If might expect a red teamer’s top ten list of books to feature volumes on coding, hacking, and pentesting, you’re going to be surprised. In my view, the overarching principles of red teaming exist independent of any specific domain of application. Hence, my theme here is timeless patterns of cross-domain thinking, very much in line with the Red Team Journal Red Teaming Law #32 (“The Target”): “No matter what the nature of the game, the red team’s ultimate target should always be the opponent’s mind. Everything else is just technique.”
Sleights of Mind: What the Neuroscience of Magic Reveals About Our Everyday Deceptions (2010) by Stephen Macknik and Susanna Martinez-Conde. This is an utterly fascinating look at the interaction of mind and magic rooted in real neuroscience. That said, it’s written at just the right level for us non-neuroscientists.
The Timeless Way of Building (1979) by Christopher Alexander. Why a book on architecture? Don’t view it as a book on architecture but rather think of it as a book on patterns. Alexander’s notions on pattern languages heavily influenced how we design software; it should also influence how we go about red teaming.
INCOSE System’s Engineering Handbook, 4th Edition (2015). While you might not want to be a systems engineer, the principles of systems engineering provide insight into many if not all red teaming challenges.
Influence: Science and Practice, 5th Edition (2008) by Robert B. Cialdini. Can a relatively recent book be a classic? This one certainly is. You’ll learn how common human ways of thinking and interacting can be easily and predictably manipulated by advertisers and sales people, among others.
The Deceivers: Allied Military Deception in the Second World War (2004) by Thaddeus Holt. Set aside the fact that the examples in this volume are now over 70 years old, this is your single-volume advanced course in deception. Holt does an excellent job of extracting the core principles of deception from the myriad stories and cases. Yes, it’s long, but by the time you’re finished, you’ll know more about how deception works than 99% of the red teamers and analysts out there. When you’re finished, turn to Barton Whaley’s volume Stratagem and Deception, based on his work in the 1960s and reprinted in 2007.
The 36 Stratagems for Business: Achieve Your Objectives Through Hidden and Unconventional Strategies and Tactics (2005) by Harro von Senger. You’ve probably encountered the 36 Stratagems before, but it’s unlikely that you’ve read such an informed and usable study as this one from von Senger, a respected Swiss Sinologist. The introduction alone is worth the price of the book.
Surprise Attack: The Victim’s Perspective, Updated Edition (2004) by Ephraim Kam. This is one of the most marked-up books on my shelf. Kam does much more than review cases of surprise attack, he deconstructs them and extracts the common lessons.
Most Secret War (1978) by R. V. Jones. This the red teamer’s quintessential desert island book. Much like the Holt book on deception, the examples here are over 70 years old, but the thinking processes Jones employs and illustrates are timeless. Jones’ 1989 volume Reflections on Intelligence is also worthwhile but doesn’t come close to Most Secret War in terms of readability or application.
The Failure of Risk Management: Why It’s Broken and How to Fix It (2009) by Douglas Hubbard. If you know just enough about risk analysis to be dangerous, this is the go-to book to raise your understanding to the next level. The author’s tone is a bit cutting at times, and he’s arguably better at framing the problem than solving it, but the book is essential nonetheless. Also consider Hubbard’s book How to Measure Anything.
Prisoner’s Dilemma (1992) by William Poundstone. Every red teamer should be at least conversant with the principles of game theory, and this is a solid and relatively painless introduction. Beyond this, game theory can rapidly become overly esoteric and mathematically abstruse (something that even game theorist and Nobel Prize winning economist Thomas Schelling has noted).
