// Comparison

A Hacker's Mind vs Sandworm: Which Should You Read?

Two cybersecurity books on Narrative, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52023

How the Powerful Bend Society's Rules, and How to Bend Them Back

Bruce Schneier

Bruce Schneier extends the security-engineering frame of "hacking" to law, finance, politics, and tax: every rule-based system has exploitable seams, and the wealthy and powerful exploit them constantly.

Beginner

5/52019

Sandworm

A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

Andy Greenberg

Long-form journalism on the GRU's hacking operations, the best non-technical book on what state-level cyber actually looks like.

Read this if

Security professionals who want to argue for security thinking outside computers, and policy-curious readers who already know Schneier's blog. The book makes vulnerability research, threat modeling, and patch dynamics legible to non-technical audiences in a way most authors cannot.

Anyone who wants to understand the strategic context their day job sits inside, defenders, policy people, students choosing a path.

Skip this if

Readers looking for technical depth on cybersecurity itself. There is almost no code, no protocol detail, no incident dissection. The book is a generalization, not a primer; pair it with one of his earlier titles (Secrets and Lies, Liars and Outliers) if you want the security substrate.

Readers wanting deep technical detail. The forensic granularity exists, but the book lives at the operational and political levels.

Key takeaways

Every system of rules has exploits; the question is who has the resources to find and use them, and law and finance are not exceptions.
Patch cycles, vulnerability disclosure, and threat models are the right lenses for analyzing tax loopholes, regulatory capture, and political process — and Schneier makes the analogy rigorous, not cute.
The asymmetry between attackers (power, money, time) and defenders (institutions, slow consensus) is the same in cyber as in policy; the book argues for governance designed around that asymmetry.

NotPetya was not a ransomware accident; it was a wartime weapon that overshot.
Attribution is slow, contested, and political, but it is also possible and increasingly precise.
The line between cybercrime and statecraft is thinner than the threat-intel literature suggests.

How they compare

We rate Sandworm higher (5/5 against 4/5 for A Hacker's Mind). For most readers, that means Sandworm is the primary pick and A Hacker's Mind is a useful follow-up.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

A Hacker's Mind and Sandworm both cover Narrative, so reading them in sequence reinforces the same material from different angles.

Keep reading

A Hacker's Mind

→ Alternatives to A Hacker's Mind → What to read after A Hacker's Mind