The Best Information Security Books of 2023

It’s been a year since I wrote The 5 Best Information Security Books of 2022, two years since The 5 Best Information Security Books of 2021, which was preceded by The Best Information Security Books of 2020 and The Best Information Security Books of 2019. With that, as the year is coming to a close, here’s my list of the Best Information Security Books of 2023.

Information security book of the year

When it comes to information security rock stars, Bruce Schneier is on everyone’s list. He’s written numerous books over the decades, the most important of which may be his classic Applied Cryptography.

The underlying theme Schneier makes in his excellent book A Hacker’s Mind: How the Powerful Bend Society’s Rules, and How to Bend them Back is that hacking is, in fact, a universal trait. While those in the information security field think of hacking in terms of zero days and Windows vulnerabilities, finding gaps in things is a normal human response.

Schneier writes that all systems will have ambiguities, inconsistencies, and oversights, and they will always be exploitable. Systems of rules, in particular, have to tread the fine line between being complete and being comprehensive within the many limits of human language and understanding. Combine that with the natural human need to push against constraints and test limits, and with the inevitability of vulnerabilities, and you get everything being hacked all the time.

This is a delightful and readable book where he discusses how hacking is pervasive across all systems. From hacking financial and legal systems, to political systems, cognitive systems, and more. Not only that, creating an unbreakable system, based on Gödel’s incompleteness theorems, is fundamentally unattainable.

A fascinating and engaging read, A Hacker’s Mind is my choice for the best information security book of 2023.

Runners up

Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks — Recovering from an attack can be devastatingly expensive. To protect themselves, cyberinsurance is a hedge that can protect a firm from financial ruin. Here, Josephine Woolf details the industry, its humble beginnings, and what the future holds.

Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us —…