// Comparison

How Cybersecurity Really Works vs Practical Packet Analysis: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52021

A Hands-On Guide for Total Beginners

Sam Grubb

Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.

Beginner

4/52017

Practical Packet Analysis

Using Wireshark to Solve Real-World Network Problems

Chris Sanders

Chris Sanders' working manual for Wireshark, geared at troubleshooting and incident response rather than abstract protocol theory. Updated for Wireshark 2.x.

Read this if

Non-engineers who need the field demystified. Grubb is the gentlest serious introduction in print: malware, phishing, network attacks, defenses, all explained in plain language without dumbing down.

Anyone who needs to read pcaps fluently: SOC analysts, incident responders, network engineers, security students. Sanders teaches Wireshark at exactly the level that turns the tool from intimidating into a working extension of your hands.

Skip this if

Engineers, IT people, or anyone who already understands how the internet works. The book assumes nothing; for technical readers it'll feel slow.

Readers wanting deep protocol theory, custom-protocol auditing, or attack-side network research. For depth beyond troubleshooting and IR, follow with Attacking Network Protocols (Forshaw) and Silence on the Wire (Zalewski).

Key takeaways

The chapter on threat modeling for individuals (not companies) is the one most teachers steal from: how to think about your own digital risk.
The hands-on labs at the end of each chapter make the book usable for actual classroom teaching, not just self-study.
Strikes the rare balance between respects-the-reader and explains-what-an-IP-address-is. Most beginner books fail one or the other.

Capture filters are how you avoid drowning in volume; display filters are how you find the needle. The book teaches both fluently in the first hundred pages.
Reading TCP behaviour at the packet level (handshakes, retransmits, resets) is the core skill that makes every later analysis question tractable.
Wireshark's profile, coloring rule, and decode-as features turn it from a tool into a workflow; the book's chapter on customisation pays back fast.

How they compare

How Cybersecurity Really Works and Practical Packet Analysis are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

How Cybersecurity Really Works and Practical Packet Analysis both cover Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

How Cybersecurity Really Works

→ Alternatives to How Cybersecurity Really Works → What to read after How Cybersecurity Really Works