Not an exhaustive list of my bookshelf, but rather those books and articles I've found helpful, those I want to read, and those I'm currently reading.
History of Cybercrime
I find these useful both as a history of cyber, as well as excellent examples of extremely technical topics presented in an approachable manner.
- The Cuckoo's Egg - Fun romp of an astronomer-turned-sysadmin at Berkeley in the 1980's who decides to track down a (tiny) accounting discrepancy in server usage, and stumbles into a computer spy operating for the KGB.
- Countdown to Zero Day - A well-researched, thorough examination of Stuxnet.
- Sandworm - An accessible 'true-crime' type history of Sandworm's exploits. Excellent read for learning how to communicate extremely technical topics in a way that makes sense to most people, as well as fun background on a history of Sandworm's exploits.
- Ghost in the Wires - Kevin Mitnick's personal memoir of his exploits (mostly focused on phreaking).
- Structured Analytic Techniques for Intelligence Analysis - An extremely thorough grounding in various analytic techniques for reviewing and processing information and reducing or eliminating bias.
- Strawman - A choose-your-own-adventure book examining the role of cognitive bias in analytic techniques.
- Hiding from the Internet - Covers techniques you can use to reduce or eliminate your online presence or that adversaries may use to hide their presence.
- Open Source Intelligence Techniques - A reference book of OSINT techniques.
- Influence: The Psychology of Persuasion - Covers Cialdini's 6 principles of persuading others (reciprocity, commitment and consistency, social proof, authority, liking and scarcity) and how to leverage them in support of your goals.
- CTI Reading List
- Threat Intelligence Reading List
- Problem Solving with C++ - Excellent beginner resource for learning C++
- Data Structures and Algorithm Analysis in C++ - Solid introduction to data structures and algorithms.
- Modern Operating Systems - Comprehensive book on how modern operating systems function
- A beginner's guide to Big O notation - Helpful intro to understanding Big-O notation
- Metasploit: The Penetration Tester's Guide
- Hacking Exposed 7: Network Security Secrets and Solutions
- Penetration Testing: A Hands-On Introduction to Hacking
- Never Split the Difference - Former FBI hostage negotiator discusses the importance of getting into why your opponent is saying no to your proposal, creative ways to find additional value in a negotiation, and types of negotiators you may face. Heavy focus on empathy. (Helpful notes, not mine)
- Negotiation Genius - Covers a number of major themes: claiming value in a negotiation (shifting perspective to think about how value is assigned), creating value (what other options are on the table that may be valuable for one party and a simple concession for the other), investigative negotiation (why is the other party pushing for x?), biases (loss aversion, gambling, etc.), blind spots (what are yours? theirs? winner's curse, bounded awareness), negotiating from a place of weakness (what is the source of power, and how can you alter your relative positions?), get ugly (what are the hidden interests? do you have mutual trust? how can you neutralize threats and help all parties save face?), the path to genius (everything is negotiable, practice, practice, practice)
- Salary Negotiation - An excellent blog post on negotiating salary. Recommends avoiding naming a desired salary, emphasizing the value you bring you and organization, and not applying for jobs (but having back table discussions).
- Getting Past No - A short primer on tips for more effective negotiation, and controlling your own emotions during key conversations.
- On Writing - Stephen King's memoir and advice on writing more effectively. He recommends reading (good books) a lot, writing daily in a specific place so you can better focus, and taking at least a week break between writing and editing long content to give yourself space to see your own mistakes. He also provides some specific guidance - don't use the same adjective over and over, stay focused on the point, and don't over-do (or under-do) descriptions. Let your audience see the movie you see in your head, because you're trying to help them see the same vision.
- The Phoenix Project - A great resource for understanding different team's perspectives (developers, different business functions, security, operations, etc.).
- Insights Into Influence - A series of interviews with extremely influential folks in their field on why they believe they've become influential, their advice for others seeking to become influential in their field, and how to communicate more effectively.
- Crucial Conversations
- Presentation Zen - Simplify, simplify, simplify. Stop covering your slides with text, or people will read your slides instead of listening to you. Use slides which enhance what you say, rather than detract from it. Think about the goal of your presentation and how your slides support that goal. Do you really need a powerpoint deck? Or do you need a handout/word doc/email? If you need a separate hand out at the end, use a separate handout (stop treating slides as a one-size -fits-all for presentations, handouts, emails, etc.)
- Resonate: Present Visual Stories that Transform Audiences - Tell a story. Start with a like-able hero who encounters roadblocks and eventually emerges more successfully.
- Slide:ology: The Art and Science of Creating Great Presentations - Slides should have 1 clear idea and no more. Use consistent themes/designs.
- Information Dashboard Design: Displaying Data for At-a-Glance Monitoring
- Ask A Manager - A book based on the blog of the same name. It provides excellent adaptable scrips for approaching conversations with your employees, boss, or colleagues about everything from asking for a raise to leaving your job without burning bridges.
- The Checklist Manifesto - No one can remember everything they need to do flawlessly, so let's create repeatable, consistent processes in order to ensure that mistakes are minimized.
- Sprint: How to Solve Big Problems and Test New Ideas in Just Five Days - A roadmap for how to test and demo an idea in a week.
- The Effective Executive - Major themes: 1. Effective executives know where their time goes (eliminating overstaffing, poor organization, poorly communicated information). 2. They focus on outward contribution. 3. They build on strengths 4. They concentrate on a few major areas where performance will produce outstanding results 5. They make effective decisions. 6. Running effective meetings (meetings have clear purposes and agendas, no extraneous parties, purpose driven, re-occurring meetings are continually assessed for usefulness)
- The Idea Hunter - Major themes: 1. Set blocks of time aside for working on or developing new ideas. 2. Bring together people with deep and broad skill sets (specialists and generalists). 3. Keep a portfolio of ideas and ensure it is accessible. 4. Prioritize
- Originals - Major themes: procrastination can trigger productive results, broad interests can promote innovation, first mover advantage is often over-stated, genius often occurs in short bursts
- Extreme Ownership - Major Themes: 1. Extreme ownership (everything, including mistakes are the ownership of the leader). 2. There are no bad teams; just bad leaders 3. Believe in the larger mission (if you don't, ask questions) 4. Check your ego 5. Cover and Move (teamwork, not competition or finger-pointing) 6. Keep it simple 7. Prioritize and execute 8. Decentralized command (6 people is a good limit for managing, then you need decision makers below you) 9. Have a repeatable planning process 10. Leading up and down your chain of command (you need your own leaders and your team to trust you). 11. Be decisive (not deciding anything is also a decision)
- Work Rules - Major themes: 1. Hire people smarter than you 2. Have hiring committees (with objective members), and repeatable, consistent interview processes in order to reduce bias 3. Separate performance evaluation and people development ("Evaluation is necessary to distribute finite resources, like salary increases or bonus dollars. Development is just as necessary so people grow and improve. If you want people to grow, don’t have those two conversations at the same time. Make development a constant back-and-forth between you and your team members, rather than a year-end surprise.") 4. Provide managers feedback on being managers (as this is the single most important indicator for retaining employees). 5. Use nudges (How can an employer nudge people to make decisions that benefit them, and the organization? For example, increasing enrollment in a 401k, improving manager's training practices, etc. 6. Leveraging internal talent as trainers 7. Constant and timely evaluation - deliberate learning 7. Motivate people by connecting them to the people they're helping
- Building Successful Online Communities - A comprehensive look at how to build a variety of online communities from attracting (and retaining early adopters) to handling aberrations from normative behavior, to increasing user commitment to the platform. The guide is helpful for connecting teams which are entirely remote, dealing with a distributed customer base, setting up a volunteer organization online, or (presumably) starting a new online business.
- Books which have been helpful in shifting my perspective to better understand other's perspectives, backgrounds and experiences, and how those factors impact their work.
- Reset (Ellen Pao's story of discrimination in tech)
- The Glass Closet (John Browne, former CEO of BP, discusses homophobia in big business)
- Lean In (Sheryl Sandberg on women in the workplace)
- Drop the Ball (Tiffany Dufu on how to meaningfully engage the assistance of others, shrink your to-do list, and re-evaluate expectations of success)