Five Security Books You Should Read if You Haven’t

Reading time: 5 min
Share this Share on email Share on twitter Share on linkedin Share on facebook


The Phoenix Project

The Phoenix Project is a quick, entertaining, and enlightening read. It’s a fictional story about an IT department that must evolve from an ineffective and inefficient misadventure into a modern DevOps-powered software factory. Through the story, readers come to understand how an organization can lose legacy habits and trade them in for world-class DevOps, Agile, and Lean processes

 The Hacker Playbook: Practical Guide To Penetration Testing

No one wins a game without a game plan, and no penetration testers or ethical hackers consistently win without a plan of attack. The Hacker Playbook provides pen testers, through football-like plays, shows the reader how to attack different environments and bypass security defenses. When it comes to IT security, a good blue team offense is essential to a good enterprise defense. The hacker Playbook details how to pen test from researching the objective to strategy

 The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

This book is one of my all-time favorite hacker tales, and one of a handful of books that sparked my early interest in cybersecurity. The book’s amazon description tells it best: Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker's code name was "Hunter" -- a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases -- a one-man sting operation that finally gained the attention of the CIA...and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB.

 Social Engineering: The Art of Human Hacking

This was the first and, in my opinion, best book on social engineering that I’ve read. Social Engineering, simply put, is the craft of tricking people to do what you want. This book covers facets of common social engineering tactics, such as pretexting and manipulation, using the author’s personal experience and detailing the rationale behind the tactics.

Social Engineering: The Art of Human Hacking should be part of the toolkit of any blue team member, penetration tester, or CISO who wants to know the tactics the bad guys will use against their organization. 

Defensive Security Handbook: Best Practices for Securing Infrastructure

This book is a solid primer designed, just as described in the preface, to drive maximum improvement in your security posture for the minimum financial spend.”

If you are new to security and looking for a solid introduction into defensive fundamentals, this book is a great place to start. And the book is billed as being targeted toward CIOs, directors, security analysts, systems administrators, and similar and it hits the mark.