8 Book Recommendations for Security Professionals

  • By Maddie Rosenthal
  • 22 October 2020

Most security professionals rely on recommendations from their peers when it comes to vendors, solutions, and strategies. So, why not books? We asked our own cybersecurity experts what they were reading and rounded-up eight books to add to your reading list.

The Cuckoo’s Egg

In 1986, Clifford Stoll – a systems administrator at the Lawrence Berkeley National Laboratory – wrote this book. Based on his field notes, this is arguably one of the first documented cases of a computer hack and the subsequent investigation, which eventually led to the arrest of Markus Hess. 

It’s now considered an essential read for anyone interested in cybersecurity.

CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers 

While this book covers all the fundamentals of IT security governance and risk management, it also digs deeper into people. After all, being a CISO isn’t just about technology.

The insights in the book come directly from CISOs. In total, 75 security leaders contributed to the book, which means there’s plenty of actionable advice you can apply to your strategies. 

Looking for more insights from security leaders? Check out Tessian’s CISO Spotlight series

Art of Deception

Written by someone pretty well-known in the security field – Kevin Mitnick – Art of Deception offers readers an insider’s view on what it takes to hack a system (and therefore what you can do to protect yourself). 

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers 

Politics play a big role in cybercrime. 

This book is focused on Sandworm, the group of Russian hackers who, over the last decade, has targeted American utility companies, NATO, and electric grids in Eastern Europe and paralyzed some of the world’s largest businesses with malware. But the author, Wired senior writer Andy Greenberg, also provides plenty of background on both the technology and the relationships between various countries.

Social Engineering: The Art of Human Hacking

If you want a breakdown of every aspect of social engineering – from elicitation, protecting, influence, and manipulation – this one’s for you. Written by Christopher Hadnagy – the lead developer of the world’s first social engineering framework – this book is a sort of intro to hacking humans that could help you level-up your phishing awareness program and defenses.  

We take a deep dive into the psychology of human error in this report, with insights from Stanford Psychology and Communications professor Jeff Hancock

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats

In the same vein as Sandworm, this book explores cyberwar, nation-state hackers, and the future. While it doesn’t offer highly technical insights, there is plenty of practical advice on how organizations and individual people can avoid being hacked. 

Cult of the Dead Cow

Cult of the Dead Cow explores some of the world’s most infamous hacking groups – particularly the cDc – and explains how technology, data, and – well – the world has changed because of them. 

CISM Certified Information Security Manager All-in-One Exam Guide

Yes, this is an exam guide…and yes you should add it to your reading list. If nothing else, to have on-hand as a reference. Why? It covers everything.

Security governance, risk management, security program development, and security incident management.

Curious as to whether or not other security professionals have their CISM certification? We interviewed 12 women about their journeys in cybersecurity. Read their profiles here and the full report, Opportunity in Cybersecurity Report 2020.

Maddie Rosenthal