1. The Phoenix Project
It’s a fictional story about an IT department that must evolve from an ineffective and inefficient misadventure into a modern DevOps-powered software factory. Through the story, readers come to understand how an organization can lose legacy habits and trade them in for world-class DevOps, Agile, and Lean processes
2. The Hacker Playbook: Practical Guide To Penetration Testing
No one wins a game without a game plan, and no penetration testers or ethical hackers consistently win without a plan of attack. The Hacker Playbook provides pen testers, through football-like plays, shows the reader how to attack different environments and bypass security defenses. When it comes to IT security, a good blue team offense is essential to a good enterprise defense. The hacker Playbook details how to pen test from researching the objective to strategy
3. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
The book’s amazon description tells it best: Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker’s code name was “Hunter” — a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases — a one-man sting operation that finally gained the attention of the CIA…and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB.
4. Social Engineering: The Art of Human Hacking
Social Engineering is the craft of tricking people to do what you want. This book covers facets of common social engineering tactics, such as pretexting and manipulation, using the author’s personal experience and detailing the rationale behind the tactics.
Social Engineering: The Art of Human Hacking should be part of the toolkit of any blue team member, penetration tester, or CISO who wants to know the tactics the bad guys will use against their organization.
5. Defensive Security Handbook: Best Practices for Securing Infrastructure
If you are new to security and looking for a solid introduction into defensive fundamentals, this book is a great place to start. And the book is billed as being targeted toward CIOs, directors, security analysts, systems administrators, and similar and it hits the mark.