First time poster from the UK here. What Information Security books are people reading and / or would recommend as a side to the ones that people are using to help with certifications? I'm looking for recommendations on specific domain books or great all rounders as well.
Tripwire has a nice article about this on their website. It is worth taking a look:
There was a time early in my career when I used to buy the hacking exposed books because I was interested in learning more about the subject. From what I understand the hacker's playbooks are really good and a lot of people order them along with the Red Team/Blue Team Field Manuals. Also, read and try to understand as much as you can on Operating Systems, Networks, and IT Operations in general it will make you stronger and better well rounded.
Along with the other recommendations, I would like to add the following: "Hacking: The Art of Exploitation" and "The Rootkit Arsenal". Both books are loaded with detailed information and can offer a better insight (or can kill some time at the very least).
I recommend the classic: "The Cuckoo's Egg" by Clifford Stoll. While the technology is a bit dated, the efforts to track an adversary are not and it is interesting to see how a little irregularity in details can foil an attacker or at least tip off a curious individual who is paying attention.
Funny you mentioned "The Cuckoo's Egg", I just ordered it (literally an hour or so ago)! Also planning on ordering/reading "Ghost in the Wires: My Adventures as the World's Most Wanted Hacker" by Kevin Mitnick, always interesting to read about other's experiences.
I would also recommend Kevin Mitnick's other books: The Art of Deception and The Art of Intrusion. Both good reads into how to be a successful social engineer.
In order to detect them you have to know how they work. He provides some good examples in these books.
"In the spring of 2013, Palo Alto Networks created a “Rock and Roll Hall of Fame” for cybersecurity books that we call The Cybersecurity Canon Project. Its goal is to identify a list of must-read books for all cybersecurity practitioners—be they from industry, government or academia—where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education."