Top 5 Cybersecurity Books | Joe Carson, CISO

As a cybersecurity professional, continuous learning is a top priority for me.  It’s critical to stay updated on the latest cybersecurity methods, technologies, strategies, and developments, and to learn new skills from other industry experts.

From a young age, I struggled to read the likes of Shakespeare and was more interested in the documentation for the cassette player, fridge, or computer. Though this would change later in life, it did set me up for my great interest in hacking, and ultimately in security.

Today, there are so many ways to consume knowledge; you can listen to a podcast, read an eBook on your Kindle, or listen to the author on an audiobook. But good old physical books are still my go-to solution of choice.

I am your typical scribbler or post-it note guy. If you were to see my bookshelves you’d notice endless notes sticking out of the top of my books for quick references when I need them. I then use OneNote for my quick search and personal lessons—or, if labs are part of the reading, this includes my corrections and quick copy/paste.

My personal library is a mix of old and new, with some of my classics dating back to the early and mid-nineties.

I have started using audiobooks more, and if I really enjoy a book, I also purchase the physical copy and add my notes, comments, and highlights. I believe in supporting these important authors and hopefully inspire future talent to join in.

One site that I find helpful, along with supporting authors, publishers, and charities, is Humble— the Humble Bundle enables you to get a bundle of great technical books at an affordable price. This is especially advantageous if you’re a student or trying to advance your knowledge in anticipation of switching careers. There are so many excellent books available—I get through at least one every week.

Here are my top picks for cybersecurity books:

1. Red Team Development and Operations: A Practical Guide

If you’re looking to get into pentesting or red teaming, this book is a brilliant read and clearly provides a great distinction and defined roles between vulnerability assessments, pentesting, and red teams. It’s a must-read for security managers or leaders, or for business managers looking for a security assessment, as it helps identify the false sense of security companies experience when they follow checkbox security approaches, such as some compliance requirements. The book includes examples and clear takeaways. From the awesome Joe Vest and James Tubberville

2. Operator Handbook: Red Team + OSINT + Blue Team Reference

This is another must-have book, or actually a reference manual to be honest, for your collection—this time from the amazing Joshua Picolet aka Netmux. You may be familiar with his previous books on Password Cracking, like Hash Crack, which emphasizes the importance of strong password best practices and explains why default passwords are an open door. This latest operator handbook provides some great tips and command references for different security teams whether you’re a Red Team member, OSINT, or Blue Team. I’ve used this book many times when one of my techniques was not working; it provided me with alternative methods. If you’re interested in getting into pentesting or cybersecurity or are already a security professional, this book is one to keep nearby.

3. Confident Cyber Security: How to get started in cyber security and futureproof your career

Here’s a book for everyone. Whether you’re starting your career in cybersecurity, a seasoned professional, or even in another business, you’ll get value from this book. The extremely talented Dr. Jessica Barker has literally brought cybersecurity back to the forefront and describes how it must and should help humans be successful and stay safe. Jess brings so much experience to the subject; she shares real-life examples and comparisons that take us a step back from the sometimes technical trenches we get stuck in.

4. The Ghidra Book: The Definitive Guide

Not for reading to your kids as a bedtime story or for the fiction section of your shelf. However, if you’re going down the career path of malware analysis or reverse engineering, then this is the must-have book for you. Chris Eagle (author of the IDA Pro Book) and Kara Nance deliver a thoroughly detailed book that’s not a software guide but an actual how-to guide on using Ghidra for reverse engineering using well-defined and helpful processes and techniques. The Ghidra Definitive Guide incorporates more than a decade of research, and for reverse engineers or malware analysis, this book should be a top priority. It includes great examples to help enhance your skills and knowledge.

5. Hackable: How to do application security right

Well, the only way to end the top 5 of top cybersecurity and hacking books from 2020 is with Hackable, written by a good friend and industry peer Ted Harrington. If you’re responsible for creating applications for your business, then this is your book. It takes us into the mind of an attacker and demonstrates how they think. Learn different methodologies and which is best suited for your business. Identify vulnerabilities early and build security into your development lifecycle rather than a plug at the end. Hackable is a book on how to do application security the right way.

Here are other notable books that are also well worth mentioning:

Sandworm: A new era of cyberwar and the hunt for the Kremlin’s most dangerous hackers

Andy Greenberg takes us through the journey of Sandworm; it got me watching old movies again, like Dune.

Human Hacking: Win friends, influence people, and leave them better off for having met you

Chris does it again, bringing another book with A Master Hacker’s Guide – Human Hacking. Social engineering played a huge role in cybersecurity topics over the past decade and Chris has certainly raised priority and awareness of the subject. While I have not yet read his latest book, it’s right on top of my to-do list for 2021.

Privileged Access Cloud Security for Dummies

And finally, at the top of your reading list is my latest book on Privileged Access Cloud Security. This is a quick read that will get you up to date on all things related to privileged access, including the importance of eliminating default passwords, password rotation for service accounts, and multiple security controls for access.

I hope I’ve inspired you to continue your education with several of these great books. Let me know which cybersecurity books you’ve learned from. Maybe they’ll make my next must-read list!

You may also enjoy reading Delinea's whitepaper: Cybersecurity versus the Business. After all, cybersecurity does not exist in a vacuum—your solutions need to coexist with business goals.