As a founder of a cyber security startup, I constantly pick brains of others in the cyber security industry and books remain one of the best way to do so.
The thing is, it’s not just IT specialists in the industry who should read those books. Cyber security is not just a problem which IT security specialists need to solve — it’s everyones problem.
In late 2020, I was interviewing Kieren Nicolas Lovell, who is teaching social engineering in Kings College at Cambridge University. He’s also the head of CERT in TalTech and what he said was a hard reality check for the audience:
Every exercise, we find an IT security expert who will volunteer for being a target to a phishing attack done by students. To date, students have 100% success-rate.
It’s not about who is stupid enough to click on a link — it’s about human nature, cyber hygiene, awareness and about knowing what ever you do, there’s no 100% security — even if you’re well experienced cyber-security expert.
Social Engineering: The Science of Human Hacking, 2nd Edition
The most efficient way to gain access to a system is by targeting a human who already has the access.
Unfortunately, there’s no patches nor firewalls available for human brain and hackers know it.
Social Engineering is largely based on psychology, but the book also talks about OSINT (Open Source Intelligence) which is used for reconnaissance.
Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You
Yes, I’m a big fan of Christopher Hadnagy!
This is another book of his which isn’t even out yet, but you can pre-order it and get it in February 2021 (I’m writing this in late December 2020).
Like his previous book, this also keeps psychology in the centre focus.
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World
What makes books so great is the fact that you can get overview of someones 10 years of experience in a week (..or a day, depends how fast you read).
Usually a book gives you a perspective of a single person, but Tribe of Hackers is different.
Marcus J. Carey has interviewed 100 cyber security experts who answer questions such as “Do you need a degree to work in cyber-security?” and “What are the easiest, but most effective ways to keep yourself safe online?”.
These are the books that I believe to be essentials and what I recommend to anyone who is interested in cyber security or just wants to be more secure online.
Have you read any of the three books here? Let me know what were your main takeaways and what books would you recommend after reading these?
About the author: Oliver Sild is a passionate cyber-security entrepreneur. He’s a founder of WebARX security and is organising CTF competitions in Estonia.