Updated 'Foundations of Cybersecurity' Text Expands Scope to Include AI and Modern Threat Landscapes
The second edition of *Foundations of Cybersecurity* by Jason Andress has been released, offering an updated curriculum that integrates modern security challenges, including AI-specific threats and evolving operational requirements.

Jason Andress has released the second edition of *Foundations of Cybersecurity*, a comprehensive introductory text published by No Starch Press designed to provide newcomers, system administrators, and managers with a foundational understanding of modern security concepts Help Net Security. The updated volume expands upon the original work to address the evolving threat landscape, which now encompasses cloud infrastructure, mobile devices, the Internet of Things (IoT), and artificial intelligence.
The book is structured into 18 chapters across four primary sections: core principles, architecture and system security, operations and management, and human factors. The initial section establishes essential concepts, including the CIA triad, the Parkerian Hexad, risk assessment, defense-in-depth strategies, and authentication mechanisms. Cryptography is covered in detail, spanning from historical methods like the Caesar cipher to modern symmetric and asymmetric systems, hash functions, and digital signatures Help Net Security.
A significant addition to this edition is a dedicated chapter on AI security, which aligns with the OWASP Top 10 for LLM Applications 2025. Andress explores the unique risks associated with non-deterministic AI systems, specifically detailing threats such as prompt injection, excessive agency, adversarial inputs, embedding exploits, and model or data poisoning. While the coverage remains at a conceptual level, it provides a structured framework for readers to apply to further research Help Net Security.
The text also incorporates practical elements to bridge the gap between theory and application. Each chapter concludes with guided lab projects—such as password entropy testing, Zenmap scanning, and linking Common Weakness Enumerations (CWEs) with Common Vulnerabilities and Exposures (CVEs)—intended to mirror the daily tasks of a junior security analyst. Additionally, the book includes updated material on security operations centers (SOCs), governance, compliance, and a case study of the 2023 MGM Resorts attack to illustrate the impact of social engineering Help Net Security.
The final section offers career guidance, outlining potential paths into the industry and evaluating various professional certifications, including Security+, CASP, SSCP, CISSP, GSEC, GPEN, and OSCP. The author acknowledges the reality of modern hiring practices, noting that HR departments frequently utilize certifications like the CISSP as automated filters during the recruitment process Help Net Security.
While the book serves as a robust entry point for those new to the field, it does have limitations regarding technical depth. The author notes that cloud security and operational technology (OT) security are addressed only through scattered references rather than dedicated chapters. Consequently, while the text provides a solid lay of the land, experienced practitioners seeking deep technical dives may need to supplement their reading with more specialized resources Help Net Security.