Best cybersecurity books from 2021

Designing Secure Software

A Guide for Developers

Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

Real-World Cryptography

David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

The Hardware Hacking Handbook

Breaking Embedded Security with Hardware Attacks

Jasper van Woudenberg and Colin O'Flynn (NewAE / ChipWhisperer) on real hardware attacks: bus sniffing, fault injection, side-channel power analysis, and the lab work that turns a black box into a known target.

Black Hat Python

Python Programming for Hackers and Pentesters

Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.

Bug Bounty Bootcamp

The Guide to Finding and Reporting Web Vulnerabilities

Vickie Li's pragmatic walk through the bug-bounty workflow, from picking a program and recon to reporting findings that actually pay out.

Crypto Dictionary

500 Tasty Tidbits for the Curious Cryptographer

Jean-Philippe Aumasson's alphabetical, opinionated reference on cryptographic terms, primitives, attacks and folklore. Snack-format companion to Serious Cryptography.

How Cybersecurity Really Works

A Hands-On Guide for Total Beginners

Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.

Practical IoT Hacking

The Definitive Guide to Attacking the Internet of Things

Five-author guide to IoT pentesting covering hardware probing, radio (BLE / Zigbee / LoRa), embedded firmware, and the protocols that connect cheap devices to vulnerable backends.

Practical Linux Forensics

A Guide for Digital Investigators

Bruce Nikkel's reference for forensic analysts working post-mortem on Linux images: filesystems, journaling, logs, persistence locations, and the chain of custody discipline around them.

This Is How They Tell Me the World Ends

The Cyberweapons Arms Race

Nicole Perlroth's reporting on the global zero-day market: how exploits get bought, by whom, and how the gray-then-black market shapes which vulnerabilities get fixed and which get hoarded.

Cyberjutsu

Cybersecurity for the Modern Ninja

Ben McCarty maps declassified medieval ninja scrolls onto modern adversary tradecraft. More analogy-driven than technical, useful for security-program framing.

Kubernetes Security and Observability

A Holistic Approach to Securing Containers and Cloud-Native Applications

Brendan Creane and Amit Gupta's combined treatment of Kubernetes security and observability — RBAC, network policy, runtime detection, and the telemetry needed to make any of it operationally real.