Best DevSecOps books

Security Chaos Engineering

Sustaining Resilience in Software and Systems

Kelly Shortridge and Aaron Rinehart on treating security as a property of complex adaptive systems: instead of preventing failure, you continuously simulate it, and design the organization to learn from each result.

Building Secure and Reliable Systems

Best Practices for Designing, Implementing, and Maintaining Systems

Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.

Alice and Bob Learn Application Security

Tanya Janca's hands-on AppSec primer covering threat modeling, secure design, secure coding, testing, deployment, and the social side of running an AppSec program — through a friendly, narrative-driven structure.

Container Security

Fundamentals for Securing Containerized Applications

Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.

Kubernetes Security

Liz Rice and Michael Hausenblas's freely-available O'Reilly short on the Kubernetes-specific security model: API server, RBAC, network policy, secrets, and the typical hardening steps that move a cluster from default to defensible.