Richard “@taosecurity” Bejtlich put together a great post earlier this week after a squadron commander asked him for a list of recommended books. He separated his suggestions into two categories – one focusing on non-technical books and the other addressing technical books. Out of the ones he listed I particularly wanted to point out several I’m familiar with and add a short comment or two. Yeah … I know … I could just bookmarked his post however I’m putting a reference on this blog … mainly for selfish reasons … so I can quickly find @taosecurity’s post again.
- Cyber War by Richard Clarke and Robert Knake: Everybody drink … but on the other hand … I think more of us need to be in the know regarding this topic.
- Crypto by Steven Levy: I read this book years ago when I was just getting into security. It’s a real page-turner for being more of a history book. Check one of our previous posts where we covered this book before.
- Security Metrics by Andrew Jaquith: I know … we all want to poo-poo this boring topic but if you can’t measure it, you can manage it (or ask the board for more money for it).
- The Cuckoo’s Egg by Cliff Stoll: Another classic that you must absolutely read. People talk about how security changes so fast but after reading this book you may realize that not that much has really changed in the past 30 years. Check one of our previous posts where we covered this book before.
- Software Security by Gary McGraw: Not the most exciting topic but if you want to get teach developers to code more securely, this book is the defacto starting point.
- The Tao of Network Security Monitoring by Richard Bejtlich: This book is over 10 years old and it’s amazing how much insight the author had in defending our modern-day networks. 😉
- Hacking Exposed 7 by Joel Scambray, George Kurtz, Stuart McClure, …: I haven’t specifically read the 7th edition … maybe the 1st or 2nd way back in the day … but it was one of the core influences in my early security career.
- Practical Malware Analysis by Michael Sikorski and Andrew Honig: I haven’t read this one yet but I’ve heard great things about it. It’s going to be one of my next purchases as I try to better understanding all the bad stuff out there.
For the full Commander’s Reading List with links to everything, head on over to @taosecurity’s post.