10 must-read books for infosec professionals

Download 10 Must-Read Books for Infosec Professionals

Post on 22-Jan-2018

14.301 views

Category:

Technology

0 download

Embed Size (px)

TRANSCRIPT

  • 10 BOOKS10 BOOKSFOR

    MUST-READ!^

    INFOSEC PROSINFOSEC PROS

  • We asked industry thought leaders to share theirfavorite books that

    changed the way they think about information security...

  • 1. THE PHOENIX PROJECTBY GENE KIM, KEVIN BEHR AND GEORGE SPAFFORD

    Dont read The Phoenix Project for great literature, witty dialogue and

    well-crafted characters. Instead, read this book for an easy yet informative

    introduction to why well-run IT departments are gaining a

    competitive edge.

    MARIBETH PUSIESKI (@MB_PDX)

    1. THE PHOENIX PROJECT

  • 2. OFFENSIVE COUNTERMEASURES:BY JOHN STRAND AND PAUL ASADOORIAN

    The book covers how to create vexing security approaches that

    engage attackers in a time-wasting and misleading way. The focus is on . . .

    techniques and countermeasures that mislead attackers, causing them to fail

    and generally wasting their time, so your become an unprofitable target.

    DWAYNE MELANCON (@THATDWAYNE)

    THE ART OF ACTIVE DEFENSE2. OFFENSIVE COUNTERMEASURES:

    THE ART OF ACTIVE DEFENSE

  • 3. HACKING EXPOSEDBY STUART MCCLURE, JOEL SCAMBRAY AND GEORGE KURTZ

    I first bought the 2nd edition of Hacking Exposed back in 2001, and it immediately changed the way I was thinking about thesystems for which I was then responsible. Whilst much of the technology specifics

    in that edition will now seem quaintly retro, it is both sobering and . . . disheartening to

    see how some of the actual techniques are still in active use today.

    ANGUS MACRAE (@AMACSIA)

    3. HACKING EXPOSED

  • BY KIM ZETTER

    Ever wonder what it would be like to have a power grid in your country shut down for a day, week, month, or even longer? Is your country prepared? This

    book makes you think about the secretive world of cyberwarfare and

    how one piece of malware forever changed world history.

    -BEV ROBB (@TEKSQUISITE)

    4. COUNTDOWN TO ZERO DAY4. COUNTDOWN TO ZERO DAY

  • BY OLIVIA FOX CABANE

    This book takes more than a win friends and influence people

    approach. It offers exercises and techniques that can transform even the most socially inept

    InfoSec person into someone who can better connect with an

    audience.

    -BOB COVELLO (@BOBCOVELLO)

    5. THE CHARISMA MYTH5. THE CHARISMA MYTH

  • BY JEREMIAH TALAMANTES

    People need to understand theyre being manipulated by expert con men

    (and women). The Social Engineers Playbook describes exactly how this

    happens and why we fall for it. By educating ourselves to the tactics used

    by social engineers, the better equipped well be to hang up the

    phone, say no, or laugh in their face when they come knocking.

    -DAVID JAMIESON (@DHJAMIESON)

    6. THE SOCIAL ENGINEER'S PLAYBOOK6. THE SOCIAL ENGINEER'S PLAYBOOK

  • BY DANIEL REGALADO, SHON HARRIS, ALLEN HARPER, CHRIS EAGLE, JONATHAN NESS, BRANKO SPASOJEVIC, RYAN LINN AND STEPHEN SIMS

    When I was developing courses for Fanshawe College, I selected the third

    edition of this book as a textbook. It lent itself incredibly well to learning the

    basics of and gaining a solid foundation in information security. Now in its fourth

    edition, the book still stands out as an amazing point of entry into infosec and a

    great refresher for pros.

    -TYLER REGULY (@TREGULY)

    7. GRAY HAT HACKING7. GRAY HAT HACKING

  • BY RICHARD BEJTLICH

    Weve seen a huge emphasis on preventing threats but not enough on detecting data as

    its being stolen. This book gives you some serious food for thought on how this can be

    applied to your network.

    -MATT PASCUCCI (@MATTHEWPASCUCCI)

    8.EXTRUSION DETECTION:SECURITY MONITORING FOR INTERNAL INTRUSIONS

    8.EXTRUSION DETECTION:SECURITY MONITORING FOR INTERNAL INTRUSIONS

  • BY KEVIN MITNICK

    Thought of as a tenet in cybersecurity, people are the first line of defense for any corporate

    security program. This non- technical book is a must read for an intriguing perspective into securing

    the human behind the keyboard.

    -JAMES WRIGHT (@JAMES_M_WRIGHT)

    9. GHOST IN THE WIRESMY ADVENTURES AS THE WORLD'S MOST WANTED HACKER

    9. GHOST IN THE WIRESMY ADVENTURES AS THE WORLD'S MOST WANTED HACKER

  • BY DAVE TROTT

    This book hashelped me develop more as a CISO than any IT security book because they have helped me

    communicate better, as well as think of alternative ways to address

    problems. [It] really inspires you to look at things differently, see the silver lining, and often be far more creative...

    -THOM LANGFORD (@THOMLANGFORD)

    10. ONE + ONE = THREE10. ONE + ONE = THREE

  • WHAT BOOK CHANGED THE WAY YOU THINK ABOUT SECURITY? TWEET US YOUR FAVORITE @TRIPWIREINC USING

    #INFOSECMUSTREAD

    TRIPWIRE.COM/BLOG

    FOR THE LATEST INFORMATION SECURITY NEWS, TRENDS AND INSIGHTS, VISIT: