I started learning cryptography in the early 2000s with books borrowed from my university’s library, and with information I could find online. Since then I’ve practiced cryptography for 15 years in a variety of contexts: as an academic researcher, while working on my PhD; as a cryptography engineer for software and hardware pay-TV systems; as a consultant for private and public sector clients; as a vulnerability researcher in my spare time; as a code auditor for cryptography projects; as a start-up founder in the domain of IoT security; and as CSO (chief security officer) of a fintech start-up. I live in Lausanne, Switzerland, and besides crypto I enjoy literature, rock climbing, and playing classical guitar.
Although David is a friend, I only recommend his book because it’s great, both in terms of content and presentation. Real-World Cryptography is today’s reference book about cryptographic tools and applications: Modern schemes such as the SHA-3 hash function and the Noise protocol framework, end-to-end encryption protocols, cryptocurrencies’ cryptography mechanisms, as well as emerging techniques like fully-homomorphic encryption and multi-party computation; Wong’s book delivers a practice-oriented, accessible introduction, enriched by many visual illustrations (including original comics strips!), and exercises (with their solutions).
If you're browsing the web, using public APIs, making and receiving electronic payments, registering and logging in users, or experimenting with blockchain, you're relying on cryptography. And you're probably trusting a collection of tools, frameworks, and protocols to keep your data, users, and business safe. It's important to understand these tools so you can make the best decisions about how, where, and why to use them. Real-World Cryptography teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications. about the technologyCryptography is the foundation of information security. This simultaneously ancient and emerging…
I am a cybersecurity risk management thought leader and subject matter expert with hands-on experience in managing and measuring large-scale cybersecurity programs, system security architecture, cybersecurity tools and techniques, cybersecurity forensics, audit of information systems and networks, and technology control processes. I have spent my career educating others in cybersecurity, mostly because it has always been necessary to educate staff; and colleagues soon recognized that I was easily able to handle the transition from staff training to external classroom environments. But my main motivation for external cybersecurity education is to get feedback from the cybersecurity professional community on my approaches to today’s cybersecurity issues.
The book portrays a scenario in which nation-state adversaries launch a sophisticated cyberattack against the United States.Though it is science fiction, the political scenario it depicts is a realistic description of how today’s nation-states consider technology options when they are engaged in traditional war. For people interested in cybersecurity and attracted to that genre, it will be an eye-opening experience because the basic scenarios it describes are very easy to project into the near future. It is also a tale of adventure.
Ghost Fleet is a page-turning imagining of a war set in the not-too-distant future. Navy captains battle through a modern-day Pearl Harbour; fighter pilots duel with stealthy drones; teenage hackers fight in digital playgrounds; Silicon Valley billionaires mobilise for cyber-war; and a serial killer carries out her own vendetta. Ultimately, victory will depend on who can best blend the lessons of the past with the weapons of the future. But what makes the story even more notable is that every trend and technology in book - no matter how sci-fi it may seem - is real. The debut novel by…
I have been an information technology and cybersecurity professional for over two decades. I’ve learned over and over again that “people are the weakest link.” You can build the most secure system in the world, with stringent password requirements. But if the user writes their password down and leaves it where someone else can see it, system security is irrelevant! The easiest way to gain access to a system is via “social engineering” – to trick a human being into giving you the access you need, rather than trying to hack the systemitself. The books on this list will help the reader lower their chances of being exploited like this.
Cybersecurity is Everybody’s Business is a great book that focuses not only on the how to keep your data safe, but on the very critical why this is important. Author Scott Schober suffered a grievous cyberattack in a previous business, and he brings his experience to the forefront in this guide. Joined by his brother as co-author, they focus on cybersecurity for the home and small business – environments that are unlikely to employ full-time cybersecurity professionals. (That’s why these places are often targets for the bad guys!)
Since publication of his first book, HACKED AGAIN, Scott Schober has dedicated himself to educating anyone who would listen by telling his own story of being hacked in the hope that others can learn from his own mistakes. Now joined by his brother Craig, the two have set their sights on the biggest target of all, small businesses.
There are 30 million small businesses currently operating in the United States. Some of them are single owner/operated while others collectively employ hundreds of millions. This book is for all of them and anyone who makes it their business to stay safe…
I am a cybersecurity risk management thought leader and subject matter expert with hands-on experience in managing and measuring large-scale cybersecurity programs, system security architecture, cybersecurity tools and techniques, cybersecurity forensics, audit of information systems and networks, and technology control processes. I have spent my career educating others in cybersecurity, mostly because it has always been necessary to educate staff; and colleagues soon recognized that I was easily able to handle the transition from staff training to external classroom environments. But my main motivation for external cybersecurity education is to get feedback from the cybersecurity professional community on my approaches to today’s cybersecurity issues.
A reporter’s account of nation-states' relentless pursuit of superior offensive capability. Although former NSA officials may not agree with every word, it is generally acknowledged to be a true trail of facts available to reporters. Most cybersecurity staff are routinely muzzled by legal confidentiality agreements in the same manner as staff who have access to business trade secrets. There are few reporters who have had as much access as Perlroth to those individuals.
THE NEW YORK TIMES BESTSELLER * Winner of the Financial Times & McKinsey Business Book of the Year Award * Bronze Medal, Arthur Ross Book Award (Council on Foreign Relations)
"Written in the hot, propulsive prose of a spy thriller" (The New York Times), the untold story of the cyberweapons market-the most secretive, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
Zero-day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy's arsenal, a zero-day has the power…
I’ve always been passionate about social justice as a writer and as an international human rights lawyer. I had worked on human rights, surveillance, and privacy for decades around the world, but it was when I first read about Cambridge Analytica back in 2017 that it felt personal – privacy is the gateway to our right to freedom of thought and opinion and Big Tech is increasingly acting as the gatekeeper to all our human rights. These books have all helped me to understand what the risks are and how to tackle them.
Privacy Is Power gets to the heart of why we should all be worried about encroachments on our privacy.
Carissa Veliz is a philosopher and a talented writer who brings complex and profound ideas to life on the page. Some writing about technology can feel dry and detached, but Veliz makes you understand viscerally how the impact of technology is a human, not a technological issue.
As the data economy grows in power, Carissa Veliz exposes how our privacy is eroded by big tech and governments, why that matters and what we can do about it.
The moment you check your phone in the morning you are giving away your data. Before you've even switched off your alarm, a whole host of organisations have been alerted to when you woke up, where you slept, and with whom. As you check the weather, scroll through your 'suggested friends' on Facebook, you continually compromise your privacy.
I started learning cryptography in the early 2000s with books borrowed from my university’s library, and with information I could find online. Since then I’ve practiced cryptography for 15 years in a variety of contexts: as an academic researcher, while working on my PhD; as a cryptography engineer for software and hardware pay-TV systems; as a consultant for private and public sector clients; as a vulnerability researcher in my spare time; as a code auditor for cryptography projects; as a start-up founder in the domain of IoT security; and as CSO (chief security officer) of a fintech start-up. I live in Lausanne, Switzerland, and besides crypto I enjoy literature, rock climbing, and playing classical guitar.
One of the books that I open at least once a year, and which I always recommend to students and mentees. Security Engineering isn’t a book (only) about cryptography, yet one about a topic that a cryptographer should know well: security engineering, or the design, implementation, and testing of systems that must be reliable in hostile and adversarial environments. Cryptography is indeed often just a small, yet critical, component of larger security systems. A good cryptographer must therefore not limit themselves to their field, but understand the risks, practical constraints, and functional needs of the environment where cryptography is integrated. Anderson’s book is the undisputed reference in that space.
Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic
In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.
This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.
"This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle."
-Steve Riley, senior security strategist, Microsoft Corporation
"There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one."
I’m a theologian who started out as a computer scientist. Teaching classes on AI got me wondering, not just whether we’d ever be able to create a human-like AI, but why we wanted to do so in the first place. It seemed to me that computers were the most helpful when they did the things we are not very good at—crunching big calculations, or exploring Mars—stuff we can’t do. That got me thinking that there might be something spiritual going on, that in a world where we increasingly no longer believed in God or angels, we were lonely. That we didn’t want a tool but a companion.
Brevini gives us something real to worry about—climate change. Did you know that using ChatGPT to look something up can take up to ten times as much energy as doing a Google search?
To most of us, AI seems like something that just happens in thin air (the cloud). But, in reality, the data centers needed to train and run AI rely on a variety of scarce resources and eat up vast amounts of energy in doing their calculations. This little book of just 109 small pages lays out the many ways in which AI is contributing to climate change.
An AI-centric world will be a hot and stormy one, increasingly inhospitable for both humans and machines. And that has me worried.
Artificial intelligence (AI) is presented as a solution to the greatest challenges of our time, from global pandemics and chronic diseases to cybersecurity threats and the climate crisis. But AI also contributes to the climate crisis by running on technology that depletes scarce resources and by relying on data centres that demand excessive energy use.
Is AI Good for the Planet? brings the climate crisis to the centre of debates around AI, exposing its environmental costs and forcing us to reconsider our understanding of the technology. It reveals why we should no longer ignore the environmental problems generated by AI.…
I’m the Head of Trend and Innovation Scouting for Nokia, and I’ve been with the company since the glory days of Nokia mobile phone world dominance. I know first-hand what happens when a company focuses exclusively on the technology, not the humans that use it, and how quickly that can lead to disaster. One of the lessons that I see repeated continuously in the field of innovation is that a huge amount of attention gets paid to the new technology, and not nearly enough on how the technology will interact with our existing systems, beliefs, attitudes, and culture. Learning from the mistakes is the best way to make sure that the future doesn’t repeat them!
Stepping away from the topic of immersive technology, The Ransomware Hunting Team instead looks at the realities of cybercrime in the US, and why especially our government infrastructure has such a hard time fighting it effectively.
Like all the other books on my list, it’s an examination of what happens when the rubber meets the road with a new technology, and how we humans often just aren’t very good at adapting to change.
Part of the key problem is that hackers – including the white hat hackers that you want on your side to bring down the bad guys – tend not to be social animals, and our official organizations are far happier hiring a smiling guy in a suit than a scowling nerd who would rather work from his dark bedroom at home. (Apologies for the stereotypes, but – this really is a problem!)
Scattered across the world, an elite team of code-cracking techies is working tirelessly on your behalf to thwart the most notorious cyber scourge of our time. You've probably never heard of them. But if you work for a school, a business, a hospital, or a municipal government, especially if its cybersecurity is imperfect, chances are that you're painfully familiar with the group's sworn enemy: ransomware. Again and again, these ordinary people, mostly self-taught and often struggling to make ends meet, have outwitted the shadowy networks of hackers and criminal gangs that lock computer networks and extort huge payments in return…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
Gary McGraw has been an advocate for the importance of developing secure software during the more than 15 years that I have known him, and before that! He has written a number of books, but this one captures his philosophy on how to develop secure software. It’s an excellent resource for practitioners and management.
"When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies
"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor
"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF…
