EH-Net

What are the first 5 books that someone new to the Information Security Field should read?

Dr. Strangegoogle or: How I Learned to Stop Worrying and use the Search Field, by Chris Gates   ;D

In all seriousness, though, check out this thread (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2186.0/) which has some pretty good advice on getting started.

Some books to check out, in no particular order:

The Art of Deception, (http://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1216817496&sr=8-1) by Kevin Mitnick, et al.
Hacking for Dummies, (http://www.amazon.com/Hacking-Dummies-Computer-Tech/dp/047005235X/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1216817569&sr=1-1) by Kevin Beaver
Google Hacking for Penetration Testers, Vol. 2, (http://www.amazon.com/Google-Hacking-Penetration-Testers-2/dp/1597491764/ref=pd_bbs_sr_9?ie=UTF8&s=books&qid=1216817880&sr=8-9) by Johnny Long
Hacking Exposed, Vol.5, (http://www.amazon.com/Hacking-Exposed-5th/dp/B0018SYWW0/ref=pd_bbs_sr_4?ie=UTF8&s=books&qid=1216817880&sr=8-4) by McClure, Scambray & Kurtz

Then pick book or three on programming.  No need to become an expert programmer right away, but it'll at least help to understand what it is you're looking at.  Then you can start writing your own exploit code.

I'd also check out the Stealing the Network series. Accurate yet enjoyable to read  :)
Blogs and web sites might be the best place to start though as infosec books tend to be a bit expensive...

That, and they are rarely up to date...at least for very long.  But if you're just trying to get the basics, to teach your mind to think in certain ways, the used books off of Amazon or other vendors can be a good start.

And they look good on the bookshelf, just make sure you dust them because it will gather  ;)

The Art of Software Security Assessment by Dowd, McDonald and Schuh
-Wonderful overall assessment of the modern state of security (this book is HUGE)

Network Security Assessment by Chris McNabb
-This O'Reilly book is one of the best hands on guides I've found.

Linux Hacker Tools by Ivan Sklyarov
-This book explains how to build tools yourself, and in the process explores a lot of the underpinnings of many such tools.

Hacking, the Art of Exploitation by Erickson
-This is a great book that goes through a lot of hands on exercises valuable to penn testers.

Security in Computing by Pfleeger and Pfleeger
-The obligatory textbook to cover everything not covered above :)

I have to disagree with some of the other recommendations.  I find the Hacking Exposed series has jumped the shark and tries to be too much for too many people.  You get a real scattershot with that book in the latest edition.  I found Art of Deception to be interesting, but it's all about social engineering.  I'm not sure that would be in my top 5 for penn testers (I think finding technical security holes is more valuable to penn test clients, but that's just my opinion).

I do agree that a programming book or twenty are useful.  At the very least you should memorize the O'Reilly Practical C Programming by Loudon.  If you don't know how to program in a language or use a technology you have to rely on tools to find vulnerabilities.  Building Secure Software by McGraw and Viega is an invaluable resource.

http://www.MadIrish.net