When friends and colleagues ask me how they can learn about cybersecurity, I provide the following advice. Rather than read textbooks or something like Network Security for Dummies, I recommend that they read a few of the more popular and recent titles from Amazon. I’m talking about books like Richard Clarke’s Cyberwar, Joseph Menn’s Fatal System Error, or Mark Bowden’s Worm. All of these are entertaining and insightful. It is with this mindset that I recommend that anyone interested in cybersecurity read the book, Kingpin, by Kevin Poulsen. I don’t know Kevin but he is well qualified as an author. He himself is an ex-hacker, a security expert, and a regular writer for wired magazine. This book is a story about one particular hacker named Max Butler whose security career went from highly-skilled but junior white hat hacker to become a global cyber crime leader who commandeered most of the “carder” (i.e. theft and distribution of credit card numbers, counterfeit cards, and other related criminal services) marketplace worth tens of millions of dollars. The book follows this transformation over several years in a picaresque fashion. I won’t give away any more details but let me provide a few reasons why I liked this book and recommend it so strongly: 1. Poulsen does a great job of avoiding the technology nerd trap of burying the reader with complex concepts and a sea of acronyms. It helps if you understand TCP/IP, encryption, and buffer overflows but it is not a requirement at all. The author consistently provides everyday analogues for technology concepts that makes the book readable – even if you aren’t a CISSP. 2. The book really gets into the head of Max Butler, exploring his background, psychology, brushes with law enforcement, even his relationships. Poulsen seems to be addressing why Hackers become hackers which a human element that complements the bits and bytes. 3. Kingpin may read like a novel but it is a true story. As such, it does a good job of demonstrating how vulnerable most organizations are to a cyber attack with real examples rather than research and statistics. In fact, the book concludes by talking about the continuing vulnerabilities around credit card magnetic strips. 4. The author does a great job of mapping the cyber crime underworld and includes descriptions of geography, workflow, specialization, money, etc. For example, the book really describes the division of labor between the highly skilled hackers at one end of the spectrum and the common thieves and dirt bags on the other. 5. Like a few other cybersecurity stories (Fatal System Error comes to mind), Kingpin included a description of law enforcement strategies, tactics, processes, and limitations as they relate to cyber crime. In other words, you get to see cybersecurity from the perspective of cops and robbers. It’s hard to learn about any topic when reading is a boring slog. If you are interested in cybersecurity, I think you’ll find Kingpin an educational experience as well as a proverbial “page turner.”
A compelling and gripping story about a hacker’s background, mentality, skills, and criminal activities
Security Skills Shortage Is Impacting Incident DetectionNext Post next
Random security predictions for 2013
Windows 8 has been out for a while, featuring an interface that's as cool as it is annoying . . ....
A rant on a particularly frustrating aspect of Linux - re-compiling the kernel.
Which companies have failed the worst when it comes to cloud outages in 2014? Time for the list no one
Among computer science grads, alumni from University of California, Berkeley, led the pack with a
The outage affected more than 11 million residential customers
The 6.0 earthquake in Napa County, Calif. caused power surges that may have led to much of the damage
Click through all the products being released at VMworld this week
Company claims 5,000 companies sign up for Google Apps every day, and thousands switch from Microsoft.