// Comparison

Hacking: The Art of Exploitation vs The Practice of Network Security Monitoring: Which Should You Read?

Two cybersecurity books on Networking, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

5/52008

Hacking: The Art of Exploitation

Jon Erickson

A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.

Intermediate

5/52013

The Practice of Network Security Monitoring

Understanding Incident Detection and Response

Richard Bejtlich

Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

Read this if

Self-taught hackers who want to understand what a stack overflow actually is, not just how to invoke msfconsole.

Every SOC analyst and detection engineer. Bejtlich's foundational text on NSM: collect-everything, alert-on-narrow, investigate-broadly. Defines the vocabulary the modern detection field still uses.

Skip this if

Readers looking for modern exploitation (ASLR, CFI, browser sandboxes). The defenses Erickson covers are now baseline, not frontiers.

Readers wanting current SIEM tooling specifics. The book pre-dates EDR-as-default and modern cloud-native telemetry; the principles transfer, the tooling specifics don't.

Key takeaways

Exploitation is a way of seeing programs, not a list of techniques.
Memory corruption is best learned with a debugger open beside the book.
The first half on C/assembly is worth the price even if you skip the exploits.

Detection without prevention is a strategic choice, not a fallback; Bejtlich was years ahead in arguing the case and the book remains the clearest argument.
The four data types (full content, session, transactional, statistical) are still the right framework for thinking about detection coverage.
Most SOC failures are organizational and procedural, not tooling; the book's chapters on workflows, runbooks, and analyst growth are still the best in print.

How they compare

Hacking: The Art of Exploitation and The Practice of Network Security Monitoring are both rated 5/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Hacking: The Art of Exploitation and The Practice of Network Security Monitoring both cover Networking, so reading them in sequence reinforces the same material from different angles.

Keep reading