Interested in Cyber Security? Buy THESE Books Now!
Occasionally I get a question along these lines "where can I learn cyber?" The truth is, anywhere and everywhere. People groan when I say that but I mean it.
There are so many resources available to burgeoning security professionals that it can be overwhelming.
This article is about some must have books that you should include in your physical/digital library. They are not presented in any particular order.
*Disclaimer this list comprises books that are neither beginner or advanced. They are books that people at any level can benefit from.
Sun Tzu: The Art of War
I personally have a couple hard copies of this book and a digital copy as well. Sun Tzu was a general who wrote down many pieces of wisdom regarding warfare. He covers a variety of topics such as:
- Laying Plans
-Attack by Stratagem
-Weak Points and Strong
-Variation of Tactics
-The Nine Situations
-The Attack by Fire
-The Use of Spies
There is a reason that countries today have their soldiers read this text. Sun Tzu's wisdom is not limited to the military either. Many business people have this on their bookshelves. If you have any exposure to cyber security you can easily see that all of these sections outline tasks we do in security. His advice while talking about actual combat can directly connect to a security professionals day-to-day. Sometimes it actually does feel like combat.
NMAP Network Scanning
I love this book. I regularly go back to it for reference. Port scanning is a critical skill for any security professional. This book has it all.
-Detailed description of how packets are handled between source/target
-All the different scans available
-What is NSE (nmap scripting engine)
-How to determine you are working with a FW or IDS/IPS. How to evade FW and/or IDS/IPS
-OS Scanning and detection
-Zenmap (nmap's gui)
And so much more. You can access all this information on the main website as well. In my entire career, I have never met someone who "likes" security and doesn't utilize nmap. I would say is the best tool of choice for port scanning.
Hacking The Art of Exploitation
This book is hefty and very well written. The author does an amazing job at writing in a way that is easier to injest. Which is good because the subject matter can be pretty heavy.
When it comes to understanding code and how buffer overflows work this is hands down the resource you want to read. When I was learning how BOF work I used this book and it cleared up the concepts beautifully.
I did need to read some chapters a few times in order for the concepts to sink in. ;)
The Darkening Web
This selection is a non-technical book, but it is still one that every security professional should read. The author details the history of the internet and how it is essentially the wild west but in digital form. This is the kind of book that when you read it and really think about the ramifications you may actually lose sleep.
Similar to Sun Tzu's The Art of War this book illustrates aspects of security that hopefully heighten the need for ethical security professionals.
Attacking Network Protocols
Getting your hands on any documentation relating to networking is crucial. Security and networking go hand-in-hand and this book takes you from basic networking to actually analyzing traffic and getting in there and messing around with protocols.
It includes Wireshark as well, which I think should be in the top 10 of every security professionals tool set.
I have a playlist of Wireshark tutorials I have made over here on my YouTube channel https://www.youtube.com/c/RedBlueLabs
Nobody ever references this document but we owe everything we do in technology to the data stored in it. RFC 793 is the official Transmission Control Protocol documentation.
At the time of this writing TCP truly is not that old. Every single thing we do technologically relies on this connection based protocol.
FYI this is free just google it.
Key take away:
Practical Malware Analysis
This book tackles an area of security that is fun and challenging. While it feels like Offensive Security is the priority for a lot of new security folk, Malware Analysis takes already established skills and kicks it up a notch.
Not everyone wants to get into this stream of security and I understand why. It's hard. This book however covers topics that are relevant to all security minded people.
Thanks for reading!!