โ๏ธ Arsenal
Books I read, frameworks I apply, and professional bodies I follow โ a window into my continuous learning as a senior cybersecurity consultant.
๐ Reading List
Industrial Cybersecurity
Pascal Ackerman ยท 2017
Hands-on guide to securing ICS/SCADA environments using IEC 62443 โ the definitive practitioner reference.
Hacking Exposed Industrial Control Systems
Clint Bodungen et al. ยท 2016
Attack and defense techniques for SCADA, PLCs, and DCS โ essential for OT security assessors.
Countdown to Zero Day
Kim Zetter ยท 2014
Definitive account of Stuxnet โ the world's first weaponised cyber weapon targeting industrial control systems.
Practical Industrial Cybersecurity
C.J. Brooks ยท 2022
Practical ICS/SCADA security covering risk management, network segmentation, and compliance frameworks.
IT Governance
Alan Calder & Steve Watkins ยท 2012
ISO 27001 and COBIT-aligned governance โ essential reading for GRC and information security management.
Cybersecurity and Cyberwar
P.W. Singer & Allan Friedman ยท 2014
Strategic and geopolitical view of cyber threats โ important context for senior security advisors.
CISO Desk Reference Guide
Bill Hayslip, Matt Stamper & Gary Hayslip ยท 2017
Executive-level security leadership playbook โ strategy, governance, and stakeholder communication.
๐ก๏ธ Frameworks & Standards
ISA/IEC 62443
OT / ICSThe leading international standard for Industrial Automation and Control Systems (IACS) cybersecurity. Defines security levels, zone & conduit models, CSMS, and lifecycle security requirements.
NIST Cybersecurity Framework 2.0
GovernanceSix core functions (Govern, Identify, Protect, Detect, Respond, Recover) providing a risk-based approach to managing cybersecurity across IT and OT environments.
NIST SP 800-82
OT / ICSNIST guide to OT security โ addresses security for SCADA, DCS, and PLC systems including network architecture, risk assessment, and hardening for industrial environments.
ISO/IEC 27001:2022
ISMSInternational standard for Information Security Management Systems. Defines requirements for establishing, implementing, maintaining, and continually improving an ISMS.
COBIT 2019
IT GovernanceISACA's IT governance and management framework โ aligns IT strategy with business goals, risk management, and compliance requirements across the enterprise.
CIS Controls v8
Security Controls18 prioritised security controls providing a prescriptive, actionable set of best practices to defend against the most prevalent cyber attacks in enterprise and OT environments.
OWASP Top 10
Application SecurityThe globally recognised standard for web application security risks โ critical reference for secure development, code review, and application security assessments.
๐๏ธ Professional Bodies
ISACA
Global association for IT governance, audit, risk, and cybersecurity professionals. Administers CISA, CISM, CRISC, CGEIT, and the COBIT framework.
International Society of Automation
Leading global professional body for automation and control. Develops the ISA/IEC 62443 OT cybersecurity standards series and the GICSP certification pathway.
(ISC)ยฒ
International association for information security professionals โ home of the CISSP, CCSP, CSSLP, and other globally recognised security certifications.
SANS Institute / GIAC
Premier cybersecurity training and certification organisation. Offers the GICSP (Global Industrial Cyber Security Professional), GPEN, GCIH, and 35+ specialist certifications.
Cybersecurity and Infrastructure Security Agency
US federal agency for critical infrastructure protection. Publishes ICS-CERT advisories, ICS300/400 training, and OT security best-practice guidelines.
Project Management Institute
Global authority on project management โ administers the PMP, CAPM, and PMI-RMP certifications, supporting project delivery and risk management disciplines.
IEEE
World's largest technical professional organisation. Publishes cybersecurity and industrial automation research, standards, and resources relevant to OT/ICS practitioners.
PECB
Professional Evaluation and Certification Board โ accredited certifications for ISO 27001, ISO 42001, ISO 22301, and other management system lead auditor programmes.