Scan barcode
A review by itsdanbooks
The Art of Deception: Controlling the Human Element of Security by William L. Simon, Kevin D. Mitnick
5.0
I think one of the key requirements of a great non-fiction book is the ability to come back and learn something new from it, despite how many times you have read it or how old it is — you might discover something you passed on one time is now highly relevant due to a shift in the landscape or new information that has emerged.
In the world of computing and technology, books often become quickly outdated -- fundamental concepts change and often times, the very technology itself is replaced by newer and shinier things.
Outside of a few notable exceptions ("The C Programming Language" by Kernighan and Ritchie, "The Art of Computer Programming" series by Knuth or the "Mythical Man-Month" by Brooks are examples that come to mind), the computing section of book stores typically doesn't have many books originally written in 2001 still sitting on the shelf, however, "The Art of Deception" still is and still sells.
Despite being highly relevant when it was first released (and a premonition of things to come), I'd argue that its' relevance has only continued to increase and fully believe that in 20 years from today, it will still continue to be relevant.
In 2001, uses of social engineering resulted in the "ILOVEYOU" virus, in the time since this book, we have seen oil pipelines shutdown due to ransomware attacks, attacks on uranium enrichment facilities due to social engineering attacks on individuals inate sense of curiosity and scam calls that trick individuals into sending gift cards to pay supposed tax bills.
Let's be clear though about one thing -- with a book that is 20 years old, many of the technology examples may be out of date, but it's important to keep in mind that despite it being a computing and technology book, this book is almost more of a psychology book about the social engineering mindset that is highly relevant to those in the computing and technology fields.
The examples in this book are timeless when you think more about the underlying concepts beneath them. While this line of thinking may be obvious to those in security, it may be less obvious why others continue to fall for what should be seen as obvious -- you need to think in an adversarial manner about social engineering so that you can adequately train and defend against it.
When I first picked this book up in 2004, I was 15 years old -- in that time, many books have came and left, however, this book has always stuck around. I can say with confidence that the likelihood of it ever leaving my bookshelf is unthinkable.
In the world of computing and technology, books often become quickly outdated -- fundamental concepts change and often times, the very technology itself is replaced by newer and shinier things.
Outside of a few notable exceptions ("The C Programming Language" by Kernighan and Ritchie, "The Art of Computer Programming" series by Knuth or the "Mythical Man-Month" by Brooks are examples that come to mind), the computing section of book stores typically doesn't have many books originally written in 2001 still sitting on the shelf, however, "The Art of Deception" still is and still sells.
Despite being highly relevant when it was first released (and a premonition of things to come), I'd argue that its' relevance has only continued to increase and fully believe that in 20 years from today, it will still continue to be relevant.
In 2001, uses of social engineering resulted in the "ILOVEYOU" virus, in the time since this book, we have seen oil pipelines shutdown due to ransomware attacks, attacks on uranium enrichment facilities due to social engineering attacks on individuals inate sense of curiosity and scam calls that trick individuals into sending gift cards to pay supposed tax bills.
Let's be clear though about one thing -- with a book that is 20 years old, many of the technology examples may be out of date, but it's important to keep in mind that despite it being a computing and technology book, this book is almost more of a psychology book about the social engineering mindset that is highly relevant to those in the computing and technology fields.
The examples in this book are timeless when you think more about the underlying concepts beneath them. While this line of thinking may be obvious to those in security, it may be less obvious why others continue to fall for what should be seen as obvious -- you need to think in an adversarial manner about social engineering so that you can adequately train and defend against it.
When I first picked this book up in 2004, I was 15 years old -- in that time, many books have came and left, however, this book has always stuck around. I can say with confidence that the likelihood of it ever leaving my bookshelf is unthinkable.