Tribe of Hackers
Book written by Marcus J. Carey and Jennifer Jin
Book review by John Breth
Bottom Line: I recommend this book for the Cybersecurity Canon Hall of Fame.
The path to enlightenment in the cybersecurity community is a perilous one. Often, those new to the industry must not only find their own niche but also blaze their own trails, as the field is constantly changing and evolving.
The typical path first involves the search for information. Information, when gathered and ingested, becomes knowledge. Knowledge, when used, transforms into experience. The pinnacle is reached when all three are successfully combined into wisdom. Wisdom is hard to quantify and extremely valuable to attain, especially for those new to the industry.
Tribe of Hackers is written and organized by Marcus J. Carey and Jennifer Jin with the intent of gathering cybersecurity advice from the best hackers in the world. The book is filled with interviews from many talented hackers, defenders and leaders who are experts in cybersecurity. Some are extremely well known to the community, while others would have their expertise brought to light by being featured in this book.
Imagine the impact of gleaning the best pieces of information, knowledge, experience and wisdom from 70 of the top cybersecurity practitioners, leaders and luminaries in the world and putting it into a book called “Tribe of Hackers.” The totality of the information shared is unprecedented in cybersecurity.
The book is presented in an interview form. Each of the 70 hackers is asked the same group of questions. The format of the book is fantastic and lends itself to being as much a reference guide as collections of small stories. The vast array of experiences and stories, coupled with a lot of the same underlying themes of successes, failures, lessons learned and recommendations is both informational and inspirational. Carey notes that his vision for this book and the format was very much inspired by the Timothy Ferriss book, “Tribe of Mentors,” which gathers information from more than 100 top performers in the various industries including sports, art, business, and science.
The key to getting great input from those involved is derived directly from the type of questions asked, which are a combination of industry, general and personal questions. The answers are viewed through the lenses of cybersecurity and infosec, and the discussions are focused around these 14 questions:
- If there is one myth that you could debunk in cybersecurity, what would it be?
- What is one of the biggest bang-for-the-buck actions that an organization can take to improve their cybersecurity posture?
- How is it that cybersecurity spending is increasing but breaches are still happening?
- Do you need a college degree or certification to be a cybersecurity professional?
- How did you get started in the cybersecurity field, and what advice would you give to a beginner pursuing a career in cybersecurity?
- What is your specialty in cybersecurity? How can others gain expertise in your specialty?
- What is your advice for career success when it comes to getting hired, climbing the corporate ladder, or starting a company in cybersecurity?
- What qualities do you believe all highly successful cybersecurity professionals share?
- What is the best book or movie that can be used to illustrate cybersecurity challenges?
- What is your favorite hacker movie?
- What are your favorite books for motivation, personal development or enjoyment?
- What is some practical cybersecurity advice you give to people at home in the age of social media and the internet of things?
- What is a life hack that you’d like to share?
- What is the biggest mistake you’ve ever made, and how did you recover from it?
Besides the impact of collecting this treasure trove of career, technical and personal recommendations, this book has a unifying impact amongst the cyber community. A key component to this that should not be overlooked is that the biographical section of each of the contributors provides the Twitter handles of the participants. In doing so, it transforms the information sharing from happening solely within the book, inviting access to a much larger community on Twitter and other social media platforms.
Engagement and sharing of information between the contributors and those who are seeking knowledge cannot be underestimated. The lasting and cascading impact of the increased community cohesion caused by “Tribe of Hackers” can be felt throughout the industry. This positive impact has already led to new security conferences and sequels to the original book (“Tribe of Hackers: Red Team”).
If the collection of experiences from a large cohort of leaders in the industry and the continuing positive impact it has had bringing together and uplifting folks within the industry isn’t enough, let me leave you with this: “Tribe of Hackers” has been made available in paperback and PDF, with all proceeds from the paperback format going to charities such as Bunker Labs, Sickle Cell Disease Associations of America, Rainforest Partnership and Start-Up! Kid’s Club. Equally amazing, the PDF format is completely free, as the authors understood the importance and positive impact that sharing all this information with the infosec community would have.
“Tribe of Hackers” is not just a book about the cybersecurity community; it is a gift to the cybersecurity community!
We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!