10 BOOKS10 BOOKSFOR

MUST-READ!^

INFOSEC PROSINFOSEC PROS

We asked industry thought leaders to share their favorite books that

changed the way they think about information security...

1. THE PHOENIX PROJECTBY GENE KIM, KEVIN BEHR AND GEORGE SPAFFORD

Don’t read The Phoenix Project for great literature, witty dialogue and

well-crafted characters. Instead, read this book for an easy yet informative

introduction to why well-run IT departments are gaining a

competitive edge. 

–MARIBETH PUSIESKI (@MB_PDX)

1. THE PHOENIX PROJECT

2. OFFENSIVE COUNTERMEASURES: BY JOHN STRAND AND PAUL ASADOORIAN

The book covers how to create “vexing” security approaches that

engage attackers in a time-wasting and misleading way. The focus is on . . .

techniques and countermeasures that mislead attackers, causing them to fail

and generally wasting their time, so your become an unprofitable target.

–DWAYNE MELANCON (@THATDWAYNE)

  THE ART OF ACTIVE DEFENSE2. OFFENSIVE COUNTERMEASURES: 

  THE ART OF ACTIVE DEFENSE

3. HACKING EXPOSEDBY STUART MCCLURE, JOEL SCAMBRAY AND GEORGE KURTZ

I first bought the 2nd edition of Hacking Exposed back in 2001, and it immediately changed the way I was thinking about thesystems for which I was then responsible. Whilst much of the technology specifics

in that edition will now seem quaintly retro, it is both sobering and . . . disheartening to

see how some of the actual techniques are still in active use today.

–ANGUS MACRAE (@AMACSIA)

3. HACKING EXPOSED

BY KIM ZETTER

Ever wonder what it would be like to have a power grid in your country shut down for a day, week, month, or even longer? Is your country prepared? This

book makes you think about the secretive world of cyberwarfare and

how one piece of malware forever changed world history.

-BEV ROBB (@TEKSQUISITE)

4. COUNTDOWN TO ZERO DAY4. COUNTDOWN TO ZERO DAY

BY OLIVIA FOX CABANE

This book takes more than a “win friends and influence people”

approach. It offers exercises and techniques that can transform even the most socially inept

InfoSec person into someone who can better connect with an

audience.

-BOB COVELLO (@BOBCOVELLO)

5. THE CHARISMA MYTH5. THE CHARISMA MYTH

BY JEREMIAH TALAMANTES

People need to understand they’re being manipulated by expert con men

(and women). The Social Engineer’s Playbook describes exactly how this

happens and why we fall for it. By educating ourselves to the tactics used

by social engineers, the better equipped we’ll be to hang up the

phone, say “no,” or laugh in their face when they come knocking.

-DAVID JAMIESON (@DHJAMIESON)

6. THE SOCIAL ENGINEER'S PLAYBOOK6. THE SOCIAL ENGINEER'S PLAYBOOK

BY DANIEL REGALADO, SHON HARRIS, ALLEN HARPER, CHRIS EAGLE, JONATHAN NESS, BRANKO SPASOJEVIC, RYAN LINN AND STEPHEN SIMS

When I was developing courses for Fanshawe College, I selected the third

edition of this book as a textbook. It lent itself incredibly well to learning the

basics of and gaining a solid foundation in information security. Now in it’s fourth

edition, the book still stands out as an amazing point of entry into infosec and a

great refresher for pros. 

-TYLER REGULY (@TREGULY)

7. GRAY HAT HACKING7. GRAY HAT HACKING

BY RICHARD BEJTLICH

We’ve seen a huge emphasis on preventing threats but not enough on detecting data as

its being stolen. This book gives you some serious food for thought on how this can be

applied to your network.

-MATT PASCUCCI (@MATTHEWPASCUCCI)

8. EXTRUSION DETECTION:SECURITY MONITORING FOR INTERNAL INTRUSIONS

8. EXTRUSION DETECTION:SECURITY MONITORING FOR INTERNAL INTRUSIONS

BY KEVIN MITNICK

Thought of as a tenet in cybersecurity, people are the first line of defense for any corporate

security program. This non- technical book is a must read for an intriguing perspective into securing

the human behind the keyboard.

-JAMES WRIGHT (@JAMES_M_WRIGHT)

9. GHOST IN THE WIRESMY ADVENTURES AS THE WORLD'S MOST WANTED HACKER

9. GHOST IN THE WIRESMY ADVENTURES AS THE WORLD'S MOST WANTED HACKER

BY DAVE TROTT

This book has helped me develop more as a CISO than any IT security book because they have helped me

communicate better, as well as think of alternative ways to address

problems. [It] really inspires you to look at things differently, see the silver lining, and often be far more creative...

-THOM LANGFORD (@THOMLANGFORD)

10. ONE + ONE = THREE10. ONE + ONE = THREE

WHAT BOOK CHANGED THE WAY YOU THINK ABOUT SECURITY? TWEET US YOUR FAVORITE @TRIPWIREINC USING

#INFOSECMUSTREAD

TRIPWIRE.COM/BLOG

FOR THE LATEST INFORMATION SECURITY NEWS, TRENDS AND INSIGHTS, VISIT: