A collection of reading matter that would give good background coverage on security. Most relevant to people building or operating systems attached to the Internet.
Something written by Bruce Schneier
Most of his general security writing would provide a good introduction to the type of problems being faced currently, some good principles for addressing them and some common anti-patterns to avoid.
These are particularly useful.
- https://www.schneier.com/books/secrets_and_lies/
- https://www.schneier.com/books/beyond_fear/
- https://www.schneier.com/books/liars_and_outliers/
Avoid his writing on cryptography until you have the general security background.
You will likely also be interested in his blog, but his general security writing is a vbetter way to get started.
Security Engineering is a good reference book for those building systems that are likely to be attacked.
It may seem quite long, but it is definitely worth it. It is the most thorough overview that currently exists and will fill in the gaps in your knowledge that you might still have after reading more detailed texts on specialist areas. If you don't have the specialist knowledge yet, it's a great (although demanding) use of your time.
Thinking in Systems, A Primer, Donella Meadows, ISBN: 978-1603580557
This is not specifically about security, but gives you some of the insight into how to think about systems in a way that will help you understand their security.
Cyber War: The Next Threat to National Security and What to Do About It
Focused on policy and various other Government responses. Lots of examples of attacks and details about the blurring between criminals and states.
Very policy focused, basically claiming that it's not really war. Again lots of legal details but also interesting examples and arguments.
Inside Cyber Warfare: Mapping the Cyber Underworld
A book basically about the makeup and structure of Russian criminal organisations and what nefarious online crime they get up to. Lots of public details of the type our colleagues won't tell you :)
Threat Modeling: Designing for Security
Useful in the context of thinking about what we're protecting, and having an attacker's mindset.
The Tangled Web: A Guide to Securing Modern Web Applications
Brilliant book on attacking web apps.