// Comparison

Fancy Bear Goes Phishing vs The Pragmatic Programmer: Which Should You Read?

Two cybersecurity books on Foundations, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52023

Fancy Bear Goes Phishing

The Dark History of the Information Age, in Five Extraordinary Hacks

Scott J. Shapiro

Five famous hacks used as a way into the deeper question of why software is insecure at all, written by a Yale law professor who learned to code to write it. More a history and theory of vulnerability than a how-to.

Beginner

5/52019

The Pragmatic Programmer

Your Journey to Mastery

David Thomas, Andrew Hunt

Thomas and Hunt's career-defining set of practical heuristics for writing software professionally — orthogonality, broken-windows, DRY, tracer bullets, and the underlying argument that craftsmanship is a posture, not a process.

Read this if

Readers who want the why behind the headlines, the conceptual and historical reasons computers can be broken into, told through memorable cases.

Every working software engineer, regardless of years of experience. The 20th-anniversary edition is the most current version of the field's most quoted book on professional software development; security engineers benefit because most security failures are software-quality failures wearing a different name.

Skip this if

Practitioners after current technique or precise forensics. Skip this if a non-specialist explaining your field back to you, occasionally over-tidily, will grate.

Readers wanting domain-specific (security, ML, distributed-systems) depth; the book is deliberately general. Also not a methodology book — Thomas and Hunt are anti-methodology in spirit and explicitly so in the text.

Key takeaways

Insecurity is not a series of accidents but a structural property of how general-purpose computers and the industry around them are built.
The famous hacks are interesting less for their cleverness than for what they reveal about incentives, law, and human nature.
Treating hacking as purely a technical problem misses the legal and economic machinery that keeps it profitable.

Most security defects are software-quality defects; the book teaches the foundations that make secure code possible to write.
The list of heuristics is shorter than the book — 100 tips on a card — but the prose is what makes them stick.
The 20th-anniversary updates (concurrency, declarative thinking, observability) are the parts that justify the new edition for someone who read the original.

How they compare

We rate The Pragmatic Programmer higher (5/5 against 4/5 for Fancy Bear Goes Phishing). For most readers, that means The Pragmatic Programmer is the primary pick and Fancy Bear Goes Phishing is a useful follow-up.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

Fancy Bear Goes Phishing and The Pragmatic Programmer both cover Foundations, so reading them in sequence reinforces the same material from different angles.

Keep reading