Quick Take
- Narration: Jonathan Todd Ross brings an easy, approachable delivery that matches the book’s accessible-to-all framing without losing the gravity of the subject matter.
- Themes: White hat hacking culture, diversity in cybersecurity, the people behind the defenses
- Mood: Engaging and broadly accessible, like a well-produced documentary for a general audience
- Verdict: A profile-driven introduction to cybersecurity’s human side that works best as a gateway text for newcomers and as a portrait of a field that is larger and stranger than most outsiders realize.
I finished this one on a Sunday afternoon when I was supposed to be doing something else entirely. Roger A. Grimes has done something genuinely useful here: rather than writing another technical manual or threat overview, he has written a book about the people who defend systems, organized as a series of profiles with enough technical context to make sense of what those people actually do. The result is something closer to a journalist’s account than a practitioner’s handbook, and in audio form, that distinction plays in its favor.
Jonathan Todd Ross narrates with the kind of steady curiosity that suits a documentary format. He does not perform drama onto material that does not need it, and across ten and a half hours, that restraint sustains the listening experience.
Twenty-Six Portraits of a Field Most People Misunderstand
The book’s structural premise is its strongest feature. Each profile of a white hat hacker, security researcher, writer, or leader is preceded by a no-experience-necessary explanation of the relevant technology. So before you hear about someone who builds tools to detect malware, you get a clear explanation of what malware is and why detecting it is hard. Before a profile of a social engineer, you get a conceptual overview of social engineering attacks. That scaffolding is patient and genuinely well-executed, and it is what allows a business owner who knows nothing about network security to get something real from this book.
CarltonA’s review captures this well: the book is not technical, and that is precisely the point. Grimes is not teaching you to be a security professional. He is helping you understand what security professionals do, why it matters, and why you should care about the field even if you will never work in it. For that audience, the format is close to ideal.
What the Profiles Reveal About the Culture
The twenty-six people profiled here are not a homogeneous group, and that diversity is one of the book’s more quietly important contributions. Grimes notes that cybersecurity has not historically been a diverse field, and the profiles push back against the stereotype of the basement-dwelling lone hacker. There are women, people with non-traditional career paths, writers and researchers as well as coders, and people who came to security through history or law or policy rather than through computer science. That range is useful for anyone considering entry into the field, and it is useful for the field itself as a corrective to a self-image that does not always serve it well.
The reviewer who came to the book as a hack victim found it practically helpful for understanding what had happened to them. That is a specific and interesting testimonial: the book’s approachability is not just useful for career changers but for anyone who has been on the receiving end of an attack and wants to understand what kind of expertise is actually involved in investigating and responding to it.
The Limitation the Format Surfaces
Nathan Arizona’s review is honest about the tradeoff: the book is broad and historical rather than deep and technical. If you want to learn specific techniques, tools, or concepts at any depth, Hacking the Hacker will frustrate you. It is a portrait of a field, not a curriculum within it. The no-experience-necessary technical explainers are, by definition, introductions rather than foundations. They give you enough to follow the profiles without giving you enough to do anything the profiles describe.
That scope limitation is a deliberate choice rather than a flaw, but it is worth being clear-eyed about. This is journalism and profile writing in the service of demystification, and its value should be measured on those terms.
Who Should Listen and Who Should Skip
Readers new to cybersecurity who want to understand the field’s human landscape before committing to technical study will find this genuinely orienting. Business owners, policy makers, journalists, and anyone adjacent to cybersecurity who wants to understand the culture will get something from it. Technical practitioners looking for tradecraft or methodology will find it too broad. And for the curious general reader with no professional interest in security at all, the twenty-six portraits provide an unexpectedly compelling look at a world that is shaping how power is exercised in the twenty-first century.
Frequently Asked Questions
Is any technical background required to follow the security explanations that precede each profile?
No. Grimes explicitly structures the explanations for listeners with no prior security knowledge. The conceptual overviews assume you know what a computer is and broadly what the internet does, but nothing beyond that. The goal is comprehension of what the profiled experts do, not the ability to replicate their work.
Does Jonathan Todd Ross differentiate between the profiles and the technical explainer sections in his narration?
The distinction is primarily structural rather than voiced in dramatically different registers. Ross maintains a consistent documentary tone throughout, which keeps the transitions natural. The technical sections are paced to allow comprehension rather than performed as lectures.
The book was published in 2017. Is the information still relevant given how quickly cybersecurity evolves?
The profiles and the human narrative remain relevant because the field’s culture, challenges, and career landscape have not fundamentally changed even as specific tools and threats have evolved. The technical explainers cover foundational concepts that are still accurate. For current threat intelligence or recent attack methodologies, this should be supplemented with more recent sources.
How does this compare to books like Clifford Stoll’s The Cuckoo’s Egg as an accessible narrative account of the security world?
The Cuckoo’s Egg follows a single sustained investigation with thriller pacing. Hacking the Hacker is explicitly a field guide through profiles, so the reading experience is more like a collected documentary than a narrative. If you want sustained tension and story arc, Stoll remains the benchmark. If you want breadth and the sense of a field rather than a single incident, Grimes serves a different purpose.
