TaoSecurity’s Commander’s Reading List

Richard “@taosecurity” Bejtlich put together a great post earlier this week after a squadron commander asked him for a list of recommended books. He separated his suggestions into two categories – one focusing on non-technical books and the other addressing technical books. Out of the ones he listed I particularly wanted to point out several I’m familiar with and add a short comment or two. Yeah … I know … I could just bookmarked his post however I’m putting a reference on this blog … mainly for selfish reasons … so I can quickly find @taosecurity’s post again.


  • Cyber War by Richard Clarke and Robert Knake: Everybody drink … but on the other hand … I think more of us need to be in the know regarding this topic.
  • Crypto by Steven Levy: I read this book years ago when I was just getting into security. It’s a real page-turner for being more of a history book. Check one of our previous posts where we covered this book before.
  • Security Metrics by Andrew Jaquith: I know … we all want to poo-poo this boring topic but if you can’t measure it, you can manage it (or ask the board for more money for it).
  • The Cuckoo’s Egg by Cliff Stoll: Another classic that you must absolutely read. People talk about how security changes so fast but after reading this book you may realize that not that much has really changed in the past 30 years. Check one of our previous posts where we covered this book before.


  • Software Security by Gary McGraw: Not the most exciting topic but if you want to get teach developers to code more securely, this book is the defacto starting point.
  • The Tao of Network Security Monitoring by Richard Bejtlich: This book is over 10 years old and it’s amazing how much insight the author had in defending our modern-day networks. 😉
  • Hacking Exposed 7 by Joel Scambray, George Kurtz, Stuart McClure, …: I haven’t specifically read the 7th edition … maybe the 1st or 2nd way back in the day … but it was one of the core influences in my early security career.
  • Practical Malware Analysis by Michael Sikorski and Andrew Honig: I haven’t read this one yet but I’ve heard great things about it. It’s going to be one of my next purchases as I try to better understanding all the bad stuff out there.

For the full Commander’s Reading List with links to everything, head on over to @taosecurity’s post.


Any other recommended “Commander’s Reading List” books? Let @taosecurity know in the comments of his post. Today’s post pic is from Twitter.com. See ya!

6 comments for “TaoSecurity’s Commander’s Reading List

  1. November 28, 2012 at 11:04 pm

    BLOGGED: TaoSecurity’s Commander’s Reading List http://t.co/dZjNWV7E //Loved these suggestions.

  2. November 28, 2012 at 11:10 pm

    #NOVABLOGGER: TaoSecurity’s Commander’s Reading List http://t.co/AFr9PAXR http://t.co/X49pUwFA

  3. November 28, 2012 at 11:48 pm

    BLOGGED: TaoSecurity’s Commander’s Reading List http://t.co/AFr9PAXR

  4. November 29, 2012 at 12:42 am

    TaoSecurity’s Commander’s reading List, both Tech and Non-Tech https://t.co/v6YrXlyR
    > Just in time, thanks to @taosecurity & @0xerror 🙂

  5. November 29, 2012 at 2:03 pm

    BLOGGED: TaoSecurity’s Commander’s Reading List http://t.co/DSASnnPz

  6. January 10, 2013 at 6:17 pm

    @BonJarber Here is @taosecurity’s list https://t.co/ETMBMUUV

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.