I just explained packet sniffing, ARP injection, and session hijacking to my non-CS roommate using analogies and a simple language, and he completely understood it. He thinks it's really interesting (and pretty straightforward at its core), and he wants to learn more.
What books / material can I refer him to that explains these sorts of security-related concepts in a simple way that anyone with a basic computer understanding can understand?