// Comparison
Cryptography Engineering vs Threat Modeling: Which Should You Read?
Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.
Design Principles and Practical Applications
Niels Ferguson, Bruce Schneier, Tadayoshi Kohno
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.
Read this if
Skip this if
Key takeaways
- Almost every cryptographic disaster is an integration failure, not a primitive failure.
- Don't roll your own, but understand enough to recognize when the library you're using is wrong.
- Side channels are not exotic; they are the default mode of failure.
- STRIDE is a forcing function for systematic thinking, not a complete model; the book teaches you when to use it and when to switch frames (attack trees, attacker personas, kill chains).
- Most "threat modeling tools" are spreadsheet-with-diagrams; the actual lift is the conversation those tools structure, not the document.
- Threat modeling fits inside agile and works at PR-review timescale once you've done it three or four times; the book makes the case repeatedly with examples.
How they compare
We rate Threat Modeling higher (5/5 against 4/5 for Cryptography Engineering). For most readers, that means Threat Modeling is the primary pick and Cryptography Engineering is a useful follow-up.
Both books target intermediate-level readers, so the choice is about topic, not difficulty.
Cryptography Engineering and Threat Modeling both cover Defensive, AppSec, so reading them in sequence reinforces the same material from different angles.
Keep reading
Cryptography Engineering
→ Alternatives to Cryptography Engineering→ What to read after Cryptography Engineering