Cyber Security Books: Top 10 Information Security Reads

I often get asked for recommendations for resources from people who want to break into Information Security or just are interested in the subject. I thoroughly enjoyed each of these. I don’t get anything from recommending them and think your life would be richer for having read them.

On Your Way to Becoming a Pen Tester

These are the books I would give the younger me, if I could, and why.

Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want

This gives an excellent overview of all the different areas in information security since it has become as specialized as medicine. Malware Forensics is as different from Intrusion Detection as Podiatry is from Dermatology. This book breaks down all of the other areas one can go into and describes what entry-level positions are like, how to work toward the next level up, and what options could flow from that particular foundation.  Mid-level and advanced are also discussed in the same way, so a reader could also work backward, charting out a path to an advanced level position in the future. The descriptions are also suitable for anyone unsure of what path they would like to take by describing each of the roles’ day-to-day work.

ISBN-13: 978-0128007839
ISBN-10: 0128007834

Practical Packet Analysis

This is an easy introduction to using Wireshark to make sense of network traffic. Each of the chapters gives an example scenario and extends understanding of what can be learned from examining packets on the network. Any No Starch Press book will be a great choice; they are committed to putting out quality works. Even when getting into dense, technical content, they are an accessible read. (I don’t have stock in them, I just really respect when anyone takes that much care in their craft.)


So You're Into Cyber-Techy Stuff...

I also wish I could have given these to my younger self, they would have made understanding some dense and complex concepts a lot easier to learn early on. These are my top-reads for the young and young-at-heart.

The CS Detective: An Algorithmic Tale of Crime, Conspiracy, and Computation

For people who haven’t gone the traditional route of getting a bachelor’s degree in Computer Science, this book makes dense computer science search concepts super accessible. Suitable for younger folks, or if you want to learn a little more about it at the end of a long day, and your energy for reading dense concepts at a late hour is limited. Somewhat in the style of Flatland, where the characters 'live' in the theoretical concepts.

ISBN-13: 978-1593277499

The Manga Guide to Microprocessors

This one is nice for understanding the architecture of modern computers. Super accessible for content that could otherwise be quite dry.

ISBN-10 : 1593278179
ISBN-13 :

The Manga Guide to Cryptography

Learning cryptography intimidates many people, but this makes fundamental concepts accessible and could also be a good foundation for more intensive study.

ISBN-10 : 1593277423
ISBN-13 :

Other Technical Nuggets of Wisdom

This is my list of technical books that I loved early on in my career, and still use as reference material today.

Python Essential Reference

It is not as much of a book you read cover to cover, and not for someone new to Python, but a great reference.

ISBN-13: 978-0672329784

Network Forensics: Tracking Hackers through Cyberspace

The chapters in this book build upon each other, carrying a funny, engaging scenario through with an in-depth explanation of how network forensics would help you come to establish conclusions. A little more demanding than Practical Packet Analysis but worth the investment of energy. I’ve heard this book is used in some college curricula. Also, as good as the cover would suggest, in this case.

ISBN-13: 978-0132564717

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

This is pretty much the go-to for testing web applications. One of the authors is also the creator of Burp Proxy. The newest version of this book is now only online, but if you set up a free login with Portswigger, who makes Burp Proxy, you can get access to labs. I would recommend either edition or both.

ISBN-13: 978-1118026472

Good Reads For The Non-Technical Learner

These are my top, non-technical reads. If you're reading this list of resources it's because you care about what is going on in the information security industry, and you are awesome for it.

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

While there are some technical descriptions here, anyone can follow how nation-state attackers jump an air-gapped Industrial Control System that happened to be enriching uranium. In addition to describing a real-world risk to Industrial Control Systems, it is also a great yarn. I would sneak this book onto any CEO’s bookshelf.

ISBN-10 : 9780770436193
ISBN-13 :

The Smart Girl’s Guide to Privacy

Don’t be fooled by the title; the observations and insights on staying safe on the internet are suitable for anyone to know. Discusses OPSEC for the ordinary user of the interwebs. Think of it as threat modeling for the everyday surfer.

ISBN-13: 978-1593276485

Get a FREE security evaluation today and reduce your organization's security risk.
Schedule My Call

Featured On

National TV news and media outlets often consult with us for our expertise as a boutique, high-touch ethical hacking firm highly trained in a narrow field of cybersecurity. Please click on any logo below to view the featured story.

Get your FREE security evaluation today. Learn how our experts can reduce your organization's security risk

Test the effectiveness of your own security controls before malicious parties do it for you. Our security experts are here to help — schedule a call today.
Consultation Request