Marcus J. Carey, CEO of Threatcare, realized there was no book collecting the wisdom of cybersecurity's most legendary names. So he self-published one. It's now Amazon's 3rd bestselling book on security and encryption.
Why it matters: "Tribe of Hackers," co-edited with Jennifer Jin, collects the essay-questionnaire responses of 70 big-name hackers and information security pros. For nearly all of them, it's the first time they've put their personalities out for public view alongside their professional skills.
The questions probe everything from security myths to greatest regrets to book recommendations. The interviewees mix their musings on the philosophy of cybersecurity with mentorship and security advice.
- Neophytes can benefit from veterans' experience — be it in fighting impostor syndrome or catching more attackers by focusing on basic security hygiene than on the latest nation-state threat.
- With this many experts agreeing o differing on the field's big questions, there's also plenty to challenge even the most hardened worldview of long-time pros.
The background: The project (and title) takes inspiration from 2017's "Tribe of Mentors" by Timothy Ferriss, a compendium of pithy advice. (The genre stretches back to Jessica Livingston's 2001 "Founders at Work.")
- "I’ve been doing cybersecurity for 20 years, and I've never seen something like this for us," Carey told Codebook.
- The book's roster includes Fortune 500 security pros, security firm founders, former federal and military team leaders, several internet personalities and keynote regulars.
There's a lot of practical security knowledge in "Tribe of Hackers," but there's equally as much humanity in it.
- "When you see one of the hackers on TV, it’s usually just someone saying 'Don’t do this,' and then they disappear," said Carey. "You don’t hear the personal struggle, like losing jobs or being a single mother. That’s what I really like about it."
- Cloud security expert Ian Coldwater writes in the book: "I’ve lived my script out of order, had kids too young, dropped out of school, became homeless, went on welfare. When I was younger, I used to tell people I made a good cautionary tale. But I also think I’ve made a damn good tale of resilience."
Carey says one thing he learned was how much agreement there was on the question, "Do you need a college degree or certification to be a cybersecurity professional?"
- The consensus answer is no. Even as help wanted ads ask for credentials, most security pros believe there are more informal ways to prove skill.
- That may surprise people outside the industry. Practitioners are very frequently self- or military-trained; only recently have schools begun focusing on cybersecurity.
Our thought bubble: Many contributors answer the "which is the best hacker movie" question incorrectly. It's "Sneakers."