An Interview with Allie Mellen (author: CODE WAR)
Key Takeaways
The video features an interview with Allie Mellen, author of the book CODE WAR, which explores the intersection of cybersecurity and geopolitics, focusing on Russia, China, and the US. The book provides a non-technical approach to understanding the importance of cybersecurity, privacy, and data in the context of geopolitics.
Full Transcript
Alrighty. Well, hey there, Ally. Goodness gracious, it is super good to get together and chat. But I think you've got some incredible news lately, right? You're releasing, you're launching, you're publishing a whole new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield. Is that right? >> Yes, that is right. Thanks so much for having me. I'm really, really thrilled. You know, this is my first book. Uh, it's been crazy. so much work, but it's really been so fun. I've wanted to do this for years, but I didn't realize that it would be a book or I didn't really think about it in that way. And seeing it now finally in print has been so powerful. It is all about the intersection of cyber security and geopolitics. I specifically look at the histories of Russia, China, and the United States and take a look at how the cyber attacks that they use today and the defenses have been shaped by their histories. And it's been so neat because I go back to like Tsarist Russia, Imperial China, and I pull themes out that put context into exactly why they use the cyber attacks the way that they do and why they've built the defenses the way that they do. It's uh it's something that's like been a bit of a passion project for me, but now that I'm into because I'm a big history of war buff, it's been so fun. Goodness gracious, there is certainly so much to dig into, but would you be willing, I don't know, just given a quick crash course of who you are and what you've been up to in your own world, like how did you get to this book? Where how did you lead to this? Um, I know you mentioned, look, this has been a passion project, but how did you find yourself in your life and everything that you've been up to now? All right. Yeah, we'll take on a book, a mountain of work. >> Yeah, it's funny. Um, I've been very lucky. So, I got started in cyber security back in college. I was getting a degree in computer engineering. And at the time there was one cyber security class in the entirety of Boston University which is now very different different world now but at the time it was one and I was very lucky we even had one and uh it was actually such a cool class looking back especially like I didn't realize how good I had it because our professor would set up labs so that we could actually like hack a server for our midterm, hack a server for our final, have to defend a server. Um, and so it was super interesting, super hands-on, and I felt really lucky just thinking about like how much time it probably took him as a professor just doing it himself to set up these labs and make sure we had access to all of that and then of course like teaching us all this stuff too. Uh, and so for our like midyear project, we had to either do some research of our own or copy someone else's research and kind of come back with this research project and present it to the class. And so me and a few friends decided to do our own research. We ended up hacking the square reader. We turned it into a credit card skimmer with a hardware encryption bypass which was very cool cuz I was getting my degree in computer engineering. So I was very interested in like that intersection of computer science and the hardware piece of it. And it so it was a perfect representation of that. And we went to present it to the professor and he was like this is really cool. You guys should submit this to blackhat. And I was like what's blackhat? that sounds interesting. And so we wrote a paper on it, we submitted it, it got accepted. And so my first real experience with the cyber security industry was flying out to Vegas and presenting on it, getting to meet the community, going on CNN and CNBC, and I was like, "This is awesome. I love this. If this is every day, this is a great day. >> The lion's den." Yeah. >> So, um, I pretty much fell in love with the industry after that. and I uh was a hacker for a few years before becoming a security practitioner and then becoming an industry analyst and I've been an industry analyst for five years now focused on detection and response. So my passion has always been very detection and responseoriented. Um but yeah kind of a a wild journey but it's shown me a lot of different sides of the industry in a really unique way and I'm very grateful for that. Well, I'll admit I have seen you across the internet airwaves, right? All online, whatever it's Twitter, LinkedIn, social media and all, but you've always been doing such like super cool stuff. And then, hey, sometimes you got to reach out to Huntress and see what all we're up to, and that's just been sweet. Hey, cool. I'm I'm so happy to hang out with Ally. >> Thank you. That means the world to me. >> So, could you tell me more about the book? I feel like I I'm I don't want to ask for a whole crash course, but where's it at? How are you doing? Uh the whole process of making it. What are the some of the sweet highlights? Please just tell me everything you can. >> Yeah. Like how am I doing emotionally? Not well. No, it I'm actually in such a good spot now because it's finally off to the printers, which has been great. So I did not realize the extensive process that this is. It is writing it and you are not done when you turn it in. There's also all of the copy editing stage. There was actually um when I submitted it to the publisher, I had 136,000 words. Turns out you at least for for the book style that I'm doing can only have 96,000. And so we had to cut out all of those words to get it down to the count. So there was the cutting out period and then the copy editing period and then the proofing period to make sure everything was perfect and then off to the printers. So, it's been a long journey, but um it's good to know that there's so much rigor that goes into publishing books. >> Totally. Yeah. Yeah. >> Yeah. So, now it is being printed as we speak, and I'm really excited that I'm going to be um releasing it at the RCA conference, which I think is >> Oh, awesome. >> Really good timing. Yeah. And I'm going to be doing book signings there, too. So, it should be a ton of fun. What I really enjoy about the book, like I just recently did a little like um sneak peek reading from one of the chapters and what I really enjoyed about the book is that I tried to make this approachable for anyone. I didn't want this to be like a oh here we're going to get down lowlevel into the weeds like technical. I wanted this to be something where you could come in with an interest in geopolitics or an interest in technology and start reading this and get value out of it because I think we have a lot of texts that are highly technical. We're getting more that are more focused around the business side. But when it comes to getting people to understand why cyber security is important, why privacy is important, why data is important, why this all fits so perfectly into the world of geopolitics, we can we have a bit of a gap there. And so this book is meant to to fill that gap and to show especially for China, Russia, and the US like what exactly they're doing and why it matters. And it it's so interesting how many different areas cyber security, both defenses and offensive attacks touch. Like it's not just, oh, these are the attacks that they're perpetrating against other nations. It's also like here's the vehicle that these nations have put in place to perpetrate repression and to make sure that they're that dissident can't speak out or that they're able to capture dissident more effectively like the whole surveillance state. And so it's been really cool because in each section of the book I go through here's all of the like the policy that has been put in place to set up the cyber defenses or that hasn't been put in place and here's the reason they set that up the way that they did because that is actually so different from China to Russia to certainly the United States. Um, so I've really loved it from that standpoint. And I've tried like this is my my kind of thing is as I was writing it, I was like, "Oh my god, this is so dry. Like I'm just writing about all of these laws and regulations. Nobody's going to want to read this." So throughout it, I added like I don't I don't want to call it gossip because it's it's true. Like it's all true, but these little like this little bit of tea, this little salacious bits that are just interesting and funny and human. And that was really important to me throughout to make it a little bit more interesting. >> No, I think you do still get to some gritty stuff though, too, right? I see I'm looking through the website, forgive me, but like not Peta, you mentioned Sandworm. There's some some cool stuff to dig into. >> Yeah, there's some awesome stuff. I what I really liked was I know that like there's been so much ground that has been tread here for specific attacks where like amazing journalists have gone so deep into many of these attacks and like looked at every single facet. And so what I wanted to do and what I ended up doing is is putting in a bunch of chapters that go into specific attacks but in the context of the geopolitical goals of that country. So like for example in the China and Russia sections there are entire sections that are just dedicated to the countries that they are trying to either take over or influence. Um of course like there's a whole long se section on Ukraine. There's also like a shorter one on Estonia and what Russia has done there. There's a whole very long one on Taiwan and what's happening there. Tibet. And so it's been cool because to your point like I go very indepth on things like stuckset or not peta but um and kind of talk about the human elements there too but I also take these like lesser known stories and try to put them into that context of like this is another angle on what's happening and why it's happening that way to give that context. It's it's really fascinating and I think it gives a good perspective to the future too because I'm starting to to see as I like just experience the world in our new wild day-to-day just how much all of this is applicable and understanding it in that historical and modern context is so critical >> and thank you really like especially for shining a spotlight on it because I know even just my perspective right I I like to think oh kind of nerdy geek I like to be on the keyboard board and technical look at malware, see what hackers are up to. But I'll be the first to admit, I've always just tend to shrug off kind of who who did it, right? What nation, what bad actor, what a xyz, etc. But getting to okay, look at the geopolitical aspect of this uh is still super important because even that's just the understanding of the world we all live in. I'm always thinking, okay, it's malware, it's a hacker, it's bad. let's just get it out the door. But you do kind of need to know who's who on the playground here, right? >> Yes. And it's such a good point because that is so important. Thinking about this more strategically, like there's so much that you can learn about and to help you predict exactly why a nation is going to target a particular target or react a particular way. And like that's the fundamental thing about this book that was so important to me is I kind of I started off with being like cyber war is not happening. That's not going to happen. That's not a reality that we're going to live through because we don't exist in a vacuum. Like there's a broader ecosystem that we interact with. I use this quote in the very beginning of the book from Richard Fineman and the 1986 Rogers Commission report on the Challenger Shuttle disaster which I just absolutely love which is for a successful technology reality must take precedence over public relations for nature cannot be fooled. And this whole idea of like nature cannot be fooled was a core theme in the book for me because of course at the time he was talking about the failures um with the with Challenger. But for me it's very much so a if there's not a real world reason a real world motivation for this cyber attack. They're just not going to do it. There's no point in doing it. And so once we recognize that we can more closely predict and identify what they're most likely to attack and when which I think is going to become very important over the next decade. It also um is heavily related to and like one of the things that I did in the book is I is I actually bookended the book with two different wars. So I start with Yeah, this was I loved this. So the I started with Sorry, I'm totally going to start geeking out here. >> No, that's the whole point. That's what we're here for. >> I started with um actually the Gulf War and it so interesting because like obviously cyber attacks not a big part of the Gulf War was 1990, right? very different time comparatively to what we're seeing in like where I end the book which is at uh Russia's war in Ukraine. But what the Gulf War really was was it was an inflection point for the US, Russia and China where they all solidified around the realization that like joint military operations, joint warfare is the only way forward. That's the way that you win. like it showed that for the United States because of the decisive victory that they had. Russia had been doing it for years with radio electronic combat. But what was really cool about it is it was a moment for them where they were like, "Yep, this is continued validation that what we're doing is the right path that this is the way that we need to go." And for China, it was a wakeup call of we really need to start taking joint warfare more seriously, multi-dommain operations more seriously. And so to me that kicked off this race and this change to integrating multiple different types of warfare together which of course became cyber security as a core part of that too. And we now see that actually happening in Ukraine which is so fascinating. >> Yeah, that is wild. >> Yeah, it's not that long. It's not that much time, you know, 30 years but like it's a lot of change. Can you tell me if I may even just like your own personal lifestyle in writing the book and putting it all together? Like I know I think both of us are like something, oh, I've got this idea. I'm a little obsessed with it. I'm going to keep working on it as much as I can. I want to pour myself into this. Is that like still balancing it with your day-to-day? Is that something that you were, I don't know, burning the midnight oil for to hey, make this thing come together? How much time are you pouring into pages? Can I ask? Yeah, it's a great question because uh as an industry analyst, I actually write a lot. So, it was not ideal to also be writing a lot for a book because it was completely separate from my work. So, it was 5:00 p.m. on you're writing and 7:00 a.m. to 9:00 a.m. you're writing and um Alli's not doing anything fun on the weekends. Allie's not going out with the friends for a while just to get it get it done. I did have a few like kind of romantic moments of writing. One time I uh stopped over I was uh headed back from a business trip and I was like I'm just going to stop over in Paris and I'm going to work at a cafe for a few days and just write and that was a treat. Uh so I did try to make it a little bit more pleasant that way. It's funny I actually got advice from someone almost two years ago now who said you need to just disappear to a cabin for a month and do it like that's the only way. And I was like no it'll be fine. Oh god I wish I had done that. I wish >> that is good advice. >> So it is definitely like I think it's tough too because these are not simple stories like even though I tried to kind of pull it up out of the technical you at least from my perspective when I write about stuff like this I want to understand it completely. I don't want to just like look at surface level because I think you get into much more nuanced cool stuff when you get into that deeper level and then can pull it back up. And so, uh, every story there were times I got into like these liinal spaces where hours would pass and I would have no idea and I was just like in a flow state. So, it was really cool, but also like where did the time go and how did I spend like six hours just on this one story, you know? Well, super valuable because those are, as you said, not simple stories, but not simple ideas like you're you're it's war, it's nations, it's the countries, it's the deception, it's the it's the cyber security warfare to the realest extent. So, hey, kudos to you genuinely. I I I'm stoked to read it. >> Thank you. I hope you enjoy it. I can't wait to like I think the most exciting part for me is just hearing what everyone thinks and hearing their perspectives. One of the really cool things that I've done recently is like I was on a um I've been at a few events and talking to people about the book and they'll bring up some of their experience and I'll be like, "I wrote about that. I wrote about you doing that in the book, you know, and that's the coolest part when that happens. I'm like, "Oh my god, that's amazing." So, >> I love to hear these stories. >> Well, I'm looking at it. Amazon, Blackwells, Barnes & Noble, just about everywhere, right? Available wherever books are sold, I think. >> Yep. Wherever books are sold, it is sold. So, definitely get a copy. Bring it to RSA. I'll sign it. I'd love to. >> Heck yeah. Are you still going on the media tour? Are you doing any other O talks, other presentations even more following this? I'm sure they're keeping you busy. So, >> yeah. You know, I think to me, and I'm I'm kind of curious what you think of this, too. Like, to me, this is a perfect time for this topic. Like a year ago when I was writing it, I was like, "Oh, I really wish I could have released it this year." And now I'm thinking I'm so glad that I couldn't have released it last year because now is the time. And so I'm going to be speaking on this and writing about it and talking about it for at least all year because I think we're going to need that conversation um around multiple different elements of this. You know, the surveillance state is one big part of it. the cyber attacks that we're seeing used, whether it's in Venezuela or whatever is going to come next, are very important to talk about and to understand more completely and why they're happening. And so I think that there's nothing but um nothing but opportunity to talk about and explain these and make sure that it's clear as to why they're happening and whether or not they're actually the right direction. One of the things that I think about a lot is like we've got of course like the surveillance state and how that is changing, but we've also got and one of the things I talk about a lot in the book is like the splintering of the internet along regional lines and what that means because it's ultimately a big negative for democracies. Like democracies thrive when communication can spread freely and it can spread across borders. And what we're seeing is that through because of many different competing priorities that's changing completely and I have a lot of concerns for the direction it's going and for how we still enable different countries and the people within those countries to communicate freely. So I think there's long story short a wealth of things to talk about here and I at the very least intend to blog a lot on them but I'm curious what you think of this year and like everything that's coming up. No, I mean I agree completely and that okay the state of cyber security, the state of misinformation, the state of privacy, surveillance, etc. is just something that continues to get more and more and more in the spotlight for a massive conversation in every direction, good, bad, and ugly. Uh, so without a doubt, I mean with I I am glad and I'm super happy and again this is kind of why I wanted to reach out and for us to have a chance to chat because I know it's like such a personal milestone for you to get this out and created and out the door across the finish line. So like I totally wanted to celebrate and like really help shine a spotlight on like yeah we got to have this conversation and I'm glad you're here with a voice to be able to do that. So, right now, 2026, sure. As opposed to 2025, making it happen. And absolutely this year, now more than ever, I I I got to keep saying kudos. >> Well, thank you so much and thank you for uh supporting the process. It's been amazing. Like, I've had so many people um that I interviewed for the book and I'm really grateful for that because those ideas and those thoughts have like they transformed the way that I approach this. So, thank you for being interviewed and for your support of it. >> Excellent. Thank you. Thank you so so much, Ally. Any more sweet call to action? Is it, hey, just jump over to the website, go pre-order. What else is there for folks to be able to tune in and get this thing in their hands? >> Yeah, I think definitely pre-order, come to RSA if you're not, and I'll assign a copy and uh >> I'll see you there. I want to come hang out for sure. >> Yeah, exactly. And then um also I have a Substack so you can follow me there because I'm going to be writing a lot more about this beyond the book but looking at like what's actually happening now and kind of extending the the focus of the book into what's happening today and and trying to tie it to some of the more recent events that are happening. So you can follow me over there too. >> Always a lot to talk about I'm sure. So >> yes, >> thanks again and again Ally. I'll leave all the sweet links in the description and all for hey folks for have some easy access to it. But I just can't say thank you enough and congratulations. That's what I can't say enough. >> Thank you so much.
Original Description
Big support to Allie and her milestone of publishing her first book!
Pre-order CODE WAR: How Nation's Hack, Spy, and Shape the Digital Battlefield on Amazon (https://jh.live/code-war-amazon) or others! https://jh.live/code-war
Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter
ℹ️ Affiliates:
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from John Hammond · John Hammond · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
Tutorials? MySQL connection with PHP and Bash!
John Hammond
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
JavaScript Splits The URL!
John Hammond
HTML Tables in Python!
John Hammond
HTML, Net Shares, GML!
John Hammond
Python 08 Programming Style and Comments
John Hammond
Python 26 Object Oriented Programming
John Hammond
75 Python Tutorials, Out Now!
John Hammond
Batch 14 Mathematical Expressions
John Hammond
Batch 85 Array Append
John Hammond
Batch 86 Array Count
John Hammond
Batch 87 Array Index
John Hammond
Batch 88 Array Insert
John Hammond
Batch 89 Array Remove
John Hammond
Batch 90 Array Reverse
John Hammond
Python [colorama] 00 Installing on Linux
John Hammond
Python [colorama] 09 Cursor Position
John Hammond
Python [hashlib] 02 Algorithms
John Hammond
Python 00 Installing IDLE on Linux
John Hammond
Python [pygame] 11 Rectangular Collision Detection
John Hammond
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
Python [XML-RPC] 01 Research
John Hammond
Python [pyenchant] 03 Personal Word Lists
John Hammond
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
Python 04: PEP8 Coding
John Hammond
Python Challenge! 17 COOKIES
John Hammond
Google CTF 2016: Ernst Echidna
John Hammond
Google CTF 2016: Spotted Quoll
John Hammond
Google CTF 2016: Can you Repo It?
John Hammond
Google CTF 2016: No Big Deal
John Hammond
Google CTF 2016: In Recorded Conversation
John Hammond
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
Homemade CTF Challenge: 04 "UPX"
John Hammond
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
Juniors CTF 2016 :: Six Strange Tales
John Hammond
Juniors CTF 2016 :: Lost Code
John Hammond
Juniors CTF 2016 :: Here Goes!
John Hammond
Juniors CTF 2016 :: Southern Cross
John Hammond
Juniors CTF 2016 :: Clone Attack
John Hammond
Juniors CTF 2016 :: Dirty Repo
John Hammond
Juniors CTF 2016 :: Hackers Blog
John Hammond
Juniors CTF 2016 :: Voting!!!
John Hammond
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
Juniors CTF 2016 :: Stop Thief!
John Hammond
Juniors CTF 2016 :: ROFL
John Hammond
Juniors CTF 2016 :: Restriced Area
John Hammond
Juniors CTF 2016 :: Oh SSH!
John Hammond
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
HackCon CTF 2017 "Bacche" Challenges
John Hammond
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
Social Discovery Group’s Announcement: A Communication That Raises Questions About Transparency and…
Medium · Cybersecurity
Adobe Producer Spoofing: A PDF Metadata Forgery Case Study
Dev.to · Iurii Rogulia
Today's the Deadline: Three Separate CISA Patch Orders Just Collided on the Same Weekend
Dev.to · Fabio Baensch
How Anthropic Could Have Prevented the “Claude Gift Fraud” With Security 101
Medium · Cybersecurity
🎓
Tutor Explanation
DeepCamp AI