Incident response

Top 8 cybersecurity books for incident responders in 2020

Dan Virgillito
July 15, 2020 by
Dan Virgillito

Are you passionate about incident response? Do you want to build upon your knowledge of how to mitigate cyberthreats? If yes, then you’d love the nuggets of wisdom these cybersecurity books can offer! 

Although pursuing certifications like CISSP is the best way to progress in this field, gaining firsthand knowledge from other cybersecurity experts equips you with a better understanding of your profession and gives you the ability to apply different philosophies.

Learn Incident Response

Learn Incident Response

Get hands-on experience with incident response tools and techniques as you progress through nine courses.

So, if you’ve made up your mind to advance as an incident responder, add these cybersecurity books to your virtual bookshelf and get practical tips that will help support your career. 


1. “The practice of network security monitoring” by Richard Bejtlich

In this book, FireEye’s Chief Security Strategist Richard Bejtlich shows you how to deploy a robust layer of protection around your networks using open-source and vendor-neutral tools. To help you avoid inflexible solutions, the author also helps you learn how to interpret network evidence from both client-side and server-side intrusions. 

Though preventing every type of intrusion is impossible, “The Practice of Network Security Monitoring” explains how to best contain them.

2. “Reversing: The secrets of reverse engineering” by Eldad Eilam 

If you’re working in a mid-level incident response position, you can be asked to reverse-engineer malicious code. In “Reversing: The Secrets of Reverse Engineering,” Eldad Eilam lays out the steps needed to reverse-engineer third-party libraries, including operating systems, assembly language and computer internals that come into play. You also gain the knowledge required to plug security holes that hackers usually exploit and, if you’re into advanced reverse-engineering, how to decipher assembly language. 

In a nutshell, you get the pleasure of reading one of the best cybersecurity books on the topic of reverse engineering.

3. “Practical malware analysis” by Michael Sikorski

With the malware at the root of so many cyber intrusions, malware analysis is a crucial aspect of an incident response plan. “Practical Malware Analysis” teaches you everything from how to create secure virtual environments to how to get the most out of key analysis tools like WinDbg, OllyDbg and IDA Pro. Practical studies throughout the book help you practice and hone your skills as you dissect real samples, and detailed malware dissections offer an insight into the techniques and tools used by the pros. 

Whether you’re responsible for securing one network or a hundred, this is one of the best cybersecurity books you could read to thwart and eliminate malware. 

4. “Incident response & computer forensics” (3rd edition) by Matthew Pepe, Jason T. Luttgens and Kevin Mandia

“Incident Response & Computer Forensics” takes you through the entire life cycle of incident response, information gathering, data analysis, and practical remediation. With a choice of case studies exploring the processes and mitigation strategies for high-profile intrusions, the reader has a chance to look deeper into incident response. The material has been curated by experienced cybersecurity specialists who know the importance of having a remediation plan.

5. “Silent on the wire” by Michal Zalewski

Fun and simple to comprehend, “Silent on the Wire” covers different passive extraction techniques that adversaries use to collect information that our devices generate without us even being aware of it. The knowledge helps you dissect several privacy and security issues associated with the hardware design and technologies used in modern computing. 

By taking an in-depth look at the “silent” side of computer systems, the book enables you to approach intrusion detection from a new, more creative perspective. This information can be applied to evidence analysis, forensics, policy enforcement, honeypots and network monitoring.

6. “Information security policies, procedures, and standards” by Douglas J. Landoll

Having knowledge of information security policies and procedures tells employers that you are proficient in handling intrusion cases effectively. “Information Security Policies, Procedures, and Standards” helps you understand why and how procedures are implemented, highlighting policy development concepts, key terminology and recommended document structures. 

Using standards like ISO 27001, COBIT and NIST 800-53, and regulations like PCI DSS and HIPAA as the foundation, the book provides the understanding you need to enforce policies and procedures clearly and intelligently.

7. “The hacker playbook 3: Practical guide to penetration testing” by Peter Kim

In this book, the author focuses on analyzing why things long known to be broken are still broken. Peter makes practitioners wonder if the safeguards they are putting in place are working and if their team has the right tools, people and skill sets to identify and mitigate potential attacks. 

“The Hacker Playbook 3: Practical Guide To Penetration Testing” focuses on real-world attacks and campaigns, exposing you to different exploitations, entry points and custom malware. This is so you can accurately test and validate your organization’s security program.

8. Intelligence-driven incident response” by Scott J. Roberts and Rebekah Brown

One of the best cybersecurity books for incident responders, “Intelligence-Driven Incident Response” teaches you the basics of intelligent analysis and the most effective ways to integrate these techniques into an incident response plan. Besides the fundamentals, it walks you through the IDIR (intelligence-driven incident response) process, as well as enabling you to explore big-picture areas that go beyond individual IR investigations, such as intelligence-driven team building.

Learn Incident Response

Learn Incident Response

Get hands-on experience with incident response tools and techniques as you progress through nine courses.


To survive and thrive in today’s cyberthreat landscape, businesses look to incident responders to deal with cyber-incidents. The expectation from people working in this profession is tremendous and will continue to grow as organizations aim to protect their critical information infrastructure. In order to do this, you must deepen your knowledge of incident response with the help of various resources, including this selection of cybersecurity books. 

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.