Gavin
asked
Myke Cole:
Hello - I was wondering if, given your past experience with Cyber Warfare, if you could recommend any general non-fiction books on the subject as being a good read?
Myke Cole
There are two books that I highly recommend anyone who wants to work in CNO (Computer Network Operations) read. However, these books will only help you if you already have the engineering background to support them. You must *first* be a computer engineer, and *then* learn CNO. So, if you don't have an IT background, pick a lane (development, client/server architecture or network infrastructure) and develop real and concrete expertise there first. Assuming you already have that foundation, here are two great books:
- Open Source Intelligence Techniques by Michael Bazzell is amazing. It's my bible, and I always have it on-hand.
- The Sling and The Stone by Thomas X. Hammes is a great strategic reference to understand insurgent mindsets and how to fight against a diffuse foe.
- The NSA has recently declassified their "Untangling the Web" manual, which is mostly a Google Dorking handbook, but a really useful one.
The rest is all tradecraft, which you learn by doing. Make damn sure you know how to get around any OS, and that you know all your basics: Port scanning, forcible browsing, the latest and greatest exploit kits, the common vulnerabilities. You don't need to be a DB engineering to know how to compromise a SQL DB. You don't have to know Tomcat to know how to exploit its admin interface and upload a malicious .war file.
But let me reemphasize this: Cyber is computers. It is absolutely nothing else. If you try to go into this field as anything other than a computer engineer, you're wrong.
- Open Source Intelligence Techniques by Michael Bazzell is amazing. It's my bible, and I always have it on-hand.
- The Sling and The Stone by Thomas X. Hammes is a great strategic reference to understand insurgent mindsets and how to fight against a diffuse foe.
- The NSA has recently declassified their "Untangling the Web" manual, which is mostly a Google Dorking handbook, but a really useful one.
The rest is all tradecraft, which you learn by doing. Make damn sure you know how to get around any OS, and that you know all your basics: Port scanning, forcible browsing, the latest and greatest exploit kits, the common vulnerabilities. You don't need to be a DB engineering to know how to compromise a SQL DB. You don't have to know Tomcat to know how to exploit its admin interface and upload a malicious .war file.
But let me reemphasize this: Cyber is computers. It is absolutely nothing else. If you try to go into this field as anything other than a computer engineer, you're wrong.
More Answered Questions
About Goodreads Q&A
Ask and answer questions about books!
You can pose questions to the Goodreads community with Reader Q&A, or ask your favorite author a question with Ask the Author.
See Featured Authors Answering Questions
Learn more