HS Library

Books, references, and the maps you actually need.

30 HorizonShield ebooks · 17 categories · 17 hand-picked external resources from NIST, OWASP, MITRE, and more — all free, all SOC-aligned.

HorizonShield digital library with security books, download controls, and curated knowledge maps
Direct PDF downloads and curated references remain DB-backed through the HorizonShield CMS.
30
Books
1538+
Pages
17
Categories
17
Free links

HorizonShield ebooks

30 books
01Beginner

SMB Security Guide

End-to-end blueprint for small and mid-sized businesses to stand up a working security program without enterprise budget.

Frameworks · 92pOpen PDF
02Intermediate

Penetration Testing Checklist

Operational checklist for scoping, executing, and reporting external + internal pentests for SMB environments.

Pen testing · 78pOpen PDF
03Intermediate

Incident Response Playbook

Tabletop-tested playbook covering the first 30 minutes through post-incident review. Real templates, not theory.

SOC ops · 116pOpen PDF
04Advanced

DORA Compliance Guide

EU Digital Operational Resilience Act mapped to controls and evidence — for financial entities and their ICT providers.

Compliance · 134pOpen PDF
05Intermediate

Cloud Security Hardening

AWS/Azure/GCP baseline hardening with infrastructure-as-code patterns, IAM least-privilege, and CSPM coverage.

Cloud · 98pOpen PDF
06Advanced

Zero Trust Architecture

Pragmatic ZT roadmap for SMBs: identity, device, network, segmentation, with vendor-agnostic decision trees.

Zero trust · 88pOpen PDF
07Advanced

Threat Hunting & SOC Operations

Hypothesis-driven hunting paired with running a modern SOC: rules, runbooks, metrics, hand-offs.

SOC ops · 104pOpen PDF
08Intermediate

DevSecOps Implementation

Shift-left in practice — SAST, DAST, SCA, secrets, signing, SBOM, supply-chain. Pipeline patterns that don't slow ship cadence.

DevSecOps · 84pOpen PDF
09Beginner

Web Security

OWASP Top 10 + Top 25 in production: attack patterns, defensive headers, secure coding for full-stack engineers.

Web security · 76pOpen PDF
10Intermediate

Network Security

Segmentation, firewall rule discipline, IDS/IPS placement, and the realistic NAC for environments without enterprise switching.

Network · 92pOpen PDF
11Intermediate

Linux and Systems

Linux internals for security operators — process trees, syscalls, eBPF basics, audit framework, kernel hardening.

Linux & systems · 110pOpen PDF
12Beginner

Social Engineering

Human-layer attacks — phishing, vishing, OSINT-driven pretexting — and the controls (training + technical) that actually work.

Social eng. · 64pOpen PDF
13Advanced

Malware Analysis

Static + dynamic analysis with sandbox patterns. Practical reverse engineering for IR responders, not just researchers.

Malware · 96pOpen PDF
14Advanced

Forensics

Disk and memory forensics for IR — chain of custody, imaging, Volatility, timeline reconstruction.

Forensics · 102pOpen PDF
15Advanced

Cryptography

Applied crypto for engineers — TLS, signing, key rotation, post-quantum considerations, common pitfalls.

Crypto · 80pOpen PDF
16Intermediate

Compliance and Audit

SOC 2 Type II, ISO 27001, PCI DSS v4 mapped to control libraries with evidence collection automation.

Compliance · 124pOpen PDF
17Advanced

AI / LLM Security

Securing AI and LLM deployments — prompt injection, data leakage, model supply chain, and operator-side controls.

UncategorizedOpen PDF
17bIntermediate

Identity & Access Management

IAM essentials — directory design, federation, MFA, conditional access, and joiner/mover/leaver flows.

UncategorizedOpen PDF
18Advanced

OT / ICS Security

Operational technology and industrial control system security — Purdue model, segmentation, asset discovery, and incident handling.

UncategorizedOpen PDF
18bAdvanced

Threat Intelligence Operations

Building a CTI practice — collection, correlation, IOC pipelines, MISP integration, and intel-driven detection.

UncategorizedOpen PDF
19Intermediate

Mobile Security

Mobile security across iOS and Android — app testing methodology, MASVS, SDK risks, and enterprise MDM controls.

UncategorizedOpen PDF
20Advanced

Kubernetes Security

Kubernetes hardening — RBAC, network policy, admission controllers, runtime detection, and supply chain integrity.

UncategorizedOpen PDF
21Intermediate

Bug Bounty

Bug bounty programme operations — scope, triage, payout policy, hacker comms, and integration with internal AppSec.

UncategorizedOpen PDF
22Intermediate

Security Architecture for Startups

Right-sized security architecture for early-stage startups — what matters at seed, Series A, and post-product-market-fit.

UncategorizedOpen PDF
R1Intermediate

NIST Cybersecurity Framework (CSF 2.0)

The full NIST CSF 2.0 reference — Govern, Identify, Protect, Detect, Respond, Recover. Framework foundation for risk-aligned security programmes.

UncategorizedOpen PDF
R2Advanced

NIST SP 800-53 Rev. 5

Security and Privacy Controls for Information Systems — the canonical control catalog used by federal and regulated industries.

UncategorizedOpen PDF
R3Intermediate

NIST SP 800-115 Technical Guide to Information Security Testing

NIST guide to information security testing and assessment — pen-testing methodology, assessment lifecycle, and reporting.

UncategorizedOpen PDF
R4Intermediate

OWASP Web Security Testing Guide v4

OWASP Testing Guide — comprehensive web application security testing methodology and checklist.

UncategorizedOpen PDF
R5Beginner

The Linux Command Line

Free reference book by William Shotts — Linux shell, scripting, and command-line proficiency for security practitioners.

UncategorizedOpen PDF
R6Beginner

Cybersecurity Handbook

Plain-language cybersecurity handbook covering fundamentals, threats, and practical defenses for SMBs.

UncategorizedOpen PDF

Curated external resources

Free, hand-picked references the HorizonShield SOC team actually uses. No affiliate links.

Pair with the platform