//Books
Cybersecurity books, reviewed honestly.
Reviews aimed at the people who have to actually learn something from these books, engineers, defenders, students. Each entry says who it's for, who it isn't, and what to read alongside it.
Click Here to Kill Everybody
Bruce Schneier · 2018
Bruce Schneier's policy-level argument that as everything becomes a computer (cars, medical devices, infrastructure, voting), the security failures that used to merely cost us money will start costing lives — and the regulatory shape of that future is being decided now.
BeginnerIoTPolicyRead reviewContainer Security
Liz Rice · 2020
Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.
IntermediateCloudContainersRead reviewCountdown to Zero Day
Kim Zetter · 2014
Kim Zetter's investigative reconstruction of Stuxnet, the joint US/Israeli operation that physically damaged Iranian uranium-enrichment centrifuges via a worm, and what its discovery revealed about state-level cyber capability.
BeginnerNation-StateMalwareRead reviewCrypto Dictionary
Jean-Philippe Aumasson · 2021
Jean-Philippe Aumasson's alphabetical, opinionated reference on cryptographic terms, primitives, attacks and folklore. Snack-format companion to Serious Cryptography.
BeginnerCryptographyReferenceRead reviewCryptography Engineering
Niels Ferguson, Bruce Schneier, Tadayoshi Kohno · 2010
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
IntermediateCryptographyDefensiveRead reviewCult of the Dead Cow
Joseph Menn · 2019
Joseph Menn's history of cDc — the Texas-rooted hacking collective that coined 'hacktivism', shipped Back Orifice, and threaded its way through three decades of the security industry's coming-of-age.
BeginnerHistoryHacktivismRead reviewCyberjutsu
Ben McCarty · 2021
Ben McCarty maps declassified medieval ninja scrolls onto modern adversary tradecraft. More analogy-driven than technical, useful for security-program framing.
BeginnerDefensiveStrategyRead reviewCybersécurité — Un ouvrage unique pour les managers
Romain Hennion, Anissa Makhlouf · 2018
French-language management-oriented cybersecurity handbook by Hennion and Makhlouf: governance, ISO 27001, risk management, GDPR, business continuity — operational panorama, no technical depth.
BeginnerPolicyIndustryRead reviewDark Territory
Fred Kaplan · 2016
Fred Kaplan's policy-side history of US cyber capability, from Reagan-era panic about WarGames to the institutional buildup of NSA's offensive arm and the political fights over its use.
BeginnerHistoryGeopoliticsRead reviewDesigning Secure Software
Loren Kohnfelder · 2021
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.
IntermediateAppSecDefensiveRead reviewEvasive Malware
Kyle Cucci · 2024
Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.
AdvancedMalwareReverse EngineeringRead reviewExtreme Privacy
Michael Bazzell · 2024
Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.
IntermediatePrivacyOperational SecurityRead review