Software Engineer working on a project to develop skills

With summer here—and most COVID-19 restrictions pared back—vacations are in full swing. This also means there’s plenty of time to enjoy a book or catch up on that long-neglected reading list. And when it comes to cybersecurity, IT and security pros looking for self-education, a skills boost or career advancement have numerous reading options to choose from to help fill their downtime.

With over 750,000 open cybersecurity positions in the U.S., building up skills to enter the security field or work toward a more senior position is crucial. It’s why having a robust reading list to keep up on the latest technology trends, such as generative artificial intelligence (A.I.) or cyber threats (such as nation-state attacks, cybercrime and ransomware), remains a must. 

At the same time, there are scores of books on management, psychology and economics that can help round out tech pros’ education and lay the groundwork for a new job or promotion.

To help tech and security pros build out their summer reading for the next three months (whether it’s a beach read or a digital download during a staycation), Dice asked a group of cybersecurity executives and industry watchers what they’re reading this summer. In addition to their reading list, experts shared their current thinking about how the cybersecurity field is evolving and what skills are needed to keep up.

Coming to Grips With A.I.

With the buzz around generative A.I. and the release of OpenAI’s ChatGPT and Google’s Bard, it’s little surprise that books about this ground-breaking technology have moved to the top of several reading lists.

One industry executive reading multiple books about A.I. is Rohit Ghai, CEO of RSA. One that he recommends is The Age of A.I. And Our Human Future, written by three eminent thinkers: Henry Kissinger, Eric Schmidt and Daniel Huttenlocher. The book explores how A.I. has the potential to change businesses in general and cybersecurity specifically. The authors note that “bad” A.I. can create and evolve new threats faster than humans can keep pace. In turn, cybersecurity pros need to keep “good” A.I. on their side.

“That’s going to lead to an identity crisis in cybersecurity: We’ve kept the world safe for so long, and now we have to use machines to protect machines?” Ghai said. “’The Age of A.I.’ explains how humans should envision and shape that future. As a sector, cybersecurity must define both A.I.’s and humans’ new roles as soon as possible. Because if we don’t, then our adversaries will.”

Another book focused on this technology is Human Compatible: Artificial Intelligence and the Problem of Control by researcher Stuart Russell, which wants tech pros and others to rethink A.I. from the ground up. While many discussions center around the use of generative A.I. and whether the technology can leak sensitive data, the book offers other issues to contemplate, said Sounil Yu, CISO of security firm JupiterOne.

“The real conversation should be about A.I. safety, which will be a much bigger concern that will overshadow any security concerns in the near future,” Yu said. “This book should help seed thoughts about how we as security practitioners can position ourselves to serve as future A.I. safety officers.”

Cybercrime Noir

No cybersecurity reading list is complete without a look into cybercrime, how attacks like ransomware and business email compromise continue to evolve, the shadowy world of how nation-state groups operate, and why the FBI believes losses from fraud and schemes topped $10 billion in the U.S. last year.

Even though it’s a few years old, one book that tops several lists is This Is How They Tell Me The World Ends by Nicole Perlroth, which delves into cybercriminal activity and the increasing use of zero-day attacks.

“Not only is it fascinating, and really shows different angles about the new war arena, it's an impassioned reminder of the critical nature of the job we do each and every day as cyber practitioners,” Gali Rahamim, cybersecurity architect and customer success manager at XM Cyber.

On the nation-state side, Rob Hughes, the CISO of RSA, recommends Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. The book, written by Andy Greenberg, looks at the notorious Russian-based hacking group and its operations against vital infrastructure and how this group fits into the new world of cyber warfare.

“Seeing how these trends took shape and the damage they’ve caused underscores just how big, interconnected, and vulnerable the attack surface has become—and why organizations need to prepare,” Hughes said.

Another area of growing interest is misinformation and disinformation and how these can affect both people and organizations. It’s one reason why Craig Jones, vice president of security operations at Ontinue, is reading Foolproof: Why Misinformation Infects Our Minds and How to Build Immunity by Sander van der Linden, who writes about the psychological foundations of fake news and propaganda while offering practical tools and strategies that go beyond mere fact-checking. 

“The unique aspect is his proposal of 11 'antigens' that enable readers to actively fortify themselves against the spread of misinformation,” Jones noted. “His well-researched approach, complemented by real-world examples, makes the book an excellent resource, particularly for those in cybersecurity who are combating misinformation.”

Old Favorites

Although it was written in 1989, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage offers one of the earliest first-hand accounts of a hacking operation. Specifically, author Clifford Stoll uncovered an attack that targeted Lawrence Berkeley National Laboratory. 

While over 30 years old, the books still hold lessons for those in cybersecurity today, said Piyush Pandey, CEO at Pathlock.

“The account, which reads as a great spy novel, serves as a great example of how the cybersecurity world has grown so much over the last four decades,” Pandey added. “Although the hacking was on now-obsolete IT infrastructure, the book represents how the need for application security and controls automation is a continuous arms race between bad actors—internal and external.”

Technical Tomes

For those looking to deep-dive into the more technical aspects of cybersecurity, Cybersecurity First Principles: A Reboot of Strategy and Tactics by Rick Howard, a former chief security officer with Palo Alto Networks and commander for the U.S. Army’s Computer Emergency Response Team, delves into the specific security principles from a practitioner’s point-of-view.

“Even if you've been a cybersecurity practitioner for many years, this book will sharpen your understanding of the fundamental truths—including one overarching principle and five sub-strategies to implement it—that serve as the foundation for building effective cybersecurity programs,” said Phil Neray, vice president of cyber defense strategy at CardinalOps. “Plus, the book is written in a highly-readable and entertaining style, and it explains complex issues in an understandable way that will also resonate with business leaders in your organization.”

Another book in this area is Hack Your Bureaucracy, written by Marina Nitze and Nick Sinai, which shows how cybersecurity pros can make positive changes within their organizations but don’t know how to get started.

“The strategies laid out by Nitze and Sinai can assist with tackling communication barriers, red tape and even confidence issues that can come with tough discussions. It’s an empowering book for anyone interested in enacting change,” said Patrick Tiquet, vice president for security and architecture at Keeper Security.

A different take on the technical side of cybersecurity is The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, which delves into the art of analyzing computer memory to solve digital crimes.

“While this isn't a ‘beginner’ text, I believe it's worth a read—or a re-read—for anyone who wants to deepen their understanding of how memory works, and leverage that knowledge as in forensics, vulnerability research, or reverse engineering,” said Melissa Bischoping, director of endpoint security research at Tanium. “I consider this book one of the top five books for anyone serious about diving deep and unlocking the secrets you can only expose by volatile memory analysis.”

Beyond Cybersecurity

Not all reading lists need to focus exclusively on cybersecurity. JupiterOne’s Yu is also reading Thinking, Fast and Slow, written by Daniel Kahneman, who won the Nobel Prize in Economics. In the book, he shows how people use two modes of thought and how those different approaches affect the economy and the approach to risk.

“Any book on behavioral economics is worth a read, particularly to understand the psychological basis for how we evaluate risk,” Yu added. “This is the landmark book on the topic and will provide security practitioners with a strong foundation for understanding and avoiding the common mistakes and errors that we make when we practice risk management.”

Craig Jones of Ontinue also recommends Your Brain is Playing Tricks on You, which looks at cognitive biases and how this can translate into how tech and security pros can approach their jobs.

“Understanding cognitive biases is crucial to cybersecurity because these biases often form the basis of social engineering attacks,” Jones added. “Cybercriminals exploit these psychological weaknesses to manipulate people into revealing sensitive information or perform actions that compromise their digital security. A common cognitive bias known as ‘confirmation bias’ might lead someone to believe a phishing email is legitimate because it appears to confirm their expectations, such as it coming from a recognized brand or person.”