Book Review: Defensive Security Handbook

By Adrian | May 31, 2020


Recently I purchased a few infosec books, one of them being the Defensive Security Handbook written by Lee Brotherston & Amanda Berlin.

While this book was written back in April 2017, the information contained within is still very relevant today and will give the reader a sound footing when it comes to what you need to have as a secure baseline in your environment.

There are 21 chapters that can be read from cover to cover, or each in isolation. Each topic is broken down into succinct chapters for a particular subject matter.

A wide range of topics such as the importance of senior management buy in, policy management, asset management, incident response, disaster recovery, endpoints, passwords, networks, logging and SIEM amongst other topics are covered.

The Defensive Security Handbook doesn’t necessarily go into topics in super depth (lets face it, each chapter covered could really be a 300 page book itself), but it does give the reader a good place to start for what I would say are the mandatory minimums. It has helped me reinforce and validate my exiting knowledge as well. This book is contains 284 pages of quite easy reading that won’t put you to sleep and can not only be knocked over in less than a week, but also be used as a continual reference down the track.

Lee and Amanda have done an incredible job with this reference book and I would highly recommend this book for not only engineers, system administrators and security analysts who are designing, managing and operating the technology on a day to day basis, but for management who are also responsible for overseeing their operations. It may help managers understand the importance why some security related recommendations are given and that we aren’t necessarily calling their kids ugly all the time.

Given the age of the book and the rate of change in our industry (I knew what I was getting into when I bought this book), I would love to see a revision made in a few years time to include the new baselines and standards of IT security and where our environments need to be at. I’d buy it again in a heartbeat.