Check out the Table of Contents. and the cover art. Read the forwards.

BTHb events - book tour, Podcasts, Blog mentions, tweets,  and Don sightings. If you want your copy autographed ... look here.

Buy large Quantities 

You used to be able to buy large quantities from Create Space. Amazon made CS go away and force marched us to Kindle Direct Publishing. I will ***never recommend*** KDP to anyone based on my experience. Look elsewhere.

Custom Covers and Branded Editions

A few different organizations have asked for a branded cover to use BTHb as part of their marketing program. SLAIT Consulting, MIC3, BSides Augusta are example.s  Information on Branded Covers is summarized below:

1) The lower portion, beneath the white area, can be customized with a color scheme and text particular to your organization.

2) The ISBN / Bar Code area on the back of the book cannot be moved.

3) Customized editions are delivered through an organization specific site hosted by CreateSpace, and are not available through any other distribution method. 

4) There is a nominal setup fee to manage the book customization and creation process. 

5) You will receive the same content as the ​currently shipping version on Amazon (2.2 as of 10/20/2016).

6) You may request specific interior content for your organizational copy. 

Warning: a provider in mainland China has registered a variety of derivative names based on BlueTeamHandbook. These domains ae in no way affiliated with BThb:,,,, Please be so advised! (Oct 29, 2019)

Copyright © Blue Team Handbook. All rights reserved.

As of August 2018, 32,000 copies are in print, with an average 4.5/5 score on Amazon. As of June 2015, about 10,200 copies sold! Average Amazon review is 4.6/5.0!

Don was on Security Weekly (10/2/2014).

Praise for BTHb:INRE: "This guide is chock full of useful information for infosec pros, especially blue team members and incident handlers.  You could read it end-to-end for a treasure-trove of useful tips and tricks, or just keep it close by as a handy reference.  Or both!"  -- Ed Skoudis, Counter Hack. 


BTHb: INRE:  Amazon USA link

BTHb: SOCTH: Amazon USA link. Note: if the title says "currently unavailable", search again and use V1.0 in the title.

​Welcome to the Blue Team Handbook (BTHb).

Volume One: Incident Response Edition is undergoing significant updates and should be ready mid October 2019. V1 to V.2.2 has 35K copies in print.

BTHb:INRE is currently #10 out of 100 in the Book Top 100 list. When the list debuted, BTHb:INRE was #3/100. BTHb:INRE is #2 of 20 on the Solution Review "The 20 Best Cybersecurity Books for Enterprises in 2019".  Some reviews: Cybrary (V1.1).  Five Stars on GoodReads. 

Volume Two: SOC, SIEM, and Threat Hunting is currently a five star book on Amazon with 4K copies in print.  See the ToC page for V1.02 updates.

BTHb:SOCTH is mentioned in three SANS Courses: SEC 511, SEC 450, and SEC 501. 

Discussed on Security Weekly episode 586. (its on the Christmas tree!) and check out Eric Conrad's tweets