How to become an expert on security?

Posted on 2007-10-17
Last Modified: 2013-11-16
What books are there that i may read to become a security expert? what do i need to know? I am just starting on this, besides that any good links to become a linux expert and what version would you guys recomend me?
Question by:sisiliano
    LVL 18

    Accepted Solution

    IT security is a very wide and varied topic.
    And you can only really learn it from experience. But of course, you need a background. Check out this base ITSEC library I once listed:

    On to the books: my 20 favorite books in no particular order:
    - Hacking exposed, 5-th edition - McGraw-Hill Osborne Media (+ the spin-offs like HE 2003 server, linux, cisco, wifi, forensics, ...)
    - Practical Unix & Internet Security - Oreilly & Associates Inc
    - Rootkits - subverting the windows kernel - Addison-Wesly
    - Hackers Challenge 3 - McGraw-Hill Osborne Media
    - Malware - Fighting Malicious Code - Prentice Hall Ptr
    - The art of deception - Controlling the human element of security
    - Information Security: principles and practice - Wiley-Interscience
    - Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition
    - Security Engineering: A Guide to Building Dependable Distributed Systems - Wiley
    - Network Security: The Complete Reference - McGraw-Hill Osborne Media
    - Securing Windows Server 2003 -  O'Reilly
    - Applied Cryptography - Wiley
    - Practical Cryptography - Wiley
    - The Tao of Network Security Monitoring - Addison-Wesley Professional
    - The Art of Computer Virus Research and Defense - Addison-Wesley Professional
    - A Guide to Forensic Testimony - Addison-Wesley Professional
    - Spam Kings -  OReilly
    - Software Security: Building Security In - Addison-Wesley Software Security Series
    - Exploiting Software: How to Break Code - Addison-Wesley Software Security Series)
    - Incident Response - Computer Forensics Toolkit - Wiley

    When looking at the tables of content of those books you'll automatically gather most of the topics you'll want to learn.
    It's a major undertaking, I know, I've been there ;-)

    Also have a look at what a CISSP has to know. The ten domains - in alphabetical order - are:
    - Access control systems
    - Application security
    - Business continuity and disaster recovery planning
    - Cryptography
    - Information secuirty management and risk management
    - Legal, regulations, compliance and investigations
    - Operations security
    - Physical or environmental security
    - Security architecture and design
    - Telecommunications and network security
    My favorite CISSP books:
    - All in one CISSP Exam guide (3-rd ed.) by Shon Harris
    - The official (ISC)2 Guide to the CISSP CBK (ISC2 press series)
    Both contain lots of references to other books for diving in deeper.

    As an alternative you can have a look at the COMPTIA Security+ certification.

    Success with this major but very worthwhile undertalking. It's an exciting world to get yourself into.

    J. (CISSP)
    LVL 14

    Expert Comment

    Just my tuppence-worth:

    Computer Networks by A Tannenbaum as seen here: is a fantastic book and very good for both learning the building blocks required to read the above books and for general reference.!
    LVL 1

    Author Comment

    Thanks so much for your comments

    To PowerIT just one doubt any one of the books you listed comes with an interactive CD, because I am considering to buy some of the books used.

    And anything for learning linux? if possible

    Best regards, sisiliano.
    LVL 18

    Expert Comment

    By heart I know that the All in One CISSP Exam Guide by Shon harris comes with a CD with trial exams and PDF version of the book. And the Official ISC2 Guide to the CISSP CBK has not. My books are at home, but I'm sure if you just type the titles in Amazon you'll find the info you want.

    For Linux: do you mean references on Linux security, or Linux as a whole?
    If it's Linux in general and as a starter then I recommend getting OpenSuse to get learning: Of course, that's a very personal taste. Others will recommend the Redhat counterpart Fedora. And still others will choose something else.
    A very good starters-book is the Suse Linux Bible published by Wiley. It doesn't go to deep and does not touch security, but it's a nice starter. And on the home page of opensuse: go to the wiki. There is a lot of information there, also the officel Novell books as PDF's.
    If you want more on Linux security: in the Hacking Exposed series I mentioned there is a 'Hacking Linux Exposed'.
    There is also Practical Unix and Internet Security, and Linux Security Cookbook, both from O'Reilly.

    LVL 1

    Author Comment

    Thx so much, i guess i have enough to get started.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now