Summer might be nearing its end, but technologists can still cram in some beach reading that’ll help with their self-education or let them explore potential career changes, especially in terms of cybersecurity.
Cybersecurity is one area within tech that’s both ever-changing and ever-evolving, making a continuing education a must as attackers adjust their techniques and new vulnerabilities spring up. It’s also a sector with an abundance of career potential, especially for those professionals who keep up with the changing times and show interest in continuous education.
While there are numerous cyber-industry conferences to attend and certification courses to take, a good cybersecurity book (whether digital or print) helps tech and security professionals explore the changing cyber landscape, how new technologies are creating new opportunities, and why cybercriminals and nation-state actors are updating their techniques.
To help technologists pick from the thousands of cybersecurity security titles available, Dice asked several experts and industry watchers what they’re reading and how their summer reading lists are evolving.
Where to Start?
One of the biggest obstacles to creating an effective summer reading list is where to start. For those who are unsure or like to peruse a few dozen titles and authors before selecting a starting point, Sounil Yu, CISO at security firm JupiterOne, suggests checking out the Cybersecurity Canon. It’s a list of must-read books maintained and updated consistently since 2014.
What Yu likes about this list is how it covers a wide range of materials and is designed for security professionals as well as anyone with an interest in the subject.
“The Canon is a great resource for anyone looking to enter the field or level up,” Yu said. “It covers a wide range of categories, including fiction to non-fiction; technical to non-technical; and novice to experienced, all indexed to make it easy to find just the right book for where you are today.”
For those looking to explore a cybersecurity career, or for those seeking a promotion within the field, Jasmine Henry, field security director at JupiterOne (and Yu’s colleague), recommends the Cybersecurity Career Guide by Alyssa Miller.
“This book is a great resource for individuals at all levels of career, especially those who are looking to break into cybersecurity or make a career transition,” Henry said. “The book offers powerful self-analysis exercises and high-value ideas for improving, adapting and becoming a sought-after cybersecurity hire.”
Several experts also recommended The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. The 1989 book offers one of the earliest, first-hand accounts of a hacking operation—in this case, a cyber espionage operation that the author uncovered that targeted Lawrence Berkeley National Laboratory.
Books on management and how managers can improve efficiency and employee output always make summer reading lists—and cybersecurity is no exception.
For those on a managerial track (or who are considering it), Scott Gerlach, co-founder and chief security officer at security firm StackHawk, recommends The Qualified Sales Leader.
“It has some analogies to help the reader think about your cybersecurity project and tasks as a larger business problem and how to help coach up members of your security organization,” Gerlach said.
Nicole Schwartz, chief operating officer and board chair at The Diana Initiative, a non-profit organization that lobbies for underrepresented people in information security, recommends Reinventing Cybersecurity, which argues for more diversity in the cybersecurity field.
“Increasing diversity isn’t just about being equitable. It’s about embracing a breadth of people’s different approaches to problems and what diverse knowledge they have. That combination can make your security team scarily effective,” Schwartz said.
While many recommended summer reading books offer a story narrative, some experts point to more technical tomes as must-reads. Shashi Prakash, co-founder and CTO at Bolster, Inc., recommends Machine Learning and Security: Protecting Systems with Data and Algorithms, which offers a deep look at the intersection of machine learning and cybersecurity.
Some experts recommend books written by their colleagues. Henry of JupiterOne noted that her colleague, Sounil Yu, wrote Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape, which she considers a key reference material for thinking about building, managing and operating security systems.
“It lives within arm’s reach, so I can frequently reference Yu’s tables on metrics maturity or graphics on situational awareness,” Henry said. “This is a particularly valuable resource for those who are mid or senior-level in their career—particularly those who are hoping to succeed in conversations about security with business leaders or communicate security more clearly in slide decks.”
For others looking for a read on how complex systems work, Michael Puterbaugh, chief marketing officer at security firm Pathlock, recommends reading Countdown to Zero Day by Kim Zetter. The book offers a detailed account of the Stuxnet malware attack on Iran’s nuclear enrichment facilities.
“I think it’s a great read for anyone in a risk-centric role because it speaks to not only hard-core security but also the multiple layers of risk present in a complex system. Nuclear centrifuges might be hyper-specific, but there are similarities to complex supply chains or business processes,” Puterbaugh said.
True (Cyber)Crime Reads
Few summer reading lists are complete without a good crime read.
Chris Furner, a senior sales engineer at security firm Blumira, suggests cybercrime reads including This Is How They Tell Me The World Ends by Nicole Perlroth, which delves into cybercriminal activity and the increasing use of zero-day attacks.
“As a security professional, seeing ‘behind the curtain’ on how the cybercrime industry works is very fascinating. In some ways, cyber warfare is the new nuclear arms race, but this time it is being done in the shadows,” Furner said. “This book includes details about several high-profile attacks in recent years, and there are lessons learned and reminders on how the community needs to collectively step it up to harden networks against attacks.”
Prakash of Bolster also recommends journalist Brian Krebs’ Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door.
“This book does a great job of detailing the history of internet crime, the people involved, and the motives that drive this type of crime. Certainly a good choice for someone looking for an entry-level position in cybersecurity,” Prakash said.
Dice Tech Job Report: First Half 2022