Cyberjutsu
Cybersecurity for the Modern Ninja
Ben McCarty maps declassified medieval ninja scrolls onto modern adversary tradecraft. More analogy-driven than technical, useful for security-program framing.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Ben McCarty
- Published
- 2021
- Publisher
- No Starch Press
- Pages
- 264
- Language
- English
Read this if
Security program managers and CISOs looking for non-technical framing for executive conversations. McCarty's analogies between feudal-Japan ninja tradecraft and modern adversary behaviour are unusual but practical for anchoring strategic discussions.
Skip this if
Practitioners wanting technical depth or hands-on guidance. The book is metaphor-driven and conceptual; engineers and analysts will find the depth thin.
Key takeaways
- The ninja-vs-modern-adversary analogies hold up surprisingly well, particularly around deception, patience, and information operations.
- The framing is most useful when explaining adversary thinking to non-technical executives; the chapters on deception and counter-intelligence are the strongest.
- Treat the book as strategy-and-vocabulary scaffolding, not as technical training; its value is in framing decisions, not making them.
Notes
Pair with The Cuckoo's Egg (Stoll) for the historical adversary view and with Sandworm (Greenberg) for the modern strategic landscape. McCarty's prior work at the Defense Department and the consultancy that followed give the analogies practitioner credibility. Best read as part of an executive book club, not by a hands-on operator.
What to read before
What to read before Cyberjutsu →Beginner · 2020
The Hacker and the State
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.
Beginner · 2023
A Hacker's Mind
Bruce Schneier extends the security-engineering frame of "hacking" to law, finance, politics, and tax: every rule-based system has exploitable seams, and the wealthy and powerful exploit them constantly.
Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
What to read next
What to read after Cyberjutsu →Beginner · 2020
The Hacker and the State
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.
Beginner · 2023
A Hacker's Mind
Bruce Schneier extends the security-engineering frame of "hacking" to law, finance, politics, and tax: every rule-based system has exploitable seams, and the wealthy and powerful exploit them constantly.
Intermediate · 2021
Designing Secure Software
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.
Explore similar books
Alternatives to Cyberjutsu →Beginner · 2020
The Hacker and the State
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.
Beginner · 2023
A Hacker's Mind
Bruce Schneier extends the security-engineering frame of "hacking" to law, finance, politics, and tax: every rule-based system has exploitable seams, and the wealthy and powerful exploit them constantly.
Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.