Cyber Shelf

// Prerequisites

What to read before Intelligence-Driven Incident Response

If Intelligence-Driven Incident Response feels too steep at intermediate level, here is what to read first. Lighter books in the same topics that build the prerequisites this one assumes.

Incident ResponseThreat IntelligenceDefensive

  1. 01 · 2019

    Foundations of Information Security

    Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.

    Beginner
    4/5Jason Andress

  2. 02 · 2021

    How Cybersecurity Really Works

    Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.

    Beginner
    4/5Sam Grubb

  3. 03 · 2014

    Incident Response and Computer Forensics

    Luttgens, Pepe, and Mandia's working playbook for running an enterprise IR engagement: pre-engagement readiness, evidence acquisition, network and host forensics, and the project-management discipline that separates a controlled response from a panic.

    Intermediate
    4/5Jason T. Luttgens, Matthew Pepe, Kevin Mandia

  4. 04 · 2019

    Sandworm

    Long-form journalism on the GRU's hacking operations, the best non-technical book on what state-level cyber actually looks like.

    Beginner
    5/5Andy Greenberg

  5. 05 · 1989

    The Cuckoo's Egg

    Clifford Stoll's first-person account of investigating a 75-cent accounting discrepancy at LBNL that turned into a year-long pursuit of a KGB-paid intruder across early-internet networks.

    Beginner
    5/5Clifford Stoll

  6. 06 · 2017

    Practical Packet Analysis

    Chris Sanders' working manual for Wireshark, geared at troubleshooting and incident response rather than abstract protocol theory. Updated for Wireshark 2.x.

    Beginner
    4/5Chris Sanders

  7. 07 · 2020

    Web Security for Developers

    Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.

    Beginner
    4/5Malcolm McDonald

  8. 08 · 2021

    Cyberjutsu

    Ben McCarty maps declassified medieval ninja scrolls onto modern adversary tradecraft. More analogy-driven than technical, useful for security-program framing.

    Beginner
    3/5Ben McCarty
Back to Intelligence-Driven Incident ResponseWhat to read after Intelligence-Driven Incident Response