// Comparison

Sécurité et espionnage informatique vs Security Chaos Engineering: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Advanced

4/52015

Connaissance de la menace APT et du cyberespionnage

Cédric Pernet

A technical French guide to advanced persistent threats and cyber-espionage — how APT campaigns work, how to detect them, and how to defend — by one of France's APT specialists.

Advanced

5/52023

Security Chaos Engineering

Sustaining Resilience in Software and Systems

Kelly Shortridge, Aaron Rinehart

Kelly Shortridge and Aaron Rinehart on treating security as a property of complex adaptive systems: instead of preventing failure, you continuously simulate it, and design the organization to learn from each result.

Read this if

Defenders, threat-intel analysts and SOC engineers who want to understand the APT kill chain, attacker tradecraft and detection, from a French practitioner who has hunted these groups.

Security architects, SREs, and platform engineers ready to abandon the prevention-first frame. Particularly strong for organizations that already practice chaos engineering for reliability and want to extend the discipline to security; the book is the bridge.

Skip this if

Beginners without a security background; it assumes familiarity with networks and incident response, and is aimed at professional defenders.

Practitioners working in heavily regulated environments where intentional production faults are not legal, or smaller organizations without the operational maturity to run game days safely. Also a poor first security book: it assumes you know what threat models, blast radius, and feedback loops are.

Key takeaways

One of the first serious French books dedicated to APTs and cyber-espionage.
Practitioner-grounded: the attacker lifecycle and the detection/defence response, not vendor marketing.
A strong bridge between threat intelligence and hands-on detection engineering for French-speaking defenders.

Security and reliability share the same root engineering problem: how to keep complex systems within tolerable bounds when the failure surface is unbounded.
Decision trees and effort-vs-impact analysis are operationalizable artifacts, not just blog material; the book teaches you to actually use them.
Continuous experimentation is more honest than tabletop exercises: production tells you what is true, runbooks tell you what someone wished were true.

How they compare

We rate Security Chaos Engineering higher (5/5 against 4/5 for Sécurité et espionnage informatique). For most readers, that means Security Chaos Engineering is the primary pick and Sécurité et espionnage informatique is a useful follow-up.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Sécurité et espionnage informatique and Security Chaos Engineering both cover Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

Sécurité et espionnage informatique

→ Alternatives to Sécurité et espionnage informatique → What to read after Sécurité et espionnage informatique