Modern Cyber Defense Books

A few days ago I posted the following on Twitter:

(link to full thread that has perhaps grown since this time)

DevOps Connect:DevSecOps @ RSAC 2022

Below are the suggestions I got, with TWO clear winners (votes and likes data is very relative, manually counted, etc, etc — but the trend is there)

  1. “Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems” [FREE link] by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield [27 votes]
  2. “Defensive Security Handbook: Best Practices for Securing Infrastructure” by Amanda Berlin and Lee Brotherston [26 votes]
  3. “The Practice of Network Security Monitoring: Understanding Incident Detection and Response” by Richard Bejtlich [17]
  4. “Securing DevOps: Security in the Cloud“ by Julien Vehent [7]
  5. “Applied Incident Response” by Steve Anson [7]
  6. “Threat Modeling: Designing for Security” by Adam Shostack [5]
  7. “Security Engineering” by Ross Anderson [5]
  8. “Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder” by Don Murdoch [4]

Other suggestions (some admittedly are quite peculiar, some clearly are not a fit to the question, etc; they are copied here for posterity)

  • “Thinking Security: Stopping Next Year’s Hackers” by Steven M. Bellovin (2015)
  • “The Psychology of Information Security” by Leron Zinatullin
  • “Foundations of Security: What Every Programmer Needs to Know” by Christoph Kern, Anita Kesavan, Neil Daswani (2007)
  • “Privileged Attack Vectors” by Morey J. Haber
  • “Computer Security” by Dieter Gollmann (2011)
  • ”Next Level Cybersecurity: Detect the Signals, Stop the Hack” by Sai Huda
  • “Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies” by Ira Winkler
  • “Incident Response & Computer Forensics” by Jason T. Luttgens, Matthew Pepe, Kevin Mandia (2014)
  • ”Analogue Network Security” by Winn Schwartau
  • “Secrets and Lies: Digital Security in a Networked World” by Bruce Schneier
  • “Future Crimes: Inside the Digital Underground and the Battle for Our Connected World” by Marc Goodman
  • “Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time” by Sami Saydjari

Finally, a few people suggested this book list (Security Book Canon), but the last winners there are from 2018…

All in all, enjoy!

Modern Cyber Defense Books was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

*** This is a Security Bloggers Network syndicated blog from Stories by Anton Chuvakin on Medium authored by Anton Chuvakin. Read the original post at: