We asked cybersecurity pros for their favorite cybersecurity books — here’s what they recommend
Criminals. Mystery. Danger. Money. Technology. Sextortion.
While all of these things together sound like the makings of a best-selling fiction novel, the cyber security industry — and all of the threats and dangers that exist within it — is all too real. That’s one reason why cybersecurity books make for some pretty interesting reading both in terms of academics and entertainment. That’s because the best cyber security books are those that are written to inform as well as entertain. They hijack your attention as readily as a cyberattack and don’t let you go until you reach the back cover.
Good cyber security books share insights gained from real-world situations and examples that we can learn from as professionals. It’s the great ones that teach us what to look out for so that we’re prepared to prevent ourselves from falling prey to cybercriminals.
But what are considered the “best cyber security books” and why? This two-part question led me to reach out to seven IT and cyber security experts within the industry to inquire about their favorite books on cyber security and create a list of the “best cyber security books.” Wondering which titles made their lists?
Let’s hash it out.
Must-Reads: The 11 Best Cybersecurity Books You Need to Read
For this article, we’re going to break down the list of the best cybersecurity books by the IT or cyber security expert who recommends them. To make things fair, we’re not showing preferential treatment in the sense of who is listed first. We’re just listing the responses as they came in. (Sorry, no bribes of chocolates or whiskey for this woman!)
Our first series of five book recommendations comes from Gabe Turner, director of content at Security Baron. Turner is both an attorney and a journalist with a self-proclaimed passion for home technology and finding ways to live securely and efficiently. It was his belief that creating stable, safe communities is imperative to a healthy and vibrant society. As such, it was that belief that led him to join up with Security Baron.
1. Hacking: The Art of Exploitation (2nd Ed.)
Author: Jon Erickson
Hacking: The Art of Exploitation dives into the world of creative problem solving and exploitation. Rather than simply walking through how different exploits work, this book provides a holistic view of programming, network communications, and current hacking techniques. Unlike many cyber security books, this one comes with a LiveCD. The disc provides a complete Linux environment to help you get your hands dirty with programming and debugging code — all without compromising or modifying your operating system (OS).
This book not only shows you how hacking works on a technical level, but it’s also told from a hacker’s perspective, which is really useful for IT professionals. I love how accessible the writing is; you don’t need to have a degree in computer science to get something out of it!”
2. The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
Author: Kevin Mitnick
The Art of Invisibility, written by the world’s most famous hacker, Kevin Mitnick, is one of those cyber security books that informs readers about what they can do to protect themselves and their information in the digital age of “Big Brother” and “Big Data.”
According to Turner:
With so many security breaches and invasions of privacy from large tech companies, this book is a useful guide to how to stay safe online, and why it’s important. Mitnick gives examples to show you examples of how our country and companies have encroached on privacy along with giving simple, step-by-step instructions on cybersecurity measures from passwords to Wi-Fi.”
3. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
Author(s): Kevin Mitnick, William L. Simon
Ghost in the Wires, the second title on the list from Mitnick, is a brilliant first-hand account of his experiences accessing the networks and computers at some of the world’s biggest corporations — including Motorola, Pacific Bell, and Sun Microsystems.
Another book by Kevin Mitnick, this option is a memoir from his career as an IT worker at large companies, dealing with the FBI. Although he’s just writing about coding, at the end of the day, Mitnick’s artful prose makes it as exciting as a thriller. Personally, I wasn’t able to put it down until I finished!”
4. The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
Author(s): Simon Singh
The Code Book is an enlightening walk through the long-spanning history of encryption. It shows how encryption has played a role in shaping the course of the world — from defeating Hitler to making ecommerce possible (can you imagine how different world would be if either of those events didn’t happen?) and everything in between.
This book is a history of encryption that dates all the way back to Ancient Egypt and also covers Mary, Queen of Scots and the Navajo Code Talkers, among other historical examples. Not only does the book provide technical explanations, but it also puts encryption into a historical context, which is pretty rare for a cybersecurity book. Whether you’re interested in technology, history or both, this book is a unique look at encryption through a historical lens.”
5. Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World
Author(s): Joseph Menn
Cult of the Dead Cow, if you didn’t know, refers to the oldest and most respected hacking group in the U.S. They aided in the development of TOR and, through their hacktivist efforts, forced many U.S. corporations to take their security protections to the next level. This book is all about their history and their impact on the world.
The Cult of the Dead Cow is a hacking group that recently got a lot of attention because [Beto] O’Rourke, former candidate for the Democratic presidential nominee, was in it as a teenager. A largely anonymous group, the Cult of the Dead Cow practically invented hacktivism and greatly influenced large companies and their IT. The book outlines the group’s past as well as its present activities fighting fake news and surveillance.”
Now, let’s explore some recommendations of cyber security books from other IT and cybersecurity experts from around the globe:
6. Social Engineering: The Science of Human Hacking
Author(s): Christopher Hadnagy
Social Engineering showcases both the creative genius and laziness of hackers. Why go through all the rigmarole and effort of breaking and climbing through a virtual window when you can walk through an open front door? This book looks at the vulnerabilities that exist within the human elements of a business and breaks down how you can recognize, anticipate, and prevent social engineering attacks.
Any cybersecurity professional can tell you that some of the biggest hacks and data breaches happened due to human error, even in the most secure and robust networks What I like about this book is that it teaches you about human hacking, and how someone can get access to your entire database through social engineering. So it’s a great read even if you don’t understand the complexities of hacking and cybersecurity since it teaches you to defend against cyberattacks of a non-technical origin.– Luka Arezina, editor-in-chief at DataProt, a cyber security industry news publication.
In my opinion, any company that takes data protection seriously should include a copy of this book, or parts of, during employee training. Social engineering attacks come in all shapes and sizes, from email spoofing to physically allowing access to the company servers when they claimed to be there to install a new socket on the wall.”
7. Practical Malware Analysis
Author(s): Michael Sikorski
Practical Malware and Analysis takes an in-depth look at the solutions and approaches that professional analysts use to deal with malware threats. This hands-on approach to malware analysis takes you through everything from how to set up safe virtual environments to developing methods for unpacking malware and analyzing specific cases.
Malware attacks can cost a company a lot of money if it gets into your systems. Companies need to be able to have a response ready to combat the malware and to mitigate risk. Practical Malware Analysis goes over the best ways to examine and remove malware and other dangerous software. It provides not only approaches and best practices but also recommends tools to help companies get actionable advice on how to prevent malware attacks.”– Colin Ma, founder of Digital Software Products. He’s consulted for large enterprises with regard to securing their web apps. He’s also served as Director of Engineering at Finli, a personal bill payment platform, to ensure sensitive and secure personal information remains that way.
8. The CERT Guide to Insider Threats
Author(s): Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak
The CERT Guide to Insider Threats is one of those cybersecurity books that breaks down the findings of the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI). The authors share real-world guidance and methods that managers, IT security, and other employees within any organization can put into action to combat cybercrimes and cybersecurity threats.
The CERT Guide to Insider Threats is a great book for cybersecurity experts. It covers an area that many people overlook and is one of the biggest security concerns an organisation can have – an insider threat.– Mike Gilfillan, lead developer at Edge of the Web, a full-service digital agency.
We all worry about external security issues, but this book looks at vulnerabilities from within your system.
It outlines a huge variety of insider attacks, and provides advice on how to set up effective protection, and most importantly, how to find and discover potential threats.
I wouldn’t recommend this book to someone new to the industry, as it’s a difficult read and highly technical, but for cybersecurity experts it’s a valuable tool to protecting your system from the inside out.”
9. The Cyber Effect
Author(s): Mary Aiken
The Cyber Effect is “A groundbreaking exploration of how cyberspace is changing the way we think, feel, and behave.” The content draws from Aiken’s experience as a forensic cyber-psychologist who has worked with law enforcement agencies worldwide. An additional fun fact? Her work was the inspiration for the popular TV series SCI: Cyber!
Mary Aiken’s book, The Cyber Effect, is the best book to read if you want to understand the psychology behind the technology. What are the effects cyber has in our lives? What is the disinhibition effect?– Anastasios Arampatzis, information security content writer at Bora (an IT security marketing company). Arampatzis is a retired Hellenic Air Force officer with more than two decades of cybersecurity and IT project management experience.
Technology has invaded every aspect of our lives; it is changing social and private behavior, having a disproportionate impact on our children and facilitating types of criminal and antisocial behavior that are repulsive and sometimes terrifying. The reality is that digital technology (like most technologies) is both good and bad. So the only rational way forward is to figure out how to live intelligently with it. But in order to do that we need to understand it. What we lack is an informed understanding of the problems, dangers and pathologies to which it gives rise.
This is the gap that Dr. Aiken seeks to fill. As a psychologist, her prime interest is in the scientific understanding of online behavior. This book is wonderfully written. Mary Aiken has done an excellent job explaining in an easy to understand language otherwise difficult ideas. It is very informative and changes a lot the way you visualize your behavior in front of your screen. Highly recommended.”
10. Hacking Exposed 7: Network Security Secrets and Solutions
Author(s): Stuart McClure, Joel Scambray, George Kurtz
Hacking Exposed 7 is an in-depth look at hacking from an academic standpoint. It covers everything from the basics of footprinting to exploring the “countermeasures cookbook.” The three cybersec experts help you learn what you don’t know so that you can make informed decisions and take effective action.
Cyber security is an ever-evolving field, making it difficult for certain books to remain relevant for long. But the right books offer readers an excellent foundation for learning about cyber security. My favorite cyber security book series, Hacking Exposed, accomplishes this while also continuing to offer new editions to keep readers up to date.– Darren Deslatte, cyber security expert and vulnerability operations leader at Entrust Solutions. The company is a technology solutions, IT managed services, and staff augmentation provider with offices in New Orleans and Norfolk.
Hacking Exposed: Network Security Secrets and Solutions is an international best-selling series written by renowned security experts Stuart McClure, Joel Scambray, and George Kurtz. Each edition exposes hackers’ latest tactics and illustrates field-tested remedies through case studies. With every new edition, a new perspective and lesson is gained. Often times, cyber security books can sound redundant, but the Hacking Exposed series is thoughtfully crafted to engage readers and teach experts how to think like a hacker in order to prevent security breaches.”
11. Threat Modeling: Designing for Security
Author(s): Adam Shostack
Threat Modeling is a book for cybersecurity professionals, developers and managers alike. This is one of the cyber security books that explores various threat modeling approaches and ways to address threats that have been effective for Microsoft and other major organizations.
It offers an excellent approach to cyber security based around the idea building security into systems during the design phase using a threat modelling approach, rather than having it be something that comes later.– Reuben Yonatan, founder and CEO of GetVoIP. He’s an entrepreneur and tech enthusiast with a background in the telecom industry. Yonatan’s known throughout the industry for sharing his insights on digital media, software, cloud computing, and enterprise solutions in Forbes and Business Insider.
Shostack provides actionable advice on dealing with actual threats and vulnerabilities that real world security experts deal with every day. ”
Looking for Other Recommendations of Cyber Security Books?
There are many great books out there concerning the cyber security industry and IT as a whole. What are some of your favorite cyber security books? Be sure to share them in the comments section below.
If you’ve already checked out all of these cyber security books and are looking for other ways to fill your evenings, be sure to check out our list of the top cybercrime and hacker movies. In this article, we share the 40 best hacker movies and movies about cybercrime, along with insights from industry experts.