Solutions Review finds the Highest-Rated Books for Cybersecurity Engineers available on Amazon right now. You need to add these to your collection today.
Solutions Review frequently shares our finds for essential cybersecurity titles and books every InfoSec professional and IT security team should have on the shelf. Here’s one of our lists.
For this list, we wanted to zoom in on a specific profession in cybersecurity – Cybersecurity Engineer – and share the highest-rated titles that might appeal to members of said profession. These books qualify for this list by providing essential perspectives and information beneficial to Cybersecurity Engineers and by having a four and having a four-star rating on Amazon at minimum.
These books are intended for professionals, whether just beginning their careers or already established as experts. All are written by authors with proficiency and/or recognition in the field of cybersecurity.
The Highest-Rated Books for Cybersecurity Engineers
Book Title: Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0
Our Take: Yvonne Wilson and Abhishek Hingnikar both have extensive experience in software development and identity management. Their expertise is evident throughout the text.
Description: This book takes you from account provisioning to authentication to authorization, and covers troubleshooting and common problems to avoid. The authors include predictions about why this will be even more important in the future. Application best practices with coding samples are provided. Solving Identity and Access Management in Modern Applications gives you what you need to design identity and access management for your applications and to describe it to stakeholders with confidence. You will be able to explain account creation, session and access management, account termination, and more.
Book Title: OAuth 2 in Action
Our Take: Justin Richer is a systems architect, software engineer, standards editor, and service designer. Antonio Sanso works as Security Software Engineer.
“OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You’ll learn how to confidently and securely build and deploy OAuth on both the client and server sides…Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.”
Book Title: Password Authentication for Web and Mobile Apps: The Developer’s Guide To Building Secure User Authentication
Our Take: Dmitry Chestnykh has been writing software for over twenty years, and now consults on applied cryptography and software security.
“Authenticating users with passwords is a fundamental part of web and mobile security. It is also the part that’s easy to get wrong. This book is for developers who want to learn how to implement password authentication correctly and securely. It answers many questions that everyone has when writing their own authentication system or learning a framework that implements it.”
Book Title: Hacking Multifactor Authentication
Our Take: Roger Grimes is a Principal Security Architect at Microsoft, and works with Microsoft Windows, Linux, and BSD. He is also a prolific author and speaker.
“This book covers over two dozen ways that various MFA solutions can be hacked, including the methods (and defenses) common to all MFA solutions. You’ll learn about the various types of MFA solutions, their strengthens and weaknesses, and how to pick the best, most defensible MFA solution for your (or your customers’) needs. Finally, this book reveals a simple method for quickly evaluating your existing MFA solutions. If using or developing a secure MFA solution is important to you, you need this book.”
Book Title: Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution
Our Take: Morey J. Haber is Chief Technology Officer at BeyondTrust and Darran Rolls is CISO and Chief Technology Officer at SailPoint. Greater experts are hard to come by.
Description: As a solution, Identity Access Management (IAM) has emerged as the cornerstone of enterprise security. Managing accounts, credentials, roles, certification, and attestation reporting for all resources is now a security and compliance mandate. When identity theft and poor identity management is leveraged as an attack vector, risk and vulnerabilities increase exponentially. As cyber-attacks continue to increase in volume and sophistication, it is not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities, to conduct their malicious activities through privileged attacks and asset vulnerabilities.
Our Take: Simon Moffatt is a recognized expert in the field of digital identity and access management, having spent nearly 20 years working in the sector. It comes through in the book.
Description: Modern organizations need to not only meet end-user privacy, security, and usability requirements but also provide business enablement opportunities that are agile and can respond to market changes rapidly. The modern enterprise architect and CISO is no longer just focused upon internal employee security – they now need to address the growing need for digital enablement across consumers and citizens too. A CISO and architect view on designing the fundamental building blocks of a scalable, secure and usable consumer identity and access management (CIAM) system. Covering: business objectives, drivers, requirements, CIAM life-cycle, implementer toolkit of standards, design principles, and vendor selection guidance.
Our Take: Phillip J. Windley is an Associate Professor of Computer Science at Brigham Young University.
Description: Author Phil Windley likens IMA to good city planning. Cities define uses and design standards to ensure that buildings and city services are consistent and workable. Within that context, individual buildings–or system architectures–function as part of the overall plan. With Windley’s experience as VP of product development for Excite@Home.com and CIO of Governor Michael Leavitt’s administration in Utah, he provides a rich, real-world view of the concepts, issues, and technologies behind identity management architecture.
Book Title: Hackable: How to Do Application Security Right
Our Take: Ted Harrington is the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, and password managers. If anyone knows hacking, it’s him.
Description: Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may be uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or maybe you think you do know, but don’t realize what you’re doing wrong. To defend against attackers, you must think like them. As a leader of ethical hackers, Ted Harrington helps the world’s foremost companies secure their technology. Hackable teaches you exactly how. You’ll learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process. You’ll build better, more secure products. You’ll gain a competitive edge, earn trust, and win sales.
Our Take: Don Franke has worked in information technology for over 20 years. During this time, the roles he served include senior software developer, incident responder, cybersecurity analyst, and security architect.
Description: Information security does not have to be complicated. Vulnerability to cyber-attacks can be significantly reduced if the basics are practiced. A clear understanding of the fundamentals can help ensure that adequate detective and protective controls are in place and that a solid information security foundation is established. This book covers concepts and controls. It is a good primer for those new to the field and a refresher for the more seasoned practitioner. It is for those who are tasked with creating, leading, supporting, or improving an organization’s cybersecurity program. The goal is to help clear some of the fog that can get in the way of implementing cybersecurity best practices.
Our Take: Lee Brotherston is a Senior Security Advisor with Leviathan Security. Amanda Berlin is an Information Security Architect for a consulting firm in Northern Ohio. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design.
Description: Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost. Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others.
Book Title: Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management
Our Take: Dr. Anton Chuvakin is a recognized security expert in the field of log
management and PCI DSS compliance. Alongside other experts, they present critical log management best practices.
Description: The book consists of 22 chapters that cover the basics of log data; log data sources; log storage technologies; a case study on how Syslog-ng is deployed in a real environment for log collection; covert logging; planning and preparing for the analysis log data; simple analysis techniques; and tools and techniques for reviewing logs for potential problems. The book also discusses statistical analysis; log data mining; visualizing log data; logging laws and logging mistakes; open-source and commercial toolsets for log data collection and analysis; log management procedures and attacks against logging systems.
Book Title: Blue Team Handbook: SOC, SIEM, and Threat Hunting (V1.02): A Condensed Guide for the Security Operations Team and Threat Hunter
Our Take: Don Murdoch has over 17 years of information and network security experience, ranging from intrusion detection and response to establishing an MSSP. He provides key insights.
Description: The author shares his fifteen years of experience with SIEMs and security operations is a no-frills, just information format. Don Murdoch has implemented five major platforms, integrated over one hundred data sources into various platforms, and ran an MSSP practice for two years. This book covers the topics below using a “zero fluff” approach as if you hired him as a security consultant and were sitting across the table with him (or her). The book begins with a discussion for professionals to help them build a successful business case and a project plan, decide on SOC tier models, anticipate and answer tough questions you need to consider when proposing a SOC, and considerations in building a logging infrastructure.
Our Take: Arun Thomas holds Multiple Information Security patents and 28+ Professional IT certifications including CISSP concentrations. He is the Chief Security Architect & CTO of NetSentries Technologies.
Description: The main purpose of implementing a Cyber threat intelligence(CTI) program is to prepare businesses to gain awareness of cyber threats and implement adequate defenses before disaster strikes. Threat Intelligence is the knowledge that helps Enterprises make informed decisions about defending against current and future security threats. This book is a complete practical guide to understanding, planning, and building an effective Cyber Threat Intelligence program within an organization. This book is a must-read for any Security or IT professional with mid to advanced level of skills.
Book Title: Cybersecurity Essentials
Our Take: The authors are members of Educational Technologies Group Inc. or operate in cybersecurity Their combined expertise should prove beneficial.
Description: Cybersecurity Essentials provides a comprehensive introduction to the field, with expert coverage of essential topics required for entry-level cybersecurity certifications. An effective defense consists of four distinct challenges: securing the infrastructure, securing devices, securing local networks, and securing the perimeter. Overcoming these challenges requires a detailed understanding of the concepts and practices within each realm. This book covers each challenge individually for greater depth of information, with real-world scenarios that show what vulnerabilities look like in everyday computing scenarios. Each part concludes with a summary of key concepts, review questions, and hands-on exercises, allowing you to test your understanding while exercising your new critical skills.
Our Take: The authors of this particular text come from information security investigation backgrounds, with exactly the experience your SOC can benefit from.
Description: This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.
Book Title: Cybersecurity Threats, Malware Trends, and Strategies: Learn to mitigate exploits, malware, phishing, and other social engineering attacks
Our Take: Tim Rains worked at Microsoft for the better part of two decades where he held a number of roles including Global Chief Security Advisor, Director of Security, Identity and Enterprise Mobility, and Director of Trustworthy Computing.
Description: Cybersecurity Threats, Malware Trends, and Strategies offers an unprecedented long-term view of the global threat landscape by examining the twenty-year trend in vulnerability disclosures and exploitation, nearly a decade of regional differences in malware infections, the socio-economic factors that underpin them, and how global malware has evolved. This will give you further perspectives into malware protection for your organization. It also examines internet-based threats that CISOs should be aware of.
Those are our picks for the highest-rated books for Cybersecurity Engineers available on Amazon. For more highest-rated books for cybersecurity engineers and other roles, follow us on LinkedIn. For more on cybersecurity, check out the Solutions Suggestion Engine or the IAM, PAM, and IGA Buyer’s Guides.
Solutions Review participates in affiliate programs. We may make a small commission from products purchased through this resource.
- The Best Books for Identity Security Available Now - September 16, 2021
- Authentication Apps: Best of 2021 and Beyond from Solutions Review - September 15, 2021
- Authentication Platforms: Best of 2021 and Beyond from Solutions Review - September 14, 2021