In this section I am posting all the books I have read or currently reading and I consider relevant for their content with this blog.
Python for Informatics: Exploring Information by Dr. Charles R. Severance
This is a very easy to read and understand Python book for beginners. After some time looking at resources to get my old programming skills up to date in Python I decided this would be a good start. I have a strong background in programming however I never enjoyed programming. Comparing this book with my studies in university I must say that this book will save much of the pain I had to go through to understand programming. Python is a very powerful and much simpler language than my old friends such as ADA 95, C and C++. This book provides you a good foundation in Python to move up and start programming. It is worth mentioning that this book also is in use in some of the courses offered in Coursera by the University of Michigan.
How to define and build an effective Cyber Threat Intelligence Capability by Henry Dalziel and Eric Olson.
Have you heard all the buzz around threat intelligence? This book will explain CTI in plain english. It is a very simple book to read and I believe it is not only useful for technical people but also for Managers and Sales. Whether you need to implement a threat intelligence program or sell your organization’s solution this book will clarify current state of the technology and market.
Practical Packet Analysis: Using Wireshark to Solve Real – World Network Problems by Chris Sanders.
I chose this book to refresh some practical concepts about traffic analysis. It is a tedious book to read if you are not novice into the subject. I found particulary useful chapter 4 and 5 around the capabilities of Wireshark and how to use some features to manage and analyze pcap files
Network Forensics Tracking Hackers Through Cyberspace by Sherri Davidoff and Jonathan Ham.
This book is a must if you are interested or currently doing network forensics and traffic analysis. It is a very technical book and requires a deep understanding of network communications to follow it through. It covers from basic to more practical issues such as traffic analysis and carving within pcap files. I liked the approach followed especially for traffic analysis, where they show all the possible strategies to follow a network investigation as well as the manual an automated tools to do so. Highly recommended for professional involved in forensics.
The practice of Network Security Monitoring by Richard Bejtlich
There is some overlap between this book and the previous however I found it particularly useful to deploy the Onion Linux distribution and configure it. There are other chapters in the book which take you through some of the tools and tacticts to analyze traffic, these chapters are a very good complement to the material explained in the previous book. The final chapters are dedicated to NSM operations where the subject is discussed and new approaches such as the kill chain is introduced.
The applied network security monitoring – collecction, detection and analysis by Chris Sanders and Jason Smith
This is the last book in network security I read, it is other must read book together with the other three above. The most important chapters which are not presented in the other books are related to collecting IOC’s, the analysis process and Incident Morbidity and Mortality. This last technique is especially important for SOC and management to establish a learning culture within the security environment.