How to become an expert on security?

Posted on 2007-10-17
Medium Priority
Last Modified: 2013-11-16
What books are there that i may read to become a security expert? what do i need to know? I am just starting on this, besides that any good links to become a linux expert and what version would you guys recomend me?
Question by:sisiliano
  • 2
  • 2
LVL 18

Accepted Solution

PowerIT earned 200 total points
ID: 20096106
IT security is a very wide and varied topic.
And you can only really learn it from experience. But of course, you need a background. Check out this base ITSEC library I once listed:

On to the books: my 20 favorite books in no particular order:
- Hacking exposed, 5-th edition - McGraw-Hill Osborne Media (+ the spin-offs like HE 2003 server, linux, cisco, wifi, forensics, ...)
- Practical Unix & Internet Security - Oreilly & Associates Inc
- Rootkits - subverting the windows kernel - Addison-Wesly
- Hackers Challenge 3 - McGraw-Hill Osborne Media
- Malware - Fighting Malicious Code - Prentice Hall Ptr
- The art of deception - Controlling the human element of security
- Information Security: principles and practice - Wiley-Interscience
- Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition
- Security Engineering: A Guide to Building Dependable Distributed Systems - Wiley
- Network Security: The Complete Reference - McGraw-Hill Osborne Media
- Securing Windows Server 2003 -  O'Reilly
- Applied Cryptography - Wiley
- Practical Cryptography - Wiley
- The Tao of Network Security Monitoring - Addison-Wesley Professional
- The Art of Computer Virus Research and Defense - Addison-Wesley Professional
- A Guide to Forensic Testimony - Addison-Wesley Professional
- Spam Kings -  OReilly
- Software Security: Building Security In - Addison-Wesley Software Security Series
- Exploiting Software: How to Break Code - Addison-Wesley Software Security Series)
- Incident Response - Computer Forensics Toolkit - Wiley

When looking at the tables of content of those books you'll automatically gather most of the topics you'll want to learn.
It's a major undertaking, I know, I've been there ;-)

Also have a look at what a CISSP has to know. The ten domains - in alphabetical order - are:
- Access control systems
- Application security
- Business continuity and disaster recovery planning
- Cryptography
- Information secuirty management and risk management
- Legal, regulations, compliance and investigations
- Operations security
- Physical or environmental security
- Security architecture and design
- Telecommunications and network security
My favorite CISSP books:
- All in one CISSP Exam guide (3-rd ed.) by Shon Harris
- The official (ISC)2 Guide to the CISSP CBK (ISC2 press series)
Both contain lots of references to other books for diving in deeper.

As an alternative you can have a look at the COMPTIA Security+ certification.

Success with this major but very worthwhile undertalking. It's an exciting world to get yourself into.

LVL 14

Expert Comment

ID: 20099445
Just my tuppence-worth:

Computer Networks by A Tannenbaum as seen here: http://www.amazon.co.uk/Computer-Networks-International-Andrew-Tanenbaum/dp/0130384887/ref=pd_bbs_sr_1/202-1416668-5774253?ie=UTF8&s=books&qid=1192697191&sr=8-1 is a fantastic book and very good for both learning the building blocks required to read the above books and for general reference.!

Author Comment

ID: 20101229
Thanks so much for your comments

To PowerIT just one doubt any one of the books you listed comes with an interactive CD, because I am considering to buy some of the books used.

And anything for learning linux? if possible

Best regards, sisiliano.
LVL 18

Expert Comment

ID: 20101630
By heart I know that the All in One CISSP Exam Guide by Shon harris comes with a CD with trial exams and PDF version of the book. And the Official ISC2 Guide to the CISSP CBK has not. My books are at home, but I'm sure if you just type the titles in Amazon you'll find the info you want.

For Linux: do you mean references on Linux security, or Linux as a whole?
If it's Linux in general and as a starter then I recommend getting OpenSuse to get learning: http://www.opensuse.org/ Of course, that's a very personal taste. Others will recommend the Redhat counterpart Fedora. And still others will choose something else.
A very good starters-book is the Suse Linux Bible published by Wiley. It doesn't go to deep and does not touch security, but it's a nice starter. And on the home page of opensuse: go to the wiki. There is a lot of information there, also the officel Novell books as PDF's.
If you want more on Linux security: in the Hacking Exposed series I mentioned there is a 'Hacking Linux Exposed'.
There is also Practical Unix and Internet Security, and Linux Security Cookbook, both from O'Reilly.


Author Comment

ID: 20101815
Thx so much, i guess i have enough to get started.

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Experts Exchange expands question security options for members.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question