Cybersecurity Reading List

Over the past couple years I have compiled a list of cybersecurity related books based on various professional reading lists as well as the defcon list and put them in a spreadsheet. Just updated it today with 17 new entries of my own: https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit?usp=sharing

I had to put my own column for new stuff in because it seems like once these lists get published no one maintains them.

On a related note I would like to get some Non-American lists represented so if you know of any similar professional reading lists published by British, Canadian, Australian, New Zealand agencies please point me too them. I know it's English-centric but that's the language I speak.

Find more posts tagged with

cybersecurity

professional development

reading lists

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

deep_logic

Wow! Much appreciated @cshkuru. The list is pretty wide as far as technical stuff - but I like that. Valuable resource, bro. BTW, I loved the "Stealing the Network" book. I didn't realize there were several versions of it now.

roninkai

Nice list, thank you! I keep adding/purchasing books that never get read. What I need is a reading plan (outside of certifications)....and a commitment to stop buying books lol.

nevermore

I have been buying a bunch of books on a variety of Infosec topics. Looking to spend more time reading once I am done with my MS degree.

tedjames

dragonsden said:

Nice list, thank you! I keep adding/purchasing books that never get read. What I need is a reading plan (outside of certifications)....and a commitment to stop buying books lol.

Ha! Good luck with that! I have the same problem. Got tons of books and courses that I hope to get to one day. Damn you Udemy and Nostarch! (I mean that in a good way.)

I put everything I want to read/learn into a spreadsheet and prioritized them. It's really hard sticking to a schedule when you want to do everything, but it's necessary. I have disciplined myself into taking one course at a time. As for reading, if it's general reading and not a tech/training guide, just budget yourself to 20-30 minutes per day.

A class I'm taking on Udemy has 92 sections. I'm trying to complete at least 1 section per weekday and 2-3 per day on Saturday and Sunday. I hope to finish sometime in February so I can move on to the next one.

Budgeting your time works.

roninkai

Yes, our problem was once too little information. Now it's the complete opposite. The tricky thing is with the abundance of courses, videos, and books, is "who do I give my time and attention to and trust?".

baghdaddy19

dragonsden said:

Nice list, thank you! I keep adding/purchasing books that never get read. What I need is a reading plan (outside of certifications)....and a commitment to stop buying books lol.

Lol same with me. Its really about finding the time. Working full time, studying for certs, trying to stay healthy, family time, getting a good nights sleep, etc. Not much time left in the day.

roninkai

I try to get my shorter reads on Audible and listen at 2x, however I have a 15-min commute which doesn't exactly chip away at a 6 - 11 hour audiobook very fast.

cshkuru

Hey all,

I have been updating the list ( https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996 ) a few times since my last post. I know Dragos was in the last iteration, but I have added lists from Threatgen and Idaho National Labs, both Industrial Control System focused, and from Tara at Blackroom Security as well as the Royal Canadian Communication and Electronics Association. Still looking for other (English language) sources.

chrisone

Very cool list! Thanks for sharing. So much to read so little time!

cshkuru

Updated again. Added a list from a Yale Law Seminar on Cybersecurity
https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996

yoba222

Doesn't look like it's been shared, Palo Alto has had a beautiful book list for a number of years now:
https://cybercanon.paloaltonetworks.com/

cshkuru

yeah thats one of the lists i incorporate into my list its like the 4th from the last column and has it's own tab

cshkuru

Kind of related to the book list effort -

A while back my department at work had a big influx of people with little to no security / IT background. I put this together to help get them up to speed. My hope was that after demonstrating proficiency in each of the areas somehow (it was intended that this be like a 2 year process) the CyberSecurity Director and CIO would sign a nice little certificate for the person. Never got any response to the suggestion from anyone in the management chain. I'm moving on now so I thought I would share it again.

Security Engineering Training Plan

https://docs.google.com/spreadsheets/d/1CKVVwMUTxYaFvwoaOgVoOJFr5GkV8-Fb_qbxtOqLjyQ/edit#gid=0

cshkuru

I recently updated the reading list. I incorporated the class readings from the UT Law School Cybersecurity Class and the (ICS)2 bibliography.

https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996 I also did some format cleanup. That is ongoing

tedjames

I recommend these two new books:

https://www.amazon.com/Alice-Bob-Learn-Application-Security-ebook/dp/B08L8JX4RD

https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307

I'm quoted in the second one.

cshkuru

Another (minor) update - removed a couple duplicate entries, cleaned up some links, added some categories to make searching easier and I think I added like 3 books but that may have been earlier. i lose track. https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996

JDMurray

I especially like the listings of books (fiction and non-fiction) for giving me ideas of what what to buy next on Audible.

cshkuru

Updated the reading list again added a revisions page, added the most recent executive order on cybersecurity, added infosec magazine reading list, added SANS SecOP reading list, added list from The Hacker Playbook, updated list from The Cybersecurity Canon, added list from The Darknet Diaries, added SANS Security Leadership Reading List removed the color coding and added a score based on the number of list an item appears in. https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996

SteveLavoie

Awesome @cshkuru!