The 5 Best Information Security Books of 2021

Ben Rothke
4 min readDec 15, 2021

It’s been a year since I wrote The Best Information Security Books of 2020 and 2 years since The Best Information Security Books of 2019. With that, as the year is coming to a close, here is my list of the Best Information Security Books of 2021.

Information security book of the year

A Vulnerable System: The History of Information Security in the Computer Age by Andrew Stewart

Isaac Newton said that “if I have seen further, it is by standing on the shoulders of giants.” The wisdom of countless information security giants is detailed here, and author Andrew Stewart provides a fascinating analysis and history of information security.

Senator Howard Baker asked during Watergate: “What did the president know, and when did he know it?” We may think that new has long been known to information security architects when it comes to information security. Security must be engineered into a system if it is to protect data.

Stewart provides an interesting history of the field of security and privacy. He shows that many, if not most, of the security problems we encounter now result from poor security decisions made decades ago.

The foundations of information security were developed half a century ago with the first mainframes. The book details everything from then to the Internet and cloud computing and details the complete history of information security.

This is a fascinating and fundamental read for anyone who wants to know the history of information security. And that history has long been a playbook for the future.

Runners up

Alice and Bob Learn Application Security — Behind nearly every vulnerability is software. Tanya Janca shows how to keep yourself out of a CVE and breach notification in this technical and actionable book. And this is ringing true as the world will be spending the next few months getting out of the Log4Shell vulnerability.

The need for secure software underscores the importance of a practical application security program and developers who know how to write security code.

In Alice and Bob Learn Application Security, developers will find a most…



Ben Rothke

I work in information security at Tapad. Write book reviews for the RSA blog, & a Founding member of the Cloud Security Alliance and Cybersecurity Canon.