Cyber Shelf

// Comparison

The Hacker and the State vs This Is How They Tell Me the World Ends: Which Should You Read?

Two cybersecurity books on Geopolitics, compared honestly: who each is for, what each does best, and which to read first.

Beginner
5/52020
The Hacker and the State

Cyber Attacks and the New Normal of Geopolitics

Ben Buchanan

Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.

Beginner
4/52021
This Is How They Tell Me the World Ends

The Cyberweapons Arms Race

Nicole Perlroth

Nicole Perlroth's reporting on the global zero-day market: how exploits get bought, by whom, and how the gray-then-black market shapes which vulnerabilities get fixed and which get hoarded.

Read this if

Anyone trying to think clearly about state-sponsored cyber: policy staff, threat-intel analysts, journalists, and security leaders who have to brief on "the cyber threat" without resorting to vendor decks. The single best academic-grade synthesis of the last twenty years of state cyber operations.
Anyone who needs to argue about responsible disclosure, vulnerability equity, or the ethics of offensive cyber work, with stakes the policy debate usually keeps abstract. Strong prerequisite for security leadership conversations with policy and legal teams.

Skip this if

Readers wanting forensic detail on specific operations. Buchanan synthesizes; for the procedural blow-by-blow on Stuxnet, NotPetya, or the SolarWinds incident, go to Zetter, Greenberg, and the post-incident reports respectively.
Practitioners who already work in vulnerability research; the book covers terrain they live in and may find some passages overstated. The framing is journalistic and uncomfortable rather than measured, by design.

Key takeaways

  • Cyber is poorly modeled by deterrence theory: states use it constantly, below the threshold of war, to shape the environment rather than to threaten escalation.
  • The signaling/shaping distinction (espionage, sabotage, destabilization, election interference) is the right taxonomy for analyzing modern campaigns and is the book's most reused contribution.
  • Attribution and accountability remain genuinely hard, and that asymmetry is itself a structural feature of cyber statecraft, not a temporary condition awaiting better tools.
  • The zero-day market is a mature, multi-billion-dollar industry with brokers, escrow, exclusivity terms, and after-sales support; it stopped being underground a decade ago.
  • The vulnerability-equity question (disclose vs. retain) is a policy decision that crosses every government's NSC; the book makes the tradeoffs legible to non-specialists.
  • Most public attribution of "sophisticated" attacks has the same handful of vendor/broker fingerprints in the supply chain; the market is smaller than it looks.

How they compare

We rate The Hacker and the State higher (5/5 against 4/5 for This Is How They Tell Me the World Ends). For most readers, that means The Hacker and the State is the primary pick and This Is How They Tell Me the World Ends is a useful follow-up.

Both books target beginner-level readers, so the choice is about topic, not difficulty.

The Hacker and the State and This Is How They Tell Me the World Ends both cover Geopolitics, Narrative, so reading them in sequence reinforces the same material from different angles.

Keep reading

The Hacker and the State

Alternatives to The Hacker and the StateWhat to read after The Hacker and the State

This Is How They Tell Me the World Ends

Alternatives to This Is How They Tell Me the World EndsWhat to read after This Is How They Tell Me the World Ends

Related topics

GeopoliticsNarrative