These recommended cybersecurity books are highly rated and often talked about in their space. Pick what you need from each category or simply stick to one category to start with.

You aren’t expected to know everything about security but having a passing familiarity, especially if you are a leader, can’t hurt.

All book links take you to their respective Amazon page. The links are normal but I may install an Associates tag (affiliate program) plugin in the future that automatically appends my Associates tag at the end of the normal link. This does not increase the price or give me anything other than a small kickback if you follow through with a purchase.

Security Management

Building a Comprehensive IT Security Program by Jeremy Wittkop

Liars & Outliers by Bruce Schneier

Secrets and Lies by Bruce Schneier



NIMS Incident Command System Field Guide by Informed


A Concise Guide to HIPAA, HITECH and the Omnibus Rule: Making your Office Compliant by Raymond Calore

Surviving a HIPAA Audit: Jump Start Guide by Dave Sweigert

HIPAA Omnibus Rules Simplified – The HIPAA made EASY Approach to Privacy and Security Compliance for The Healthcare Facility by HIPAA Made Easy


PCI DSS 3.2 – A Comprehensive Understanding to Effectively Achieve PCI DSS Compliance by Haseen Usman Ahmed

PCI Compliance, Version 3.2: The Latest on PCI DSS Compliance by Branden Williams

Social Engineering

Ghost in the Wires by Kevin Mitnick

The Art of Deception by Kevin Mitnick

No-Tech Hacking by Johnny Long

Social Engineering by Christopher Hadnagy


TCP/IP Guide by Charles Kozierok

Penetration Testing

Red Team Field Manual by Ben Clark

The Basics of Hacking and Penetration Testing by Patrick Engebretson

Unauthorised Access by Wil Allsopp


The Code Book by Simon Singh

Cryptography Engineering by Niels Ferguson


Hacking, The Art of Exploitation by Jon Erickson

The Shellcoder’s Handbook by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

The Web Application Hacker’s Handbook by Dafydd Suttard, Marcus Pinto

Malware Analysis

Malware Analyst’s Cookbook and DVD by Michael Ligh, Steven Adair, Blake Hartstein, and Matthew Richard

Practical Reverse Engineering by Bruce Dang

Operating Systems

The Linux Command Line by William Shotts Jr.

Incident Response

Blue Team Field Manual by Alan White and Ben Clark

Blue Team Handbook: Incident Response Edition by Don Murdoch

The Art of Memory Forensics by Michael Ligh, Andrew Case, Jamie Levy, and Aaron Walters

Security Architecture

Security Engineering by Ross Anderson

Threat Modeling by Adam Shostack


What books or categories do you recommend that aren’t listed in this post? Sound off in the comments below!

Pin It on Pinterest