Summer reading for the security leader

Much of the work we do in cybersecurity requires a whole lot of technical reading.

Trying to keep up with and learn new tools, technologies, tactics, techniques and procedures is extremely difficult and demanding.

We rarely, if ever, have the opportunity to step back and think much more strategically — to put the threats and threat-actors we see evolving as part of our daily work as defenders into a greater perspective that includes a deeper understanding of the geopolitical and historical factors that inform, influence and motivate the actions of our adversaries.

For me, summer is a great time to explore new ideas and that means books. Warm, sunny afternoons on the deck are the perfect setting for some quality thinking. Many of my peers clearly feel the same way as I find book recommendations and discussions beginning to appear around this time every year throughout the social media chats I follow and participate in.

These conversations have created new opportunities for me to meet others with common interests and many of my greatest relationships and collaborations in the industry can be traced back to sharing thoughts on an interesting chapter in a good book!

So, what are my reading recommendations for this summer? If you are new to the industry or would simply like to gain a bigger picture perspective, then I am happy to light the path forward with a few of my top recommendations.

Industry insider books written by incredible storytellers
My top pick for both readability and for a fascinating look into the world of zero day and cyberweapons arms dealers is This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by New York Times journalist Nicole Perlroth.

It is an incredibly well researched piece of investigative journalism and yet unfolds as a real page turner as well. Perlroth includes incredible stories such as how the Russians managed to install key loggers into typewriters. She also brings many of the characters that populate this world to life, which makes the book highly entertaining, informative and a little unnerving.
Similar books in the field by other great journalists and storytellers include The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age by David Sanger, which is a must read. Sanger has updated this work with new material for a second edition and released a companion documentary of the same title on HBO.

Kingdom Of Lies: Unnerving Adventures in the World of Cybercrime by Kate Fazzini, a former journalist and now university professor and cybersecurity practitioner, is another incredibly well researched survey of the cybercriminal landscape as told through the stories of actual people who enthusiastically embraced or simply fell into this dark and shadowy world.

The ongoing history of cybersecurity
If you want to go back and explore the early days of our industry and its cultural roots, then Cult Of The Dead Cow: How the Original Hacking Supergroup Might Just Save the World by Joseph Menn is a wonderful book that will transport you back in time to the 1980s world of elite hackers such as Mudge and RaD Man. Ghost In The Wires: My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick is a look into the real life of the most well-known or mythological hacker of all time and is another one of my all-time favourites.

Russia and the current conflict in Eastern Europe
By next summer I expect the shelves will be full of books exploring this topic, however if you are looking for an excellent primer then there are three books I would highly recommend. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Wired’s Andy Greenberg is a masterpiece of investigative journalism that explores the rising menace that Russian hackers pose in modern hybrid warfare and unfolds much like a Tom Clancy thriller novel.

Mr. Putin: Operative in the Kremlin by Fiona Hill and Clifford Gaddy provides the best psychological portrait of a leader who is pushing the world into a new area of persistent engagement and cyberwarfare, while A Short History of Russia: How the World’s Largest Country Invented Itself, from the Pagans to Putin by Mark Galeotti provides a sweeping overview of the foundations of Russian society and much of the historical background needed to better interpret the current conflict.

Cybersecurity Fictional Intelligence
I’ll end with some lighter reading recommendations that are still very thought-provoking, including a new category of Fictional Intelligence (FICINT) which is being developed by Peter Singer and August Cole who have written two excellent books, Ghost Fleet and Burn-In. Both books leverage a fictional and narrative story telling approach to teach strategic concepts and include a full and detailed reference section citing all the source material behind the technologies and concepts included in the books. While the story and characters are made up, all the technology is real or potentially real.

Hopefully there is something on this list for everyone! If you have recommendations for me or would like to connect and discuss some of these books, I would be more than pleased to chat with you on LinkedIn or Twitter as I explore some of my own summer reading on the deck over the coming weeks!

Kevin Magee is the chief security officer at Microsoft Canada (microsoft.ca).