Cyber Shelf

// Comparison

Click Here to Kill Everybody vs Foundations of Information Security: Which Should You Read?

Two cybersecurity books on Foundations, compared honestly: who each is for, what each does best, and which to read first.

Beginner
4/52018
Click Here to Kill Everybody

Security and Survival in a Hyper-Connected World

Bruce Schneier

Bruce Schneier's policy-level argument that as everything becomes a computer (cars, medical devices, infrastructure, voting), the security failures that used to merely cost us money will start costing lives — and the regulatory shape of that future is being decided now.

Beginner
4/52019
Foundations of Information Security

A Straightforward Introduction

Jason Andress

Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.

Read this if

Engineers, policy people, and managers who need to brief leadership on why IoT, OT, and cyber-physical systems are categorically different from the IT security they grew up with. Also the right first Schneier book for anyone newly responsible for cyber-physical risk.
Anyone new to the field who wants the entire territory mapped on a single shelf, in a single short book. Andress is the cleanest tour of CIA, IAM, network, software, operations, and crypto for newcomers.

Skip this if

Readers wanting hands-on IoT-hacking technique; for that, Practical IoT Hacking (Chantzis et al.) and The Hardware Hacking Handbook are the references. Also dated on specific 2018 examples even though the structural arguments hold.
Anyone who already works in the field. The book is broad and shallow by design; specialists will find every chapter familiar.

Key takeaways

  • Internet+ — Schneier's term for cyber-physical convergence — changes the consequences of security failure, not just the surface.
  • Markets won't fix this; the book's policy argument is that liability, regulation, and procurement standards are the only working levers.
  • Engineering culture and policy culture talk past each other; the book is a useful Rosetta stone in both directions.
  • Covers every major domain of security at survey-level depth, which is exactly what a beginner needs to choose a specialization.
  • The operations security chapter is unusually strong for an intro book; most authors skip it because it's unsexy, Andress doesn't.
  • Pairs naturally with one or two deep-dive books per topic from this catalog; treat it as the master index.

How they compare

Click Here to Kill Everybody and Foundations of Information Security are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

Click Here to Kill Everybody and Foundations of Information Security both cover Foundations, so reading them in sequence reinforces the same material from different angles.

Keep reading

Click Here to Kill Everybody

Alternatives to Click Here to Kill EverybodyWhat to read after Click Here to Kill Everybody

Foundations of Information Security

Alternatives to Foundations of Information SecurityWhat to read after Foundations of Information Security

Related topics

Foundations