📚 Cybersecurity Book Reviews

The book explores the most relevant areas of cybersecurity, presenting the trajectory and challenges of the main entrepreneurs in the sector. In addition to a brief retrospective of the events of 2023, the work provides a detailed overview of the market in 2024, including an extensive list of security companies, mergers and investment rounds that shaped the industry.

The book is an excellent reading for all those curious to understand the development, the attack chain, the reverse engineering, and repercussions of one of the most iconic cyberattacks: Stuxnet. The book details how this malware marks the beginning of a new era of espionage, sabotage, and attacks directed at critical infrastructure of nations. Each statement of the author is based on good references, which gives credibility to the narrative. One of the highlights is the footnotes. My tip: don't ignore them! Many of them have valuable information that enriches and gives a deeper understanding of the text. Loved the reading and recommend it to all those people who want to learn more about cybersecurity history.

This book took me longer to finish than usual, as it takes a dense, analytical approach that requires close attention. Nonetheless, it is an engaging read that extends the classical security dilemma into the domain of cybersecurity. Buchanan develops the argument systematically, showing how states intrude into each other’s networks not only to prepare for attacks but also to strengthen defenses, actions that can still be perceived as threatening and escalate tensions, even when no harm is intended. He supports his arguments with examples drawn from the Snowden leaks, notable public incidents, and documented government practices. In its conclusion, the book offers policy recommendations on how to mitigate the risks of misunderstanding and escalation. It is an interesting text for anyone seeking to understand the logic of state behavior in cyberspace.

An insightful book by Tim Maurer, Cyber Mercenaries is a well-researched and thoroughly grounded work, supported by an extensive and impressive reference section. The book focuses on the concept of cyber proxies—“middlemen” actors that nation-states leverage to pursue strategic objectives while maintaining plausible deniability. Through detailed case studies involving major players in the global cyber threat landscape, Maurer explains the different models of relationships between states and their proxies, ranging from tacit tolerance to direct tasking and sponsorship. By tracing these dynamics historically, in some cases back to World War II, the book provides valuable context for understanding how cybercriminals, contractors, and state interests intersect. It is a highly recommended read for anyone seeking to understand state decision-making, attribution challenges, and the blurred lines between cybercrime and nation-state operations.