// Comparison

Click Here to Kill Everybody vs Practical IoT Hacking: Which Should You Read?

Two cybersecurity books on IoT, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52018

Security and Survival in a Hyper-Connected World

Bruce Schneier

Bruce Schneier's policy-level argument that as everything becomes a computer (cars, medical devices, infrastructure, voting), the security failures that used to merely cost us money will start costing lives — and the regulatory shape of that future is being decided now.

Intermediate

4/52021

Practical IoT Hacking

The Definitive Guide to Attacking the Internet of Things

Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods

Five-author guide to IoT pentesting covering hardware probing, radio (BLE / Zigbee / LoRa), embedded firmware, and the protocols that connect cheap devices to vulnerable backends.

Read this if

Engineers, policy people, and managers who need to brief leadership on why IoT, OT, and cyber-physical systems are categorically different from the IT security they grew up with. Also the right first Schneier book for anyone newly responsible for cyber-physical risk.

Pentesters branching into hardware and embedded targets. The book's coverage spans hardware probing (UART, JTAG, SWD), radio (BLE, Zigbee, LoRa), firmware analysis, and the protocols cheap devices speak to vulnerable backends. The most current general IoT book in print.

Skip this if

Readers wanting hands-on IoT-hacking technique; for that, Practical IoT Hacking (Chantzis et al.) and The Hardware Hacking Handbook are the references. Also dated on specific 2018 examples even though the structural arguments hold.

Pure software pentesters who don't want a hardware bench. Several chapters require oscilloscope, logic analyzer, or SDR access to follow.

Key takeaways

Internet+ — Schneier's term for cyber-physical convergence — changes the consequences of security failure, not just the surface.
Markets won't fix this; the book's policy argument is that liability, regulation, and procurement standards are the only working levers.
Engineering culture and policy culture talk past each other; the book is a useful Rosetta stone in both directions.

IoT is a stack: hardware, firmware, protocols, cloud. The book's strength is teaching all four as one continuous attack surface.
Radio attacks (BLE, Zigbee, LoRa) are now mainstream pentest territory; the chapters introducing SDR-based analysis are the practical entry point.
Firmware extraction-then-analysis is the core skill; the book's hardware chapters cover the extraction half, then hand off to standard binary-analysis tooling for the rest.

How they compare

Click Here to Kill Everybody and Practical IoT Hacking are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Click Here to Kill Everybody is pitched at beginner level. Practical IoT Hacking is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Click Here to Kill Everybody and Practical IoT Hacking both cover IoT, so reading them in sequence reinforces the same material from different angles.

Keep reading

Click Here to Kill Everybody

→ Alternatives to Click Here to Kill Everybody → What to read after Click Here to Kill Everybody