Skip to main content

Books and Courses

This page collects high-quality, practical books, online courses, and learning platforms I recommend for building real-world cybersecurity skills. The list is organized by level and role, with short notes on why each resource helps and how to use it inside your lab or study plan.

Ethics first

Use these resources to learn defensively and legally. Donโ€™t practice offensive techniques on targets you donโ€™t own or arenโ€™t authorized to test.

How to pick resourcesโ€‹

Use this simple formula to pick study time and intensity:

Total_Hours=Weeksร—Hours_per_Week\text{Total\_Hours} = \text{Weeks} \times \text{Hours\_per\_Week}

Example: a 12-week study block at 8 hours/week gives (12ร—8=96)(12 \times 8 = 96) hours โ€” enough to complete 1โ€“2 intermediate courses plus hands-on labs.

Beginner โ€” foundations (skills, 1โ€“3 months)โ€‹

Booksโ€‹

  • The Web Application Hacker's Handbook โ€” excellent for practical web security fundamentals and payload mindset.
  • Hacking: The Art of Exploitation โ€” core systems and exploitation concepts with hands-on C examples (good for thinking like an attacker).
  • Practical Packet Analysis โ€” short book to learn packet capture basics (Wireshark/tcpdump).

Courses & Platformsโ€‹

  • TryHackMe (Beginner Paths) โ€” guided, hands-on rooms for absolute beginners (networking, web, Linux basics).
  • Coursera / edX โ€” โ€œIntroduction to Cybersecurityโ€ or vendor-backed beginner certificates (IBM, Google, etc.).
  • Udemy โ€” beginner-friendly courses like โ€œComplete Cyber Security Courseโ€ (look for high-rated instructors such as Nathan House).

How to use themโ€‹

  • Read one book while completing 2โ€“3 TryHackMe beginner modules.
  • Build a lab (Kali + vulnerable VM) and practice simple tasks: scanning, packet capture, and a basic SQLi lab.

Intermediate โ€” tooling & practice (3โ€“6 months)โ€‹

Booksโ€‹

  • Metasploit: The Penetration Testerโ€™s Guide โ€” practical exploitation workflows using Metasploit.
  • Practical Malware Analysis โ€” great for getting started with dynamic/static malware analysis (laboratory-focused).
  • The Practice of Network Security Monitoring โ€” for blue team skills: detection and monitoring.

Courses & Platformsโ€‹

  • TryHackMe (Intermediate / Offensive Paths) โ€” CTF-style labs and structured paths for pentesting basics.
  • Hack The Box (HTB) โ€” hands-on vulnerable machines, great for practicing enumeration & exploitation.
  • Offensive Security (PWK / OSCP) โ€” if you want a rigorous, hands-on pentesting course (lab-heavy).
  • Pluralsight / LinkedIn Learning โ€” targeted courses for specific OS or stack skills (Windows internals, Linux hardening).

How to use themโ€‹

  • Pair a book chapter with a targeted lab (e.g., read Metasploit chapter โ†’ exploit a Metasploitable VM).
  • Aim to solve 1 HTB machine per week and keep a writeup journal.

Advanced & Specialization (6+ months)โ€‹

Booksโ€‹

  • Applied Cryptography โ€” deep dive into cryptographic primitives and design (theory + practice).
  • Rootkits & Bootkits (or vendor advanced titles) โ€” for deep OS internals & persistence techniques.
  • Vendor and SANS books on advanced DFIR, forensics, and exploit dev.

Courses & Platformsโ€‹

  • Offensive Security โ€” OSCP โ†’ OSCE (advanced) โ€” exam and lab-focused progression for exploit development and deep pentesting.
  • SANS Institute โ€” high-quality, high-cost courses on DFIR, ICS/SCADA, advanced incident response.
  • eLearnSecurity / Pentester Academy โ€” advanced offensive/defensive specializations.
  • Cloud security courses (AWS/Azure/GCP security tracks) โ€” for cloud-native attack/defense.

How to use themโ€‹

  • Combine advanced reading with long, timed lab exercises (e.g., multi-week exploit chains, red-team scenarios).
  • Contribute to writeups, open-source tooling, or research to deepen mastery.

Practical, role-focused learning pathsโ€‹

  • Pentester: Foundations โ†’ Nmap, Burp, Metasploit โ†’ HTB/OSCP โ†’ Advanced exploit dev.
  • Blue team / SOC analyst: Foundations โ†’ Splunk/ELK, Security Onion โ†’ Incident response & threat hunting.
  • Forensics / Malware Analyst: Foundations โ†’ Autopsy & Volatility โ†’ dynamic malware analysis / sandboxing.

Recommended hands-on platforms & labsโ€‹

  • TryHackMe โ€” excellent guided beginner โ†’ intermediate paths.
  • Hack The Box โ€” real-world machine practice, scalable difficulty.
  • VulnHub / Metasploitable โ€” downloadable vulnerable VMs for offline labs.
  • RangeForce / Immersive Labs โ€” scenario-based SOC training (team/enterprise focus).
  • Cuckoo Sandbox / Any.run โ€” for safe malware execution and observation.

Courses & Certificates โ€” which to chooseโ€‹

  • Entry-level / career-starters: Google Cybersecurity Certificate, IBM Cybersecurity Analyst (Coursera), CompTIA Security+.
  • Hands-on offensive: Offensive Security PWK โ†’ OSCP (laboratory and exam).
  • Hands-on defensive: Splunk Fundamentals + Splunk certifications; Elastic/Kibana training; Security Onion courses.
  • Management / governance: CISSP (broad), CISM (management-focused).
tip

Certifications support hiring and credibility โ€” but practical labs and documented projects (HTB writeups, GitHub repos, blog posts) are often more convincing in job interviews.

Study plan โ€” 12-week sample (balanced)โ€‹

Weeks 1โ€“4 (Foundations)โ€‹

  • Read a foundational book (e.g., Web App Hackerโ€™s Handbook chapter excerpts).
  • Complete TryHackMe beginner path (networking + web basics).
  • 6โ€“8 hours/week hands-on.

Weeks 5โ€“8 (Tools & Practice)โ€‹

  • Finish a focused course (Burp / Nmap + Web labs).
  • Solve 6 HTB/THM machines (one per 3โ€“4 days).
  • Start a lab notebook / writeups.

Weeks 9โ€“12 (Project & Report)โ€‹

  • Pick a target VM โ†’ run a full pentest (recon โ†’ exploit โ†’ post-exploit) in lab.
  • Produce a short report and remediation recommendations.
  • Prepare for a certification exam if desired.

Free vs Paid โ€” what to invest inโ€‹

  • Free: TryHackMe (many free rooms), VulnHub, OWASP resources, YouTube instructors (John Hammond, LiveOverflow), GitHub repos, OWASP Juice Shop.
  • Paid & high-value: OSCP (lab depth), SANS (enterprise-grade), Pluralsight/OffSec courses for structured progression, books from reputable publishers (No Starch, Oโ€™Reilly).
  • Tip: Start with free resources; invest in one paid, lab-heavy course (OSCP or equivalent) when youโ€™re ready to commit time.

Continuous learning โ€” podcasts, newsletters, and blogsโ€‹

  • Podcasts: Darknet Diaries, Risky Business, Security Weekly โ€” good for threat context and stories.
  • Newsletters / blogs: SANS Internet Storm Center, Krebs on Security, Cloud provider security blogs (AWS, Microsoft) for cloud-focused learners.
  • Twitter / X and Mastodon: follow respected practitioners for short tips and links to research.

How to keep momentum (practical tips)โ€‹

  • Build a weekly habit (2โ€“3 focused sessions of 60โ€“120 minutes).
  • Maintain a lab notebook with timestamps, commands, and lessons learned.
  • Publish 1 writeup every month (HTB box, lab exercise, or vulnerability replication).
  • Join local meetups and online communities โ€” accountability speeds learning.

Quick annotated reading list (one-line why)โ€‹

  • The Web Application Hackerโ€™s Handbook โ€” web app attack and defense best practices.
  • Hacking: The Art of Exploitation โ€” systems fundamentals and exploit mindset.
  • Practical Malware Analysis โ€” malware triage & sandboxing techniques.
  • Metasploit: The Penetration Testerโ€™s Guide โ€” exploitable modules & workflow.
  • The Practice of Network Security Monitoring โ€” building the blue team muscle.