Take these security books with you on vacation

Here is the summer CISO reading list.


Real-life cyber mysteries

Why spend your beach time this summer reading fictional mystery novels when real world mysteries are swirling through the cyber sphere? BAE Systems and Rick Howard, CSO of Palo Alto Networks, have put together a summer reading list for cyber security professionals. It includes titles that cover the international underworld of money laundering, the greatest criminal minds in hacking, insights into understanding how cyber criminals think, the impact of potential cyber attacks and cyber wars on mission critical targets as well as practical advice and business lessons on cyber security.

If you have any other suggestions, send them and a write-up to Ryan Francis.


by Bob Mazur

Federal Agent Robert Mazur spent five years undercover as a money launderer to the international underworld, gaining access to the zenith of a criminal hierarchy safeguarded by a circle of dirty bankers and businessmen who quietly shape power across the globe. In 1987, Mazur began infiltrating BCCI, bankers behind the Medellín cartel. He meticulously gathered evidence for years until, during a fake wedding, federal agents arrested over 40 high-ranking criminals, who were all found guilty and sent to prison. Never before told, this is the incredible, true story of how he did it. This summer it will be released as a major motion picture starring Brian Cranston.

Beautiful Security: Leading Security Experts Explain How They Think

by John Viega

In this thought-provoking anthology, today's security experts describe bold and extraordinary methods used to secure computer systems in the face of ever-increasing threats. Beautiful Security features a collection of essays and insightful analyses by leaders such as Ben Edelman, Grant Geyer, John McManus, and a dozen others who have found unusual solutions for writing secure code, designing secure applications, addressing modern challenges such as wireless security and Internet vulnerabilities, and much more. 

Lights Out

by Ted Koppel

In this New York Times bestselling investigation, Ted Koppel reveals that a major cyberattack on America’s power grid is not only possible but likely, that it would be devastating, and that the United States is shockingly unprepared.

See CSO’s Q&A with Koppel: Ted Koppel discusses the inevitable cyberattack on U.S. infrastructure

Cybersecurity and Cyberwar: What Everyone Needs to Know

by P.W. Singer

In Cybersecurity and CyberWar: What Everyone Needs to Know®, New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its security: how it all works, why it all matters, and what can we do? Along the way, they take readers on a tour of the important (and entertaining) issues and characters of cybersecurity, from the "Anonymous" hacker group and the Stuxnet computer virus to the new cyber units of the Chinese and U.S. militaries. Cybersecurity and CyberWar: What Everyone Needs to Know® is the definitive account on the subject for us all, which comes not a moment too soon.

Secrets & Lies – Digital Security in a Networked World – 15th Anniversary Edition

by  Bruce Schneier

Information security expert Bruce Schneier explains what everyone in business needs to know about security in order to survive and be competitive. Pragmatic, interesting, and humorous, Schneier exposes the digital world and the realities of our networked society. He examines the entire system, from the reasons for technical insecurities to the minds behind malicious attacks. You'll be guided through the security war zone, and learn how to understand and arm yourself against the threats of our connected world. In Secrets and Lies, you'll learn about security technologies and product capabilities, as well as their limitations. And you'll find out how to respond given the landscape of your system and the limitations of your business.


by Adam Levin

This book was recommended by a CSO reader: Increasingly, identity theft is a fact of life. We might once have hoped to protect ourselves from hackers with airtight passwords and aggressive spam folders, and those are good ideas as far as they go. But the truth is, there are people out there — a lot of them — who treat stealing your identity as a full-time job.

One such company is a nameless firm located in Russia, which has a trove of over a billion internet passwords. Another set up a website full of live streams of hacked web cameras, showing everything from people’s offices and lobbies to the feeds from baby monitors. Even purchases made in person are still logged by retailers like Target, who are famously vulnerable to hackers.

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

by Kevin D. Mitnick, William L. Simon, Steve Wozniak

Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies, and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

by Kevin Poulsen

Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the 21st century’s signature form of organized crime.

Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door

by Brian Krebs

In Spam Nation, investigative journalist and cybersecurity expert Brian Krebs unmasks the criminal masterminds driving some of the biggest spam and hacker operations targeting Americans and their bank accounts.

Zero Day

by Mark Russinovich

I appreciate what Russinovich is trying to do with this novel: Tell an exciting, “Die Hard”-like story with interesting cybersecurity people and realistic tech and, at the same time, inform the general reader about how dangerous the current state of the cybersecurity environment is. In a presentation that Russinovich did at RSA in 2012 to supplement this book, he quoted Sen. Joe Lieberman: “To me it feels like it is Sept. 10, 2001. The system is blinking red – again. Yet we are failing to connect the dots – again.”

The Blue Nowhere

by Jeffery Deaver

Jeffery Deaver is best known in literary circles as a crime novelist. He is not normally associated with technical thrillers, but he turned his writing skills in this book to a manhunt-type story where the serial killer in question is also a world-class hacker.

The Blue Nowhere is a cyber thriller written by an accomplished novelist about the hacking culture. Deaver may not have as much of a technical background, but he knows how to flesh out his characters. The Blue Nowhere feels more like real people in a cyber story as opposed to a cyber premise populated with cookie-cutter characters.


by Richard Clarke

Clarke jams a boatload of cutting edge cybersecurity ideas into this slim, Michael Crichton-esque political thriller. Clarke wrote it in 2007 but set it in the near future of 2012 and when I say there is a boatload of information, I am talking about yacht-sized, not dingy-sized. The bad guys in this novel execute most of the cyber fantasy attacks against the United States that any group of cybersecurity geeks (including myself) could conjure up after a few beers sitting around a bar at the annual Black Hat / DEFCON conventions in Vegas (incidentally, one of the settings in the book).

Buy this book on Amazon.


by Neal Stephenson

Cryptonomicon is the quintessential hacker novel. The author, Neal Stephenson, describes a story that is set around the intersection between the discovery of world-changing math insights and the incipient designs of our computer science founding fathers. Stephenson delights in explaining how all of these things go together. His collection of fictional and nonfictional characters orbits each other across a thousand pages and propels the reader through dual timelines of World War II and the dot-com startup decade of the 1990s. The result is a multigenerational treasure hunt worthy of an Indiana Jones adventure, but unlike Indiana Jones, this is not a light read. It is dense with ideas. You do not skim through this looking for the good parts, but if you take the time to embrace the journey, you will not be disappointed. You will be fed cybersecurity history, rollicking adventure, heartbreaking tragedy, the pleasures and perils of a multigenerational family, and the awkwardness of several geek love stories all told from the hacker perspective. There is something for everyone here, and you owe yourself the pleasure of finding your favorite part. It deserves a spot in the canon.


by Daniel Suarez

If you appreciate hacking stories like The Girl with the Dragon Tattoo or gaming stories like Ready Player One or stories that combine both like Reamde, you will love both Daniel Suarez’s Daemon and his Freedom™ like I did. These two books tell one long story and are loaded with seemingly futuristic ideas that are just years away from general deployment. Suarez introduces these new ideas from an old-school hacker perspective in an effort to reboot the world order. He demonstrates quality writing that gets the technical details right.

The Florentine Deception

by Carey Nachenberg

The Florentine Deception by Carey Nachenberg is a recently published novel grounded in cybersecurity. The book begins when cybersecurity expert, Alex Fife, is asked to clean up an old PC his father purchased at an estate sale, only to discover a piece of rather sophisticated malware that captures the user’s keystrokes and sends them to an email server in Russia. To Fife, this situation doesn’t compute; and after a bit of forensic analysis and some sleuthing about the PC’s previous owner, he determines that this system compromise is no accident. In his investigation, Fife also discovers a mysterious detail he can’t quite figure out – something about an item known as Florentine.

The Girl with the Dragon Tattoo

by Stieg Larsson

The Girl with the Dragon Tattoo is a ripping-good detective story set in the vicinity of Stockholm, Sweden, during a time when the only way to connect to the internet from your home was with inexpensive modem lines or expensive ADSL lines. If you like mysteries and if you like stories about hackers, you have to read this book.


by William Gibson

William Gibson’s landmark Neuromancer is a must-read for every cybersecurity professional, not because you will learn new insights into your craft, but because you will understand why this book was so influential to the cybersecurity zeitgeist back in the day. Gibson invented and clarified the language that we are still using today 10 years before it became mainstream. He coined the word “cyberspace,” launched the “cyberpunk” genre, pontificated about “the singularity,” guessed (correctly) that “hacktivism” would be a thing, and understood that we would need a form of ” search” long before any of us even knew how vital Google and similar services would become. You should have read this by now.