8 Infosec Page-Turners for Days Spent Indoors
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt1a4c505fa6ac0c34/64f0d36caa8ec5c6f2981c32/AdobeStock_290246299.jpeg?width=700&auto=webp&quality=80&disable=upscale)
If you've been feeling a little restless these days, you're not alone. People around the world are spending more time indoors in an attempt to stop the spread of the novel coronavirus – and that means we all have some extra free time on our hands.
COVID-19 has transformed the way security practitioners live and work. Businesses have had to put continuity plans into action and encourage employees to begin working from home, even if they never previously supported a remote workforce. This transition, done to protect employee health, has also widened the attack surface and forced everyone to get used to a new normal.
Security pros aren't the only ones busier as the crisis surrounding coronavirus continues to spread. In recent weeks, security researchers have spotted an increasing number of malicious activities linked to COVID-19 as attackers capitalize on the virus. The risk is rising for businesses in all industries, especially those in law enforcement and healthcare, as attackers deploy phishing campaigns with virus-themed lures to get victims to click malicious attachments.
In times like these, it helps to unwind with a good read. Here, we've rounded up some recommendations for infosec books that have appeared on shelves in the past couple of years. This weekend, we suggest you use some of that downtime to dive into one of these reads.
Of course, we're always looking to add more titles to collections like these. If you have a favorite security book we didn't list, we welcome your recommendations in the Comments section, below.
By Andy Greenberg
In Sandworm, Wired senior editor Andy Greenberg tells the story of how an elite group of Russian hackers was identified and tracked following years of cybercrime.
Between 2014 and 2017, a series of escalating cyberattacks targeted American utility companies, electrical grids in Eastern Europe, and NATO. The incidents intensified over time, growing in intensity until they peaked in the summer of 2017 with the NotPetya malware. Sandworm, the group believed to be responsible for these attacks, is linked to the Russian military agency and one of the most dangerous threat groups in operation today. Greenberg traces the attribution of these attackers through private security companies and government investigators hunting down the threat. His book illustrates the intricacies of cyber warfare and its effect on national, and global, security.
(Image/link to book: Amazon)
By Richard Stiennon
Those looking for a comprehensive view of the cybersecurity industry can find it in Richard Stiennon's Security Yearbook 2020, which details the people, organizations, and events that make up the industry's complex history.
Readers are taken back to the early days of Symantec, Check Point Software, BorderWare, Network Associates, and the many other businesses that evolved cybersecurity as we know it today. Stiennon also tells the stories of people including Check Point founder and CEO Gil Shwed, former Microsoft and Symantec executive Ron Moritz, and Verisign founder and Bessemer partner David Cowan, among other pioneers in this industry of thousands of companies.
Stiennon's directory lists all of these vendors alphabetically, by country, and by category. His Security Yearbook is a handy and informative desk reference for security pros, researchers, students, and anyone curious to learn more about this rapidly growing industry.
(Image/link to book: Amazon)
By Kim Zetter
Countdown to Zero Day does more than detail the planning, execution, and discovery of Stuxnet, the threat that compromised Iran's nuclear efforts. In her book, cybersecurity journalist Kim Zetter goes beyond Stuxnet to discuss how digital warfare evolved in the US.
Stuxnet, as we now know, was different from any virus known at the time because it sought not to steal information, but to damage the physical nuclear equipment that computers controlled. Zetter takes readers back to the cultural and political climate in which Stuxnet was released and explains how the weapon was designed and deployed, as well as how security experts tracked it. On a broader level, she reveals the markets in which intelligence agencies and governments pay for malicious code, and how today's critical systems could be vulnerable to a Stuxnet attack.
(Image/link to book: Amazon)
By Joseph Menn
Cybersecurity pros are likely familiar with Cult of the Dead Cow (cDc), among the oldest and most respected American hacking groups.
cDc members are known for pioneering the concept of hacktivism, an uncommon idea when the group was founded in the 1980s. In his book, Reuters journalist Joseph Menn traces the group's history from its origins in Lubbock, Texas, to the lives and careers of its members, most of whom have remained anonymous until now. cDc hackers include former Texas congressman Beto O'Rourke, Peiter "Mudge" Zatko (who later worked for DARPA and Google), along with business execs and government advisers.
In addition to sharing the cDc's growth and ethical hacking projects, Menn explains how a need for in-person member meetups set the foundation for security conferences as we know them today. Today, the cDc and its followers focus on efforts like improving data security and fighting disinformation.
(Image/link to book: Amazon)
By Richard A. Clarke, Robert K. Knake
We live in a time when online threats have real-world effects, write authors Richard Clarke and Robert Knake in The Fifth Domain, but that doesn't mean cybercriminals have the upper hand. Today's businesses and government agencies are better informed on how they can defend against attacks and make cyberspace less dangerous.
Their book is about cyberspace, which the Pentagon calls "the fifth domain," along with land, sea, air, and space, on its list of domains of war. Clarke and Knake introduce readers to the executives, scientists, and public servants who dedicate their time to learning how the public and private sectors can fight off cybercriminals. They describe quantum computing labs where cyber weapons are created and the boardrooms of companies that have been hacked (along with the few that have not).
In illustrating the ins and outs of cyberspace, Clarke and Knake show how the fifth domain can become an instrument for human progress so long as it's strongly defended.
(Image/link to book: Amazon)
By Michael Chertoff
In Exploding Data, Michael Chertoff delves into an idea that many people are aware of but few discuss: the immense amount of personal data captured, stored, and used by businesses, governments, and adversaries around the world. The greatest threat we face is not physical but virtual, as people lose control over the amount of personal data circulating on the Web.
Chertoff explains how the laws and policies governing data protection were written for earlier times and aren't tailored to the Internet age. While data can be used to protect the individuals who share it, he calls for stricter standards under which data can be analyzed and used. Using stories pulled from the evolution of data collection over time, he illustrates complicated issues and offers a way forward that considers the needs of people, businesses, and governments.
(Image/link to book: Amazon)
By Bruce Schneier
We Have Root is the latest collection of essays from Bruce Schneier, security technologist and author of more than a dozen books on the industry. His book is made up of essays discussing the growing prominence of technology in different aspects of society: national security, transportation, government, business, the Internet of Things, elections, war, and more. The essays in this collection range from "The Limitations of Intelligence," to "The Internet of Things that Talk about You behind Your Back," to "Volkswagen and Cheating Software," to "Security Design: Stop Trying to Fix the User."
Throughout these essays and many others, Schneier calls on business and government leaders, as well as individuals, to improve the decisions they make about their security, privacy, and investments.
(Image/link to book: Amazon)
By Christopher Hadnagy
Social engineers rely on human emotion and decision-making to simply ask for access to sensitive places and information instead of hacking their way in. Their crafty techniques are dangerous to organizations because they slip past firewalls and antivirus software. Humans are the only defense between a social engineer and the data they're looking for.
In this book, seasoned social engineer Christopher Hadnagy takes readers into the social engineer's bag of tricks. He details the many common tactics these professionals use, and explains how they have been used in the past, to give security pros insight into how the attacks work. Practitioners who want to learn how social engineers prey on human emotion, as well as learn how to recognize, predict, and prevent social engineering attacks, can read this book for an insider's perspective.
(Image/link to book: Amazon)
By Christopher Hadnagy
Social engineers rely on human emotion and decision-making to simply ask for access to sensitive places and information instead of hacking their way in. Their crafty techniques are dangerous to organizations because they slip past firewalls and antivirus software. Humans are the only defense between a social engineer and the data they're looking for.
In this book, seasoned social engineer Christopher Hadnagy takes readers into the social engineer's bag of tricks. He details the many common tactics these professionals use, and explains how they have been used in the past, to give security pros insight into how the attacks work. Practitioners who want to learn how social engineers prey on human emotion, as well as learn how to recognize, predict, and prevent social engineering attacks, can read this book for an insider's perspective.
(Image/link to book: Amazon)
If you've been feeling a little restless these days, you're not alone. People around the world are spending more time indoors in an attempt to stop the spread of the novel coronavirus – and that means we all have some extra free time on our hands.
COVID-19 has transformed the way security practitioners live and work. Businesses have had to put continuity plans into action and encourage employees to begin working from home, even if they never previously supported a remote workforce. This transition, done to protect employee health, has also widened the attack surface and forced everyone to get used to a new normal.
Security pros aren't the only ones busier as the crisis surrounding coronavirus continues to spread. In recent weeks, security researchers have spotted an increasing number of malicious activities linked to COVID-19 as attackers capitalize on the virus. The risk is rising for businesses in all industries, especially those in law enforcement and healthcare, as attackers deploy phishing campaigns with virus-themed lures to get victims to click malicious attachments.
In times like these, it helps to unwind with a good read. Here, we've rounded up some recommendations for infosec books that have appeared on shelves in the past couple of years. This weekend, we suggest you use some of that downtime to dive into one of these reads.
Of course, we're always looking to add more titles to collections like these. If you have a favorite security book we didn't list, we welcome your recommendations in the Comments section, below.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024