// Comparison
Cyberjutsu vs How Cybersecurity Really Works: Which Should You Read?
Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.
Ben McCarty maps declassified medieval ninja scrolls onto modern adversary tradecraft. More analogy-driven than technical, useful for security-program framing.
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Read this if
Skip this if
Key takeaways
- The ninja-vs-modern-adversary analogies hold up surprisingly well, particularly around deception, patience, and information operations.
- The framing is most useful when explaining adversary thinking to non-technical executives; the chapters on deception and counter-intelligence are the strongest.
- Treat the book as strategy-and-vocabulary scaffolding, not as technical training; its value is in framing decisions, not making them.
- The chapter on threat modeling for individuals (not companies) is the one most teachers steal from: how to think about your own digital risk.
- The hands-on labs at the end of each chapter make the book usable for actual classroom teaching, not just self-study.
- Strikes the rare balance between respects-the-reader and explains-what-an-IP-address-is. Most beginner books fail one or the other.
How they compare
We rate How Cybersecurity Really Works higher (4/5 against 3/5 for Cyberjutsu). For most readers, that means How Cybersecurity Really Works is the primary pick and Cyberjutsu is a useful follow-up.
Both books target beginner-level readers, so the choice is about topic, not difficulty.
Cyberjutsu and How Cybersecurity Really Works both cover Defensive, so reading them in sequence reinforces the same material from different angles.
Keep reading
How Cybersecurity Really Works
→ Alternatives to How Cybersecurity Really Works→ What to read after How Cybersecurity Really Works