We all know that reading is good for us, but often, we spend too many hours of the day reading what’s on a computer screen instead of opening an actual book. It may seem counterintuitive to grow in cybersecurity knowledge by reading a book, but reading is a great way to round out other learning opportunities – like podcasts or informational websites.
Top 5 Cybersecurity Books
With a topic as large as cybersecurity, it’s helpful to build your list based on different categories, such as open source intelligence how-to, policy and the big picture, how to ethically hack, and historical and true crime.
As always, I don’t get any monetary benefits – nor do I have a personal friendship with any of the authors (but I have met a couple informally).
1. Open Source Intelligence Techniques, Eighth Edition
The iconic Michael Bazzell’s Open Source Intelligence Techniques, Eighth Edition, is known as the bible of OSINT guides. However, it is more than teaching you how to Google; instead, it covers a wide variety of tricks and shortcuts to discover data breaches and links, use open source forensic tools, and hide your identity while looking for sensitive information online. It is written as a treatise for the OSINT investigator (either private or agency) but has multiple options for almost every category of OSINT, which can be used by ethical hackers, journalists, and even genealogists. Bazzell has multiple other forums (podcasts, websites) where he explains many of the contents of the book and does update his publication quite frequently, which is necessary in the OSINT world.
2. Cybersecurity: Politics, Governance and Conflict in Cyberspace
I have used Cybersecurity: Politics, Governance and Conflict in Cyberspace by Damien Van Puyvelde and Aaron F. Brantly in the past as a required textbook for my entry level cybersecurity class. I have since changed and customized the class a bit to move away from any required textbook, but wholeheartedly recommend this work to my students. To summarize the contents of the book, it is essentially an introduction to how the internet, cybersecurity and the cyber professional fit into the macro world of national security, geo politics, and regulating information flow. It has a great historical explanation of how the cyber world works, along with basic guidance on such topics as types of malware, and it delivers some very interesting views in case studies of notable cyber-attacks.
3. Getting Started Becoming a Master Hacker
Getting Started Becoming a Master Hacker by Occupytheweb (don’t know his real name or if I do, I don’t care) is a lone wolf type of guide in which the author breaks down the hacking suite Kali Linux and how each tool has a place in the cybersecurity universe depending on the goals of the user. It covers passive and active reconnaissance, password cracking and has one of the best, easy to understand guides to website hacking, a fairly complicated subject. This is a great starting point for want to be bug bounty hunters, penetration testers or the terminally curious. Occupytheweb may have a daunting handle, but he comes at you with an attitude that ethical hacking can truly make the world a safer place.
4. RTFM [Notes Edition]: Red Team Field Manual v2
The second publication on ethically hacking that I would recommend is RTFM [Notes Edition]: Red Team Field Manual v2, published this past July and written by government contractor red team veteran Ben Clark, who has been involved with testing some of the biggest weapon systems and installations in DoD. One of the many things I really like about this book is the large focus that it has on Microsoft Windows internal tools and the new section on navigating your way through a MAC operating system. He makes it clear, that while he still loves Linux tools, you don’t have to be an expert in them to be an efficient Red Team member. He has many illustrations of how vital teamwork is in his particular line of work and how important social engineering is in setting the table for the rest of the team to do their thing. I have met Ben Clark on a couple of occasions and his dedication to his field is quite admirable. Beware, if you don’t have some sort of technical background in cybersecurity, you may find this book a bit overwhelming.
5. The Cult of The Dead Cow: How the Original Hacking Supergroup Might Just Save the World
From a true entertainment and “aha” point of view, I found The Cult of The Dead Cow: How the Original Hacking Supergroup Might Just Save the World by Joseph Menn to be wildly fun and eye opening. The cDc (as they call themselves) are a mishmash of subgroups and individuals who are by and large antiestablishment hacktivists who have adopted a cause or causes to support. What is interesting is the history of how former members have found work currently in “establishment” type positions. The book goes through many different profiles of individuals (not done before to this extent), how hacktivism (while illegal) affects policy and perception, the code of ethics hacktivists have and how cDc played a role in the development of the Dark Web. For those of you who like to be efficient with time, it also has an audiobook version.
Some Honorable Mentions
Some other books I found to be informative and/or worth a look include the following:
- Social Engineering: The Science of Human Hacking by Chris Hadnagy. Great insight into an increasingly popular subject. Hadnagy has multiple videos on YouTube essentially covering most of the book.
- Hacking: The Art of Exploitation by Jon Erickson. Very basic primer good for anyone from CEOs to first year college students to read. The book is a bit dated for the topic, but still lays a good foundation.
- Countdown to Zero Day by Kim Zetter. The authoritative book on Stuxnet, the cyber-attack on Iran’s Nuclear Program. It is full of tidbits not originally found anywhere else, and has a real spy game feel to it.
- This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth. Truth be told, I have not read this book yet, but it comes highly recommended by one of the smartest cyber guys I have ever met. I can’t wait to dive in and it appears to be on audio book as well.
- The Internet is a Playground: Irreverent Correspondences of an Evil Online Genius by David Thorne is a practical jokers dream and while only indirectly deals with cybersecurity, shows the gullibility of humanity behind a computer screen. A short read worth the time.
Most of these books referenced are very inexpensive and come in different formats. I would love to hear other suggestions to supplement or add to my list.