Many people looking to begin a career in Cybersecurity get hung up on where to really begin. It all comes down to your current skill level and interests, so assuming you have already become reasonably proficient in basic Windows, Linux, and Networking, and maybe even already started a career as a SOC Analyst or something similar, the next step is to determine what is the path most appealing to you and what you need to learn in order to pursue it. Remember, this could change as you start digging into the material. You may think programming and malware reversing sound fun and realize later that you hate it, but don’t mind a little python scripting and hacking into lab machines, so be prepared to try a few things out and see what really inspires you.
To the right I have listed some of the books that have helped me the most in my journey through InfoSec. Some I have read cover to cover, some I have done select exercises, and others I keep around for quick reference. I excluded books that were specific to certifications, but may post those in the future as a separate segment.
Depending on your skill level now, and what you are most passionate about learning, some of these books will be more appealing than others. This is not meant as a “you should read all of these to be legit” kind of list, but a jumping off point to start learning the skills you are interested in.
For example, if you want to break into your first SOC role, or move up to a senior level or IR position, then Blue Team Field Manual, Network Intrusion Detection, Practical Packet Analysis, and The Tangled Web would be good starters.
If you want to get into malware analysis or forensics then books like Practical Malware Analysis, Digital Forensics with Open Source Tools, and Hacking: The Art of Exploitation may be where you want to start.
Pretty much all of these are good for pentesting, but Basic Security Testing with Kali Linux and Penetration Testing: A Hands-On Introduction to Hacking are good starting points. Of course, I am partial to Start Pentesting Now as well. If testing web application security is a more interesting focus for you, then The Tangled Web and The Web Application Hacker’s Handbook are good bets.
If you want to get more into scripting and programming, then Automate the Boring Stuff with Python, Black Hat Python, and The C Programming Language are good starters. I picked two Python books because it’s been the most prevalent language in my experience, both for day to day tasks as well as in pentesting due to the number of scripts and exploits that use it. I recommend C programming for those interested in pentesting since so many exploits are written in C and it’s good to know what you are running, how to edit it if needed, and it’s a good fundamental programming language.
I guarantee there are other books that belong here, but I will leave them to you to discover. One other resource I highly recommend is to check out Humble Bundle periodically since they will often have great bundles of cybersecurity or other tech eBooks that can be purchased at huge discounts.
