Stuck Inside? Top Books We Recommend Security Pros Read During Quarantine

Last updated at Wed, 22 Apr 2020 17:04:49 GMT

Staying at home is our new normal, which means many of us have wound up with a little more free time than usual on our hands to spend doing puzzles, working out (or not), or reading. Whether you’re looking to brush up on your security skills, dive into the history of the field, or merely curl up with a thrilling page-turner, here are our team’s top book picks to quell your quarantine boredom:

‘The Infinite Game’ by Simon Sinek

Recommended by: Glenn Thorpe, Lead Customer Advisor

Given our field and our global pandemic, this book was a great read. It focuses on rethinking how we approach “winning.” We’re involved in an industry that has no traditional rules nor a true end, which means we need to change how we measure ourselves, our business, and our success.

Because they are playing with an endpoint in mind, Carse tells us, finite-minded players do not like surprises and fear any kind of disruption. Things they cannot predict or control could upset their plans and increase their chances of losing. The infinite-minded player, in contrast, expects surprises (and even revels in them), and is prepared to be transformed by them. They embrace the freedom of play and are open to any possibility that keeps them in the game. Instead of looking for ways to react to what has already happened, they look for ways to do something new. An infinite perspective frees us from fixating on what other companies are doing, which allows us to focus on a larger vision. Instead of reacting to how new technology will challenge our business model, for example, those with infinite mindsets are better able to foresee the applications of new technology.

‘The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization,’ by James Bamford

Recommended by: Scott King, Senior Director, Security Advisory Services

This book gives a history lesson on where the need for this profession came from (i.e., the origination of the NSA).

‘Network Security Through Data Analysis,’ by Michael Collins

Recommended by: Bob Rudis, Chief Data Scientist

Michael Collins provides a comprehensive blueprint for where to look, what to look for, and how to process a diverse array of data to help defend your organization and detect/deter attackers. It is a must-have for any data-driven cybersecurity program.

‘The Little Black Book of Computer Viruses,’ by Mark Ludwig

Recommended by: Brent Cook, Senior Manager, Software Engineering

This book is really good. Even though it covers malware techniques from the ‘80s and ‘90s, the attacker philosophy it discusses still applies today. It's deeply philosophical.

‘Code Breaking: A History and Exploration,’ by Rudolf Kippenhahn

Recommended by: Tod Beardsley,  Research Director

Kippenhahn's often-overlooked history of cryptography and was published in 2000, 18 years after the seminal “Puzzle Palace.” Also, unlike “Puzzle Palace,” it does not center on the NSA, but covers a lot of German and Russian work up through the turn of the century, which I was largely unfamiliar with when I first read it.

‘Spy the Lie,’ by Philip Houston

Recommended by: Rachel Chapman, Senior Manager, Marketing

This is not directly security-related, but “Spy the Lie” is a cool book by former CIA agents on how to recognize deceptive behavior. I found it really interesting!

‘Ghost in the Wires,’ by Kevin Mitnick (with William L. Simon)

Recommended by: Mark Hamill, Manager, Product Development

I was a huge fan of this one. It’s a lot about the mindset of security, whether that is physical, behavioral, or digital. “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon” is also on my list, but is as yet unread.

‘The Phoenix Project,’ by Gene Kim, Kevin Behr, and George Spafford

Recommended by: Justin Buchanan, Offering Manager

This is considered one of the leading ways to explain the motivations and dynamics that led to the DevOps movement in 2010+. Although the book does not paint security professionals in the most flattering light, it’s a great read to help us develop empathy for our counterparts in IT operations and development.

‘The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage,’ by Cliff Stoll

Recommended by: Price McDonald, Senior Manager, Penetration Testing

“The Cuckoo's Egg” is one of my favorites.

Customer Picks:

We also asked our customers in our Voice program to recommend some of their favorite books. Here’s what they recommended!

• “Unstoppable: Harnessing Science to Change the World,” by Bill Nye
• “Chained Exploits: Advanced Hacking Attacks from Start to Finish,” by Andrew Whitaker, Keatron Evans, and Jack Voth
• “The Effective Executive: The Definitive Guide to Getting the Right Things Done,” by Peter F. Drucker
• “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World,” by Bruce Schneier
• “Daemon,” by Daniel Suarez
• “CISSP For Dummies,” by Lawrence C. Miller, Peter H. Gregory
• “CompTIA Security+ All-in-One Exam Guide, Fourth Edition,” by Wm. Arthur Conklin, Greg White, Dwayne Williams, Chuck Cothren, Roger Davis
• “Alas, Babylon,” by Pat Frank
• “The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws,” by Dafydd Stuttard, Marcus Pinto
• “The Hacker Playbook 2: Practical Guide To Penetration Testing,” by Peter Kim
• “Secure Coding in C and C++ (SEI Series in Software Engineering),” by Robert C. Seacord Seacord
• “Catching the Catfishers: Disarm the Online Pretenders, Predators, and Perpetrators Who Are Out to Ruin Your Life,” by Tyler Cohen Wood
• “Hard-Boiled Wonderland and the End of the World: A Novel,” by Haruki Murakami
• “Crucial Conversations: Tools for Talking When Stakes Are High,” by Kerry Patterson, Joseph Grenny, Ron McMillan, Al Switzler
• “Ender's Game,” by Orson Scott Card
• “Cryptonomicon,” by Neal Stephenson
• “Algorithms to Live By: The Computer Science of Human Decisions,” by Brian Christian, Tom Griffiths
• “Mindstar Rising,” by Peter F. Hamilton,
• “Hacking: The Art of Exploitation,” by Jon Erickson
• Time Based Security, by Winn Schwartau
• “Windows Server 2008 PKI and Certificate Security,” by Brian Komar
• “The Keeper of Lost Causes,” by Jussi Adler-Olsen
• “Nuklear Age,” by Brian Clevinger
• “Dark Territory: The Secret History of Cyber War,” by Fred Kaplan
• “Shop Class as Soulcraft: An Inquiry into the Value of Work,”by Matthew B. Crawford
• “As a Man Thinketh,” by James Allen
• “Meditations,” by Marcus Aurelius
• “Clean Code: A Handbook of Agile Software Craftsmanship,” by Robert C. Martin
• “Future Crimes: Inside the Digital Underground and the Battle for Our Connected World,” by Marc Goodman
• “Born to Run: A Hidden Tribe, Superathletes, and the Greatest Race the World Has Never Seen,” by Christopher McDougall
• “Kali Linux 2: Windows Penetration Testing,” by Wolf Halton, Bo Weaver
• “How to Measure Anything in Cybersecurity Risk,” by Douglas W. Hubbard, Richard Seiersen
• “Start with Why: How Great Leaders Inspire Everyone to Take Action,” by Simon Sinek
• “Spy Handler: Memoir of a KGB Officer - The True Story of the Man Who Recruited Robert Hanssen and Aldrich Ames,” by Victor Cherkashin
• “Penetration Testing: A Hands-On Introduction to Hacking,” by Georgia Weidman
• “The Game of Work,” by Mr. Charles Coonradt
• “Multipliers: How the Best Leaders Make Everyone Smarter,” by Liz Wiseman, Greg Mckeown
• “Army at Dawn,” by Rick Atkinson
• “The Way of Kings,” by Brandon Sanderson
• “Extreme Ownership,” by Jocko Willink
• “RTFM: Red Team Field Manual,” by Ben Clark
• “Cyber War,”by Richard A. Clarke
• “The Wisdom of Crowds,” by James Surowiecki
• “Black Hat Python: Python Programming for Hackers and Pentesters,” by Justin Seitz
• “Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,” by Robert T. Kiyosaki
• “The Color of Magic,” by Terry Pratchett
• “Snow Crash,” by Neal Stephenson
• “Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information,” by Michael Bazzell
• “Hummingbird: Essays,” by Jude Angelini
• “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory,” by Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters
• “One Minute to Midnight: Kennedy, Khrushchev, and Castro on the Brink of Nuclear War,” by Michael Dobbs
• “The Entropy Police: Practicing Information Security in the Enterprise,” by Richard A. Guida, CISSP
• “The Five Dysfunctions of a Team: A Leadership Fable,” by Patrick Lencioni
• “The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers,” by Kevin D. Mitnick, William L. Simon
• “Bad Blood: Secrets and Lies in a Silicon Valley Startup,” by John Carreyrou
• “Mere Christianity,” by C. S. Lewis,
• “(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide,” by Mike Chapple, James Michael Stewart, Darril Gibson
• “Blue Team Field Manual,” by Alan J White, Ben Clark
• “Neuromancer,” by William Gibson
• “Digital Fortress: A Thriller,” by Dan Brown
• “All Our Wrong Todays,” by Elan Mastai
• “Generation X,” by Douglas Coupland
• “A Data-Driven Computer Defense: A Way to Improve Any Computer Defense,” by Roger A. Grimes
• “New Dark Age: Technology and the End of the Future,” by James Bridle
• “Leviathan Wakes,” by  James S. A. Corey
• “Elon Musk: The Unauthorized Autobiography,” by J.T. Owens

Have any favorite picks of your own? Let us know on Twitter, @rapid7.