// Comparison

How Cybersecurity Really Works vs The Art of Deception: Which Should You Read?

Two cybersecurity books on Foundations, compared honestly: who each is for, what each does best, and which to read first.

Beginner

4/52021

How Cybersecurity Really Works

A Hands-On Guide for Total Beginners

Sam Grubb

Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.

Beginner

4/52002

The Art of Deception

Controlling the Human Element of Security

Kevin Mitnick, William L. Simon

Kevin Mitnick and William Simon's case-study collection of social-engineering attacks: PBX scams, helpdesk impersonation, dumpster-diving, the casual lies that sound true. The technology dates the book; the human side is timeless.

Read this if

Non-engineers who need the field demystified. Grubb is the gentlest serious introduction in print: malware, phishing, network attacks, defenses, all explained in plain language without dumbing down.

Anyone in red team, awareness training, fraud, or insider-threat work who wants the best printed library of pretext archetypes. Mitnick's call scripts are still the gold standard for understanding how a competent social engineer establishes credibility in 30 seconds.

Skip this if

Engineers, IT people, or anyone who already understands how the internet works. The book assumes nothing; for technical readers it'll feel slow.

Readers wanting current SE tradecraft on phishing, deepfakes, voice cloning, MFA fatigue, or modern OSINT-driven targeting. Treat the technical envelope as a museum piece; only the human core generalizes.

Key takeaways

The chapter on threat modeling for individuals (not companies) is the one most teachers steal from: how to think about your own digital risk.
The hands-on labs at the end of each chapter make the book usable for actual classroom teaching, not just self-study.
Strikes the rare balance between respects-the-reader and explains-what-an-IP-address-is. Most beginner books fail one or the other.

Most successful pretexts are not lies; they are partial truths weighted toward what the target already wants to do.
Helpdesks, third-party vendors, and after-hours staff are still the structural weak points the book identifies — twenty years later, with new technology stacks but the same failure modes.
Awareness training built around Mitnick's archetypes outperforms generic phishing-click-rate metrics; the book is the textbook for that approach.

How they compare

How Cybersecurity Really Works and The Art of Deception are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

How Cybersecurity Really Works and The Art of Deception both cover Foundations, so reading them in sequence reinforces the same material from different angles.

Keep reading