I really like reading about information security both because it’s part of my job to know about infosec (although not to the extent that an actual infosec professional’s would). But secondly, I just find the stuff interesting. And since I’m sure there are others out there who might be reading this blog also interested, I figured I’d share my recommendations.
Sandworm by Andy Greenberg
This book is a really thorough look at the Sandworm group, which is, at least according to Greenberg, a Russian state-run agency of hackers that do various attacks on various targets. Greenberg runs through his case and how the group were discovered as well as the current situation surrounding them.
Spam Nation by Brian Krebbs
I’ve talked about Spam Nation before and the stuff that I mentioned then still holds. The reason I’m including it on this list despite the fact that I’ve talked about it before is that it’s a perfect example about information security affects everyone, whether you work in IT or not.
Tribe of Hackers series by Marcus J Carey and Jennifer Jin
Tribe of Hackers is a departure from pretty much everything else on this list. It’s a series of interviews Carey and Jin conducted with various cybersecurity professionals. They are mostly, as the title implies, hackers. They talk about their own history and the business of infosec as well as the myths surrounding the field. Each interview is just a few pages and thus you can read it basically as a “waiting-in-line” book, reading an interview here and another there. Highly recommended for getting various views into the world.
The Code Book by Simon Singh
This one isn’t infosec as such. It’s a book about cryptography, which is at least somewhat related. And it is THOROUGH. Singh goes through the history and present of cryptography in an understandable manner that is also at least mildly entertaining. I think this should be basically mandatory reading for every writer out there as well as anyone just generally interested.
Darknet Diaries is a podcast, but it belongs on this list because every episode covers an aspect of information security. Sometimes the episodes cover a person, sometimes it’s a heist, and sometimes it’s a group like above with Sandworm, although in much less detail. I think I’ve listened to every single episode and have never been disappointed.