Cyber Shelf

// Comparison

Building Secure and Reliable Systems vs Practical Malware Analysis: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Advanced
5/52020
Building Secure and Reliable Systems

Best Practices for Designing, Implementing, and Maintaining Systems

Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield

Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.

Intermediate
5/52012
Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

Michael Sikorski, Andrew Honig

Still the gold standard textbook for static and dynamic malware analysis on Windows.

Read this if

Staff-and-up engineers, SREs, and security leads designing or operating systems where reliability and security must be argued for in the same room. The book treats safety and security as the same engineering discipline, which is the right model and almost nobody else publishes it.
Aspiring threat researchers, blue-teamers who want to read samples instead of forwarding them to a vendor, anyone preparing for GREM.

Skip this if

Readers who want a tooling tutorial or vendor-neutral checklists. The case studies are Google-shaped, and the patterns assume you have the discipline (postmortems, code review, paved roads) to execute them. If your org cannot stop a deploy, half the book will read as aspirational.
Mac/Linux malware, mobile, or modern packed loaders that defeat IDA's autoanalysis. The book is x86 Windows in spirit.

Key takeaways

  • Reliability and security share a common substrate: both are about designing for failure modes you cannot fully predict, and both decay if not exercised.
  • Recovery, not prevention, is the core skill of mature security organizations; the rollback, response, and recovery chapters are the heart of the book.
  • Most security wins come from boring infrastructure (paved roads, default-secure libraries, code review, sandboxing) rather than detection magic.
  • Static and dynamic analysis are two halves of one workflow, not alternatives.
  • The labs are the book, the chapters are scaffolding to make the labs solvable.
  • Anti-analysis techniques deserve more time than newcomers usually give them.

How they compare

Building Secure and Reliable Systems and Practical Malware Analysis are both rated 5/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Building Secure and Reliable Systems is pitched at advanced level. Practical Malware Analysis is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Building Secure and Reliable Systems and Practical Malware Analysis both cover Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

Building Secure and Reliable Systems

Alternatives to Building Secure and Reliable SystemsWhat to read after Building Secure and Reliable Systems

Practical Malware Analysis

Alternatives to Practical Malware AnalysisWhat to read after Practical Malware Analysis

Related topics

Defensive