Books & Publications
Books (Authored)
Books written or co-authored by Chris Kubecka.
How to Hack a Modern Dictatorship with AI
Cyberwarfare, AI, and modern authoritarian systems.
[Book link]Hack The World With OSINT
A practical and strategic guide to open-source intelligence, cyber investigation, and real-world operational use.Held by: Bibliothèque universitaire de la Défense (Belgian Ministry of Defence)
https://budef.mil.be/index.php?lvl=author_see&id=192627[Book link] (affiliate link if applicable)
Video link
Down the Rabbit Hole: An OSINT Journey
Investigative cyber intelligence, real-world incidents, and operational discovery.
[Book link]The Drone Wars
The Hacktress Target File Checklist
A practical guide for cyber intelligence, OSINT, and operational planning.
[Book link]Additional guides, labs, and technical publications
[Links as applicable]
United Nations Engagements
UN Reports & Expert Contributions
International Cooperation to Mitigate Cyber Operations against Critical Infrastructure: Normative Expectations and Emerging Good Practices
United Nations Institute for Disarmament Research (UNIDIR)
April 2021UNIDIR policy report examining international cooperation and emerging norms to mitigate cyber operations targeting critical infrastructure. Chris Kubecka is acknowledged as a participating expert in the UNIDIR multistakeholder dialogue “Operationalizing Cyber Norms: Critical Infrastructure Protection” (3 July 2020), contributing practitioner insight to discussions informing the report.
UN Conferences & Panels
Panel IV: Sustaining the World – Energy & Water
Cyber Stability Conference 2022: Protecting Critical Infrastructure and Services Across Sectors
United Nations Institute for Disarmament Research (UNIDIR)
2022Panel discussion addressing cybersecurity risks and resilience in the energy and water sectors, including challenges related to critical infrastructure interdependencies, renewable energy technologies, industrial espionage, and public–private cooperation. Chris Kubecka participated as a panelist alongside representatives from academia and government, contributing practitioner insight on cybersecurity risks affecting energy and water infrastructure.
Documented in the official UNIDIR Cyber Stability Conference 2022 Report.
https://unidir.org/wp-content/uploads/2023/05/SecurityTechnology_CyberStability_2022_Report_web.pdf
UN Internet Governance Forum (IGF)
Transparency and Control for the Internet of Things
UN Internet Governance Forum (IGF) 2019 – Workshop WS #307
Subtheme: Security, Safety, Stability and Resilience
2019Invited speaker at a UN IGF multistakeholder workshop addressing transparency, security, and user control in the Internet of Things (IoT). The session examined international norms, cybersecurity best practices, and mechanisms for global standardization across IoT devices, sensors, and supply chains, with participation from civil society, industry, academia, and the private sector.
Towards a Human Rights-Centered Cybersecurity Training
UN Internet Governance Forum (IGF) 2019 – Workshop WS #159
Subtheme: Security, Safety, Stability and Resilience
2019Invited speaker at a UN IGF multistakeholder workshop focused on integrating human rights principles into cybersecurity training and capacity-building initiatives. The session examined cybersecurity best practices, protection of journalists and civil society, and approaches to rights-respecting security education across regions and stakeholder groups.
UN-Affiliated Academic Publications (Citations)
United Nations High Commissioner for Refugees (UNHCR) – MUNUC 35 Background Guide
Model United Nations of the University of Chicago (MUNUC)
2022Academic background guide prepared for the UNHCR committee at MUNUC 35, addressing contemporary refugee and displacement challenges. The guide cites Chris Kubecka’s policy analysis “Addressing the Refugee Crisis” (Middle East Institute, 2022), co-authored with Zeina Moneer and Neeshad Shafi, in its examination of humanitarian response, regional instability, and refugee protection.
In 2022, while my work on refugee and human security issues was being cited in UN-affiliated academic materials, I was myself displaced while fleeing the war in Ukraine.
Government Reports & Policy Documents
Security-by-Design in the Vital Sector: Securing Operational Technology from a Design Thinking Perspective
Henk de Poot, Melina McKim, Rob Dieleman, Marcel Spruit
WODC-EWB 3052, Dutch Ministry of Justice and Security
Nobis Policy Lab, 2019Dutch government policy research report examining systemic cybersecurity risks to critical infrastructure sectors, including energy, water, transport, aviation, maritime systems, and satellites. The report explicitly cites Chris Kubecka’s DEF CON 27 presentation (“Hack the World and Galaxy with OSINT”) for its analysis of widespread vulnerabilities in vital infrastructure, including insecure legacy systems, default and group credentials, remote maintenance access, and the societal risks posed by liberalization and self-regulation.
Government & Multilateral Policy Reports
Information Sharing Framework for Penetration Testing
Ihsan Burak Tolga, Gunnar Faith-Ell
NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)
2020NATO CCDCOE policy and technical report proposing a structured framework for information sharing in penetration testing and cyber defense operations. The report cites Chris Kubecka’s Black Hat presentation “How to Implement IT Security After a Cyber Meltdown” (2015) as a practitioner reference in the context of post-incident security practices and operational cyber resilience.
https://ccdcoe.org/uploads/2020/04/Information_Sharing_Framework_Pentesting_FINAL.pdf
Principles of Cyber Deterrence and the Challenges in Developing a Credible Cyber Deterrence Posture
İhsan Burak Tolga
NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), 2018NATO CCDCOE strategy paper examining cyber deterrence principles and the challenges of establishing a credible deterrence posture in cyberspace. The publication cites Chris Kubecka’s Black Hat presentation “How to Implement IT Security After a Cyber Meltdown” (2015) as a practitioner reference in the context of post-incident security practices, resilience, and cyber defence readiness.
Policy Advisory Roles & Committees
Advisory Committee Member – Weaponizing Digital Trade
Council on Foreign Relations (CFR)
Council Special Report No. 88
September 2020Served on the advisory committee for the Council on Foreign Relations Special Report Weaponizing Digital Trade: Creating a Digital Trade Zone to Promote Online Freedom and Cybersecurity, providing expert insight on cybersecurity, digital trade, and online freedom issues informing the report’s analysis and policy recommendations.
https://cdn.cfr.org/sites/default/files/report_pdf/weaponizing-digital-trade_csr_combined_final.pdf
Defense & Security Publications
“A Web of Threats, a World of Potential: As Africa Closes the Digital Divide, It Must Improve Cyber Security”
Africa Defense Forum (ADF) Magazine, Vol. 12, No. 2
2021Strategic defense publication examining cybersecurity risks and opportunities associated with Africa’s rapid digitalization, including military, governmental, and critical infrastructure considerations. The issue addresses cyber threats, cybercrime, and the evolving role of defense institutions in securing digital transformation, with expert perspectives informing regional cyber resilience discussions.
“Remind Me Again… What Were We Deterring? Cyber Strategy and Why the United States Needed a Paradigm Shift”
Sam Brown
The Strategy Bridge, September 4, 2023Strategic analysis examining U.S. cyber strategy and deterrence frameworks. The article cites Chris Kubecka and Jack Rhysider’s discussion of the Shamoon incident from Darknet Diaries (Episode 30, January 22, 2019) in its broader analysis of cyber operations, threat perception, and policy paradigms.
Selected Policy Analysis & Commentary
A Decade On from the Shamoon Cyber Attack: Takeaways and Recommendations
Chris Kubecka
Middle East Institute (MEI), August 15, 2022Policy analysis reflecting on the tenth anniversary of the Shamoon cyberattack against Saudi Aramco, examining long-term lessons for critical infrastructure protection, cyber resilience, and national security preparedness. The article draws on first-hand operational experience and provides recommendations relevant to governments and operators of critical infrastructure.
https://www.mei.edu/publications/decade-shamoon-cyber-attack-takeaways-and-recommendations
Academic Citations & Research Impact
This section highlights selected citations and scholarly references to Chris Kubecka’s work across academic, industry, and policy publications. Citation counts are indicative and evolve over time.
Selected Citations
Industrial-Sized Cyber Attacks Threaten the Upstream Sector
T. Jacobs
Journal of Petroleum Technology, Vol. 68, No. 3, pp. 42–50 (2016)
Cites Kubecka’s work in the context of large-scale cyber incidents affecting critical energy infrastructure.How to Implement IT Security after a Cyber Meltdown
Chris Kubecka
Conference talk and recorded presentation (2015)
Referenced across academic and professional literature examining post-incident cyber recovery and resilience.Principles of Cyber Deterrence and the Challenges in Developing a Credible Cyber Deterrence Posture
İ. B. Tolga
NATO Cooperative Cyber Defence Centre of Excellence (2018)
References Kubecka’s work in discussions of cyber deterrence, escalation, and strategic posture.Emerging Security and Data Privacy Challenges for Utilities: Case Studies and Solutions
C. L. Stimmel
In: Big Data Application in Power Systems (2018)
Cites Kubecka’s work in relation to utility-sector cybersecurity and operational risk.Cyber Wars
M. Anniss
Cavendish Square Publishing (2017)
References Kubecka’s work in broader discussions of cyber conflict and modern warfare.
Authored Scholarly Work
Secrets From the Future: Hacking in a Post-Quantum Cryptography World: Implications for Cyber Security and National Defense
Chris Kubecka (2024)
Academic paper examining post-quantum cryptography risks and national security implications; cited in early scholarly and policy discussions.
Institutional Archives & Library Collections
This section documents appearances, citations, and preserved records held by academic, policy, and government-affiliated libraries and repositories.
Policy & Think Tank Library Archives
State-of-Play for Middle East Cybersecurity Leaders
Middle East Institute
Archived event listing held within Middle East Institute collections.
https://www.mei.edu/events/state-play-middle-east-cybersecurity-leadersThe Cyber Domain in the Middle East: Implications for Security and Policy
Middle East Institute
Archived panel and discussion, preserved in the Oman Library at the Middle East Institute digital collection.
https://www.mei.edu/events/cyber-domain-middle-eastMEI’s 2nd Annual Cyber Conference
Middle East Institute
Moderator and Distinguished Chair, Cyber Program; archived institutional event record.
https://www.mei.edu/mei-cyber-conference
Policy & Think-Tank Publications (Citations)
Cyber Conflict Factbook 2021
Cyber Policy Institute (CPI)
2021Policy reference publication documenting state-linked cyber operations and major cyber incidents. The Factbook cites reporting on the Saudi Aramco Shamoon attack as well as Chris Kubecka’s presentation “How to Implement IT Security After a Cyber Meltdown” (2015) in its analysis of large-scale destructive cyber operations and critical infrastructure security.
https://cpi.ee/wp-content/uploads/2021/04/FactBook-2021-ET-v6.pdf
Academic & University Library Repositories Books & Chapters (Citations)
Assessing a Novel Escalation Risk in a Sino-American Crisis
University of Texas at Austin – Texas ScholarWorks
Academic paper citing Chris Kubecka’s work on cyber operations and escalation dynamics.How Small States Use Cyber to Resist Larger Powers
Old Dominion University – ODU Digital Commons
Academic research citing Chris Kubecka’s cybersecurity and incident response work.“Open Source Investigations in the Age of Google: How Digital Sleuths Can Strengthen Human Security”
Henrietta Wilson, Olamide Samuel, Dan Plesch
In: Open Source Investigations in the Age of Google, pp. 3–23
World Scientific (Europe), 2024Scholarly book chapter examining contemporary open-source investigation practices and their implications for human security, citing Chris Kubecka’s work in the context of OSINT methodologies, cyber investigation, and applied security research.
Held and indexed by the Harvard Library, with open-access availability
“The Twelve Principles of Safe Places”
Ganna Pogrebna, Mark Skilton
In: Navigating New Cyber Risks: How Businesses Can Plan, Build and Manage Safe Spaces in the Digital Age, pp. 171–197
Springer International Publishing, 2019Scholarly book chapter systematizing best practices in cyber defense and organizational security, drawing on discussions with expert researchers and practitioners, including citations to Chris Kubecka’s work in the context of cybersecurity risk, resilience, and applied defense principles.
Held and indexed by major academic libraries, including the Harvard Library.
(Citation counts omitted intentionally; available via repository metadata.)
Scholarly Books & Academic Citations
Academic Publications Citing My Work
The Politics of Cybersecurity in the Middle East
James Shires (ed.)
Oxford University Press / Oxford Scholarship Online, March 2022Academic analysis of cybersecurity policy and governance in the Middle East. The chapter “End Matter” (pp. 257–320) within this volume cites Chris Kubecka’s work in the context of regional cybersecurity dynamics, critical infrastructure risk, and policy responses to cyber conflict.
https://academic.oup.com/book/41876/chapter-abstract/354698155
Scholarly Journals & Academic Publications
Georgetown Security Studies Review, Vol. 9, Issue 1 (July 2021)
Center for Security Studies, Edmund A. Walsh School of Foreign Service, Georgetown UniversityPeer-reviewed security studies journal addressing contemporary national security and international affairs topics, including cyber conflict, geopolitical risk, and emerging threats. This issue includes analysis and discussion relevant to Chris Kubecka’s work in cybersecurity, cyber conflict, and national security.
Published and archived by Georgetown University, with open-access availability via the Georgetown Security Studies Review. https://georgetownsecuritystudiesreview.org/wp-content/uploads/2021/08/FINAL-91-Upload.pdf
Cross-Institutional Academic Citations
Assessing a Novel Escalation Risk in a Sino-American Crisis
Referenced across multiple academic repositories and policy analyses, including UT Austin collections, with repeated citation of Kubecka’s work related to cyber conflict and escalation risk.
Institutional Archives & Library Collections
100 Days In: Assessing New Pathways for the Biden Administration
Middle East Institute
Archived in the Oman Library at the Middle East Institute digital collection.
https://www.mei.edu/events/100-days-assessing-new-pathways-for-the-biden-administration
Library-Indexed Media Articles
Selected media, scholarly, and policy records held by academic and institutional libraries, including Harvard and MIT.
“Moldova Plans Cyber Overhauls Amid War in Neighboring Ukraine”
Catherine Stupp
WSJ Pro Cybersecurity, July 2022Investigative reporting on Moldova’s efforts to modernize its cybersecurity posture in response to regional conflict, including analysis related to national CERT structures, critical infrastructure protection, and regional cyber resilience in the context of the war in Ukraine.
“Ukraine Has Begun Moving Sensitive Data Outside Its Borders”
Catherine Stupp
WSJ Pro Cybersecurity, June 2022Investigative reporting on Ukraine’s wartime strategy to safeguard government data against Russian cyber and physical attacks, including expert analysis and context related to cyber resilience, cross-border data protection, and continuity of government systems.
“World: How Cybercrime Laws Are Used to Silence Dissent in the Middle East”
Asia News Monitor, May 16, 2022
Thai News Service GroupLibrary-indexed reporting examining the use of cybercrime legislation to suppress political dissent and restrict freedom of expression in the Middle East, including expert analysis and commentary related to cybersecurity law, human rights, and digital repression.
“3 Reasons Moscow Isn’t Taking Down Ukraine’s Cell Networks”
Sam Sabin, Laurens Cerulus
POLITICO (U.S. edition), March 7, 2022Policy reporting examining Russia’s cyber and communications strategy during the invasion of Ukraine, including expert analysis related to telecommunications resilience, cyber operations, surveillance, and infrastructure stability.
“The Big Interview: Hacking and Defending Nation-Critical Infrastructure”
Martin Cooper
ITNow, Vol. 63, No. 4 (January 2022), pp. 41–43Professional interview archived and indexed by the MIT Libraries, examining nation-critical infrastructure security, cyber defense, and real-world incident response.
“The Armed Forces Communications and Electronics Association (AFCEA) Indiana Chapter – Discussion”
The Washington Daybook, March 2022
Federal Information & News Dispatch, LLCLibrary-indexed institutional report documenting a virtual discussion hosted by the AFCEA Indiana Chapter on cyberattacks impacting Ukraine, listing Chris Kubecka as an invited expert speaker addressing military communications and cyber conflict.
“Trouble Ahead for the Senate’s Big Cyber Bill?”
Sam Sabin
POLITICO (U.S. edition), March 7, 2022Policy reporting examining challenges surrounding proposed U.S. cybersecurity legislation, including debates over encryption, surveillance authorities, intelligence services, metadata, and the balance between national security and civil liberties.
“400,000 Ukrainians Flee to European Countries, Including Some That Previously Spurned Refugees”
Miriam Berger
The Washington Post, February 26, 2022Library-indexed reporting on the early stages of the Ukrainian refugee crisis following Russia’s invasion, examining humanitarian conditions, displacement patterns, and regional responses across Europe, with expert and institutional sourcing.
“How Prepared Is Ukraine for Russian Cyberattacks?”
Sam Sabin
POLITICO (U.S. edition), February 22, 2022Policy reporting examining Ukraine’s cybersecurity preparedness on the eve of Russia’s full-scale invasion, including analysis related to infrastructure resilience, denial-of-service attacks, malware activity, surveillance risks, supply chains, and public-sector cyber defense.
“The Iran Deal’s Last Days?”
Alexander Ward, Quint Gey
POLITICO (U.S. edition), October 14, 2021Policy reporting examining the state of the Iran nuclear deal in its final phase, including analysis related to national security, cyber risk, ransomware, intelligence activity, and broader geopolitical implications.
“China/Israel: Chinese Hackers Used Cyber-Disguising Technology Against Israel, Report Finds”
Asia News Monitor, August 20, 2021
Thai News Service GroupLibrary-indexed reporting examining alleged cyber-espionage activity involving Chinese threat actors and Israel, including analysis related to cyber-disguising techniques, international cyber operations, and investigative findings in a geopolitical context.
“Code42 to Present Inaugural Insider Risk Summit in September”
Professional Services Close-Up, September 2020
Close-Up Media, Inc.Library-indexed professional news article announcing the inaugural Code42 Insider Risk Summit, listing Chris Kubecka among invited cybersecurity experts and speakers addressing insider threats and data protection.
U.S. Naval Academy Cyber Science Department Newsletter — May 2021
U.S. Naval Academy – Cyber Science DepartmentDepartment newsletter recognizing Chris Kubecka as a noted cybersecurity thought leader, author, and speaker, specifically highlighting her role in leading the response to the Saudi Aramco cyberattack. The publication appears in an official U.S. Naval Academy Cyber Science Department newsletter, documenting institutional acknowledgment of her expertise and influence within military cyber education and practice.
“Talkspace Threatens to Sue a Researcher Over Bug Report”
Zack Whittaker
TechCrunch, March 9, 2020Investigative reporting on legal threats against security researchers, including reference to prior incidents involving Chris Kubecka in the context of responsible disclosure, vulnerability reporting, and corporate responses to security findings.
“The Cybersecurity 202: Two Primaries Underscore Dueling Paths to Holding Elections During the Coronavirus Pandemic”
Joseph Marks
The Washington Post, May 20, 2020Media reporting examining cybersecurity, election integrity, and operational risks associated with conducting elections during the COVID-19 pandemic, including analysis related to digital voting systems, fraud prevention, and federal cyber policy.
“Cyberspace Solarium Commission Getting Some of Its Wishes”
Tim Starks
POLITICO (U.S. edition), April 27, 2020Policy reporting examining progress on recommendations from the Cyberspace Solarium Commission, including developments related to national cyber defense strategy, interagency collaboration, workforce capacity, and cybersecurity governance during the COVID-19 period.
“Boeing’s Poor Information Security Posture Threatens Passenger Safety, National Security, Researcher Says”
J. M. Porup
CSO (Online), November 2019Investigative article examining cybersecurity weaknesses affecting aviation safety and national security, based on reporting and analysis involving Chris Kubecka’s research and findings.
“‘No Emails, No Phones, Nothing’: How Saudi Aramco — the World’s Biggest Oil Company — Survived a Debilitating Cyber Attack”
ArabianBusiness.com, August 10, 2015
Disco Digital Media, Inc.Library-indexed reporting on the Saudi Aramco cyberattack, including coverage of Chris Kubecka’s Black Hat conference presentation addressing the Shamoon malware attack, incident response, and organizational recovery following a nation-state cyber operation.
“The Inside Story of the Biggest Hack in History”
Jose Pagliery
CNN Wire Service, 2015Investigative reporting on the Saudi Aramco cyberattack, including expert commentary and firsthand perspective from Chris Kubecka regarding incident response and recovery following the attack.
“Code42 to Present Inaugural Insider Risk Summit in September”
Professional Services Close-Up, September 2020
Close-Up Media, Inc.Library-indexed professional news article announcing the inaugural Code42 Insider Risk Summit, listing Chris Kubecka among invited cybersecurity experts and speakers addressing insider threats and data protection.
Scholarly Journals & Security Studies (Citations)
“Preparing the Cyber Battlefield: Assessing a Novel Escalation Risk in a Sino-American Crisis”
Ben Buchanan, Fiona S. Cunningham
Texas National Security Review, Vol. 3, No. 4 (2020)Peer-reviewed security studies article examining cyber operations, operational preparation of the environment (OPE), and escalation risks in a potential U.S.–China crisis. The article cites Chris Kubecka’s work in its analysis of cyber conflict dynamics, infrastructure vulnerability, and escalation pathways related to cyber operations.
https://tnsr.org/wp-content/uploads/2020/10/TNSR-Vol3-Iss4-Buchanan-and-Cunningham.pdf
Academic & Institutional Lectures
Empowering the Next Generation of Digital Defenders: Ethics in Cybersecurity and Emerging Technologies
CERIAS Security Seminar, Purdue University
Center for Education and Research in Information Assurance and Security
September 4, 2024Invited lecture addressing ethics in cybersecurity, privacy, and emerging technologies, with a focus on empowering future technologists to apply technical power responsibly in security, intelligence, and defense contexts.
Make Sure Your Cyber Assets Don’t Become Liabilities
University of Toronto – MFAcc Alumni Academy
June 24, 2020Invited professional seminar addressing cybersecurity risk, cyber terrorism, and digital asset protection for business and professional audiences. The session examined how common security oversights can transform digital assets into operational and legal liabilities, and provided practical guidance on strengthening cyber defenses and managing evolving threat landscapes.
One-hour lecture followed by moderated Q&A; session qualified for CPD/CPE credit.
Advanced Academic Theses (Citations)
Beyond the UN: The Feasibility of Conducting Peace Enforcement Operations in the Grey Zone of Cyberspace
Robert Ernest George Bloomfield
PhD Thesis, University of Buckingham
Modern War Studies and Contemporary Military History, March 2025Doctoral research examining cyber operations and peace enforcement in the grey zone of cyberspace. The thesis cites Chris Kubecka’s interview “The Big Interview: Hacking and Defending Nation-Critical Infrastructure” (ITNOW, Winter 2021) in its analysis of cyber conflict, critical infrastructure defense, and contemporary military cyber operations.
Cyber Conflict and Just War Theory
Nicholas Collie
PhD Thesis, University of Nottingham
October 2022Doctoral research examining cyber conflict through the lens of Just War Theory, addressing ethical, legal, and strategic questions surrounding cyber operations and modern warfare. The thesis cites Chris Kubecka’s work in its analysis of cyber conflict, escalation, and the ethical implications of cyber operations.
Saudi Arabia’s Cyberspace Challenges with an Analysis for Major Malware Incidents
Yasser Zalah
Kansas State University, October 2017University-affiliated academic research examining major malware incidents affecting Saudi Arabia and broader national cybersecurity challenges. The study cites Chris Kubecka’s presentation “How to Implement IT Security After a Cyber Meltdown” (Black Hat / YouTube, 2015) in its analysis of destructive cyber operations and post-incident security practices.
Academic Conference Proceedings & Educational Materials (Citations)
Summer School–Conference “Cryptography and Information Security” – Proceedings
Novosibirsk State University (NSU), 2020Collection of abstracts and theses from the 2020 Summer School–Conference on Cryptography and Information Security. The proceedings cite Chris Kubecka’s book Down the Rabbit Hole: An OSINT Journey as a reference source for open-source intelligence methodologies, alongside established OSINT literature and technical frameworks. The proceedings cite Chris Kubecka’s book Down the Rabbit Hole: An OSINT Journey multiple times as a reference source for open-source intelligence methodologies, alongside established OSINT literature and technical frameworks.

