The books I read in 2022
2022 was an interesting year for me. Compared to 2021 and 2020, it was one of the quieter years of my infosec career, even though the noise and hype around every single vulnerability, “breach”, and leak were immense. I decided to focus less on the news, and spend a bit of my 2022 grasping the fundamentals. I also chose a book as the preferred medium since I find it easier to sit down and read than to open a browser tab and get lost in my lack of concentration. I went through at least 20 publications over the past 12 months; some were long blog posts, some were documentation and RFCs and some were published books. In this blog post, I’ll try to rate/rank the top ones I read and give a paragraph on the pros/cons.
10, Black Hat Go (ISBN: 9781593278656)
Starting off the list, Black Hat Go aims to provide a guide on how to write a Go program in the offensive security world. The book itself is very descriptive and doesn’t go through design decisions, and focuses more on practical use cases. I can see the appeal of the book itself, but it didn’t fit my needs since I already had a few projects in Go and what this book offered was already in my day-to-day.
9, How to get rich (blogpost)
This blog post is a collection of tweets, talks, and quotes from Naval Ravikant. It’s worth your time since it’s not going to take multiple days of your life to go through it, and it has quite a few useful tips and tricks. If you’re not in the tech world, this might be a bit alienating. I took away a few notes from it, particularly about choosing partners.
8, Malware Data Science (ISBN: 1593278594)
Malware Data Science was a great read for me. I’ve always held the feeling that infosec peeps are going to become specialized data scientists one way or another, and this book was the right read for me to shape that view around analyzing malware. I started a few pet projects and initiatives based on this book. I also saw through the business model of a few cybersecurity companies that use basic ML techniques spelled out in this book.
7, Crypto Dictionary (ISBN: 9781718501409)
This book is cool and was a joy to read. Not something I’d recommend reading cover to cover (even though I did exactly that), but if you want to learn about cryptography, start here. The history of cryptography and the relationship between different algorithms are fun. Reading this book lead to some changes in one of my pet projects that used ECC extensively, and make it work faster and better. I’m also happy to see that Go 1.20 is getting released with ECC as part of the standard library.
6, Cyberjitsu (ISBN: 1718500548)
As a Cyber Defence Manager, I deal with Threat Intel, Threat Hunting, Red Teaming, and Incident Response daily. All of it seemed like new technology to me, until I read this book. This book was a great reminder for me to understand that all these fancy bells and whistles are very old tricks being translated into the new age. It outlines Shinobi’s methods of attack and defense and maps them to what you would do in a cyber world. This book not only helped me understand cyber defense more deeply, but it also helped me articulate it to non-techies better. Loved it.
5, Intelligence-driven Incident Response (ISBN: 9781491934944)
Intelligence Driven IR is a similar book to Cyberjitsu in the way it almost detaches cybersecurity from technology. It’s here to remind our intelligence, “red/blue teaming” and a lot of terminology surrounding cybersecurity is, in fact, military-based, and our cyber attack and defense are heavily inspired by the military. Reading this book lead me to slightly rearrange Spark’s Cyber Defense and bring Intelligence and hunting to the front of the picture. We’ve also adopted a methodology listed in the book as a process within the team. This book was full of insights for me.
4, Elements of Style (ISBN: 9780205309023)
I hesitated to put this book on my list because it’s almost a disservice to the book. I’ll just say this: don’t take this blog’s lack of style to judge you on this style book. The book is a very short one, and it’s full of useful tips to become a better writer. I read it only once and after writing this post I feel like I should go read it again to embed some of those learnings into my day-to-day life. I think this book is the most valuable per word I’ve read.
3, Kubernetes (ISBN: 1492046531)
Kelsey Hightower has been my Kubernetes guide for 5 years now. For learning K8s, I couldn’t get myself to read anything else other than his work. When reading this book, you can easily see the appeal. The book is not written based on the artifacts of Kubernetes around the world, but on the design philosophies behind each resource choice. Everything about this book is concise. Can’t tell you how many times I had a question after reading a paragraph, and then I got my answer immediately afterward.
2, Reinventing Your Life (ISBN: 0452272041)
As a person, there’s an Ali before reading this book, and there’s an Ali after reading it. When reading this book, not only did a lot of my behavior and interactions make more sense to me, but it also allowed me to accept it, and also work towards improving. As advertised, it re-invents your life. Can’t recommend this book enough. Makes you think about yourself.
1, Basic Economics (ISBN: 9780465060733)
I was not a huge reader, so I haven’t read hundreds and hundreds of books before. But so far, none of the books that I’ve read has changed my mind about so many things at once like this book. This book is biased toward a free-market economy, and it makes a damn good case for it. I do not see politics, public figures, Bitcoin, and a whole range of world economics the same way again. As a person who grew up in a soviet-style run economy, and then moved to the free market of New Zealand; this book fully explained why NZ is leading a better life, and why some economies are better than others. It’s quite a long read but if you want to learn economy, this is the one book you must read. can’t recommend it enough.
Looking forward to 2023
I have a few books already in the queue for next year. Here are some of the titles:
- Man’s search for meaning
- The Wealth of Nations
- Fooled by randomness
- Attached by Amir Levine
I’m sure that 10s of Cybersecurity books will creep in there during the year, but I find myself enjoying the books that I never found interesting before. Maybe it’s a symptom of getting to the age of relative career stability and thinking about “what’s important in life”.
What should I read next? let me know :)