Best Infosec Books

ClmClm CISSP | CCSP | CCSK | AWS x 4 | ITIL | PCEPMember Posts: 444 ■■■■□□□□□□
Just looking to pick up some good info sec books to read not looking for any specific cert related books just general books
I find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

Comments

  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    Counter Hack Reloaded
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • aderonaderon CISSP, CCNA:S, CCNA:R&S, AWS:CSA Assoc, Sec+, Lin+, A+, Net+, Proj+ Member Posts: 404 ■■■■□□□□□□
    jcundiff wrote: »
    Counter Hack Reloaded

    Is that book still relevant? I bought it like a decade ago, but never got around to reading it. And I've been shying away from it now because it seems like most of the info wouldn't be up to date anymore.

    If it's got staying power though, I'll have to add it back to my reading list.
    2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)
  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    aderon wrote: »
    Is that book still relevant? I bought it like a decade ago, but never got around to reading it. And I've been shying away from it now because it seems like most of the info wouldn't be up to date anymore.

    If it's got staying power though, I'll have to add it back to my reading list.

    My former boss is very high on it and think it has been revised, its my next on the book shelf ( after all the required stuff for school as time allows), but given the fact that the majority of compromises are being done using decades old vulns I would say yeah :)
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • beadsbeads Senior Member Member Posts: 1,511 ■■■■■■■■■□
    Finding Threat Modeling: Designing for Security to be quite helpful. Most items the author is bringing up about a quarter the way through are either things that I didn't know I was already doing (relief) or new ways of doing things that I could be doing more efficiently (helpful).

    Any of the 'Hacking Exposed' books are worth going through as well. They may seem a bit dated but if your reading the SANS diary on a daily basis you'll see there aren't really a lot of new or novel hacks coming our way. What you see is more and more DoS and "new tricks for old dogs" types of hacks and exploits. Basically everything old is new again in our world. Seen a new class of hack lately?

    Reloaded is much the same and very much worthwhile for the same reasons above. It doesn't have to be cutting edge to worth reading, just applicable.

    - b/eads
  • iBrokeITiBrokeIT GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,303 ■■■■■■■■■□
    For social engineering, the Kevin Mitnick books like Ghost in Wires and The Art of Deception are really good...
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA | eCPPT | eWPT | eCTHP

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security
  • ClmClm CISSP | CCSP | CCSK | AWS x 4 | ITIL | PCEP Member Posts: 444 ■■■■□□□□□□
    iBrokeIT wrote: »
    For social engineering, the Kevin Mitnick books like Ghost in Wires and The Art of Deception are really good...

    I read ghost in the wire when it came out a few years ago it was great
    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

  • ClmClm CISSP | CCSP | CCSK | AWS x 4 | ITIL | PCEP Member Posts: 444 ■■■■□□□□□□
    beads wrote: »
    Finding Threat Modeling: Designing for Security to be quite helpful. Most items the author is bringing up about a quarter the way through are either things that I didn't know I was already doing (relief) or new ways of doing things that I could be doing more efficiently (helpful).

    Any of the 'Hacking Exposed' books are worth going through as well. They may seem a bit dated but if your reading the SANS diary on a daily basis you'll see there aren't really a lot of new or novel hacks coming our way. What you see is more and more DoS and "new tricks for old dogs" types of hacks and exploits. Basically everything old is new again in our world. Seen a new class of hack lately?

    Reloaded is much the same and very much worthwhile for the same reasons above. It doesn't have to be cutting edge to worth reading, just applicable.

    - b/eads

    Just double checking Is this the book you are referring to? / Wiley: Threat Modeling: Designing for Security - Adam Shostack
    I find your lack of Cloud Security Disturbing!!!!!!!!!
    Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig

  • beadsbeads Senior Member Member Posts: 1,511 ■■■■■■■■■□
    @CLM;

    Yep. That's the baddie. I got turned on to it by reading the review in InfoSec Magazine while doing my bi-monthly quiz for the CISSP. Adam definitely has some excellent insights and some head slappers as well.

    - b/eads
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    This is a great book on risk:

    https://www.amazon.com/Measuring-Managing-Information-Risk-Approach/dp/0124202314

    And, if you need a little non fiction to break things up - cryptonomicon and reamde are great reads.
  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    wes allen wrote: »
    This is a great book on risk:

    https://www.amazon.com/Measuring-Managing-Information-Risk-Approach/dp/0124202314

    And, if you need a little non fiction to break things up - cryptonomicon and reamde are great reads.

    Why ebay united Kingdom when you are in Lexington? Yeah the FAIR Risk model is pretty good... I actually was trained in it by Jack himself :)
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    Great thread. Good recommendations. So much Kentucky. LOL
Sign In or Register to comment.