The 25 Best Cyber Security Books — Recommendations from the Experts
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

The 25 Best Cyber Security Books — Recommendations from the Experts

We asked cybersecurity pros to share their favorite cybersecurity books — here’s what they recommend for our newly expanded list

This Is an Updated List of the Best Cyber Security Books

Note: This article, which was originally published in February 2020, has been updated to include new recommendations from additional IT and cyber security industry experts.

Criminals. Mystery. Danger. Money. Technology. Sextortion.

While all of these things together sound like the makings of a best-selling fiction novel, the cyber security industry — and all of the threats and dangers that exist within it — is all too real. That’s one reason why cybersecurity books make for some pretty interesting reading both in terms of academics and entertainment. That’s because the best cyber security books are those that are written to inform as well as entertain. They hijack your attention as readily as a cyberattack and don’t let you go until you reach the back cover.

Good cyber security books share insights gained from real-world situations and examples that we can learn from as professionals. It’s the great ones that teach us what to look out for so that we’re prepared to prevent ourselves from falling prey to cybercriminals.

But what are considered the “best cyber security books” and why? This two-part question led me to reach out to many IT and cyber security experts within the industry to inquire about their favorite books on cyber security and create a comprehensive list of the “best cyber security books.” Wondering which titles made their lists?

Let’s hash it out.

Must-Reads: The 25 Best Cybersecurity Books You Need to Read

For this updated article, we’re going to break down the list of the best cybersecurity books by the IT or cyber security expert who recommends them. To make things fair, we’re not showing preferential treatment in the sense of who is listed first. We’re just listing the responses as they came in. (Sorry, no bribes of chocolates or whiskey for this woman!) So, basically, we’ve tacked the new recommendations onto the existing list we published previously.

Oh, and just one quick note: This list of the best cyber security books does NOT include any self-promotions.

Our first series of five book recommendations comes from Gabe Turner, director of content at Security Baron. Turner is both an attorney and a journalist with a self-proclaimed passion for home technology and finding ways to live securely and efficiently. It was his belief that creating stable, safe communities is imperative to a healthy and vibrant society. As such, it was that belief that led him to join up with Security Baron.

1. Hacking: The Art of Exploitation (2nd Ed.)

Author: Jon Erickson

Hacking: The Art of Exploitation dives into the world of creative problem solving and exploitation. Rather than simply walking through how different exploits work, this book provides a holistic view of programming, network communications, and current hacking techniques. Unlike many cyber security books, this one comes with a LiveCD. The disc provides a complete Linux environment to help you get your hands dirty with programming and debugging code — all without compromising or modifying your operating system (OS).  

This book not only shows you how hacking works on a technical level, but it’s also told from a hacker’s perspective, which is really useful for IT professionals. I love how accessible the writing is; you don’t need to have a degree in computer science to get something out of it!”

2. The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

Author: Kevin Mitnick

The Art of Invisibility, written by the world’s most famous hacker, Kevin Mitnick, is one of those cyber security books that informs readers about what they can do to protect themselves and their information in the digital age of “Big Brother” and “Big Data.”

According to Turner:

With so many security breaches and invasions of privacy from large tech companies, this book is a useful guide to how to stay safe online, and why it’s important. Mitnick gives examples to show you examples of how our country and companies have encroached on privacy along with giving simple, step-by-step instructions on cybersecurity measures from passwords to Wi-Fi.”

3. Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker

Author(s): Kevin Mitnick, William L. Simon

Ghost in the Wires, the second title on the list from Mitnick, is a brilliant first-hand account of his experiences accessing the networks and computers at some of the world’s biggest corporations — including Motorola, Pacific Bell, and Sun Microsystems.

Another book by Kevin Mitnick, this option is a memoir from his career as an IT worker at large companies, dealing with the FBI. Although he’s just writing about coding, at the end of the day, Mitnick’s artful prose makes it as exciting as a thriller. Personally, I wasn’t able to put it down until I finished!”

4. The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

Author(s): Simon Singh

The Code Book is an enlightening walk through the long-spanning history of encryption. It shows how encryption has played a role in shaping the course of the world — from defeating Hitler to making ecommerce possible (can you imagine how different world would be if either of those events didn’t happen?) and everything in between.

This book is a history of encryption that dates all the way back to Ancient Egypt and also covers Mary, Queen of Scots and the Navajo Code Talkers, among other historical examples. Not only does the book provide technical explanations, but it also puts encryption into a historical context, which is pretty rare for a cybersecurity book. Whether you’re interested in technology, history or both, this book is a unique look at encryption through a historical lens.

5. Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World

Author(s): Joseph Menn

Cult of the Dead Cow, if you didn’t know, refers to the oldest and most respected hacking group in the U.S. They aided in the development of TOR and, through their hacktivist efforts, forced many U.S. corporations to take their security protections to the next level. This book is all about their history and their impact on the world.

The Cult of the Dead Cow is a hacking group that recently got a lot of attention because [Beto] O’Rourke, former candidate for the Democratic presidential nominee, was in it as a teenager. A largely anonymous group, the Cult of the Dead Cow practically invented hacktivism and greatly influenced large companies and their IT. The book outlines the group’s past as well as its present activities fighting fake news and surveillance.”

Now, let’s explore some recommendations of cyber security books from other IT and cybersecurity experts from around the globe:

6. Social Engineering: The Science of Human Hacking

Author(s): Christopher Hadnagy

Social Engineering showcases both the creative genius and laziness of hackers. Why go through all the rigmarole and effort of breaking and climbing through a virtual window when you can walk through an open front door? This book looks at the vulnerabilities that exist within the human elements of a business and breaks down how you can recognize, anticipate, and prevent social engineering attacks.

Any cybersecurity professional can tell you that some of the biggest hacks and data breaches happened due to human error, even in the most secure and robust networks What I like about this book is that it teaches you about human hacking, and how someone can get access to your entire database through social engineering. So it’s a great read even if you don’t understand the complexities of hacking and cybersecurity since it teaches you to defend against cyberattacks of a non-technical origin.

In my opinion, any company that takes data protection seriously should include a copy of this book, or parts of, during employee training. Social engineering attacks come in all shapes and sizes, from email spoofing to physically allowing access to the company servers when they claimed to be there to install a new socket on the wall.”

– Luka Arezina, editor-in-chief at DataProt, a cyber security industry news publication.

7. Practical Malware Analysis

Author(s): Michael Sikorski

Practical Malware and Analysis takes an in-depth look at the solutions and approaches that professional analysts use to deal with malware threats. This hands-on approach to malware analysis takes you through everything from how to set up safe virtual environments to developing methods for unpacking malware and analyzing specific cases.

Malware attacks can cost a company a lot of money if it gets into your systems. Companies need to be able to have a response ready to combat the malware and to mitigate risk. Practical Malware Analysis goes over the best ways to examine and remove malware and other dangerous software. It provides not only approaches and best practices but also recommends tools to help companies get actionable advice on how to prevent malware attacks.”

– Colin Ma, founder of Digital Software Products. He’s consulted for large enterprises with regard to securing their web apps. He’s also served as Director of Engineering at Finli, a personal bill payment platform, to ensure sensitive and secure personal information remains that way.  

8. The CERT Guide to Insider Threats

Author(s): Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak

The CERT Guide to Insider Threats is one of those cybersecurity books that breaks down the findings of the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI). The authors share real-world guidance and methods that managers, IT security, and other employees within any organization can put into action to combat cybercrimes and cybersecurity threats.

The CERT Guide to Insider Threats is a great book for cybersecurity experts. It covers an area that many people overlook and is one of the biggest security concerns an organisation can have – an insider threat.

We all worry about external security issues, but this book looks at vulnerabilities from within your system.

It outlines a huge variety of insider attacks, and provides advice on how to set up effective protection, and most importantly, how to find and discover potential threats.

I wouldn’t recommend this book to someone new to the industry, as it’s a difficult read and highly technical, but for cybersecurity experts it’s a valuable tool to protecting your system from the inside out.”

– Mike Gilfillan, lead developer at Edge of the Web, a full-service digital agency.

9. The Cyber Effect

Author(s): Mary Aiken

The Cyber Effect is “A groundbreaking exploration of how cyberspace is changing the way we think, feel, and behave.” The content draws from Aiken’s experience as a forensic cyber-psychologist who has worked with law enforcement agencies worldwide. An additional fun fact? Her work was the inspiration for the popular TV series SCI: Cyber!

Mary Aiken’s book, The Cyber Effect, is the best book to read if you want to understand the psychology behind the technology. What are the effects cyber has in our lives? What is the disinhibition effect?

Technology has invaded every aspect of our lives; it is changing social and private behavior, having a disproportionate impact on our children and facilitating types of criminal and antisocial behavior that are repulsive and sometimes terrifying. The reality is that digital technology (like most technologies) is both good and bad. So the only rational way forward is to figure out how to live intelligently with it. But in order to do that we need to understand it. What we lack is an informed understanding of the problems, dangers and pathologies to which it gives rise.

This is the gap that Dr. Aiken seeks to fill. As a psychologist, her prime interest is in the scientific understanding of online behavior. This book is wonderfully written. Mary Aiken has done an excellent job explaining in an easy to understand language otherwise difficult ideas. It is very informative and changes a lot the way you visualize your behavior in front of your screen. Highly recommended.”

– Anastasios Arampatzis, information security content writer at Bora (an IT security marketing company). Arampatzis is a retired Hellenic Air Force officer with more than two decades of cybersecurity and IT project management experience.

10. Hacking Exposed 7: Network Security Secrets and Solutions

Author(s): Stuart McClure, Joel Scambray, George Kurtz

Hacking Exposed 7 is an in-depth look at hacking from an academic standpoint. It covers everything from the basics of footprinting to exploring the “countermeasures cookbook.” The three cybersec experts help you learn what you don’t know so that you can make informed decisions and take effective action.

Cyber security is an ever-evolving field, making it difficult for certain books to remain relevant for long. But the right books offer readers an excellent foundation for learning about cyber security. My favorite cyber security book series, Hacking Exposed, accomplishes this while also continuing to offer new editions to keep readers up to date.

Hacking Exposed: Network Security Secrets and Solutions is an international best-selling series written by renowned security experts Stuart McClure, Joel Scambray, and George Kurtz. Each edition exposes hackers’ latest tactics and illustrates field-tested remedies through case studies. With every new edition, a new perspective and lesson is gained. Often times, cyber security books can sound redundant, but the Hacking Exposed series is thoughtfully crafted to engage readers and teach experts how to think like a hacker in order to prevent security breaches.”

– Darren Deslatte, cyber security expert and vulnerability operations leader at Entrust Solutions. The company is a technology solutions, IT managed services, and staff augmentation provider with offices in New Orleans and Norfolk.

11. Threat Modeling: Designing for Security

Author(s): Adam Shostack

Threat Modeling is a book for cybersecurity professionals, developers and managers alike. This is one of the cyber security books that explores various threat modeling approaches and ways to address threats that have been effective for Microsoft and other major organizations.

It offers an excellent approach to cyber security based around the idea building security into systems during the design phase using a threat modelling approach, rather than having it be something that comes later.

Shostack provides actionable advice on dealing with actual threats and vulnerabilities that real world security experts deal with every day.”

Reuben Yonatan, founder and CEO of GetVoIP. He’s an entrepreneur and tech enthusiast with a background in the telecom industry. Yonatan’s known throughout the industry for sharing his insights on digital media, software, cloud computing, and enterprise solutions in Forbes and Business Insider.

The next two recommendations of the best cybersecurity books come from Matt Palmer, an experienced CISO and IT leader who serves as Director of Cyberclaria. He specializes in strategic change and transformation within the fields of tech and cyber and is an international speaker on cyber risk management and tech leadership.

12. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon

Author(s): Kim Zetter

Countdown to Zero Day is an informative look at the start of digital warfare, deep-diving into the release of Stuxnet and how it came to impact a nuclear facility in Natanz, Iran. This is one of those must-read cyber security books for experts and non-technical people alike to gain an insight into the power and impact of modern cyber tools and attacks.

I routinely give away Kim Zetter’s ‘Countdown to Zero Day’ to non-cyber specialists, execs, and new starters in Infosec as it is a remarkably well told and absorbing story that explains how these risks behave in reality.”

13. How to Measure Anything in Cyber Security Risk

Author(s): Douglas W. Hubbard & Richard Seiersen

How to Measure Anything in Cyber Security Risk is an eye-opening look at the shortcomings of common cyber risk management methods. In addition to showcasing how desperately the industry as a whole needs to improve its existing security methodologies, the authors also offer insights and alternate techniques for how to do that.

According to Palmer:

I also give out Doug Hubbard’s ‘How to Measure Anything in Cyber Security Risk’ to cyber security specialists as it shows how we can do a much better job than we do today. It’s a wake up call for the profession.

Sivan Tehila, Director of Solution Architecture at Perimeter 81 and founder of Cyber Ladies NYC, also calls this book “a must” for industry experts.

I am teaching my students with this book all the basics of cybersecurity risk management. We can’t really build any cybersecurity plan and can’t respond to any incident without doing a good risk assessment first, and this book covers all that experts need to know.”

As a cybersecurity expert with more than 14 years of experience, Tehila says that she also recommends the following book for essentially the same reasons:

14. The Complete Guide to Cybersecurity Risks and Controls (Internal Audit and IT Audit), 1st Edition

Author(s): Anne Kohnke, Dan Shoemaker, and Ken Sigler

The Complete Guide to Cybersecurity Risks and Controls is a formative book that takes a practical approach to control and governance of information and communication technologies (ICT). Unlike other books, the authors view the topic through a lens of ICT operations being less of a technical issue than one of strategic governance.

15. Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World

Author(s): Bruce Schneier

Click Here to Kill Everybody is a jolting look at the widespread adoption of “smart” devices around the world and the risks that come with them. The book goes beyond simply talking about the implications of such hyperconnected devices to explore the underpinning forces that contribute to the growing list of insecurities that we’re seeing in IoT technologies.  

Bruce Schneier is an immensely respected and well-known cryptographer, cybersecurity professional and author. If you’re familiar with Schnier’s work (and everyone in the cybersecurity arena should be), the clever and sadly accurate title alone makes “Click Here to Kill Everybody” a must read. Thankfully, the book lives up to its attention-grabbing title, delving deeply into the implications of a hyperconnected, always-on world where our physical and digital realities are merging because our devices are becoming “smart;” controlled by software and networked with as well as interdependent on each other.

Schneier does a great job pointing out both the potential benefits Internet of Things (IoT) devices are already creating, as well as the significant issues they are causing. Perhaps the most significant issue being that everything is now a computer (or will be soon), and as we see in the headlines every day, all computers can be hacked.

Because of the increasing connection to and control over our physical world, attackers can launch digital attacks that create chaos and wreak havoc in the real world. For example, the first known malware related death was recently reported by a hospital in Germany. Schneier adeptly explores the risks of our new reality including the technological, political, and economic reasons for how we find ourselves in a situation where it’s at least conceivable that one click could kill everyone.”

— Dave Hatter is an award-winning cybersecurity professional and CISSP. In addition to serving as a writer and educator within the fields of IT and cybersec, Hatter also serves as a Cyber Security Consultant at IntrustIT.

16. CompTIA Network+ Certification All-In-One Exam Guide, Seventh Edition

Author(s): Mike Meyers

CompTIA Network+ is a best-selling exam guide for certified professionals everywhere. Written by the foremost CompTIA training and certification effort, this is one of those cyber security books that’s known for talking about the subject matter in an engaging way while retaining a practical, real-world focus. 

Any of the Meyers books are always easy picks and come with high recommendations. They’re more textbook than relaxation reading, with certification tests assigned to them, but they still are great as reference manuals when working in this field. I’ve recently picked these two up to brush up: Network + and Security +.”

— Jeremy Caban, IT administrator and DevOps engineer at The SSL Store’s U.S. office. Caban has 10+ years of experience in the IT world and considers himself a techie at heart.

17. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications

Author(s): Ivan Ristic

Bulletproof SSL and TLS is often considered the bible of SSL/TLS implementations. It’s written by the author of the SSL Labs website, the go-to resource for statistics and other information relating to SSL/TLS deployments.

This book is an excellent field guide for anyone tasked with managing SSL/TLS.  It is a comprehensive book that is easy to read and understand.  The book is well laid out which makes it great for referencing and the electronic version is regularly updated.  It’s been appreciated by my customers both new to SSL and veterans alike.”

— Dianne Douglas, Strategic Account Executive — Certificate Cloud Solutions at Entrust. She has more than a decade of experience working in in the fields of digital identity and cloud technologies.

Now, for an extra little bit of good news about this particular title… Ristic announced on his blog that a preview of the second edition of his book is now available. So, if you were looking for something a little more up to date, it looks like his latest version of the book is one you can turn to.

Okay, since we’re still in the vein of talking about SSL/TLS, there’s one more title that’s worth mentioning on our list of the best cybersecurity books…

18. SSL/TLS Under Lock and Key: A Guide to Understanding SSL/TLS Cryptography

Author(s): Paul Baka & Jeremy Schatten

SSL/TLS Under Lock and Key is a cyber security book that aims to reach and educate beginners and veteran IT professionals alike. It provides a combination of theorical and practical information to help readers gain a greater understanding of SSL/TLS cryptography and how it works.

Although this particular title wasn’t technically highlighted by the experts who gave recommendations for this article, I think it’s a valuable resource that’s worth mentioning. Not only is it a great book for those who work within the SSL/TLS industry, but it’s also a great resource for other cybersecurity and IT professionals as well. And since SSL/TLS is kind of our area of interest and expertise… well, it seems only fitting that we include it in our list of the best cyber security books.

19. Cybersecurity Essentials

Author(s): Charles J. Brooks, Christopher Grow, Philip Craig, and Donald Short

Cybersecurity Essentials is one of those books on cybersecurity that introduces readers to the “need-to-knows” of the industry. It also helps to prepare them for gaining certificates with real-world scenarios and breakdowns of essential concepts.

As the tech expert and owner of a company, in my opinion, the best security book that I’ve read and highly recommend would be Cybersecurity Essentials written by Charles Brooks and Christopher Grow. This book wins its spot on the list for its value to those making their start in cybersecurity. It offers readers a compact, comprehensive introduction to the cybersecurity field with fundamental topics required by those exploring their first cybersecurity certifications.

This book boils cybersecurity down to four key hurdles: securing infrastructure, securing devices, securing perimeters, and securing local networks. By the time you’re done reading this book, you will know your position in cybersecurity and will be better provided with the knowledge to make your first moves within the field.”

— Shayne Sherman, CEO of Techloris, a blog that’s dedicated to helping users resolve their PC issues in the easiest way possible.

20. The Pentester Blueprint: Starting a Career as an Ethical Hacker

Author(s): Phillip Wylie and Kim Crawley

If you’re looking for a new cybersecurity book that’s pretty much hot off the press, then look no further. The Pentester BluePrint is a deep-dive into the world of white hat hacker activities. This book, which just came out in November 2020, serves as a guide for understanding how to make a career out of penetration testing. It explores basic and advanced topics that are pertinent to the job and helps you assess your current skills and knowledge.

Phil and Kim do a great job in this book in providing a “map” for aspiring pentesters. They cover the real information people need to know, including what pentesting certifications to look at getting.”

Ken Underhill, is a multi-award winning and internationally recognized business consultant, cybersecurity leader, entrepreneur, and the executive producer and host of the Cyber Life television show, which is the first cybersecurity streaming (OTT) TV show (coming in January 2021). In addition to holding a master’s degree in cybersecurity and information assurance, he’s also a certified ethical hacker (CEH) and computer hacking forensic investigator (CHFI).

21. The Cuckoo’s Egg

Author(s): Clifford Stoll

The Cuckoo’s Egg is author Cliff Stoll’s first-hand account of when he worked as a systems manager at Lawrence Berkeley Lab. He became aware of an unauthorized user who was stealing sensitive military and security information and set out to stop him by any means necessary. But it wasn’t until he started digging that he discovered just how far that rabbit hole would go — ultimately leading to the discovery of an international spy ring.

Engaging the layman requires readability, however, while fiction may be useful to understand subcultural elements of cybersecurity, I’m not sure I’ve found a novel yet that’s particularly effective at illustrating the core principles of cybersecurity. Clifford Stoll’s The Cuckoo’s Egg is a timeless and eminently readable non-fiction account of real world computer espionage that involves the early use of techniques (weak passwords, honey-pots, threat intelligence, etc.) that are still relevant today.”

— Tim Wade, technical director, CTO at Vectra AI, an AI-service provider of network threat detection and response products and services.

22. Sandworm

Author(s): Andy Greenberg

Sandworm is a title that deserves to be on a list of the best cyber security books. That’s because it gives readers a ground-breaking look at the Russian hacking group Sandworm and one of the most impactful cyber attacks in history that caused a massive blackout in Kyiv, Ukraine.   

This book should be mandatory reading for everyone in the security industry.

Another awesome book that covers many of the recent major incidents and cyber-attacks. Being in Estonia during the 2007 cyberwar, which I survived, this book was one of the few that got the technical details accurate, which I always appreciate and respect.  Andy’s coverage of these events makes reading this book exciting. This should be mandatory reading for all security professionals.”

— Joseph Carson, chief security scientist and advisory CISO at Thycotic, a privileged access management (PAM) solutions provider.

Read More: What Is a DDoS Attack?

23. Little Brother

Author(s): Cory Doctorow

Little Brother is a work of fiction with a powerful message about cybersecurity, social media, surveillance, and digital disobedience. It follows the tale of a teenage hacker who finds himself and his friends living in a community-turned-police-state where everyone is a suspected terrorist, and what they do to fight it.  

This novel describes numerous key concepts around modern computing and cybersecurity, told from the perspective of a high school student who gets caught up in a government surveillance program. Unlike George Orwell’s concept of Big Brother from “1984”, which was about a police state putting cameras in everyone’s homes, Little Brother tells the story about how social media and the age of the smartphone, smart speaker and Internet of Things (IoT) leads to us leaking thousands of tiny little data points about ourselves each day. It has a great overview of data privacy, the fundamental building blocks of encryption and hacker/cypherpunk culture.”

— David Richardson, Vice President at Lookout, a mobile security solutions platform. As a mobile security expert with 45 patents issued related to mobile security, he oversees mobile product management at the company and also speaks frequently at security conferences.

24. The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

Author(s): Ben Buchanan

The Hacker and the State is a chillingly insightful accurate look at the impact of information security and cyber warfare on the geopolitical climate. It covers major nation state cyber attacks and is chockfull of anecdotes and key insights gleaned through interviews, reports, and declassified data.

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics by Ben Buchanan was a book I picked up early this year, planning on it being my airplane and layover book. Since that all changed, I ended up reading it all one weekend and enjoyed it. 

The book is sometimes over-simplistic on the technical side, but it walks through the most significant cyberwar incidents over the last decade and identifies the key players involved. With the ongoing FireEye/SolarWinds/Federal Government hack still unfolding, this is a great book to help get you up to speed as this next round of attacks and counter-attacks start to develop. 

A quote I took away from the book that stuck with me is, ‘The harm hackers can do is expanding faster than the deterrence or defenses against them.’ As someone who helps companies secure their systems, this quote makes a huge impact when someone like Ben Buchanan talks about it in terms of nation-states funding hackers with “unlimited” resources and a defined target, but this is really not true for your average corporation that is not being specifically targeted as the research we have done over the last few years have pointed out.”

— Jerry Gamblin, Director of Security Research at Kenna Security. He has more than 15 years of experience as a security researcher and analyst with an emphasis on application and enterprise network security.

25. The Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security

Author(s): Allison Cerra

Alright… last but certainly not least on our list of the best cybersecurity books is The Cybersecurity Playbook. This one is all about helping employees at all levels of an organization identify weaknesses and assess threats. It also drives home the importance of having effective policies in place to help protect organizations against vulnerabilities associated with the human factor: their employees.  

Any technical computer book gets outdated in just a few months; some become obsolete even before they are published. It happens because the software is regularly updated, adding new features, as well as hackers, discover new vulnerabilities. The Cybersecurity Playbook isn’t the technical guide. It steers our culture in the right direction by integrating sound security habits with every employee, manager or board member.

Security challenges require the right attitude. The right attitude is based on the principles of shared responsibility and cybersecurity awareness. This book provides clear guidance on how to achieve it. The principles introduced by Allison Cerra will remain relevant for many years to come.”

— Andre Ross, head of computer forensic investigations and incident response at Elvidence. He has 20 years of experience working within the IT security.

Looking for Other Recommendations of Cyber Security Books?

There are many great books out there concerning the cyber security industry and IT as a whole. What are some of your favorite cyber security books? Be sure to share them in the comments section below.

If you’ve already checked out all of these cyber security books and are looking for other ways to fill your evenings, be sure to check out our list of the top cybercrime and hacker movies. In this article, we share the 40 best hacker movies and movies about cybercrime, along with insights from industry experts.


17 comments
  • Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter.
    Sandworm: A New Era of Cyberwar and The Hunt For The Kremlin’s Most Dangerous Hackers by Andy Greenberg
    Spam Nation: The Inside Story of the Organized Cybercrime- From Global Epidemic To Your Front Door by Brian Krebs
    Exploding Data: Reclaiming Our Cyber Security In the Digital Age by Michael Chertoff

    • Thank you for your book recommendations, Natalie! 🙂 I’d like to update this list periodically and will be sure to add these in the future. By chance, would you mind selling me what it is about these particular titles that you like or why they’re such outstanding books to you?

  • I’m a cybersecurity student at the Community College of Aurora in Colorado(Class of 2022),and I like these books because they help me understand what I need to know about cybersecurity and cybercrimes.

  • First choice is rather dull, but keep a copy of the CISSP official study guide close at hand. The second is “the rhird Reich is listening.” It describes the dangers of hubris in security and sigint far better than anything else I’ve read, even if this is about hundred year old technology.

  • I routinely give away Kim Zetter’s ‘Countdown to Zero Day’ to non-cyber specialists, execs, and new starters in Infosec as it is a remarkably well told and absorbing story that explains how these risks behave in reality. I also give out Doug Hubbard’s ‘How to Measure Anything in Cyber Security Risk’ to cyber security specialists as it shows how we can do a much better job than we do today. It’s a wake up call for the profession.

  • What about 100 chinese or italians in cyberscecurty??
    most women in developed countries have better prospects in life than any male in third world countries, so why the fixation with the 50% qoute on cyberjobs, what about 50% woman as truck drivers?

  • My book “How to Manage Cybersecurity Risk – A Leader’s Roadmap with Open FAIR” is a resource particularly for a new security leader, or anyone looking for a security generalist perspective.

  • I am wondering why most of them are technical or focused on vulneravilities, exploitation and hacking activities instead of Risk Management or business alignment.

    There is no so much related to CISO and business support. In the end, cybersecurity is a business function or it tries to, so lt should talk not just technical knowledge, also how it’s mapped to business processes, where decision making takes place 🙂

  • The book ‘Leading in Digital Security’ by Yuri Bobbert and Mark Butterhoff is specifically for that GAP. technology and processes are massively important but won’t be the deciding factor against winning this ‘war’. You can also check 12ways.net

  • CYTROM – The Best AI service company is a notable organization that is quick to enhance in tackling genuine business issues through the utilization of Artificial Intelligence and Machine Learning. The organization gives a start to finish arrangements enveloping administration counseling, measurable displaying and calculations for AI/ML, representations and BI stages, and programming improvement and sending utilizing Agile and Continuous Integration. our software development team develops software for almost each and every platform (Web, Windows, Linux, Android, IOS).

  • I noticed Applied Cryptography by Bruce Schneier was missing from your list, although another book of his in listed. This book is to many the “bible” of cryptography and really important background I would highly recommend if you really want a good theoretical basis.

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *

Author

Casey Crane

Casey Crane is a regular contributor to (and managing editor of) Hashed Out with 15+ years of experience in journalism and writing, including crime analysis and IT security. Casey also serves as the Content Manager at The SSL Store.