Information Security Reading List

I read quite a bit (probably a book a week or so) and one of the topics I’ve been reading on for a while is information security. In a recent conversation someone asked for some book suggestions, so I thought I’d write that up in a blog post rather than an email.

Most of this list isn’t particularly technical. It’s not a developers list of software engineering tomes. If you’re a developer or operator then I’d recommend reading some of the more policy or journalistic pieces as well for context. And if you’re just interested in the topic but nor particularly technical I’d skip the security engineering suggestions.

Note that I make no claims about this being a particularly balanced list, it’s biased towards what I find interesting to read. Hopefully you’ll find it interesting too.


Understanding why Information Security is important tends to require some context. The following books provide that, with detailed real-world stories of criminal and government activities.

Policy and context

These books are focused more on government policy and nation state threats, and the debate about the rules of war and the internet.

Security engineering

On my reading list

I’ve not read these books yet so can’t recommend them as such, but they both look good additions to the list above.