Keep hearing people ask for books or material from people asking to get started in security. Currently, I am recommending Ben Grimes latest book below. Any other suggestions?
Depending on whether you are focusing on technical security, organization security, data security or another domain I'd add these books to the "new to security" reading list as they are informative, without being overly complex and will likely help inspire a dialogue:
Data & Goliath: The Hidden Battles to Capture Your Data, Bruce Schneier, 2016
The Art of Invisibility, Kevin Mitnick, 2017
Everybody Lies, Seth Stephens-Davidowitz, 2017
Future Crimes, Marc Goodman, 2015
If you have someone who wants to go way back in time here are a few oldies (but goodies) that help formulate many of the foundations of insecurity in the hope of espionage:
The Puzzle Palace, James Bamford
Secrets and Lies, Bruce Schneier
...and if you want to cheat and use someone else's list, here's an obligatory DuckDuckGo top result:
Lots of possibilities, but for a departure from the purely technical, one of my favorites is Bruce Sterling's "The Hacker Crackdown." Well written account that covers the early days of battle between law enforcement and cyber thieves, vandals and explorers. Sure, it may be a bit dated, but bear in mind that in cybersecurity, the more things change, the more we keep writing passwords on post-it-notes 😉
Sometimes there are even security books that I recommend people read!
You want one, single security book? Read "Security Engineering," by Ross Anderson. Best single volume security book I know. (And I know hundreds.)
(You don't even have to buy it, although I recommend you do, since he puts the previous edition up on the Web, so you can read that for free.)
I always start the list of books to understand computer-, network-, information-, and cyber-security with Cliff Stoll's The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage.
That book is an easy read, draws the reader in like a good novel, and a great intro to why we all do what we do
Many items of understanding our field are embedded in that real world tale, including the very important fact that "this ain't new, folks." The book was published three decades ago, describing events even farther back.
1. Malicious hacking is not only by geeky introvert teenagers in mom's basement. Foreign nations do it, too. (No longer as an essential lesson to blow out a myth than ten years ago.)
2. It's not always for kicks; real espionage has been online all along.
3. "Lilly pad hopping" using multiple intermediary computers for packet transport to obscure the source is not new. (That term is not used in the book.)
4. Cliff implemented the first publicly known honeypot computer protection program, complete with live out-of-channel alert notification. (That term is not used in the book.)
5. Law enforcement and counter-intelligence agencies of multiple nations are hide-bound organizations resistant to major new information "not invented here," that is, information that is already on the list they already know they need to monitor or investigate.