Tribe of Hackers
Cybersecurity Advice from the Best Hackers in the World
An interview anthology of practitioners answering the same set of career and craft questions, useful as a wide-angle view of how working security people actually think about the field.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Marcus J. Carey,Jennifer Jin
- Published
- 2019
- Publisher
- Wiley
- Pages
- 400
- Language
- English
Read this if
Newcomers and career-shifters who want a wide-angle view of how working security people actually think. The interview format pulls signal across roles (red team, blue team, IR, AppSec, leadership) without committing to any single voice.
Skip this if
Experienced practitioners. The interviews are short and the same questions repeat; you've heard much of it at conferences. Specialists looking for technical depth should pick books in their lane instead.
Key takeaways
- The book's structure (same questions to many voices) is unusually useful for spotting consensus and disagreement; what most respondents agree on tends to be true.
- Career advice in security is unusually consistent across the field: communicate, document, ship, mentor, repeat. The book makes this visible.
- Diversity of voice across the panel (junior to CISO, offensive to defensive) is the value; pick interviews to match your current question, not read straight through.
Notes
Pair with Cybersecurity Career Master Plan or Hack-Proof Your Cyber Career for the structured-advice complement. The follow-up volumes (Tribe of Hackers Red Team, Blue Team, Security Leaders) narrow the focus and are usually better picks once you know your direction. Best skimmed and excerpted, not read end-to-end.
What to read before
What to read before Tribe of Hackers →Beginner · 2019
The Pragmatic Programmer
Thomas and Hunt's career-defining set of practical heuristics for writing software professionally — orthogonality, broken-windows, DRY, tracer bullets, and the underlying argument that craftsmanship is a posture, not a process.
Beginner · 2014
Countdown to Zero Day
Kim Zetter's investigative reconstruction of Stuxnet, the joint US/Israeli operation that physically damaged Iranian uranium-enrichment centrifuges via a worm, and what its discovery revealed about state-level cyber capability.
Beginner · 2011
Kingpin
Kevin Poulsen's reconstruction of Max Butler's career — from white-hat consultant to running CardersMarket, the carding forum that consolidated the early-2000s underground — and the FBI investigation that finally took him down.
What to read next
What to read after Tribe of Hackers →Beginner · 2019
The Pragmatic Programmer
Thomas and Hunt's career-defining set of practical heuristics for writing software professionally — orthogonality, broken-windows, DRY, tracer bullets, and the underlying argument that craftsmanship is a posture, not a process.
Intermediate · 2021
Designing Secure Software
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.
Intermediate · 2024
Extreme Privacy
Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.
Explore similar books
Alternatives to Tribe of Hackers →Beginner · 2019
The Pragmatic Programmer
Thomas and Hunt's career-defining set of practical heuristics for writing software professionally — orthogonality, broken-windows, DRY, tracer bullets, and the underlying argument that craftsmanship is a posture, not a process.
Beginner · 2022
Tracers in the Dark
Andy Greenberg's investigative narrative of how Bitcoin's allegedly-anonymous public ledger became, in the hands of researchers and federal investigators, the most powerful OSINT tool of the last decade.
Beginner · 2020
The Hacker and the State
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.