Skip to main content

Chasing Vapor: Exploring the Murky Malice of Cybercrime (2019) Review

chasing vapor

Book written by Wes Andrues
Book review by Bill Yurek

Summary: Chasing Vapor, a 234-page book by Wes Andrues, sets out to “educate those with a recreational interest in cybercrime and provide insight and appreciation for how tenuous is our grip on computer security.”  Andrues admits there are many cybersecurity books available, and offers Chasing Vapor as another viewpoint, focused more on the real-life risks we all face in the cyber realm, including the financial and associated costs imposed upon all of us, both as individuals, citizens and corporate persons.  Mr. Andrues succeeds in his goal, providing a very readable and often entertaining book that presents ideas in plain English using a clear and easy-to-follow format.  It is not a must-read for cybsecurity professionals, but can help those professionals to better educate their clients, customers and organizations on the practical impact of cybercrime and serves as a reminder of the very human cost of cybercrime in what has become a very impersonal arena.


In a time when cybersecurity books abound, and each seems to be very much like the last, Wes Andrues sets out to be a little different in his approach.  A cybersecurity expert with experience at the highest levels of national cybersecurity, he sets out to “educate those with a recreational interest in cybercrime and provide insight and appreciation for how tenuous is our grip on computer security.”  The book begins with a stark admission that it’s hard to be unique in the glut of cybersecurity books on the market today, but then proceeds to actually do so.

The author breaks down cybersecurity into 11 main areas, each with its own chapter.  The chapter headings alone testify to his desire to avoid “geek speak” and put things in plain terms:

•    Chapter 1: Our Digital Dependency
•    Chapter 2: Behold, a Virtual Vat of Wealth
•    Chapter 3: Bad Apples Amidst the Fruits of Progress
•    Chapter 4: Cyber Sins: What Makes Them a Crime?
•    Chapter 5: The Act of the Hack: Tactics and Tools
•    Chapter 6: Real Victims, Relative Consequences
•    Chapter 7: Digital Drag: Cybercrime’s Parasitic Costs
•    Chapter 8: The Good Guys
•    Chapter 9: Digital Doors, Gullible Guards
•    Chapter 10: Do the Crime, Forget the Time?
•    Chapter 11: Curbing Computer Crime

As a former federal agent and prosecutor, I was most impressed with Chapter 4, which categorizes different offenses into legal “bins.”  For the newcomer to fighting cybercrime, the situation often comes up where you may ask “I just know this must be wrong, but I don’t know if it’s a crime.”  I once had a supervisor say to me “there are some wrong things that Congress in its infinite wisdom has decided are not crimes.”  Chapter 4 does a good job of addressing such situations.  

Throughout the book Mr. Andrues uses wit and occasional sarcasm to keep things on a conversational, real-world level and to take some of the formality out of cybersecurity. That very formality often stands in the way of a budding cybersecurity professional moving forward in his/her knowledge and career. Perhaps my biggest critique of the book is the rather painful alliteration of “Murky Malice” in the title.

For the established cybersecurity professional who keeps abreast of developments in the field, Chasing Vapor doesn’t offer anything new. There likely won’t be an “aha” moment when you realize there’s a gaping hole in your knowledge that has just been filled.  But that doesn’t make it any less of a good read, both as a refresher on the ground-level aspects of cybercrime and as a compendium of easy-to-understand explanations of the terminology, risks and players in the cybercrime arena. Very few cybersecurity books are both informative and easy to read and entertaining, and Chasing Vapor is both.

This is the format guide for writing book reviews for the Cybersecurity Canon Project. It contains the names of key elements to include in your review, the format for those key elements, and examples of what a typical entry would look like.

Use this format. Write your book review in a text document, a Microsoft Word Document, or a Google Docs document and send it to Helen Patton:

You will hear from a Canon Committee member within five business days that they received the review.


More Books

Cybersecurity First Principles: A Reboot of Strategy and Tactics
Navigating the Cybersecurity Career Path
If It's Smart, It's Vulnerable