With the past weeks being some of the warmest in other a decade here in Switzerland, it has become abundantly clear: Summer has arrived. July and August are traditionally preferred vacation months for many. So, in a couple of weeks, many will find themselves with some time off, hopefully in some relaxing environment like a beach, a mountain hut, or whatever else fits the bill.

For me, summer is inseparable with reading more books. An avid reader all my life, I try to maintain the habit throughout the year, which can be challenging. In summer, however, I find excellent relaxation in sitting in the shade and reading a good book. Even selecting books to take on vacation has become a ritual in itself. And yes, even though I do own a Kindle, I still prefer to take at least some physical books with me. No particular reason, I just like having actual paper books around sometimes.

I used to select books in bookshops, on Amazon, and on Goodreads. Sometimes, I would just pick out titles that struck my interest, sometimes I would go by recommendations that, as algorithms have deduced, would be relevant to my interests. However, in recent years, I have started to appreciate more curated reading recommendations. Carefully compiled lists of titles organized by people I know and trust have since become essential to my reading habit – and with great success.

Hence, I wanted to take this opportunity to compile an infosec-centric list of my own, showcasing some titles I have recently read or re-read, with the hope that you might find something that will catch your attention and provide you with a great reading experience this summer.

Books for Penetration Testers

The Art of Software Security Assessment by Mark Dowd and John McDonald This book was released in 2006, and I have recently revisited it, working through it almost in its entirety one again. In my personal opinion, it is one of the best resources to learn about the fundamentals of software security and nearly every flavor of practical software security analysis. I was recently asked to name the book that was most influential for my career, and this is, at the very least, a solid contender.

Black Hat Python by Justin Seitz I got this book last year as part of the fantastic Cybersecurity Humble Bundle. For me, the curse of these bundles is that I usually impulse-buy them, store them somewhere, and then forget to read. But Black Hat Python eventually made it to my Kindle, and I am happy it did. Though the code included in the book is written in Python 2.x, which is now (finally…) deprecated, it does one thing exceedingly well: Show the versatility and power of Python as penetration testers most reliable tools. Black Hat Python is not great because of the actual projects printed in the book, but because it illustrates how specific tools can quickly be built from scratch without relying on pre-existing solutions. It does a fantastic job in sparking ideas for new tools, utilities, and scripts that make one’s life easier while also deepening domain knowledge and improving development/script skills.

Books for Leaders and Managers

The Hard Thing About Hard Things by Ben Horowitz There is a massive market for books about self-improvement, management, and leadership. The urge to become a better version of ourselves is readily served by a mass of authors offering easy-to-follow advice on how to become successful, handsome, and rich. The Hard Thing About Hard Things by Ben Horowitz is a breath of fresh air and one of the very few books in this space of management books I would readily recommend. Instead of focusing on fair-weather advice that works well in optimum conditions, Horowitz focuses on the hard decisions that have to be made when there are no good choices. Horowitz is no theoretic thinker on this: He used to work for Netscape before it was acquired by AOL in 1998. Ben later ran Opsware, which was acquired by HP. He lived through the Dot Com Boom and the subsequent bursting of this bubble. The experience he has collected in this period makes this an exciting and entertaining, read.

For Engineers

Deep Work by Cal Newport Distraction in the digital age is a huge topic these days. With Apple and Google, both implementing “Digital Wellness” features into their respective mobile operating systems to give consumers are a more precise picture of their screen time and their usage habits, this could not be more obvious. “Deep Work” looks at a different side of distraction: The distinction between shallow and deep work. The author makes a strong case for establishing chunks of time where distractions are minimized to allow for uninterrupted periods of productivity. He presents both research supporting this claim, as well as anecdotes from famous figures like C.G. Jung, who used to retreat into his “tower” in the Swiss Bolligen for extended periods to maintain his level of productivity. “Deep Work” is an exciting and thought-provoking book that asks uncomfortable questions about our ability to provide our best work under the circumstances we often choose to work. And it goes on to challenge us, to find more uninterrupted time to “go deep” and find time to improve our output.

For Off-Duty Time

Cult of the Dead Cow by Joseph Menn Ah, the CDC. So many good memories from days long gone. This book by journalist Joseph Menn is an easy and entertaining read following the tracks of one of the most influential hacking groups, at least in the US, ever. It features many industry veterans and contains a plethora of fun anecdotes. In doing so, Menn does take some creative freedom. Some stories are not entirely factual or have been dramatized. But still: The CDC, L0pht, and various other groups portrayed in the book have shaped our industry significantly, making this an excellent pick for light summer reading.

Cyberspies by Gordon Corera I am currently reading Cyberspies, and I will break my rule of only recommending books that I have finished for this one. Starting as early as the fabled Bletchley Park era, Corera, who is an experienced security correspondent for BBC News, outlines the developments of espionage in a more and more digital world. It is well written, asks the right questions, and illustrates the evolution from information gathering to weaponizing information in conflicts.

Conclusion

If you choose one of these books, feel free to let me know how you liked it on Twitter. Also, did I miss a title, I should definitely have included? Let me know. Whatever you read this summer, I hope it entertains you and broadens your horizon. Enjoy!

About the Author

Stefan Friedli is a well-known face among the Infosec Community. As a speaker at international conferences, co-founder of the Penetration Testing Execution Standard (PTES) as well as a board member of the Swiss DEFCON groups chapters, he still contributes to push the community and the industry forward.