Jamil Ahmed

โš”๏ธ Arsenal

Books I read, frameworks I apply, and professional bodies I follow โ€” a window into my continuous learning as a senior cybersecurity consultant.

๐Ÿ“– Reading List

Cover of Industrial Cybersecurity

Industrial Cybersecurity

Pascal Ackerman ยท 2017

Hands-on guide to securing ICS/SCADA environments using IEC 62443 โ€” the definitive practitioner reference.

Cover of Hacking Exposed Industrial Control Systems

Hacking Exposed Industrial Control Systems

Clint Bodungen et al. ยท 2016

Attack and defense techniques for SCADA, PLCs, and DCS โ€” essential for OT security assessors.

Cover of Countdown to Zero Day

Countdown to Zero Day

Kim Zetter ยท 2014

Definitive account of Stuxnet โ€” the world's first weaponised cyber weapon targeting industrial control systems.

Cover of Practical Industrial Cybersecurity

Practical Industrial Cybersecurity

C.J. Brooks ยท 2022

Practical ICS/SCADA security covering risk management, network segmentation, and compliance frameworks.

Cover of IT Governance

IT Governance

Alan Calder & Steve Watkins ยท 2012

ISO 27001 and COBIT-aligned governance โ€” essential reading for GRC and information security management.

Cover of Cybersecurity and Cyberwar

Cybersecurity and Cyberwar

P.W. Singer & Allan Friedman ยท 2014

Strategic and geopolitical view of cyber threats โ€” important context for senior security advisors.

Cover of CISO Desk Reference Guide

CISO Desk Reference Guide

Bill Hayslip, Matt Stamper & Gary Hayslip ยท 2017

Executive-level security leadership playbook โ€” strategy, governance, and stakeholder communication.

๐Ÿ›ก๏ธ Frameworks & Standards

ISA/IEC 62443

OT / ICS

The leading international standard for Industrial Automation and Control Systems (IACS) cybersecurity. Defines security levels, zone & conduit models, CSMS, and lifecycle security requirements.

Learn more

NIST Cybersecurity Framework 2.0

Governance

Six core functions (Govern, Identify, Protect, Detect, Respond, Recover) providing a risk-based approach to managing cybersecurity across IT and OT environments.

Learn more

NIST SP 800-82

OT / ICS

NIST guide to OT security โ€” addresses security for SCADA, DCS, and PLC systems including network architecture, risk assessment, and hardening for industrial environments.

Learn more

ISO/IEC 27001:2022

ISMS

International standard for Information Security Management Systems. Defines requirements for establishing, implementing, maintaining, and continually improving an ISMS.

Learn more

COBIT 2019

IT Governance

ISACA's IT governance and management framework โ€” aligns IT strategy with business goals, risk management, and compliance requirements across the enterprise.

Learn more

CIS Controls v8

Security Controls

18 prioritised security controls providing a prescriptive, actionable set of best practices to defend against the most prevalent cyber attacks in enterprise and OT environments.

Learn more

OWASP Top 10

Application Security

The globally recognised standard for web application security risks โ€” critical reference for secure development, code review, and application security assessments.

Learn more

๐Ÿ›๏ธ Professional Bodies

ISACA

ISACA

Global association for IT governance, audit, risk, and cybersecurity professionals. Administers CISA, CISM, CRISC, CGEIT, and the COBIT framework.

ISA

International Society of Automation

Leading global professional body for automation and control. Develops the ISA/IEC 62443 OT cybersecurity standards series and the GICSP certification pathway.

(ISC)ยฒ

(ISC)ยฒ

International association for information security professionals โ€” home of the CISSP, CCSP, CSSLP, and other globally recognised security certifications.

GIAC

SANS Institute / GIAC

Premier cybersecurity training and certification organisation. Offers the GICSP (Global Industrial Cyber Security Professional), GPEN, GCIH, and 35+ specialist certifications.

CISA

Cybersecurity and Infrastructure Security Agency

US federal agency for critical infrastructure protection. Publishes ICS-CERT advisories, ICS300/400 training, and OT security best-practice guidelines.

PMI

Project Management Institute

Global authority on project management โ€” administers the PMP, CAPM, and PMI-RMP certifications, supporting project delivery and risk management disciplines.

IEEE

IEEE

World's largest technical professional organisation. Publishes cybersecurity and industrial automation research, standards, and resources relevant to OT/ICS practitioners.

PECB

PECB

Professional Evaluation and Certification Board โ€” accredited certifications for ISO 27001, ISO 42001, ISO 22301, and other management system lead auditor programmes.