Continuous learning is a top priority for me. It’s critical to stay updated on the latest cyber security methods, technologies, strategies, and developments. 2020 brought the opportunity for us to indulge in some additional reading and learn new skills from incredible industry experts. From a young age, I struggled reading the likes of Shakespeare and was more interested in the documentation for the cassette player, fridge, or computer. Though this would change later in life, it did set me up for my great interest in hacking, and ultimately in security.
While I miss in-person events, books were my go-to solution in 2020
Today, there are so many ways to consume knowledge; you can listen to a podcast, read an eBook on your kindle, listen to the author on an audiobook, or get back to the good old physical book. While I do miss the in-person knowledge transfer gained during events and hope that we soon return to this method of educating ourselves, books were my go-to solution in 2020.
I am your typical scribbler or post-it note guy. If you were to see my bookshelves you’d notice many little notes sticking out of the top of my books for quick references when I need them. I then use OneNote for my quick search, personal lessons, or if labs are part of the reading this includes my corrections and quick copy/paste.
My personal library is a mix of old and new, with some of my classics dating back to the early and mid-nineties.
I have started using audiobooks more, and if I really enjoy a book I also purchase the physical copy and add my notes, comments, and highlights. I believe in supporting these important authors and hopefully inspire future talent to join in.
One site that I find helpful, along with supporting authors, publishers, and charities, is Humble— the Humble Bundle enables you to get a bundle of great technical books at an affordable price. This is especially advantageous if you’re a student or trying to advance your knowledge in anticipation of switching careers.
There are so many excellent books available—I get through at least one every week.
Here are my top picks for cyber security and hacker books from 2020 to help you get going.
1. Red Team Development and Operations: A Practical Guide
If you’re looking to get into pentesting or red teaming, this book is a brilliant read and clearly provides a great distinction and defined roles between vulnerability assessments, pentesting, and red teams. It’s a must-read for security managers or leaders, or for business managers looking for a security assessment, as it helps identify the false sense of security companies experience when they follow checkbox security approaches, such as some compliance requirements. The book includes examples and clear takeaways. From the awesome Joe Vest and James Tubberville
2. Operator Handbook: Red Team + OSINT + Blue Team Reference
This is another must-have book, or actually a reference manual to be honest, for your collection—this time from the amazing Joshua Picolet aka Netmux. You may be familiar with his previous books on Password Cracking, like Hash Crack, which emphasizes the importance of strong password best practices and explains why default passwords are an open door. This latest operator handbook provides some great tips and command references for different security teams whether you’re a Red Team member, OSINT, or Blue Team. I’ve used this book many times when one of my techniques was not working; it provided me alternative methods. If you’re interested in getting into pentesting or cyber security or are already a security professional, this book is one to keep nearby.
3. Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career
Here’s a book for everyone. Whether you’re starting your career in cyber security, a seasoned professional, or even in another business, you’ll get value from this book. The extremely talented Dr. Jessica Barker has literally brought cyber security back to the forefront and describes how it must and should help humans be successful and stay safe. Jess brings so much experience to the subject; she shares real-life examples and comparisons that take us a step back from the sometimes-technical trenches we get stuck in.
4. The Ghidra Book: The Definitive Guide
Not for reading to your kids as a bedtime story or for the fiction section of your shelf. However, if you’re going down the career path of malware analysis or reverse engineering then this is the must-have book for you. Chris Eagle (author of the IDA Pro Book) and Kara Nance deliver a thoroughly detailed book that’s not a software guide but an actual how-to guide on using Ghidra for reverse engineering using well defined and helpful processes and techniques. The Ghidra Definitive Guide incorporates more than a decade of research, and for reverse engineers or malware analysis, this book should be a top priority. It includes great examples to help enhance your skills and knowledge.
5. Hackable: How to Do Application Security Right
Well, the only way to end the top 5 of top cyber security and hacking books from 2020 is with Hackable, written by a good friend and industry peer Ted Harrington. If you’re responsible for creating applications for your business, then this is your book. It takes us into the mind of an attacker and demonstrates how they think. Learn different methodologies and which is best suited for your business. Identify vulnerabilities early and build security into your development lifecycle rather than a plug at the end. Hackable is a book on how to do application security the right way.
Here are other notable books that are also well worth a mention:
Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You
Chris does it again bringing another book with A Master Hacker’s Guide – Human Hacking. Social engineering played a huge role in cyber security topics over the past decade and Chris has certainly raised priority and awareness of the subject. While I have not yet read his latest book, it’s right on top of my to-do list for 2021.
Privileged Access Cloud Security for Dummies
And finally, to top of your reading list is my latest book on Privileged Access Cloud Security. This is a quick read that will get you up to date on all things related to privileged access, including the importance of eliminating default passwords, password rotation for service accounts, and multiple security controls for access.
I hope I’ve inspired you to continue your education with several of these great books. Let me know which cyber security books you’ve learned from. Maybe they’ll make my next must-read list!
*** This is a Security Bloggers Network syndicated blog from Thycotic authored by Joseph Carson. Read the original post at: https://thycotic.com/company/blog/2021/01/19/top-5-hacking-and-cyber-security-books-of-2020/