Modern Cyber Defense Books

A few days ago I posted the following on Twitter:

(link to full thread that has perhaps grown since this time)

Below are the suggestions I got, with TWO clear winners (votes and likes data is very relative, manually counted, etc, etc — but the trend is there)

1. “Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems” [FREE link] by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield [27 votes]
2. “Defensive Security Handbook: Best Practices for Securing Infrastructure” by Amanda Berlin and Lee Brotherston [26 votes]
3. “The Practice of Network Security Monitoring: Understanding Incident Detection and Response” by Richard Bejtlich [17]
4. “Securing DevOps: Security in the Cloud“ by Julien Vehent [7]
5. “Applied Incident Response” by Steve Anson [7]
6. “Threat Modeling: Designing for Security” by Adam Shostack [5]
7. “Security Engineering” by Ross Anderson [5]
8. “Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder” by Don Murdoch [4]

Other suggestions (some admittedly are quite peculiar, some clearly are not a fit to the question, etc; they are copied here for posterity)

• “Thinking Security: Stopping Next Year’s Hackers” by Steven M. Bellovin (2015)
• “The Psychology of Information Security” by Leron Zinatullin
• “Foundations of Security: What Every Programmer Needs to Know” by Christoph Kern, Anita Kesavan, Neil Daswani (2007)
• “Privileged Attack Vectors” by Morey J. Haber
• “Computer Security” by Dieter Gollmann (2011)
• ”Next Level Cybersecurity: Detect the Signals, Stop the Hack” by Sai Huda
• “Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies” by Ira Winkler
• “Incident Response & Computer Forensics” by Jason T. Luttgens, Matthew Pepe, Kevin Mandia (2014)
• ”Analogue Network Security” by Winn Schwartau
• “Secrets and Lies: Digital Security in a Networked World” by Bruce Schneier
• “Future Crimes: Inside the Digital Underground and the Battle for Our Connected World” by Marc Goodman
• “Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time” by Sami Saydjari

Finally, a few people suggested this book list (Security Book Canon), but the last winners there are from 2018…

All in all, enjoy!