I often get asked for recommendations for resources from people who want to break into Information Security or just are interested in the subject. I thoroughly enjoyed each of these. I don’t get anything from recommending them and think your life would be richer for having read them.
These are the books I would give the younger me, if I could, and why.
This gives an excellent overview of all the different areas in information security since it has become as specialized as medicine. Malware Forensics is as different from Intrusion Detection as Podiatry is from Dermatology. This book breaks down all of the other areas one can go into and describes what entry-level positions are like, how to work toward the next level up, and what options could flow from that particular foundation. Mid-level and advanced are also discussed in the same way, so a reader could also work backward, charting out a path to an advanced level position in the future. The descriptions are also suitable for anyone unsure of what path they would like to take by describing each of the roles’ day-to-day work.
This is an easy introduction to using Wireshark to make sense of network traffic. Each of the chapters gives an example scenario and extends understanding of what can be learned from examining packets on the network. Any No Starch Press book will be a great choice; they are committed to putting out quality works. Even when getting into dense, technical content, they are an accessible read. (I don’t have stock in them, I just really respect when anyone takes that much care in their craft.)
I also wish I could have given these to my younger self, they would have made understanding some dense and complex concepts a lot easier to learn early on. These are my top-reads for the young and young-at-heart.
For people who haven’t gone the traditional route of getting a bachelor’s degree in Computer Science, this book makes dense computer science search concepts super accessible. Suitable for younger folks, or if you want to learn a little more about it at the end of a long day, and your energy for reading dense concepts at a late hour is limited. Somewhat in the style of Flatland, where the characters 'live' in the theoretical concepts.
This one is nice for understanding the architecture of modern computers. Super accessible for content that could otherwise be quite dry.
ISBN-10 : 1593278179
ISBN-13 : 978-1593278175
Learning cryptography intimidates many people, but this makes fundamental concepts accessible and could also be a good foundation for more intensive study.
ISBN-10 : 1593277423
ISBN-13 : 978-1593277420
This is my list of technical books that I loved early on in my career, and still use as reference material today.
It is not as much of a book you read cover to cover, and not for someone new to Python, but a great reference.
The chapters in this book build upon each other, carrying a funny, engaging scenario through with an in-depth explanation of how network forensics would help you come to establish conclusions. A little more demanding than Practical Packet Analysis but worth the investment of energy. I’ve heard this book is used in some college curricula. Also, as good as the cover would suggest, in this case.
This is pretty much the go-to for testing web applications. One of the authors is also the creator of Burp Proxy. The newest version of this book is now only online, but if you set up a free login with Portswigger, who makes Burp Proxy, you can get access to labs. I would recommend either edition or both.
These are my top, non-technical reads. If you're reading this list of resources it's because you care about what is going on in the information security industry, and you are awesome for it.
While there are some technical descriptions here, anyone can follow how nation-state attackers jump an air-gapped Industrial Control System that happened to be enriching uranium. In addition to describing a real-world risk to Industrial Control Systems, it is also a great yarn. I would sneak this book onto any CEO’s bookshelf.
ISBN-10 : 9780770436193
ISBN-13 : 978-0770436193
Don’t be fooled by the title; the observations and insights on staying safe on the internet are suitable for anyone to know. Discusses OPSEC for the ordinary user of the interwebs. Think of it as threat modeling for the everyday surfer.