The Cukoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

Career Development Themes from a Great Read

The first time I heard this book recommendation coming from cybersecurity experts to people interested in a career crossover, I thought: how could a 35+ year old hacking story possibly have relevance today? I want to get ahead of understanding how to protect information systems, not behind.

But it kept getting recommended over and over from different sources, so I finally caved and was glad I did. It's a great book and networking ice breaker.

The protagonist comes from outside cybersecurity, falls in deep, finds his career calling and there's no turning back. It’s an inspiring and encouraging true story if you're thinking of doing the same. It also includes foundational security concepts that have stood the test of time, such as:

  • The importance of log reviews

  • Threat actors are constantly "jiggling doorknob handles" of Internet-exposed assets to see where they can get in, escalate privileges, move laterally, and take action on objectives

Just last week, I saw the book referenced again in a Technical Security Audit and Assessment course.

Reviewing logs may also reveal system configuration problems or even worse, evidence of unauthorized activity. One of the most famous cases is described in the book, Cuckoo's Egg. In this true story, the author used log reviews and other techniques to trace a $0.75 accounting descrepency to a hacker stealing military secrets.

Marc Menniger

Book Summary

In this true story from 1986, Cliff Stoll, an astronomer at Lawrence Berkeley Lab, discovers a 75 cent accounting error that leads him on a year long quest to track a hacker breaking into military and defense contractor computers through the lab's network. The case reveals major security flaws in 1980s computer networks and involves an international espionage ring.

Career Development Themes

  • Curiosity and persistence in investigating small anomalies can uncover much larger issues. This is a fun part of both cyber and accounting - pulling on the thread of yarn.

  • Cross-functional collaboration and communication skills are essential in responding to security incidents. Also essential for good GRC work.

  • Adapting one's skills and mindset to new challenges, like an astronomer becoming a cybersecurity sleuth.

  • Balancing security with the need for open access and trust in research computing environments. Cybersecurity strives to enable as it protects.

  • Cultivating patience and dedication to see through long, complex investigations.

Cybersecurity Industry Facts

  • In the 1980s, many computer networks had minimal security and relied heavily on trust between systems. It was the opposite of “zero trust” and not designed for the scale the Internet has reached today.

  • A hacker exploited security holes in a university’s network to gain unauthorized access.

  • The Morris worm in 1988 infected an estimated 10-15% of Internet connected systems.

  • Early hacker groups operated with little initial law enforcement response.


  • "A hacker's abuse of this openness might mean the end of the casual, communal way the networks are run."

  • "Diversity then works against viruses. If all the systems on the ARPANET ran Berkeley Unix, the virus would have disabled all 50,000 of them."

  • "Networks aren't made of printed circuits, but of people."

  • "I don't want to be a computer cop. I don't want our networks to need cops."

  • "Our networks form neighborhoods, each with a sense of community."


  1. Proactively audit systems for inactive accounts, weak passwords, and unnecessary trust relationships.

  2. Establish clear procedures and lines of communication for reporting and escalating security incidents.

  3. Promote cross-organizational collaboration between technical experts to share threat information and best practices.

  4. Implement defense-in-depth security controls while preserving open access needed for research.

  5. Provide security training to educate users on best practices like choosing strong passwords. See CISA’s Secure Our World website as a starting point.

  6. Stay current on the latest hacker techniques and security vulnerabilities to anticipate issues.

  7. Cultivate a mindset of patient, persistent investigation when dealing with challenging security incidents.