Skip to main content
Top Picks for Information Security Reads and Resources
I often get asked for recommendations for resources from people looking to break into the Information Security industry or those interested in the subject. Check out my list of top picks. 

Reads for the Future Pen Tester

These are the books I would give the younger me, if I could, and why.
Breaking into Information Security

Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want

This gives an excellent overview of all the different information security areas since it has become as specialized as medicine. Malware Forensics is as different from Intrusion Detection as Podiatry is from Dermatology. This book breaks down all of the other areas one can go into and describes what entry-level positions are like, how to work toward the next level up, and what options could flow from that particular foundation. Mid-level and advanced are also discussed in the same way, so a reader could also work backward, charting out a path to an advanced level position in the future. The descriptions are also suitable for anyone unsure of what path they would like to take by describing each of the roles' day-to-day work.

Find it on Amazon here

 
Practical Packet Analysis

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems

This is an easy introduction to using Wireshark to make sense of network traffic. Each of the chapters gives an example scenario and extends understanding of what can be learned from examining packets on the network.

Any No Starch Press book will be a great choice; they are committed to putting out quality works. Even when getting into dense, technical content, they are an accessible read. I don't have stock in them; I just really respect anyone who takes that much care in their craft!

Find it on Amazon here

 

Complex and Cyber-Tech Reads

I also wish I could have given these to my younger self; they would have made understanding some dense and complex concepts a lot easier to learn early on.
The CS Detective

The CS Detective: An Algorithmic Tale of Crime, Conspiracy, and Computation

For people who haven't gone the traditional route of getting a bachelor's degree in Computer Science, this book makes dense computer science search concepts super accessible. Suitable for younger folks, or if you want to learn a little more about it at the end of a long day, and your energy for reading dense concepts at a late hour is limited. Somewhat in the style of Flatland, where the characters' live" in the theoretical concepts.

Find it on Amazon here

 
The Manga Guide to Microprocessors

The Manga Guide to Microprocessors

This one is nice for understanding the architecture of modern computers. Super accessible for content that could otherwise be quite dry.

Find it on Amazon here

 
The Manga Guide to Cryptography

The Manga Guide to Cryptography

Learning cryptography intimidates many people, making fundamental concepts accessible and could also be a good foundation for more intensive study.

Find it on Amazon here
 

Timeless and Technical Reads

Here are a few technical books I really enjoyed and still refer to today.
Python Essential Reference

Python Essential Reference

It is not as much of a book you read cover to cover, not for someone new to Python, but a great reference.

Find it on Amazon here

 
Network Forensics: Tracking Hackers through Cyberspace

Network Forensics: Tracking Hackers through Cyberspace

The chapters in this book build upon each other, carrying a funny, engaging scenario through with an in-depth explanation of how network forensics would help you come to establish conclusions. A little more demanding than Practical Packet Analysis but worth the investment of energy. I've heard this book is used in some college curricula. Also, as good as the cover would suggest, in this case.

Find it on Amazon here

 
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

This is pretty much the go-to for testing web applications. One of the authors is also the creator of Burp Proxy. The newest version of this book is now only online, but if you set up a free login with Portswigger, who makes Burp Proxy, you can get access to labs. I would recommend either edition or both. Any No Starch Press book. Again, you can't make a wrong choice.

Find it on Amazon here

 

Non-Technical and Industry Focused Reads

These are my top picks for reads that don't get too heavy into the technical details, yet still offer plenty of value and insight into the industry as a whole.
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

While there are some technical descriptions here, anyone can follow how nation-state attackers jump an air-gapped Industrial Control System that happened to be enriching uranium. In addition to describing a real-world risk to Industrial Control Systems, it is also a great yarn. I would sneak this book onto any CEO's bookshelf.

Find it on Amazon here

 
The Smart Girl's Guide to Privacy

The Smart Girl's Guide to Privacy

Don't be fooled by the title; the observations and insights on staying safe on the internet are suitable for anyone to know. Discusses OPSEC for the ordinary user of the interwebs. Think of it as threat modeling for the everyday surfer.

Find it on Amazon here

 

Get a Customized Proposal

Use our Scoping Questionnaire to provide us with the necessary information to put together a proposal for you. Please be as thorough as possible with your responses, as it helps us ensure an accurate and complete proposal.
If you're interested in application penetration testing, you may find this article helpful when formulating your responses: Understanding Application Complexity For Penetration Testing.

If you have any questions, contact us at (952) 836-2770 or schedule a meeting. We will follow up promptly once we receive your responses. We look forward to speaking with you soon.

Having trouble viewing the Scoping Questionnaire? Check to see if an ad-blocker is keeping the page from loading properly.

Dedicated Client Portal

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

Certified Security Experts

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

Research-Focused Approach

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

Free Remediation Testing

Once your team addresses remediation recommendations, RedTeam will schedule your retest at no additional charge.