Image source: cyberatma

The cybersecurity industry and all of the threats and dangers that exist within it are all too real. That’s one reason why cybersecurity books make for some pretty interesting reading both in terms of academics and entertainment.

That’s because the best cybersecurity books are those that are written to inform as well as entertain. They hijack your attention as readily as a cyberattack and don’t let you go until you reach the back cover.

Good cybersecurity books share insights gained from real-world situations and examples that we can learn from as professionals. It’s the great ones that teach us what to look out for so that we’re prepared to prevent ourselves from falling prey to cybercriminals.

Cybersecurity is an obsessional thing. We always strive hard to get to know about the Latest Tech Trends and how they operate under the hood.

But what are considered the “best cybersecurity books” and why? This two-part question led me to reach out to seven IT and cybersecurity experts within the industry to inquire about their favorite books on cybersecurity and create a list of the “best cybersecurity books.” Wondering which titles made their lists?

1. The Social Engineer’s Playbook: A Practical Guide to Pretexting
2. Hacking Exposed 7
3. Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
4. Applied Network Security Monitoring: Collection, Detection, and Analysis
5. Security Metrics, A Beginner’s Guide
6. The Practice of Network Security Monitoring: Understanding Incident Detection and Response
7. Network Security Assessment: Know Your Network
8. Protecting Your Internet Identity: Are You Naked Online
9. Crafting the InfoSec Playbook
10. Cyber War: The Next Threat to National Security and What to

[I received a copy of this book through NetGalley.]

This book provided an introduction to part of what you can find on the "Deep Web". If you don't know anything about it, or just a few things, it will give you some starting points which you can use to then find out more. If you already know what there is to know, probably the book won't be useful, though.

Divided in two parts, "Cybercrime" and "The Dark Net", it introduces some of the basic ideas and concepts. What's the Deep Web and what can you find it it. Who's more likely to use the Tor browser and other tools to remain anonymous (not only criminals and terrorists: activist and people who fight for their rights do need a place where they can share information without being silenced by their governments). Examples of cybercrime: drug-selling websites, child sexual abuse, or simply places where you can buy regular items with Bitcoin. Interestingly, crime appears to be the least spread activity, and a lot of people who use the 'Dark Web' do so for reasons that do not go against the law. All in all, it's a good reminder that a tool is never as good or as evil as the hand who wields it.

The book also provides examples of some of the most well-known leaks, uses of virus or worms, and DDoS attacks. Nothing new to me, but something that will be useful to neophytes, without drowning them under a deluge of information—and not as biased as one may have expected: all in all, the author tried to present various sides of the story, so to speak. (Of course, keep in mind that what's in the book is only the tip of the iceberg: the most juicy bits are the ones you will -not- find in a book.)

I'm not rating it higher because in the end, it didn't bring me a lot of information I didn't already know. But I don't doubt it will be more interesting for other readers.

Published 2014 (2nd Edition)

“No Shortcuts for Security”.

That’s always been my motto in terms of security. I’ve been working in consulting for some years. I’ve almost seen and done it all…Nope. Just kidding… Security-wise I’ve run across lots of situations: some bad, some so-and-so, and some really bad. After more than 2 decades working in IS/IT my list of things to look-out for in terms of security is a bit extensive…

To Wit:

-      Although long in the tooth, there are attacks that keep on working in this day and age. Phishing comes to mind;

-      IT departments still have an historical approach when dealing with (IT) Security, i.e., they always think all security issues can be dealt with by buying more tools. Nope. That’s not the way to go. The Way to deal with security is by using a bottom-up approach, meaning we have to start from scratch (empowerment, processes, etc.);

Read on, if you wish to do so.