that is going to happen. It is not as predictable as you might think, and some of the players and organizations involved will keep you interested as well. It's a serious book that professionals can relate to, while at the same time being a story that you can truly enjoy.
#4 - Permanent Record
I won't comment on my stance on Edward Snowden and what he did was right or wrong. However, I think his perspective and how he reached the conclusions and decisions he did is worth hearing. The book does an exciting job of laying out that story, background on him as a person, and ends with the challenges he dealt with after making the decisions he made. I think the bonus piece that I liked about the book is the accounting from his significant other on how it affected her life and some of her accounting of events. The book allows you to keep in mind some of the things some "whistleblowers" might have to deal with internally. It also provides you insight around what could happen as a result of "blowing the whistle."
#5 - Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
This book I struggled to enjoy as a story. Still, I think it's essential to understand history because it gives us a look at one of the entry points to how the information security (InfoSec) community formed and how some of the tools we used today came to existence. Some of the infamous people that we know in the community mentioned in this book. It follows one group and a subset of people, but it's a good representation of how the community began and flourished throughout time.
I am only recommending five books, but there are still others that are worth mentioned and that are pretty good as well. Below are a few more that I have read that are worth mentioning.
- The Phoenix Project
- The Fifth Domain
- The Ghost Ship
- Small Wars, Big Data: The Information Revolution in Modern Conflict
- LikeWar: The Weaponization of Social Media
- Red Team: How to Succeed By Thinking Like the Enemy
- The Watchers: The Rise of America's Surveillance State
- Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
- Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door
- Hacking the Hacker: Learn From the Experts Who Take Down Hackers
So! What'd I miss? What books should be added to my list?