‘Epic’ LSU-Berkeley Book About Cybersecurity Hits Shelves This Fall

April 30, 2024

Portraits of book authors Chris Jay Hoofnagle and Golden G. Richard III

Chris Jay Hoofnagle of the University of California, Berkeley, left, and Golden G. Richard III of LSU

Cybersecurity in Context is the new book by Professor Golden G. Richard III, director of the LSU Cyber Center and faculty lead for cybersecurity at LSU, and Chris Jay Hoofnagle, professor of law in residence at the University of California, Berkeley. The textbook and complementary set of technical exercises is the first-ever introduction to the full range of cybersecurity challenges and solutions, accessible by students and teachers in any discipline. It will be released by Wiley in the late summer.

Below is a Q&A with the authors, who combine extensive experience in both the theory and practice of cybersecurity.

Why was it important to write an introductory book about cybersecurity that’s accessible from multiple disciplines and even by beginners?

Cybersecurity in Context book coverHoofnagle: We set out to create a welcoming introduction that includes both the technical detail and the social relevance of security. Cybersecurity isn’t a purely technical field; it links together computers, data, people, economics, psychology, military science, international relations and law.

Richard: Maybe even more fundamentally, there are tons of advanced technical cybersecurity books out there, as well as books specifically aimed at certifications. We wanted to write something that covers the field from a broad, interdisciplinary standpoint and still is interesting to people who are studying technical cybersecurity. If you leave out all the technical stuff, the book isn’t as usable in technical cybersecurity curricula, and attacks and defenses remain sort of magical instead of being understood.

Why is looking at cybersecurity from a non-technical perspective so important?

Hoofnagle: Security is a public good when done correctly. The things we hold dear, including freedom of speech and privacy and intimacy—even the ability to be friends with someone—depends on security in those relationships, security from attack and security from people exposing what you say or do with other people. Yet, security is like a lot of goods in the world: too much of it is bad for you. In this book, we provide frameworks and alternatives to find security approaches that are freedom-enhancing rather than freedom-crushing.

Richard: Like the work we do at the LSU Cyber Center, our hope in writing this book is to foster more interdisciplinary work in this area. We need computer science graduates who understand cybersecurity policy, and non-technical people who understand human behavior to join the field. We really just hope to open the field to more people.

You’re using classical themes from ancient times as part of your narrative. Can you explain why?

Richard: This has to be Chris answering. I’m just fully supportive in this endeavor.

Hoofnagle: Classical heroes like Odysseus demonstrated timeless lessons that apply to modern cybersecurity contests—he dealt blows to adversaries through tricks and cunning. We wanted to connect cybersecurity to ancient themes found in literature about the value of using one’s brain to defeat an adversary rather than brawn. Simply put, the classical themes are a reaffirmation of the superiority of brains.

Richard: That’s a genius line. I wish we could put that on the inside cover. Essentially, we’re sneaking in literacy, which is a devious underpinning of the book that I really love.

What are the book’s main contributions?

Hoofnagle: There’s a headline every day about cybersecurity, but a textbook has to be based on frameworks and themes that are going to last through a student’s professional career. I think our biggest challenge was identifying those unifying themes and trends and connecting them to anecdotes so students could understand them.

Richard: That’s right. What happened just yesterday is not necessarily a productive thing to focus on in a book.

Hoofnagle: I’m most proud of chapter one in our book, which has a framework to reason through cybersecurity problems and help a person decide whether to use security or some other policy intervention to address those problems.

Richard: I’ve taught cybersecurity since 2002 and often without any required textbook because there just was no book like this.

What else does the book offer?

Richard: We wanted to present the reader with a collection of practical exercises they can use in almost any computing environment they happen to have. A lot of cybersecurity books don’t have any hands-on stuff at all; the questions are theoretical, and you don’t really learn what malware looks like inside, for example. For instructors in classrooms, there’s usually a ton of preparatory work in terms of installing software and configuring environments to make exercises actually function properly. So, we created self-contained virtual machines for Linux, Windows and Mac devices that fully encapsulate the whole environment where the exercises can be performed. All the software is already installed and configured properly. Students and users will be able to conduct digital investigations and find evidence using real tools that real investigators use in the field. They get to solve a crime, essentially, and also crack passwords and learn how to do social engineering and more.

Hoofnagle: Inclusion is a big part of this project—the virtual machines make it possible for any student, even one who has never used the command line, to start acquiring technical skills. There are basics to learn, but even non-technical students can have a rewarding career in cybersecurity.

Cybersecurity in Context: Technology, Policy and Law is now available for preorder from Wiley.

Next Step

Cybersecurity education and research at LSU prepare students for challenging and fast-growing careers of vital importance to the security of Louisiana and the nation.