Top Books for Cybersec Leaders & Pros! (Must Read / Listen)

Hi there,

Hope you are doing well.

Q2 2025 started with uncertainty; and you must be carefully observing (probably anxiously) as to how the Tariff’s war is going to unfold and what will be its impact to the tech / cyber security industry and in general for all the economies. Temporarily postponed for now for most.

On my end, its been busy last few weeks, and hence, I missed publishing and reaching you all last week. Not sure if you also missed seeing my email? 😊 

In this edition, I thought of sharing:

• ✍️ My 2025 target list of IT, OT Cybersec. & Non-Cyber Books to read.

• 📘 List of great IT and OT Cybersecurity and Leadership Books.

• 📘 List of great Personal development, Productivity & Business Books.

• 📲 Few updates - views published & upcoming OT virtual conferences.

• ✍️ Upcoming newsletter & call for expert input & shares.😉 

But before we begin, do me a favour and make sure you “Subscribe” to let me know that you care and keep me motivated to publish more. Thanks!

Ready? let’s dig in.

Yours truly.

— Yousuf.

Together with (Sponsor):

Find out why 1M+ professionals read Superhuman AI daily.

In 2 years you will be working for AI

Or an AI will be working for you

Here's how you can future-proof yourself:

1. Join the Superhuman AI newsletter – read by 1M+ people at top companies

2. Master AI tools, tutorials, and news in just 3 minutes a day

3. Become 10X more productive using AI

Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.

Sign up and start learning AI

My Target list of Books to read in 2025

I’ve always neglected and or have struggled to read books for most part of my career - a big mistake I know. It’s always been some cert or project driven need that was the pushing force behind reading a book.

I know many, like me, struggle with it - that may be you too.

Groovy if you are into reading books 🙂😉 

I’ve spend my time acquiring knowledge by reading blogs/articles/whitepapers, but mostly listening / watching. Audio books have been an alternative option. Though the cost has been of a concern in the past - I’d say, quite wrongfully so.

It’s same as buying a course or getting into bootcamps etc. for that matter.

Think of it as an investment on personal and professional development. And if you have a budget (company/personal), spend some on them.

If cost is of concern, O'Reilly, packet publishing, amazon kindle/audible and humble bundle offers a low cost digital alternatives to ordering paper based books.

In no particular order, heres’ a target list of on my kindle/audible books for 2025:

1. How to Measure anything in Cybersecurity Risks by Douglas W. Hubbard and Richard Seiersen.

2. Critical Infrastructure Risk Assessment: The Definitive Threat Identification and Threat Reduction Handbook by Ernie Hayden.

3. Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup by Ross Haleliuk, Caleb Sima, Jeremiah Grossman.

4. Security Team Operating System: How to Run an Unstoppable Team by Christian Hyatt.

5. ChatGPT for Cybersecurity Cookbook: Learn practical generative AI recipes to supercharge your cybersecurity skills by Clint Bodungen, and Aaron Crow.

6. The Cyber Leadership Imperative: Powerful Strategies to Unlock Your Potential and Become an Exceptional Cybersecurity Executive – by Phillimon Zongo (Author), Darren Argyle (Author), Jan Schreuder.

7. Shell Shocked - Blue Team Diaries by Mike Sheward.

8. Personal Data (Privacy) Law in Hong Kong - A Practical Guide on Compliance - Third Edition. Edited by Ada Chung, Lai-ling & Guiobin Zhu. This was not on my list until very recently, and was an unexpected lend by a HK data privacy officer (DPO) expert, whom I meet during a review of a large environment. I mentioned in one conversation that I wanted to get it but ordering didn’t seem easy, and to my surprise in the next meet, the DPO was lending me the book to read - a very kind and thoughtful gesture. Thank You!

For Business, Personal Development & Productivity (Non-Cyber)

1. Million Dollar Weekend: The Surprisingly Simple Way to Launch a 7-Figure Business in 48 Hours by Noah Kagan.

2. Limitless: Upgrade Your Brain, Learn Anything Faster, and Unlock Your Exceptional Life by Jim Kwik.

3. The 4-Hour Work Week: Expanded and Updated, With Over 100 New Pages of Cutting-Edge Content by Timothy Ferriss.

4. Psychology of Money: Timeless lessons on wealth, greed, and happiness by Morgan Housel.

5. Feel Good Productivity by Ali Abdaal.

6. $100M Leads: How to Get Strangers To Want To Buy Your Stuff by Alex Hormozi.

7. $100M Offers: How To Make Offers So Good People Feel Stupid Saying No by Alex Hormozi.

8. Atomic Habits by James Clear.

More than a dozen book is slightly scary and seems mission impossible. Lets see!

Let me know what’s yours by commenting below.

Other IT & OT Cybersecurity & Leadership Books

There are plenty, but I’d like to cover some handful of interesting ones that you can leverage as part of your learning journey.

Disclaimer: I’ve not read them all. But most of these are on my Wishlist or in library.

Here’s a list of some great IT & OT Cybersecurity Books, in no particular order:

1. Industrial Network Security - by By Eric D. Knapp and Joel Langil.

2. Hacking Exposed: Industrial Control Systems - ICS and SCADA Security Secretes and Solutions - by Clint Bodungen, Stephen Hilt, Aaron Shbeeb, Bryan Singer, Kyle Wilhoit.

3. Sandworm - The new Era of Cyberwar and the Kremlin’s Most Dangerous Hackers - by By Andy Greenberg.

    

4. Industrial Cybersecurity - Second Edition - Efficiently monitor the cybersecurity posture of your ICS environment - by Pascal Ackerman. 

5. Industrial Automation and Control Systems Security Principles - 2nd Edition - Protecting the Critical Infrastructure - by Ronald L. Krutz. 

6. Countdown to Zero Day - Stuxnet and the Launch of first Digital Weapon - by Kim Zetter.

7. Industrial Control Systems: Engineering Foundations and Cyber-Physical Attack Lifecycle - Technical white paper by Marina Krotofil.

8. Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) - 1st Edition - by Andrew A. Bochman, Sarah Freeman.

9. Industrial Cybersecurity: Case Studies and Best Practices - by Steve Mustard.

10. Pentesting Industrial Control Systems - An ethical hacker's guide to analyzing, compromising, mitigating, and securing industrial processes - by Paul Smith.

11. Resilient Cybersecurity - Reconstruct your defense strategy in an evolving cyber world - by Mark Dunkerley.

12. Privilege Escalation Techniques - Learn the art of exploiting Windows and Linux systems - by Alexis Ahmed.

13. Blockchain Security from the Bottom Up - Securing and Preventing Attacks on Cryptocurrencies, Decentralized Applications, NFTs, and Smart Contracts by Howard E. Poston.

14. If It’s Smart, It’s Vulnerable by Mikko Hypponen.

15. The Art of Deception - Controlling Human Element of Security - by Kevin Mitnick & William L. Simon.

16. Ghost in the Wires: My Adventures as the World's Most Wanted Hacker - by Kevin Mitnick.

17. The Security Culture Playbook - by Perry Carpenter Kai Roer.

18. Software Transparency - Supply Chain Security in an Era of a Software-Driven Society - by Chris Hughes Tony Turner.

19. The Cuckoo’s Egg - Tracking a Spy Through the Maze of Computer Espionage - by Cliff Stoll.

20. The Essential Cybersecurity Exercise Playbook - by Lester Chng.

     

21. Practical Hardware Pentesting - A guide to attacking embedded systems and protecting them against the most common hardware attacks - by Jean-Georges Valle.

And am sure many great ones I’ve missed.

What would you add? Comment below.

Other Leadership Books.

Disclaimer: I’ve not read them all. But most of these are on my Wishlist or in library.

Here’s a list of some great leadership books:

1. The Sealed Nectar: Biography of Prophet (PBUH) - by Safiur Rahman.

2. The 100 Most Influential People of All Time - by Tom Hazard.

3. The 5 Types of Wealth: A Transformative Guide to Design Your Dream Life - by Sahil Bloom.

4. How to Stop Worrying and Start Living - by Dale Carnegie.

5. The First 90 Days: Proven Strategies for Getting Up to Speed Faster and Smarter – by Michael D. Watkins.

    

6. The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers - by Ben Horowitz. 

7. Leadership Strategy and Tactics: Field Manual - by Jocko Willink. 

8. Trillion Dollar Coach: The Leadership Playbook of Silicon Valley's - by Bill Campbell.

9. The Art of Leadership - Small Things Done Well - by Michael Lopp.

10. The 80/20 Principle: The Secret to Achieving More with Less - by Richard Koch.

11. The Almanack of Naval Ravikant: A Guide to Wealth and Happiness Audible Logo Audible Audiobook – by Eric Jorgenson, Tim Ferriss.

12. War and Peace and IT: Business Leadership, Technology, and Success in the Digital Age - by Mark Schwartz (Author).

13. Alchemy: The Dark Art and Curious Science of Creating Magic in Brands, Business, and Life - by Rory Sutherland.

14. Company Of One: Why Staying Small Is the Next Big Thing for Business Paperback – by Paul Jarvis.

15. The Business of Expertise: How Entrepreneurial Experts Convert Insight to Impact + Wealth – by David C. Baker.

16. Security Engineering: A Guide to Building Dependable Distributed Systems 3rd Edition - by Ross Anderson.

Above list is inspired by the posts from Phil Venables and Mike Privette, but with my own favourites included and now several of them on the wish list.

What would you add? Comment below.

Together with (sponsor)

Learn how to make AI work for you

AI won’t take your job, but a person using AI might. That’s why 1,000,000+ professionals read The Rundown AI – the free newsletter that keeps you updated on the latest AI news and teaches you how to use it in just 5 minutes a day.

Sign up to start learning.

Few Updates (Sharing and Conference)

• My thoughts along with leading experts, Mike & Tim, was published - here.

• I’ll be presenting in a virtual conference event coming soon - register for your respective region below: (note: It’ll be the same presentation for each so join according to your region. This’ll be my first post covid public speaking (not yet physical) activity since 2019 for any event for that matter.

  • Industrial Cyber Days for Manufacturing for US time zone → US.

  • Industrial Cyber Days for Manufacturing for US time zone → EMEA.

  • Industrial Cyber Days for Manufacturing for US time zone → APAC (registration link yet to open).

For US - Track 4 A: People & Governance

For EMEA - Track 2 B: Best Practices

“Securing the Digital Factory: Lessons from the Field on Security Challenges from Industry 3.0 to 4.0 and Beyond”.

This session explores the challenges of securing manufacturing operations during the transition from Industry 3.0 to Industry 4.0. Drawing from experiences across three different manufacturers, the discussion highlights the limitations of traditional security approaches and their applicability in modern manufacturing environments that incorporate UNS and IIoT-based architectures.

Additionally, this session serves as a mini-course introduction to the Securing Things IT-OT CySEAT (Cyber Security Education and Transformation) program, providing insights into securing digital factories.

Key Learning Objectives:

Understanding Industry 4.0, the manufacturing lifecycle, automation stack, and digital transformation Exploring secure UNS-based architecture and the lack of industry-specific security guidance. Developing a strategic approach for securing the digital factory.

If you haven’t checked out yet - do join IT-OT CySEAT waiting List before the launch discount closes.

What’s coming?

I have been juggling with few things lately, in addition to newsletters publishing, social posts/interactions, some volunteering time, and trying to wrap up few project assignments while figuring out what’s next later in store for me in Q2/Q3.

Have been working on few upcoming Part 3 of The Digital Factory series:

🤙 out to all OT/ICS experts out here 📢 

I need your input - on "Industry Debates and Updates in/ OT / ICS - The Digital Factory - Architecture - Part 3"! 🗞️

In my upcoming newsletter edition, I'm trying to cover few industry debates;

👉 Digital Transformation - a project or a strategy?

👉 IT/OT Convergence - is it or is it not converging? :-p

👉 Purdue Model – Dead or Alive? | For Security or no Security?!

👉 🙋‍♂️ any other suggestions?

and few Industry updates: (well not so known but not new)

👉 Death of Purdue Model - Gartner position (2023)

👉 Network Architecture – Solutions driven

👉 IT/OT Event Driven Reference Architecture –

👉 62443 standards requirements for Cloud - ISA's position

💁‍♂️ 💁‍♀️ I've got some references to interesting debates from socials (LinkedIn) but want to see if you guys have some spicy ones at your disposal that you can share.

Also, if you want to contribute? ✍ send me a DM 📥 / drop a comment👇

Will add yours with attribution and a shout out! 📢 

♻️ if you know someone be interested.

Thanks 🌟

My Recent Most Viewed Social Posts

In case you’ve missed - here are some of my recent most viewed social posts.

• 📢 All Series Index - Securing Things 📢✅[ST #60] IT, OT & AI Cybersecurity – Program, Digital Factory, Guides, Standards, Crash Courses, Quarterly Insights & more.🚀 [Securing Things by M. Yousuf Faisal] 🗞️🗞️🗞️

• Cybersecurity and AI Across the Industrial Automation Stack - Monthly Digest # 1 - ✅ Industry Trends, Market Insights on cybersecurity and AI across the layers of industrial automation stack (Cloud, ERP, DMZ, MES, SCADA, HMI, PLC/Edge), physical devices & more.🚀 [Securing Things by M. Yousuf Faisal].

• ISA/IEC 62443 Standards - Part 5 - Security Program Elements (SPEs) for 62443-2-1:2024, Upcoming Asset Owner ACS Security Assurance (ACSSA) Certification Scheme to ISA/IEC 62443-2-1, 2-4, 3-2, 3-3 by ISCI, CISO's role, other interesting reads.

• The Digital Factory (Data Flow) - Part 2 Industry 4.0 data/event driven data flows and security considerations and how's CISO's role is evolved in OT security.

• Cybersecurity & Data Privacy for Hong Kong - HK Cybersecurity Market, upcoming Critical Infrastructure Bill 2024 regulations, Data Privacy Program Core elements, HK markets and more.

• Biggest Cybersecurity Acquisition Ever - ✅Google Acquisition of Wiz - a $32B Bet to End “Security Theatre” and future of Multi-Cloud Security, also includes analyst views what this means for the cybersec industry.🚀 [Securing Things by M. Yousuf Faisal]

• 📢 📰 Secure by 3Ds (Demand | Design | Default) 📢 📰 ✅ The trifecta reshaping IT & OT cybersecurity industry!

• What the heck is ITDR - A crash course on Identity Threat Detection & Response.

Ways in which I can help?

Whenever you are ready - I can help you with:

A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.

B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program through our subscription based service.

C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.

Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.

D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.

Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.