I read alot of books across different genres, the below are the list of books I have read since January this year.
PS: Some of the books got nothing to do with InfoSec, but I tend to focus on topics such as productivity, emotion intelligence/fitness, personal development, and other interesting topics I pick up from podcasts and books.
For the new cyber security consultants, either your internal or providing consulting services to clients. Speaking this from GRC point of view, most consultant may ignore the fact that for one being effectively in providing sound advice to clients, especially in this modern era of cyber security, one need to at least understand what need to be protected i.e information asset.
Information can be physical or digital/electronic. Information has its life cycle, and go through phases such as creation, processing, and storage. There is a famous data cycle – refer to this blog as https://www.securosis.com/blog/data-security-lifecycle-2.0 . All the phases information will need to be protected.
Diagram: The data security life cycle.
Through this life cycle, when considering digital form of information, it will touch different layers such as Computing, storage, network, and well all these things they just don’t live in the vacuum (cloud), they need to physically hosted, that’s where physical security comes into play.
I believe in deconstructing things to its core or the basic bare. I think the areas below, a cyber security consultant should at least have some high level understanding on how things work and how they are built. (architecture)
As a Cyber Security Consultant, whether you choose technical or non technical track, you will need to build competence in understand the following areas. Computing including OS, Virtualisation + Containers, Cloud, Database, Application / Software- Programming, Networking, Storage and physical at the very basic level. These areas form the basic of what you are going to protect, as they relates to information / data lifecyle.
Hint: You dont have to do any the certification however you need a structural way for reading and master the topic / competence area. My approach as always been a self-study, others prefer boot-camps if they have resources (money and time) to do so.
On fortnightly I tend to follow work of interesting individuals, these can be cyber security professional or other professional e.g. motivation speakers, human genuine pigs, peak performance coaches etc. So below is my list of person of interest and the work they did / do.
Tim (othy) Ferriss – Author of Tool of Titans, Tribe of Mentors, The 4 hours work week, and many other books – http://www.tim.blog
Robin Sharma – 5 am Club, The Monk who sold his ferrari, the leader without title
Josh Waitzkin – The Art of Learning, Peak Perfomance Coach