1 minute read

Whilst there are many great books about cybersecurity for both those new to the field and seasoned professionals, I have gained the most out of reading The Cuckoo’s Egg, Sandworm, and This Is How They Tell Me the World Ends. This is by no means an attempt at writing a book review; please take a look at the Cybersecurity Canon from the Ohio State University Institute for Cyber Security and Digital Trust if you’re looking for reviews of great quality. However, I aim to convince you to give them a shot.

I wish I’d have read at least one of those books before getting myself into long hours spent on self-studying security matters, and especially before starting in SecOps, as they have helped me a lot to put things into perspective. Being used to continually working on my technical knowledge and skills, it wasn’t easy to make time for what seemed to be just another thrilling story about some hackers. I was lucky enough to finally take that step, as I began to focus professionally on cloud security. Without a doubt, it was a pleasure to engage with the subject in a different way and it facilitated a space to reflect on daily decisions and the latest developments across the industry.

The Cuckoo’s Egg by Clifford Stoll showcases the basics of network monitoring, log analysis and forensic investigation, while emphasizing the importance of ethical responsibility and the ability to mentally persist on the defending side. Sandworm by Andy Greenberg covers advanced concepts in cyber warfare, state-sponsored hacking, and Advanced Persistent Threats, with a focus on global security implications. It explores the challenges and importance of attributing cyberattacks to specific actors, which is crucial for geopolitics. This Is How They Tell Me the World Ends by Nicole Perlroth offers a deep dive into the zero-day market and vulnerability exploitation. It provides insights into how international policies and regulations influence cybersecurity practices and the ethical dilemmas involved in the exploitation of vulnerabilities. How do you balance national security and individual privacy?

Worst case scenario, I hope you’ll just enjoy the excellent storytelling, but you might end up with a somewhat more comprehensive understanding of cybersecurity from both a technical and ethical standpoint. The next time you open a CTI feed or listen to an episode of CyberWire Daily, I am certain you’ll ask yourself questions you wouldn’t otherwise.