Reading Pipeline

Posted on Feb 5, 2022 (updated Dec 8, 2024)

A list of books in various stages of my reading pipeline. There are no affiliate links. Also see: complementary lists for courses and papers, articles, and talks.

Currently Reading

On the Radar

Snoozed

Finished

Books I’ve read, ordered from most recent to some time in ~2022 when I started writing this down.

  • Autocracy, Inc. Good. A sobering account of how autocratic regimes build and maintain power through all modern day networks, corporations, and technology. While short and quick, it does close with ways to combat them.
  • Nexus. Good. Super interesting take, just like Yuval’s previous books. But also a tad doom-and-gloom… the future is basically six different Black Mirror episodes but mashed into one reality. thisisfine.jpg
  • Anatomy of a Breakthrough. Good. This is a book devoted entirely on how to get unstuck, and I read it at a time that I felt very much stuck. There’s a ton of practical advice here, some new, some old, many mentioned across several books below. I especially appreciated how the conclusion chapter was just a list of 100 takeaways.
  • The Signal and the Noise. Meh. I’m decidedly on the fence with this book. It’s quite accessible and generally a light read, but the chapters were hit or miss for me. I came in with higher expectations but was left a bit disappointed.
  • The Everything War. Good. Big yikes, Amazon and Bezos are absolutely ruthless. This book made me reduce my reliance on Amazon and bias towards buying directly from manufacturers. Yet, most of the links on this page still point to Amazon…
  • Fancy Bear Goes Phishing. Meh. It was an okay account of five defining hacks, but I’d rather recommend A Vulnerable System (see below) to those hoping to learn more about the history of information security.
  • Grit. Good. I really liked the framework for skill, effort, and grit. Angela’s work is often misquoted or misused, but it was great to read the source material. I think it (will?) materially influence how I raise my kids and how I’ll foster grit.
  • The Coddling of the American Mind. Good. Haidt might be one of my favorite authors! I think he tackles some important topics in a nuanced and relatively apolitical way. It made me more sensitive and aware of ways I’m inadvertently (or purposefully) coddling with “safetyism.” It’s made me a better parent, and the idea to “prepare the child for the road, not the road for the child” really stuck with me.
  • Turing’s Cathedral. Meh. It was a bit of a slog, but I was left with an extraordinarily deep admiration for John von Nuemann, who occupied much of the book’s focus.
  • Murtagh. Meh. I fondly remember Paolini’s earlier books in this series, so I was elated to discover a new coda focused on the main series’ antihero. Maybe it’s been too long, but I just couldn’t get into it.
  • Win Every Argument. Good. I picked this up on a whim after the 2024 Presidential debates. I generally like reading about masters of their craft, and Mehdi delivered. While I won’t likely be participating in any debates, I did pick up on some nuggets on public speaking and speeches.
  • Cult of the Dead Cow. Meh. I have much respect for those early hackers that paved the way, but I do wish it had more depth on a smaller set of individuals vs. breadth across many.
  • Livesuit. Good. I was not prepared for this! (Also, the description itself has a bit of a spoiler if you’ve only read the first mainline novel.) I don’t often read novellas, so I was taken by (pleasant) surprise by how deep the story was, and how uniquely it had expanded both the world and mystique of The Captive’s War series.
  • The Age of Grievance. Good. And… depressing? Rage and economy and rage politics has and will tear us apart. This is a pretty bleak read, but useful to understand (and inoculate oneself from?) how people and parties use grievance as a tool.
  • Trust. Good. I had trouble at the start, but by the end, I was absolutely gripped. I love stories with multiple points of view, and the finale was so satisfying. It’s clear why it won a Pulitzer!
  • Fundamentals of Software Architecture. Meh. I think being a software architect just isn’t for me, but I think those who do should probably pick this book up, and especially take heed to the chapters on people problems. “No matter what they tell you, it’s a people problem.”
  • On the Edge. Good. I wrapped this up and simultaneously wanted to punch SBF in the face and join a poker tournament.
  • Outlive. Good. I think this may have just extended my life a few years. I learned the most about nutrition, but it was a useful nudge on both sleep and mental health.
  • Superintelligence. Great! A decade old, yet Bostrom predicted, defined, and understood so many of the problems and challenges we face and will face with AI. Sometimes frightening, it left me with a mixed bag of “AI is a monkey’s paw that might turn us into paperclips” and the drastic importance of AI alignment and the control problem.
  • The Mercy of Gods. Good. I thought it was a fascinating start to a new series and universe. While the third act felt a bit rushed, I was still hooked and invested in the story that the authors have only just started telling.
  • Derailed. Meh. Some of these stories are straight up train wrecks, but certainly good lessons and cautionary tales to learn from. My main gripe is that it felt like more of an anthology and lacked a central thesis or framework to stitch all the stories together in a neat way.
  • Supercommunicators. Good. I liked this book! It’s packed with useful information, but I particularly liked the sections on empathetic listening. I (admittedly) need to do this a lot more, and in that regard, I’m thankful for this book in helping me realize that.
  • The Murderbot Diaries (Books 1-7). Good. I love the characters in this series, and the concept of a… well, murderbot, being the protagonist and narrator is just so well executed. I’m hooked!
  • Project Zero Trust. Nah. I just hated the format. It’s like bad fiction that just prolongs the ideas, and I would just rather have a concise but more technical book.
  • Stolen Focus. Good. I needed this book. You probably need it, too. This materially changed my life and made me quit or reduce several habits, like doom-scrolling YouTube or spending so much time on my phone.
  • Hackers and Painters. Meh. This was a weird one, because I generally like Paul Graham’s essays, but something about reading it back-to-back in one sitting just wasn’t my cup of tea. I think I’m also skeptical of claims that are so quick to degrade or throw out education, but what the heck do I know?
  • Not with a Bug, But with a Sticker. Good. What a fun read! I’ve always wanted to learn about adversarial machine learning, and this was a good, lightweight introduction to it. So many of the concepts translate to new systems like LLMs. I love the idea that such small tweaks and hacks can produce such large (and sometimes dangerous) responses from machines.
  • Hidden Potential. Good. There are some really useful concepts in this book, but the best thing I got from this was to appreciate the distance that people traveled to get where they are. I was incredibly inspired by the story of Jose Hernandez’s journey to become an astronaut, yet saddened by all the other people in other professions that weren’t given a chance to reach their potential.
  • The Innovators. Good. These brilliant minds changed the world and created the future. I loved learning about their “origin stories” and all the challenges they overcame.
  • Red Rising. Meh. I had such high expectations of this based off of the acclaim and recommendations, but I just really couldn’t get into it. It felt like it just remixed common dystopia tropes, and I couldn’t help but see it as “Hunger Games in space”.
  • Sandworm. Good. Sometimes real life is more interesting and fantastical than the most creative pieces of fiction! This was a fascinating account of Russian (state-sponsored?) hackers from the point of view of the responders and investigators.
  • Start with Why. Great! I’ve heard such great things about Simon Sinek, but this was the first of his writings that I’ve read. This book was surprisingly deep and I admittedly judged it as initially simplistic just based off of the cover and title. I think it’s a fantastic framework and aspiration for how to build a strong brand and identity. Highly recommend.
  • The Coming Wave. Good. A clarion call for addressing and containing the looming dangers of AI. It’s about to get real… maybe.
  • Determined. Meh. I’m ambivalent on this (or in denial). The author makes some compelling arguments on the absence of free will, but maybe I’m just clutching my free will and agency pearls.
  • Site Reliability Engineering. Great! Fantastic read containing the collective knowledge, expertise, and hard lessons learned from the best SREs on the planet. This is the book for understanding what it takes to grow, hire, and enable SREs.
  • Future Crimes. Meh. At times, a prophetic warning, but many claims around technology (e.g. Google Glass) were either wildly off or too ahead of its time. Of course, I have the benefit of 6 years of hindsight, but I wasn’t too thrilled with the overly doom-and-gloom tone.
  • Chaos Monkeys. Meh. It’s cautionary tale and account of the more ridiculous parts of Silicon Valley, starting a startup, and getting acqui(hi)red. I just found the author insufferable.
  • When. Good. This was fascinating! Timing isn’t everything, but it sure is a heck of a lot. I was particularly struck by how often we tend to brush off matters of time, whether it be when school starts (early), when to take breaks, and when to wake up or go to sleep. Yet, if there were a virus or boogeyman that had even half of the same effects as timing, we would be quick to identify and combat them. We should change our framing here. It’s time!
  • A Vulnerable System. Good. A tour through the evolution, trials, and dysfunctions of the security industry. The last chapters had some hot takes that I’m still in active denial about, but it’s a good read for anyone interested in how we got here.
  • Atomic Habits. Meh. It’s a short read, but I do think a summary or blog post can get you most of the way there.
  • Everybody Lies. Good. It’s filled with insightful yet uncomfortable truths about human behavior. I was fascinated with how internet searches are a truth serum that pierces right through people’s facades and into their private thoughts.
  • Building Browser Extensions. Meh. It’s about the only book I can find on this topic, but it wasn’t particularly strong or insightful.
  • The 7 Habits of Highly Effective People. Good. I can clearly see why this is such a classic! This is packed with great advice, and I was pleasantly surprised to see how relevant it was to other aspects of my life, especially parenting. I think the concept I’ll remember most is the trade-off between production vs. production capability (or P-PC balance).
  • Building a Second Brain. Good. I liked the methodologies outlined in this book, particularly The PARA Method. The book itself, though, was… okay. I think there are probably faster ways to get up to speed in effective note-taking and organization, particularly if you already see the value of it.
  • The Emperor of All Maladies. Good. Simultaneously stark and inspiring. I was left with deep admiration for the medical professionals, scientists, and most importantly—their patients—that battled cancer in the early years of oncology. There’s so much to be proud of in progress, yet so much more we still have to uncover.
  • Application Security Program Handbook. Good. While I preferred Agile Application Security, I think this handbook was fairly decent, especially in the later chapters that covers topics like security champions and guardrails vs. gates. I’d recommend this to teams starting their appsec programs, or who need to figure out what to do next.
  • Quantum Supremacy. Good. This was a really fun read! I really only followed quantum computers' implications on cryptography, so I was quite stunned by all the potential applications in chemistry and medicine. The future looks quite bright!
  • How to Talk So Little Kids Will Listen (& Listen So Kids Will Talk). Good. I listened to the audiobook over a long span of time. It turned out surprisingly well, especially given the relatively independent format. I quite liked how the co-authors complemented and balanced each other. I wrapped it up feeling like I’d be a better parent!
  • How to Win Friends and Influence People in the Digital Age. Good. I quite liked this! A lot of it might fall somewhere between common sense and “well, just don’t be a jerk”, but they’re all great reminders nonetheless.
  • Work Rules!. Good. I read this after a few references from Software Engineering at Google. I particularly resonated with the hiring philosophies. Adhering to the rule of “always hire people better than you” is so crucially important.
  • Zero to One. Meh. I mean… I get it, there are some valuable insights here to be sure, but I had a hard time getting past both the tone and worship of monopolies. Maybe that means I’ll never found a monopoly, and I’m totally okay with that.
  • Software Engineering at Google. Great! I’m convinced that many of the practices discussed here (particularly testing) are the healthiest ways to run software engineering at scales between ~5 people and, well, Google. Some of the more memorable concepts discussed include Hyrum’s Law, The Beyoncé Rule, and… Testing on the Toilet.
  • Seven Languages in Seven Weeks. Good. I thought this was a fun survey of different programming language paradigms and concepts. It leans heavy into functional programming, especially towards the later chapters, ending with Haskell. I finished the book with a greater appreciation and grasp of prototype-based languages (e.g. Io), logic- and constraint-based languages (e.g. Prolog), and the elusive monad.
  • Tomorrow, and Tomorrow, and Tomorrow. Good. I don’t typically read books like this, so I was pleasantly surprised with how beautiful this story was. While I was a bit underwhelmed with the ending, I did mostly enjoy the characters’ stories.
  • The Squat Bible. Meh. This was kind of lightweight and disappointing for a “bible”. I suppose I should have read the page count before purchasing and/or realizing that there’s only so much you can write about squatting. I don’t think there’s anything particularly novel here that you can’t get online for free or more effectively through a trainer.
  • Range. Good. Heya, I’m a generalist! This was a great read and gave me a modicum of confirmation bias confidence that my winding, delayed career path was arguably the best way for me. As a parent, this also help me put at bay the early-start fallacy, and prioritize exposure to lots of great experiences vs. specialized one(s).
  • Homo Deus. Good. Whew, this really challenged and changed some of my beliefs. I guess I’ve been on a bit of a “what will the future look like?” stint lately, but this book was less prophetic and predictive, and tugged at the ways we define what we think makes us “special” as humans… and systematically dismantles it against the backdrop of data, technology, and a future where intelligence is mandatory and consciousness is not.
  • The Things We Make. Good. How could I not like this!? It’s a survey and foray into the art and science of engineering. I’ve always thought that engineering was basically applied science, but this book changed my mind on that. There are even compelling accounts of how engineering often preceded both science and understanding, driven only by rules of thumb and “the engineering method”. A must-read for any engineer, in any engineering discipline!
  • The Staff Engineer’s Path. Great! I needed this book. It’s jam-packed with useful information, both tactical and strategic. I’d recommend this to both current and aspiring staff engineers and the humans that support and manage them.
  • What the Dog Saw. Good. A collection of interesting articles that Gladwell wrote in the New Yorker. I was particularly intrigued about the essay on choking vs. panicking.
  • David and Goliath. Meh. I’m on the fence with this book. I always appreciate a good underdog story. It started out quite strong, and it certainly opened my eyes to new ways of thinking on how disadvantages could actually be advantages. But I can’t help but feel like it overfits on survivorship bias.
  • Dark Territory. Good. We have the benefit of hindsight now, but it was interesting to read about the government responses, follies, and victories while modernizing to the new cybersecurity landscape (and “dark territories”).
  • The Inevitable. Meh. It was a tad too futurist for me, but I do think the author got a lot of things right. The piece on tracking and the effects on privacy was a hard pill to swallow, and I’m either naively optimistic or in denial.
  • The Cyber Effect. Good. A surprisingly deep book on how so many things change about human behavior in the digital world… and the lack or lag of all the guardrails that we have in the physical. It’s a concept I’m sure most people have some intuition about, but the author really crystallizes all these important topics. It’s a particularly good read if you’re a parent.
  • The Subtle Art of Not Giving a F*ck. Meh. It’s alright, I guess. The message is more about on caring for only the things that really, really matter… and ditching everything else that doesn’t. While I didn’t really get much from this, it’s a decent reminder.
  • The Ransomware Hunting Team. Good. Quick read, but I learned so much about the intriguing and often selfless world of ransomware hunters and fighters. It definitely increased my respect for what they do. I was particularly inspired by Fabian Wosar’s story, all the struggles he went through and how much he helped victims, pro bono. Also, the schadenfreude from all the distress and disruption he caused ransomware gangs was certainly enjoyable. It’s good when the good guys win!
  • Seveneves. Good. Alright, this book is long and extremely detailed, but I did enjoy it. There were a few points towards the end where it seemed to break from hard sci-fi and get a little… out there. Regardless, it was still an inspiring story of hope and survival. If you liked Cixin Liu’s trilogy, give this a shot! It’s what the movie, Moonfall, should have been (don’t watch it…)
  • Noise. Good. Another eye-opener from Kahneman, and an excellent follow-up to Thinking, Fast and Slow. The author covers many different concepts at depth relating to statistical randomness and noise (of course!), along with domains in which they’ve failed or fooled us. The discussion on the variance in the legal system was particularly depressing and surprising. This is a good book to pick up if you liked his previous book, or Taleb’s Fooled by Randomness.
  • Crucial Conversations. Meh. This just didn’t click with me. The concepts are important, and the author provides some useful models and tools. Yet, it just wasn’t memorable enough for me. I think I would have preferred a summary or a blog post, but this might be good for you if you’re new to or struggle with these types of conversations.
  • Thinking, Fast and Slow. Great! I finally picked this up after reading all the references to Kahneman from Taleb’s books. It did not disappoint! There are so many fascinating and useful gems packed into this book. The concept of our brains’ dual systems (and all the strengths and pitfalls that come with them) really opened my eyes. It’s extremely thought-provoking.
  • Agile Application Security. Good. Solid advice on how to build a product security program and culture that developers don’t hate. Some of the specific tools are probably already out of date, but the approach is still extremely pertinent and valid. I’d recommend this to security engineers and managers who are building new programs, or who are trying to dramatically change existing ones.
  • Sapiens. Good. This book got some flak by critics, but I actually liked it! It was a decent overview of human history and, perhaps depressingly, a mirror into how absolutely awful we were (and are) to each other, life, and the Earth. Lots of different concepts and time periods covered here!
  • The Three-Body Problem (Series). Great! Insanely creative and thought-provoking, and wholly unsurprising why this series consistently makes it into “top 10” sci-fi book lists. If you find the Fermi Paradox interesting, you’ll find this equal parts amazing… and terrifying.
  • Talking to Strangers. Good. It’s been a long time since I’ve read a Malcom Gladwell book! This was a good follow-up and contrast to Liars & Outliers (see below). The author artfully challenges typically black-and-white positions, and elicits both nuance and empathy for bystanders fooled by lies. It certainly expanded my view, appreciation, and caution of situations where truths and lies aren’t clear.
  • How to Invent Everything. Meh. I had high hopes for this, but the content and humor just didn’t land for me. In retrospect, it totally makes sense to focus on survival skills. I think I kept wanting it to be more along the lines of “you’re dropped off in the woods with a hatchet, here’s what you need to invent to send an email.” (Which I would totally buy and read!)
  • Countdown to Zero Day. Good. This was wild. I was surprised and awestruck by this gripping account of Stuxnet and the precise, systematic dismantling of Iran’s nuclear program. I also learned a bit about the grey-hat exploit market and what nation state actors are capable of (at least, what we know of).
  • Life 3.0. Good. A refreshing and hopeful take on the possibilities of a future with AGI. This really opened my eyes to the potential outcomes of beneficial AI and superintelligence that don’t involve Skynet and killer robots, as well as the critical importance of AI safety research. Our future is in our hands, which is both equally empowering and terrifying.
  • Liars & Outliers. Meh. It was… alright. I think it tried too hard to be a sociology book, and for whatever reason (especially the first few sections), it just didn’t stick with me. I would have much preferred a short post or essay focusing on Bruce’s model of trust and the dynamics of various pressures: societal, moral, reputational, and institutional, which I found quite interesting!
  • A Hacker’s Mind. Good. This was like taking Bruce’s The Security Mindset (a short post), and running with it to make a book, yielding great results. This expanded my view on what “hacking” can be, and it’s always a joy to hear how people hack and circumvent systems and controls. Some of the examples were… a stretch, but if you enjoy hearing innovative and devious ways to abuse systems, pick this up!
  • Skin in the Game. Great!. This was the first piece I read in the Incerto, and I re-read it (and upgraded the rating) after reading the first four books. It just gets better with time and context of the previous works. Asymmetric relationships are everywhere and knowing how to identify and deal with them is important.
  • Unconditional Parenting. Good. I put this in my queue after hearing about it in a Hacker News thread, and I finally got around to reading it. I wish I had read it earlier! This challenged a lot of my ideas and views, and it definitely changed the way I will raise my kids. Highly recommend this, especially for parents of younger kids.
  • The Expanse (Series). Great! I only read the last three books after binging the TV show, but I am absolutely enthralled with the universe that the authors built. It’s been a hot minute since I read any non-non-fiction books, and this was a welcome reprise. If you like space operas, this is your jam.
  • Software Security. Meh. There are some good concepts here, but I had trouble slogging through the content that hadn’t aged as well. I can still appreciate the fundamentals discussed here that many companies still can’t manage, but there are probably much better texts out there today. The inside, back cover (an outline) has a quick tl;dr that should sum it up for you.
  • Antifragile. Good. I guess Taleb’s books just get better and better! It’s like every iteration repeats but refines powerful concepts, but with more nuance and crispness. I especially liked, well… anti-fragility. Especially through the lens of software, I think it elucidates a bunch of concepts around reliability, like how teams with strong incident response become more resilient over time.
  • Blood, Sweat, and Pixels. Good. I read this on the heels of finishing a half-gamedev, half-Rust book (see below) to get an account of what the industry is like. Oof, it’s brutal, and far more demanding that I could have imagined. The stories are certainly awe-inspiring, but I can’t get over the survivorship bias and how many studios must have shed blood and sweat without tasting victory.
  • Hands-on Rust. Good. What a gem! I came in just wanting to just refresh and sharpen on Rust, but came out wanting to make an indie roguelite game set in space. Knowing absolutely nothing about game dev but having a deep respect and appreciation for it, I think this book was a good intro to it and Rust.
  • The Black Swan. Good. I liked this a lot more than the previous book (see below). I think my main gripe with the Taleb is his writing style and how he… well, figuratively shits on his rivals and professions. Regardless, if you can get through that (or don’t have an issue with it), there are some excellent topics here on how to better understand the world and all the fallacies of black swans, bell curves, and the Ludic fallacy.
  • Ghost in the Wires. Good. An entertaining account of Mitnick’s life and hacking exploits: phone phreaking, computer hacks, social engineering, and law (he hacked that, too). Parts in the middle did feel a bit repetitive, but I’d still recommend this!
  • MongoDB: The Definitive Guide. Good. I gave MongoDB a bad rap when I used a long time ago, but it looks like it’s come a long way. I have a lot more experience with relational databases, so learning about how MongoDB does things was enlightening! I particularly enjoyed the different design patterns to consider when you’re dealing with documents… and the idea that normalization is for sissies.
  • Fooled by Randomness. Meh. There are some powerful examples and narratives of statistical fallacies, but I had a hard time getting through large sections of the book where the author went on tangents.
  • Computer Networking: A Top-Down Approach. Good. What a pleasant survey of computer networking! This was a detailed and informative textbook, and I loved the “top-down” approach vs. the relatively more common “bottom-up” style. It gave me an appreciation and understanding of how and where different networking protocols fit in the big picture.
  • The Mythical Man-Month. Good. Models and concepts that (mostly) withstood the test of time, many of which you’ve probably either heard of or experienced first-hand. This book is more about the humans that build software than it is about software—and that’s why it’s so important! If you’re short on time, just read the titular essay, the chapter on The Second-System Effect, and the final chapters that contain an outline and retro.
  • Structure and Interpretation of Computer Programs. Great! Alright, this book is absolutely insane. I can’t believe this is used in intro-level classes because there are very advanced concepts and paradigms jammed into this book. Everything from functional programming, to concurrency, to building an interpreter for Scheme (in Scheme) to building a machine language and compiler. I’m almost jealous that this wasn’t my first foray into computer science. I quite rarely re-read books, but this is one I’ll add to the short list, particularly because I skipped many of the exercises. Don’t miss out on this one!
  • Serious Cryptography. Meh. It’s a good overview of major cryptography concepts, but I consistently found myself wanting either more detail (to be fair, the author does list many “Further Reading” resources) or more applicability. I still think it’s well-written and clear about its goals, but it just wasn’t what I was looking for.
  • The Rust Programming Language. Good. This was probably the best intro to a language I’ve read! Not terribly long, but just enough content and examples to grok the core concepts. You can read all the same (and probably updated) content on the official site.
  • Threat Modeling. Good. There’s a lot more than threat modeling in this book! It reads like an opinionated meta-analysis (your take if that’s a good or bad thing) that pulls from a wide array of content and resources. You can open it up on a random page and likely pick up or learn something useful.
  • Container Security. Good. Lots of useful fundamentals packed into a relatively short book. The author spends the first half or so of the book going over how containers work, and then pivots into how to protect them. Overall good read that you can finish in one sitting. Liz has a knack for explaining complex subjects simply, and I will be sure to follow her work!
  • Code: The Hidden Language of Computer hardware and Software, 2nd Edition. Good. This reminded me a lot of Elements of Computing Systems, but with a much gentler introduction, larger focus on hardware, and a lot more coverage of computing history. I think the end tapered off considerably after building a CPU, and it just felt rushed. Nonetheless, it’s a good book if you want to know how to build a computer from the ground up.
  • Web Application Security. Nah. Extremely basic, despite the author purporting that it could be used by intermediate-level security engineers as well. I suppose it’s a decent introduction or even refresher; however, there was significant material missing, outdated, or perhaps wrong, e.g. CSRF defenses.
  • Secrets and Lies. Good. While published in ~2000, it’s incredible (and sad?) just how so many of the problems and concepts Schneier introduces and predicts here are still relevant today. This was an excellent survey of information security, and while the examples are dated, few of the underlying principles are… or will be.
  • OAuth 2 in Action. Good. Very thorough and practical breakdown of OAuth 2.0, and extremely useful for anyone developing or working with this protocol. I especially liked how a chapter was dedicated to each major component (e.g. client, authorization server, protected resource), as well as one strictly on vulnerabilities and pitfalls.
  • Performance Modeling and Design of Computer Systems: Queueing Theory in Action. Good. I really enjoyed this book and topic! This is one of the better textbooks I’ve read, rich and comprehensive with plenty of wonderful examples. I would have loved to have taken a course designed around this book. I actually gave a talk (slides) about some of the topics in this book. Queueing is an absolute necessity for any software engineer, and this is a great book to get you ramped up on it.
  • The Every Computer Performance Book. Meh. Quick read (<200 pages), but I do think you can get the most important insights of the book from a summary.
  • Building Secure and Reliable Systems. Good. Very refreshing take on the intersection (and differences) of security and reliability at Google. Lots of great insight here!
  • Amazon Web Services in Action. Meh. I picked this up as a refresher to AWS but found it was very dated (2015).
  • Practical Cloud Security. Meh. This is actually a wonderful resource if you’re brand new to cloud security, but if you are familiar with most of the concepts in the table of contents, I’d recommend a pass. This is a very breadth-first resource that doesn’t go into a ton of detail.
  • The Bogleheads’ Guide to the Three-Fund Portfolio. Great!. This is probably this highest ROI (both time and money) book you can read that will improve your financial health and future. “Don’t just do something, stand there!”
  • Personal Finance for Tech Professionals. Good. I’d recommend this for (duh) tech professionals, especially those working at startups. It boils down a lot of tricky concepts, simply, especially around equity and taxes.
  • Lying for Money. Good. A fantastic intro into fraud, the mindset of fraudsters, and the economics that drive (and bust) fraud schemes.
  • Operating Systems: Three Easy Pieces. Great! A fantastic follow-up to nand2tetris. Broadly covers virtualization, persistence, and concurrency in operating systems. A must-read for all software engineers.
  • The Elements of Computing Systems. Good. What a gem that lived up to its hype! Learning how computers work from the ground up was fantastic. The first chapters on hardware are free at nand2tetris.
  • Essential Scrum. Meh. Okay, I guess, given the topic. I might revisit it, but there are probably shorter books to read on the topic.
  • The Go Programming Language. Good. One of the better intros to programming languages I’ve read. I finally got to officially learn Golang, and this was a treat to go through.
  • PCI Compliance. Good. Surprisingly, so! I thought this was going to be a slog, for sure, but it turned out much better than expected. What a gentle intro into what I thought was the boogeyman!
  • Practical Vulnerability Management. Good. Must read for anyone working on a vuln. management program. Practical (duh) and pragmatic approach.
  • Secure by Design. Good. This was my first intro into domain-driven design (with a security lens), and it made me want to learn more about DDD. I was originally looking for security reviews, but this changed my view on how important data modeling is to software security.
  • Securing DevOps. Good. Fantastic read on DevSecOps and shift-left security. I also learned a ton about detection and response. Super-relevant to security and threat engineering.
  • The Tangled Web. Good. Some of this information is outdated, but there’s so much knowledge packed into this book. Highly recommend for anyone interested in web- and appsec.
  • The Shellcoder’s Handbook. Good. This was so freakin’ cool. Lots of really great stuff here for binary exploitation and reversing that you won’t find elsewhere. I skipped a few architecture-specific chapters, but I remember being blown away by how to defeat exploit mitigations and smuggle in shellcode with ASCII encoders.
  • The Hacker Playbook 3: Practical Guide To Penetration Testing. Meh. I’m on the fence with this one. I did enjoy it and learned about a bunch of nifty and specific techniques, like DNS tunneling. I’m lukewarm on it because I’m not entirely sure it will age well as both attacks and defenses adapt and change, but I would love to be wrong.
  • Never Split the Difference. Good. I listened to the audiobook, and it was fantastic. It’s an engaging narrative that gives you a unique perspective on how to negotiate.
  • Cloud Native Patterns. Good. Solid and helpful overview of patterns to make apps resilient in the cloud.
  • Big Data. Good. Digestible overview of Lambda architecture. Pre-requisite to learning about Kappa and streaming architectures.
  • It Doesn’t Have to Be Crazy at Work. Great! Another excellent entry from the Basecamp folks. No words wasted, and as refreshing as it is inspiring. What a fantastic company and book!
  • Database Reliability Engineering. Good. Lots of knowledge compressed into a relatively short read. As someone not directly in SRE/DBRE/DBA, however, I don’t think I got much direct utility from it. YMMV!
  • Magnolia Story. Good. An enjoyable, entertaining story. If you like the show, you’ll like their book.
  • Streaming Data. Good. I much preferred this content to Streaming Systems; in particular, I liked the methodical approach and survey of each core component of generalized streaming architecture. I recommend reading this before Streaming Systems.
  • Mastering PostgreSQL 11. Meh. Pretty good reference book on PostgreSQL, but seemingly very few ideas and concepts specific to PostgreSQL 11. At times, it felt like an early release, referencing features still on PostgreSQL 11’s roadmap. Nonetheless, there are some really great nuggets of information here, particularly on performance tuning and configuration.
  • Streaming Systems. Good. Fantastic introduction (and history) to streaming systems. I particularly enjoyed the unifying framework that the author presents, as well as key ideas and mental models, like stream-table duality. I don’t know how well it will age, but I’ll be sure to pick up following editions as new stream processing paradigms are introduced.
  • Kafka: The Definitive Guide. Good. Solid guide into Kafka. I’ll keep this handy on my shelf and will be revisiting it when I need to tune Kafka.
  • Designing Distributed Systems. Meh. Eh, it’s a quick read. Some interesting design patterns for micro-service architecture, but perhaps I didn’t appreciate it as much since I didn’t go through the Kubernetes examples.
  • Designing Data-Intensive Applications. Great! Best technical book I’ve read in quite some time. Absolutely fantastic.
  • Payment Systems in the U.S.. Good. This is a must-read for anyone in FinTech, especially engineers that need to build systems that move and transfer money. I hope this edition becomes obsolete, because so many of our critical financial systems (read: ACH) need drastic overhaul.
  • Guerilla Capacity Planning. Nah. The concept is 10/10, but the material was pretty hard to slog through. I recommend future readers just read perfdynamics.com articles to get the gist.
  • The Hard Thing About Hard Things. Great! Absolutely incredible read. A large chunk I couldn’t appreciate (advice on hiring and managing executives), but even if you read the first few chapters about Ben Horowitz’s journey, it’s worth a read.
  • Radical Candor. Good. The concept of radical candor was so enlightening to me that I made it a line item in my personal leadership philosophy. This book should be required reading for all teams, managers of teams, and managers of managers, alike. My only gripe with this is that I think it could have been shorter; but otherwise, it was a fantastic read.
  • React Quickly. Meh. Fairly decent intro and walkthrough of front-end stack utilizing modern technology. It definitely focuses on breadth over depth (not a bad thing), but my hesitations are on the focus of the book on technology vs. design patterns. I could see this book being outdated in short order due to the pace of JavaScript evolution.
  • SQL Performance Explained. Good. Should be required reading for application back-end developers! This was a short, yet information-packed, guide to tuning databases and applications. I too often see developers treat databases as black box abstractions; it’s refreshing to see the author embrace full-stack ownership.
  • Two Scoops of Django 1.11. Good. There is a wealth of knowledge and experience tucked away in this book. I loved the opinionated take that the authors present, particularly on avoiding pitfalls that might take developers weeks or months to learn the hard way. I sincerely hope they release a new guide for Django >2.0!
  • Video Encoding by the Numbers. Good. I severely underestimated how complex and nuanced video encoding can be, and this book really opened my eyes to it. You won’t become an ffmpeg wizard overnight, but you’re sure to learn something.
  • Cracking the Coding Interview. Good. An absolute must-have for software engineers seeking jobs, regardless of seniority. You’ll either learn or refresh on some concepts, but this also teaches you how to “play the game”, which is an unfortunately necessary skill.

Abandoned

Books I simply gave up on. This list should be longer!

  • CISSP Study Guide. I feel like I’ve been in two opposing bubbles that were either all for or all against the CISSP, and I picked this up on a whim to broaden my perspective. Suffice it to say, this just wasn’t for me! I closed the book about halfway through, but it was nice to get some refreshers along the way.
  • AWS Penetration Testing. I abandoned this halfway through. It wasn’t bad, but it just wasn’t particularly engaging or interesting to me. It also didn’t help too much that the AWS environment had a bunch of “old” tech, so it just wasn’t as relevant to cloud-native infrastructure in 2022. YMMV, though!
  • Think and Grow Rich. I know this is a classic, but I just couldn’t get into it. A lot isn’t quite relevant anymore, and the whole “follow these steps and you will receive riches” was so repetitive. I feel like I can sum up most of the book by saying, “have grit.”
  • Computer Organization and Design. I picked this up after reading OSTEP and made it about halfway through. I think the book was alright, but I just wasn’t as interested in the hardware elements as I thought I would be.

Memorable

These are books I read a long time ago, and are memorable enough to mention.

  • On Writing Well. This is one of the few books I re-read every couple years. Not a word wasted.
  • Starship Troopers. Nothing like the movies! This was actually on military reading lists, and it’s more about civil-military relations more than anything.
  • Moonwalking With Einstein. Journalist turns memory champion. Fun read.

Re-read Queue

Books to re-read Some Day™, either because I’ve forgotten it or want to revisit with a new perspective.

Antilibrary

What? See also: Tsundoku. I’m not sure what’s wrong with me, either.

  1. 24 Deadly Sins of Software Security
  2. AWS Security Cookbook
  3. Adversarial Machine Learning
  4. Agile Retrospectives
  5. Algorithms to Live By
  6. An Elegant Puzzle
  7. An Introduction to Functional Programming Through Lambda Calculus
  8. An Invitation to Applied Category Theory
  9. Applied Cryptography
  10. Become an Effective Software Engineering Manager
  11. Blitzscaling
  12. Blue Team Handbook: SOC, SIEM, and Threat Hunting
  13. Building Microservices
  14. Bulletproof TLS and PKI
  15. Clean Architecture
  16. Clean Coder
  17. Coaching Agile Teams
  18. Code Complete
  19. Compilers: Principles, Techniques, and Tools
  20. Computer Networks
  21. Concurrency in Go
  22. Continuous Delivery
  23. Cyber Frauds, Scams and Their Victims
  24. Data and Reality
  25. Database Internals
  26. Database Management Systems
  27. Design Patterns Explained
  28. Design and Implementation of the FreeBSD Operating System
  29. Designing Distributed Control Systems
  30. Distributed Systems
  31. Enterprise Integration Patterns
  32. Hacking Multifactor Authentication
  33. Hooked
  34. How to Design Programs
  35. How to Solve It
  36. How to Steal a Lot of Money
  37. Hunting Cyber Criminals
  38. Incident Response & Computer Forensics
  39. Introduction to Autonomous Mobile Robots
  40. Introduction to Linear Algebra
  41. Introductory Graph Theory
  42. Investigator and Fraud Fighter Guidebook
  43. Learning Functional Programming in Go
  44. Linux Kernel Development
  45. Lions’ Commentary on Unix
  46. Mac OS X Internals
  47. Machine Learning: An Algorithmic Perspective
  48. Malware Analyst’s Cookbook and DVD
  49. Mathematics for Computer Science
  50. Measuring and Managing Information Risk
  51. Microservice Architecture
  52. Patterns of Enterprise Application Architecture
  53. PoC||GTFO
  54. Production-Ready Microservices
  55. Purely Functional Data Structures
  56. Readings in Database Systems
  57. Refactoring
  58. Release It!
  59. Securing the Perimeter
  60. Security Engineering
  61. Security and Microservices Architecture on AWS
  62. Seven Concurrency Models in Seven Weeks
  63. Seven Databases in Seven Weeks
  64. Seven More Languages in Seven Weeks
  65. Silence on the Wire
  66. Social Engineering
  67. Software Design for Flexibility
  68. Software Security Engineering
  69. Staff Engineer
  70. Super Thinking: The Big Book of Mental Models
  71. Systems Performance
  72. TCP/IP Illustrated, Volume 1
  73. The Algorithm Design Manual
  74. The Amazon Way
  75. The Art of Computer Programming
  76. The Art of Deception
  77. The Art of Doing Science and Engineering
  78. The Art of Intrusion
  79. The Art of Invisibility
  80. The DevOps Handbook
  81. The Linux Programming Interface
  82. The Phoenix Project
  83. The Unicorn Project
  84. Transaction Processing
  85. UNIX and Linux System Administration Handbook
  86. Windows Internals, Part 1
  87. Working Effectively with Legacy Code

† From Teach Yourself Computer Science

Other Reading Pipelines

  • Kevin Smiler (Melting Asphalt). He was the inspiration for this page!