"Tribe of Hackers: Cyber Security Advice from the Best Hackers in the World", by Marcus J. Carey and Jennifer Jin is a collection of interviews with professional information security practitioners, asking them for guidance in the infosec industry as well as learning a little bit about each person. While the individuals interviewed give really sharp advice in their interviews, the book is largely non-technical and focuses on the people. "Tribe of Hackers" gives you a glimpse into the minds of these many famous infosec practitioners. I paid ~$18 for the paperback at ~400 pages
on Amazon, however it's important to know that those proceeds go to charity and the authors have since released the book
for free on the Threatcare website! The book is also self published by Threatcare, which is super cool to see and props to them for making this happen! Overall I give the book 6 out of 10 stars for containing good tips, but being generally unfocused and putting the emphasis on individuals rather than ideas. The book itself was inspired by the book
"Tribe of Mentors", by Tim Faris. I recommend "Tribe of Hackers" to those newer in infosec looking for advice on breaking into the field as well as those looking for some tenured wisdom. It's the kind of book that is best read an interview at a time, in a few sittings, making it a great coffee table book, as opposed to something you would read straight through or use as a reference. There is some really great advice contained within, and some of it is surprisingly pointed and technical, largely depending on the interviewee. Each interview is 3-7 pages, usually including a large splash page with a quote and a picture. Reading the whole book cover to cover can be a little noisy, as each interview is generally unique and puts an emphasis on different aspects of information security, although there is a noticeable overlap in some of the interviews. If you want to read an abridged version I suggest reading the first two questions of each interview, debunking an infosec myth and the biggest value per investment in security, as I felt these were the most pointed and contained the best answers throughout the series. There are a lot of unique and complex answers throughout the interviews, however
Jaco has summarized the mentions of ideas and distilled the top 7 concepts from the "bang for your buck" section. Two more sentiments that I noticed were echoed very strongly throughout the book were that:
- You do not need a college degree to get into the field of hacking (although it can help).
- Some of the most common traits successful hackers share are passion, dedication, ethics, and communication skills.
I also got the opportunity to ask Marcus some questions about the book, such as how he selected this list of "The Best Hackers in The World". He said he "started out with people he knew and asked them for people they knew". To be fair to some other great hackers, I don't think this is a comprehensive list of the "The Best Hackers in the World" as it is missing so many great contributors like,
Tavis Ormandy,
Alex Ionescu,
Meredith Patterson,
Mark Russinovich,
Samy Kamkar,
Steven Fewer,
The Grugq,
Travis Goodspeed,
Joanna Rutkowska,
Raphael Mudge,
Window Snyder,
Didier Stevens... such a list could go on for awhile. That's also not mentioning the many famous international hacking and espionage groups. There's a clear Twitter sampling bias in the interviewees selected; Marcus states that new people should "get on Twitter. It's the best way to break into this field". To be clear, I don't think you have to be on Twitter to be a hacker. I think the best way to break into the field is to just start learning as much about infosec (especially the basics) as you can, as opposed to getting on social media to learn a new skill. At times, the text also feels egocentric, I prefer to read about ideas rather than "thought leaders". I think a similar format that I liked much more was
Huntpedia, where the guest authors where asked to write a chapter each focusing on their subject matter expertise. This book reminded me more of one of those
Top 100 CISOs lists, where the emphasis is placed on the people as opposed to a message. I imagine this book is probably a reaction to those very lists, but perpetuating the idea of “top lists” feels self serving and hard to do in a fair way. All of that said, the individuals listed in this book provide good advice and do exceptional work. The following is the list of interviewees as they appear in the book, which is alphabetical except for Marcus who is listed at number one:
Marcus J. Carey
Ian Anderson
Andrew Bagrin
Zate Berg
Cheryl Biswas
Keirsten Brager
Evan Booth
Kyle Bubp
Lesley Carhart
Lee Carsten
Whitney Champion
Ming Chow
Jim Christy
Ian Coldwater
Dan Cornell
Kim Crawley
Emily Crose
Daniel Crowley
Winnona DeSombre
Ryan Dewhurst
Deidre Diamond
Ben Donnelly
Kimber Dowsett
Ronald Eddings
Justin Elze
Robert Graham
Claudio Guarnieri
Ron Gula
Jennifer Havermann
Teuta Hyseni
Terence Jackson
Ken Johnson
David Kennedy
Michelle Klinger
Marina Krotofil
Sami Laiho
Robert M. Lee
Kelly Lum
Tracy Z. Maleeff
Andy Malone
Jeffrey Man
Jim Manico
Kylie Martonik
Christina Morillo
Kent Nabors
Wendy Nather
Charles Nwatu
Davi Ottenheimer
Brandon Perry
Bruce Potter
Edward Prevost
Steve Ragan
Stephen A. Ridley
Tony Robinson
David Rook
Guillaume Ross
Brad Schaufenbuel
Chinyere Schwartz
Khalil Sehnaoui
Astha Singhal
Dug Song
Jayson E. Street
Ben Ten
Dan Tentler
Ben Tomhave
Robert "TProphet" Walker
Georgia Weidman
Jake Williams
Robert Willis
Robin Wood
