Fans pick 7 books like Threat Modeling

By Adam Shostack,

Here are 7 books that Threat Modeling fans have personally recommended if you like Threat Modeling. Shepherd is a community of 12,000+ authors and super readers sharing their favorite books with the world.

When you buy books, we may earn a commission that helps keep our lights on (or join the rebellion as a member).

Book cover of Security Engineering: A Guide to Building Dependable Distributed Systems

Dominik Merli Author Of Engineering Secure Devices: A Practical Guide for Embedded System Architects and Developers

From my list on embedded system security enthusiasts.

Why am I passionate about this?

I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!

Dominik's book list on embedded system security enthusiasts

Dominik Merli Why did Dominik love this book?

When I take this book off my shelf, the probability that I find the answer I'm looking for is very high. Yes, it's a big book, and I'm pretty sure I haven't read every single page yet, but because of its broad coverage of security engineering knowledge, from crypto to real-world processes, it is an invaluable reference for teaching and practical cyber security.

By Ross Anderson,

Why should I read it?

2 authors picked Security Engineering as one of their favorite books, and they share why you should read it.

What is this book about?

Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic

In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack.

This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than…


Book cover of The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks

Dominik Merli Author Of Engineering Secure Devices: A Practical Guide for Embedded System Architects and Developers

From my list on embedded system security enthusiasts.

Why am I passionate about this?

I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!

Dominik's book list on embedded system security enthusiasts

Dominik Merli Why did Dominik love this book?

I like embedded systems a lot, but I like hardware attacks on them even more because they represent very powerful attackers! I love the wonderful collection of expert knowledge and practical experience on side-channel analysis, fault attacks, and corresponding countermeasures created by Colin O'Flynn and Jasper van Woudenberg.

When reading through this one, I always remember my time as a PhD student, when my colleagues and I performed several tricky hardware attacks in our lab... That was definitely challenging but also a lot of fun!

By Jasper van Woudenberg, Colin O'Flynn,

Why should I read it?

1 author picked The Hardware Hacking Handbook as one of their favorite books, and they share why you should read it.

What is this book about?

The Hardware Hacking Handbook is a deep dive into embedded security, perfect for readers interested in designing, analysing, and attacking devices. You'll start with a crash course in embedded security and hardware interfaces and learn how to set up a test lab. Real-world examples and hands-on labs throughout allow you to explore hardware interfaces and practice various attacks.


Book cover of Understanding Cryptography: A Textbook for Students and Practitioners

Dominik Merli Author Of Engineering Secure Devices: A Practical Guide for Embedded System Architects and Developers

From my list on embedded system security enthusiasts.

Why am I passionate about this?

I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!

Dominik's book list on embedded system security enthusiasts

Dominik Merli Why did Dominik love this book?

When I first heard about cryptography at university, it sounded like mathematical magic. After looking into some randomly chosen crypto books, I was discouraged from digging deeper because they were full of math details.

Understanding Cryptography was different. It was aimed at engineering students like me, and it provided me with the most relevant facts necessary for designing secure devices. Since then, it has always been a great reference book for me.

By Christof Paar, Jan Pelzl,

Why should I read it?

1 author picked Understanding Cryptography as one of their favorite books, and they share why you should read it.

What is this book about?

Cryptography is now ubiquitous - moving beyond the traditional environments, such as government communications and banking systems, we see cryptographic techniques realized in Web browsers, e-mail programs, cell phones, manufacturing systems, embedded software, smart buildings, cars, and even medical implants. Today's designers need a comprehensive understanding of applied cryptography.

After an introduction to cryptography and data security, the authors explain the main techniques in modern cryptography, with chapters addressing stream ciphers, the Data Encryption Standard (DES) and 3DES, the Advanced Encryption Standard (AES), block ciphers, the RSA cryptosystem, public-key cryptosystems based on the discrete logarithm problem, elliptic-curve cryptography (ECC), digital…


Book cover of Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things

Dominik Merli Author Of Engineering Secure Devices: A Practical Guide for Embedded System Architects and Developers

From my list on embedded system security enthusiasts.

Why am I passionate about this?

I’ve been playing with computers and electronics since childhood. I even supported the people in my village with their computer issues back then. During my studies in electrical engineering, I learned how to solve technical challenges with structured approaches. At this time, I became fascinated by topics like cryptography and embedded system security. The books on this list helped me understand important concepts and practical real-world obstacles. I hope they are also of value to you!

Dominik's book list on embedded system security enthusiasts

Dominik Merli Why did Dominik love this book?

I love thinking about potential vulnerabilities and threat scenarios in IoT devices, because they are everywhere and they have already gained a significant amount of power.

Practical IoT Hacking is a wonderful read that stimulates my imagination about how to tackle devices and systems, but it doesn’t stop there: it even addresses the practical security analysis needs of my students and me.

By Fotios Chantzis, Ioannis Stais, Paulino Calderon , Evangelos Deirmentzoglou , Beau Woods

Why should I read it?

1 author picked Practical IoT Hacking as one of their favorite books, and they share why you should read it.

What is this book about?

Geared towards security researchers, IT teams, and penetration testers, application testers, developers, and IT administrators, this book teaches readers how to get started with hacking Internet connected devices. Readers dig deep into technical (and related legal) issues, as they learn what kinds of devices to use as hacking tools and which make the best targets. The authors, all experts in the field, cover the kinds of vulnerabilities found in IoT devices, explain how to exploit their network protocols, and how to leverage security flaws and certain hardware interfaces found in the physical devices themselves.


Book cover of Cryptonomicon

Robert J. Lloyd Author Of The Bloodless Boy

From my list on science-based historical fiction novels.

Why am I passionate about this?

I write as Robert J. Lloyd, but my friends call me Rob. Having studied Fine Art at a BA degree level (starting as a landscape painter but becoming a sculpture/photography/installation/performance generalist), I then moved to writing. During my MA degree in The History of Ideas, I happened to read Robert Hooke’s diary, detailing the life and experiments of this extraordinary and fascinating man. My MA thesis and my Hooke & Hunt series of historical thrillers are all about him. I’m fascinated by early science, which was the initial ‘pull’ into writing these stories, but the political background of the times (The Popish Plot and the Exclusion Crisis, for example) is just as enticing. 

Robert's book list on science-based historical fiction novels

Robert J. Lloyd Why did Robert love this book?

About WWII codebreaking, the reason this makes my ‘Best 5’ is that, besides being constantly inventive and informative, it’s also very funny. (I’m that shallow.)

There are similarities, I think, with Catch 22, in the plot’s intelligence, absurdity, and dreamlike turns.

I think Stephenson’s character Bobbie Shaftoe, a soldier who carries out counterintelligence deceptions, is hilarious. Also, Stephenson’s use of real historical characters–he presents believable portraits of Alan Turing, Douglas MacArthur, Karl Dönitz, and Hermann Göring, with a walk-on appearance by Albert  Einsteingave me license to do so in my own fiction.

By Neal Stephenson,

Why should I read it?

5 authors picked Cryptonomicon as one of their favorite books, and they share why you should read it.

What is this book about?

With this extraordinary first volume in an epoch-making masterpiece, Neal Stephenson hacks into the secret histories of nations and the private obsessions of men, decrypting with dazzling virtuosity the forces that shaped this century.

In 1942, Lawrence Pritchard Waterhouse—mathematical genius and young Captain in the U.S. Navy—is assigned to detachment 2702. It is an outfit so secret that only a handful of people know it exists, and some of those people have names like Churchill and Roosevelt. The mission of Waterhouse and Detachment 2702—commanded by Marine Raider Bobby Shaftoe-is to keep the Nazis ignorant of the fact that Allied Intelligence…


Book cover of The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

Rob Conery Author Of The Imposter's Handbook: A CS Primer for Self-taught Developers

From my list on self-taught programmers.

Why am I passionate about this?

I taught myself to code back in 1994 while working the graveyard shift as a geologist in the environmental industry. My job consisted of sitting in a chair during the dark hours of the night in a shopping center in Stockton, CA, watching another geologist take samples from wells in the parking lot. A friend of mine suggested I learn to code because I liked computers. I don’t mean to make this out to be a “it’s so simple anyone can do it!” You need to have a relentless drive to learn, which is why I wrote my book, The Imposter’s Handbook - as an active step to learning what I didn’t know I didn’t know.

Rob's book list on self-taught programmers

Rob Conery Why did Rob love this book?

This book makes me jealous as the author has an incredible ability to communicate the densest of topics (Cryptography) in an engaging, wonderful way.

It draws you in and you find yourself transported to battlefields and war rooms of the past. I’ve always taken cryptography for granted - I type https into my browser and navigate to a site and all’s well. I know things are reasonably secure - but why?

It turns out that RSA, the algorithm that underpins things like SSL and SSH, is a landmark of human achievement and did something that millennia of mathematicians and scientists could not: provide secure, end-to-end encryption. A wonderful story.

By Simon Singh,

Why should I read it?

4 authors picked The Code Book as one of their favorite books, and they share why you should read it.

What is this book about?

In his first book since the bestselling Fermat's Enigma, Simon Singh offers the first sweeping history of encryption, tracing its evolution and revealing the dramatic effects codes have had on wars, nations, and individual lives. From Mary, Queen of Scots, trapped by her own code, to the Navajo Code Talkers who helped the Allies win World War II, to the incredible (and incredibly simple) logisitical breakthrough that made Internet commerce secure, The Code Book tells the story of the most powerful intellectual weapon ever known: secrecy.

Throughout the text are clear technical and mathematical explanations, and portraits of the remarkable…


Book cover of Hash Crack: Password Cracking Manual

Mark Ciampa Author Of Security Awareness: Applying Practical Security in Your World

From my list on how to break things (encryption, passwords, etc.).

Why am I passionate about this?

I have had the opportunity to write (I have written over 30 college textbooks on technology, most of them in the area of cybersecurity), study (my PhD dissertation was on cybersecurity), teach (I have taught at colleges and universities my entire career about technology, networking, and cybersecurity), and research (I have published numerous peer-reviewed journal articles) on the topic of cybersecurity. But I have always had a soft spot in my heart for the average computer user who struggles with how to protect their technology devices. This has helped drive my passion to focus on practical cybersecurity for everyone.

Mark's book list on how to break things (encryption, passwords, etc.)

Mark Ciampa Why did Mark love this book?

Passwords: everybody has them and everybody abuses them. Passwords can provide good security, but very few users use passwords correctly in order to take advantage of the protections they provide. The key to our poor implementation of passwords is a complete misunderstanding of how attackers break our passwords. Without this understanding users create weak passwords that are easy to break. Joshua Picolet's book is a reference guide for cracking passwords, but by explaining how to break passwords it also provides valuable information about how to make them strong to protect passwords from attacks. This book provides the proof of why we should treat passwords like our underwear: don't let people see it, change it often, and don't share it with strangers.

By Joshua Picolet,

Why should I read it?

1 author picked Hash Crack as one of their favorite books, and they share why you should read it.

What is this book about?

The Hash Crack: Password Cracking Manual v3 is an expanded reference guide for password recovery (cracking) methods, tools, and analysis techniques. A compilation of basic and advanced techniques to assist penetration testers and network security professionals evaluate their organization's posture. The Hash Crack manual contains syntax and examples for the most popular cracking and analysis tools and will save you hours of research looking up tool usage. It also includes basic cracking knowledge and methodologies every security professional should know when dealing with password attack capabilities. Hash Crack contains all the tables, commands, online resources, and more to complete your…


Book cover of Security Engineering: A Guide to Building Dependable Distributed Systems
Book cover of The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks
Book cover of Understanding Cryptography: A Textbook for Students and Practitioners

Share your top 3 reads of 2024!

And get a beautiful page showing off your 3 favorite reads.

1,587

readers submitted
so far, will you?

5 book lists we think you will like!

Interested in cryptography, analytics, and software?

Cryptography 31 books
Analytics 3 books
Software 61 books