// Comparison

Sécurité informatique vs Security Chaos Engineering: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Advanced

4/52013

Principes et méthodes à l'usage des DSI, RSSI et administrateurs

Laurent Bloch, Christophe Wolfhugel

A principles-first treatment of information security for DSI, RSSI and sysadmins — architecture, cryptography, network defence and security policy — from two veteran French practitioners.

Advanced

5/52023

Security Chaos Engineering

Sustaining Resilience in Software and Systems

Kelly Shortridge, Aaron Rinehart

Kelly Shortridge and Aaron Rinehart on treating security as a property of complex adaptive systems: instead of preventing failure, you continuously simulate it, and design the organization to learn from each result.

Read this if

System administrators, architects and RSSI who want the reasoning behind security decisions: why a given architecture, protocol or policy holds or fails. Strong on the systems-and-network engineering view.

Security architects, SREs, and platform engineers ready to abandon the prevention-first frame. Particularly strong for organizations that already practice chaos engineering for reliability and want to extend the discipline to security; the book is the bridge.

Skip this if

Beginners wanting a gentle on-ramp, or readers chasing the latest tooling — the book is principles-oriented and predates much of the cloud-native era.

Practitioners working in heavily regulated environments where intentional production faults are not legal, or smaller organizations without the operational maturity to run game days safely. Also a poor first security book: it assumes you know what threat models, blast radius, and feedback loops are.

Key takeaways

A rare French book that explains the why of security architecture rather than cataloguing tools.
Aimed squarely at the people who run infrastructure — admins, architects, RSSI — not at red teamers.
Principles age slowly, but check the network and crypto specifics against current cloud and identity practice.

Security and reliability share the same root engineering problem: how to keep complex systems within tolerable bounds when the failure surface is unbounded.
Decision trees and effort-vs-impact analysis are operationalizable artifacts, not just blog material; the book teaches you to actually use them.
Continuous experimentation is more honest than tabletop exercises: production tells you what is true, runbooks tell you what someone wished were true.

How they compare

We rate Security Chaos Engineering higher (5/5 against 4/5 for Sécurité informatique). For most readers, that means Security Chaos Engineering is the primary pick and Sécurité informatique is a useful follow-up.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Sécurité informatique and Security Chaos Engineering both cover Defensive, Security Architecture, so reading them in sequence reinforces the same material from different angles.

Keep reading

Sécurité informatique

→ Alternatives to Sécurité informatique → What to read after Sécurité informatique