Security news that informs and inspires
Books on shelves

Decipher Library: Holiday Edition 2023

We are eternally grateful to everyone who reads our writing on a weekly basis, and we wanted to return the favor by putting together a list of book recommendations from some of our friends and colleagues. We hope you find some time to sit down with one or more of these books over the holidays and enjoy yourselves.

Spies and Lies by Alex Joske

Joske takes readers on a ride through the elite influence operations of China's civilian intelligence services in a groundbreaking publication on the Social Investigations Bureau. Starting with the attribution of a non-official cover intelligence officer, Joske is able to detail multiple influence operations by weaving together public prosecution documents, corporate records, testimony of former intelligence officers, and open source data. The non-fiction page turner will change the way readers think about the nature of influence operations by the PRC and call into question whether the US is able, or willing, to combat China's elite influence operations.

Caste: The Origins of Our Discontents by Isabel Wilkerson

Wilkerson's book is one of the best written about race and caste in the US. Far from the typical account of white people's evil acts in American history, Wilkerson ties together compelling narratives with keen analysis of other caste systems abroad. The book most accurately reflects my interactions with race in America and gave me language for things I knew and experienced, but had not been able to articulate. For folks interested in better understanding their place in American society and where we are going, Caste is an excellent way to broaden their horizons. -Dakota Cary, China-focused Consultant at SentinelOne

Cultish: The Language of Fanaticism by Amanda Montell

I’m always fascinated by stories about cults and scams (and their weird offspring, MLM schemes). Amanda Montell explores how ideology, power dynamics, and influence are shaped by patterns of language and communication. In a world where “cult” can be used to describe fringe religions, fitness trends, and movies, this was a really interesting social science analysis that covers a lot of ground across the “brainwashing”-level influence of high control groups to the soft power wielded by social influencers (and social engineers). Whether you are interested in learning more about radical fanaticism, or might just find it fun to take a deeper look at your own “fan” tendencies, pick up “Cultish” to get a fresh perspective. – Allison Miller, Principal, Cartomancy Labs

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott Shapiro

Shapiro, a Yale law professor with a CS background, walks the reader through the colorful history of hacking. Drawing on stories from around the world, he explores what makes systems - and people - vulnerable to exploitation. It’s funny, informative, and accessible even for those without a technical or legal background. -Riana Pfefferkorn, Research Scholar at the Stanford Internet Observatory

Your Face Belongs To Us by Kashmir Hill

My most recent interesting read is Kashmir Hill's "Your Face Belongs To Us", an exploration of the development and regulation of facial AI technology told through the story of Clearview AI. It explores the whole breadth of the issue from law, to tech, all the way through to the government's own conflicted needs to both use and regulate the technology. It exposes the complexity of modern technologies and how they almost are almost always double-edged swords. Kashmir is an excellent researcher and storyteller and does an excellent job making this an interesting read and covering all of the most important aspects of the story. -Chester Wisniewski, Director, Global CTO at Sophos

Outliers: The Story of Success by Malcolm Gladwell

I recommend reading Outliers: The Story of Success by Malcolm Gladwell. Gladwell uses anecdotal examples and research studies to explore the factors contributing to high success levels. While Gladwell proposes ideas such as the "10,000-Hour Rule," suggesting that mastery in any field requires around 10,000 hours of practice, he also looks at other contributing factors beyond the traditional approaches.

This book goes beyond the traditional cognitive and educational bases of intelligence and success and explores how culture, creativity, familial backgrounds, and just plain luck can contribute to success. Gladwell also encourages readers to reevaluate their understanding of success and acknowledge the external factors that contribute to it.

This book stands out to me because I did not fall into the traditional model of success. Standardized testing, cognitive-based intelligence testing as a success indicator, and the traditional academic models are all things that I struggled with and often failed at. If you asked my teachers who would be the least likely student to go on to get a Ph.D., MBA, and become a graduate school professor, I'm pretty sure I would be high on this list. It wasn't until I learned HOW I learn and that traversing the traditional paths toward success would only set me up for failure. I had to look at my own strengths and weaknesses and pivot in ways that would allow me to lean into the best uses of my available strengths and assets.

In one section of the book, Gladwell proposes that rather than using a traditional IQ test, you use a divergence test that asks people how many uses they can come up with for a brick and a blanket. This would assess creativity, how many different ways your mind can approach things, and the uniqueness of your responses. One of the many things that I love about the security industry is that I can say with 100% certainty that people would come up with ideas for how to use that brick and blanket in ways most people would not even dream of. I have found most of the smartest people I know are outliers and their success is rarely due to what college they went to or how well they colored inside the lines as a kid.

I am always on the lookout for books that explore and encourage divergent and creative approaches to success and Outliers is high on my list. -Dr. Stacy Thayer, Ph.D, cyberpsychologist

Tomorrow and Tomorrow and Tomorrow by Gabrielle Zevin

Tomorrow and Tomorrow and Tomorrow follows the evolving relationship of two friends that make it big in the video game industry, but what interested me most was the author’s ability to make the process behind video game creation - from a development, business and entertainment perspective - a gripping backdrop to the story. Overall, this book is an entertaining read that touches on topics like love, sickness, death and losing yourself in digital realms - and it comes with the added bonus of being partly set in a city I am very familiar with, Boston. -Lindsey O’Donnell Welch, Decipher

"Consciousness, information theory, patterns, high math...it's all there."

All That is Wicked by Kate Winkler Dawson

I love well-researched journalism (it's, um...rare these days)! I also enjoy studying the history of humanity's quest to understand our own minds. From early alienists to modern neurologists, a great deal of human resources have been poured into making sense of what drives human behavior. All That is Wicked by Kate Winkler Dawson tells the story of Edward Rulloff, a serial murder and the 19th century investigators who were convinced his brain held the key to understanding the criminal mind.

This was an important milestone in the history of scientific discovery as well as criminology, but it also speaks to the evolution of American society's treatment of and ethical considerations for posthumous research and public spectacle. The book is a quick read and an enjoyable distraction from all that is wicked in cybersecurity. -Melanie Ensign, CEO of Discernible Communications

The Passenger_ and _Stella Maris by Cormac McCarthy

One of my very favorite books of 2023 is also the last book that will ever be written by Cormac McCarthy --- The Passenger and Stella Maris --- make that two books, though really just one story. Don't be biased by your feelings about Cormac's other excellent books, including The Road, All the Pretty Horses, and No Country for Old Men. Cormac's work is often dark and cuts straight through the bone to the marrow of violence and modern life. His work can be hard to read if you're sensitive to that kind of thing. But it is always powerful.

The Passenger and Stella Maris are the same story told through two different threads. And what a story it is, with some of the best fiction writing covering incredibly fast stream of consciousness manic (yet deeply scientific) thought that I have ever read. You kind of feel your own brain overheat in overdrive as he ramps you up to speed. So damn smart. And the backstory is informed by the time Cormac spent at the Santa Fe Institute hanging out with his buddy Murray Gell-Mann and other genius-level physicists. Consciousness, information theory, patterns, high math...it's all there. Do yourself a favor and dive in. -Gary McGraw, software security expert, founder of the Berryville Institute of Machine Learning and author of many, many books

The Word for World is Forest by Ursula K. LeGuin

I love bleak books that make me wish humans never existed, so the Word for World is Forest by Ursula K. LeGuin checked a lot of boxes for me this year. The story is set on a planet called Athshe that was long ago colonized by Earth, seeded for tree growth (spoiler alert: we ruined Earth and killed all our trees), abandoned for the most part, and then much later re-settled by a military logging colony from Earth to... well... log the trees.

In the intervening time between when the humans left and came back, those who stayed behind evolved into peaceful and furry little humanoid creatures called Athsheans who now inhabit the tree planet. They have no conception of war or violence. Predictably, the logging force brutally subjugates the Athsheans, exploiting them for labor, and decimating their planet and habitat for lumber.

Through the process of desolation, the Athsheans learn a great deal about wars and violence, and eventually leverage this new knowledge in a horrible revolt where many comeuppance are had.

Written during the Vietnam War, the book is a pretty obvious allegory for American military activity in the Indochinese Peninsula. It just as appropriately applies to the European invasion of the Americas, colonialism more broadly, and human conquest of the earth even more broadly than that. Conveniently, it's a short, straightforward book that's easy to read and even a fun adventure when it's not completely traumatizing and gruesome. -Brian Donohue, principal security specialist, Red Canary

Heat 2 by Michael Mann and Meg Gardiner

Look, I could spend quite a bit of time detailing the intricate opsec routines that Neil McCauley and Chris Shiherlis and their crews follow, or drawing intricate analogies between the criminal underground in Chicago and Mexico and the cybercrime underground in Russia and China. And those analogies would be apt. But the truth is, what you really need to know is that this book just rips. It's an absolute adrenaline ride from page one and has some of the best character development you'll see, regardless of the genre. Structured as both a prequel and a sequel to the movie Heat, this book pulls off the insanely difficult trick of taking known characters and expanding upon them, something made all the more diffcult by the complicated personas of the main cast. Full disclosure: Heat is my favorite movie of all time and I was privileged to have Meg Gardiner on our podcast last year, so I am in the bag for this book. But, as someone who has read a metric ton of crime fiction (and written some), I can say straight up that Heat 2 is the goods. It's on Mount Rushmore.

Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg

I don't spend a lot of my free time reading books about security, for obvious reasons, but I make excpetions for Andy's books. He has a knack for taking complex, arcane topics and turning them into fast-paced stories that not ony read like high-level fiction but somehow also get you emotionally invested in the kind of people who run global dark web drug markets. It's a fine trick. Tracers tells the story of the law enforcement agents and private sector experts who found the cracks in the cryptcurrency systems that cybercrime groups, drug cartels, and other criminals use to move and hide their illicit profits. While the topic may be esoteric and tough to grasp, Andy tells the tale in such a clever, engaging way that not only draws you in but makes you think that you might actually understand what the hell the blockchain is. -Dennis Fisher, Decipher