These recommended cybersecurity books are highly rated and often talked about in their space. Pick what you need from each category or simply stick to one category to start with.
You aren’t expected to know everything about security but having a passing familiarity, especially if you are a leader, can’t hurt.
All book links take you to their respective Amazon page. The links are normal but I may install an Associates tag (affiliate program) plugin in the future that automatically appends my Associates tag at the end of the normal link. This does not increase the price or give me anything other than a small kickback if you follow through with a purchase.
Table of Contents
Security Management
Building a Comprehensive IT Security Program by Jeremy Wittkop
Liars & Outliers by Bruce Schneier
Secrets and Lies by Bruce Schneier
Regulation
NIMS
NIMS Incident Command System Field Guide by Informed
HIPAA
A Concise Guide to HIPAA, HITECH and the Omnibus Rule: Making your Office Compliant by Raymond Calore
Surviving a HIPAA Audit: Jump Start Guide by Dave Sweigert
HIPAA Omnibus Rules Simplified – The HIPAA made EASY Approach to Privacy and Security Compliance for The Healthcare Facility by HIPAA Made Easy
PCI
PCI DSS 3.2 – A Comprehensive Understanding to Effectively Achieve PCI DSS Compliance by Haseen Usman Ahmed
PCI Compliance, Version 3.2: The Latest on PCI DSS Compliance by Branden Williams
Social Engineering
Ghost in the Wires by Kevin Mitnick
The Art of Deception by Kevin Mitnick
No-Tech Hacking by Johnny Long
Social Engineering by Christopher Hadnagy
Networking
TCP/IP Guide by Charles Kozierok
Penetration Testing
Red Team Field Manual by Ben Clark
The Basics of Hacking and Penetration Testing by Patrick Engebretson
Unauthorised Access by Wil Allsopp
Cryptography
The Code Book by Simon Singh
Cryptography Engineering by Niels Ferguson
Applications
Hacking, The Art of Exploitation by Jon Erickson
The Shellcoder’s Handbook by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte
The Web Application Hacker’s Handbook by Dafydd Suttard, Marcus Pinto
Malware Analysis
Malware Analyst’s Cookbook and DVD by Michael Ligh, Steven Adair, Blake Hartstein, and Matthew Richard
Practical Reverse Engineering by Bruce Dang
Operating Systems
The Linux Command Line by William Shotts Jr.
Incident Response
Blue Team Field Manual by Alan White and Ben Clark
Blue Team Handbook: Incident Response Edition by Don Murdoch
The Art of Memory Forensics by Michael Ligh, Andrew Case, Jamie Levy, and Aaron Walters
Security Architecture
Security Engineering by Ross Anderson
Threat Modeling by Adam Shostack
Conclusion
What books or categories do you recommend that aren’t listed in this post? Sound off in the comments below!