// Comparison

Cyberjutsu vs Foundations of Information Security: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Beginner

3/52021

Cybersecurity for the Modern Ninja

Ben McCarty

Ben McCarty maps declassified medieval ninja scrolls onto modern adversary tradecraft. More analogy-driven than technical, useful for security-program framing.

Beginner

4/52019

Foundations of Information Security

A Straightforward Introduction

Jason Andress

Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.

Read this if

Security program managers and CISOs looking for non-technical framing for executive conversations. McCarty's analogies between feudal-Japan ninja tradecraft and modern adversary behaviour are unusual but practical for anchoring strategic discussions.

Anyone new to the field who wants the entire territory mapped on a single shelf, in a single short book. Andress is the cleanest tour of CIA, IAM, network, software, operations, and crypto for newcomers.

Skip this if

Practitioners wanting technical depth or hands-on guidance. The book is metaphor-driven and conceptual; engineers and analysts will find the depth thin.

Anyone who already works in the field. The book is broad and shallow by design; specialists will find every chapter familiar.

Key takeaways

The ninja-vs-modern-adversary analogies hold up surprisingly well, particularly around deception, patience, and information operations.
The framing is most useful when explaining adversary thinking to non-technical executives; the chapters on deception and counter-intelligence are the strongest.
Treat the book as strategy-and-vocabulary scaffolding, not as technical training; its value is in framing decisions, not making them.

Covers every major domain of security at survey-level depth, which is exactly what a beginner needs to choose a specialization.
The operations security chapter is unusually strong for an intro book; most authors skip it because it's unsexy, Andress doesn't.
Pairs naturally with one or two deep-dive books per topic from this catalog; treat it as the master index.

How they compare

We rate Foundations of Information Security higher (4/5 against 3/5 for Cyberjutsu). For most readers, that means Foundations of Information Security is the primary pick and Cyberjutsu is a useful follow-up.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

Cyberjutsu and Foundations of Information Security both cover Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

Cyberjutsu

→ Alternatives to Cyberjutsu → What to read after Cyberjutsu