Reading Pipeline

Posted on Feb 5, 2022

Updated on Jun 5, 2022.

A list of books in various stages of my reading pipeline. There are no affiliate links.

Currently Reading

On the Radar


Recently Finished

  • Secrets and Lies. Good. While published in ~2000, it’s incredible (and sad?) just how so many of the problems and concepts Schneier introduces and predicts here are still relevant today. This was an excellent survey of information security, and while the examples are dated, few of the underlying principles are… or will be.
  • OAuth 2 in Action. Good. Very thorough and practical breakdown of OAuth 2.0, and extremely useful for anyone developing or working with this protocol. I especially liked how a chapter was dedicated to each major component (e.g. client, authorization server, protected resource), as well as one strictly on vulnerabilities and pitfalls.
  • Performance Modeling and Design of Computer Systems: Queueing Theory in Action. Good. I really enjoyed this book and topic! This is one of the better textbooks I’ve read, rich and comprehensive with plenty of wonderful examples. I would have loved to have taken a course designed around this book. I actually gave a talk (slides) about some of the topics in this book. Queueing is an absolute necessity for any software engineer, and this is a great book to get you ramped up on it.
  • The Every Computer Performance Book. Meh. Quick read (<200 pages), but I do think you can get the most important insights of the book from a summary.
  • Building Secure and Reliable Systems. Good. Very refreshing take on the intersection (and differences) of security and reliability at Google. Lots of great insight here!
  • Amazon Web Services in Action. Meh. I picked this up as a refresher to AWS but found it was very dated (2015).
  • Practical Cloud Security. Meh. This is actually a wonderful resource if you’re brand new to cloud security, but if you are familiar with most of the concepts in the table of contents, I’d recommend a pass. This is a very breadth-first resource that doesn’t go into a ton of detail.
  • Lying for Money. Good. A fantastic intro into fraud, the mindset of fraudsters, and the economics that drive (and bust) fraud schemes.
  • Operating Systems: Three Easy Pieces. Great! A fantastic follow-up to nand2tetris. Broadly covers virtualization, persistence, and concurrency in operating systems. A must-read for all software engineers.
  • The Elements of Computing Systems. Good. What a gem that lived up to its hype! Learning how computers work from the ground up was fantastic. The first chapters on hardware are free at nand2tetris.
  • Essential Scrum. Meh. Okay, I guess, given the topic. I might revisit it, but there are probably shorter books to read on the topic.
  • The Go Programming Language. Good. One of the better intros to programming languages I’ve read. I finally got to officially learn Golang, and this was a treat to go through.
  • PCI Compliance. Good. Surprisingly, so! I thought this was going to be a slog, for sure, but it turned out much better than expected. What a gentle intro into what I thought was the boogeyman!
  • Practical Vulnerability Management. Good. Must read for anyone working on a vuln. management program. Practical (duh) and pragmatic approach.
  • Secure by Design. Good. This was my first intro into domain-driven design (with a security lens), and it made me want to learn more about DDD. I was originally looking for security reviews, but this changed my view on how important data modeling is to software security.
  • Securing DevOps. Good. Fantastic read on DevSecOps and shift-left security. I also learned a ton about detection and response. Super-relevant to security and threat engineering.
  • The Tangled Web. Good. Some of this information is outdated, but there’s so much knowledge packed into this book. Highly recommend for anyone interested in web- and appsec.
  • The Shellcoder’s Handbook. Good. This was so freakin’ cool. Lots of really great stuff here for binary exploitation and reversing that you won’t find elsewhere. I skipped a few architecture-specific chapters, but I remember being blown away by how to defeat exploit mitigations and smuggle in shellcode with ASCII encoders.
  • Skin in the Game. Good. Asymmetric relationships are everywhere and knowing how to identify and deal with them is important. I’ll be rereading this again in the future.
  • Never Split the Difference. Good. I listened to the audiobook, and it was fantastic. I might pick up the paper copy to read through.
  • Cloud Native Patterns. Good. Solid and helpful overview of patterns to make apps resilient in the cloud.
  • Big Data. Good. Digestible overview of Lambda architecture. Pre-requisite to learning about Kappa and streaming architectures.
  • It Doesn’t Have to Be Crazy at Work. Great! Another excellent entry from the Basecamp folks. No words wasted, and as refreshing as it is inspiring. What a fantastic company and book!
  • Database Reliability Engineering. Good. Lots of knowledge compressed into a relatively short read. As someone not directly in SRE/DBRE/DBA, however, I don’t think I got much direct utility from it. YMMV!
  • Magnolia Story. Good. An enjoyable, entertaining story. If you like the show, you’ll like their book.
  • Streaming Data. Good. I much preferred this content to Streaming Systems; in particular, I liked the methodical approach and survey of each core component of generalized streaming architecture. I recommend reading this before Streaming Systems.
  • Mastering PostgreSQL 11. Meh. Pretty good reference book on PostgreSQL, but seemingly very few ideas and concepts specific to PostgreSQL 11. At times, it felt like an early release, referencing features still on PostgreSQL 11’s roadmap. Nonetheless, there are some really great nuggets of information here, particularly on performance tuning and configuration.
  • Streaming Systems. Good. Fantastic introduction (and history) to streaming systems. I particularly enjoyed the unifying framework that the author presents, as well as key ideas and mental models, like stream-table duality. I don’t know how well it will age, but I’ll be sure to pick up following editions as new stream processing paradigms are introduced.
  • Kafka: The Definitive Guide. Good. Solid guide into Kafka. I’ll keep this handy on my shelf and will be revisiting it when I need to tune Kafka.
  • Designing Distributed Systems. Meh. Eh, it’s a quick read. Some interesting design patterns for micro-service architecture, but perhaps I didn’t appreciate it as much since I didn’t go through the Kubernetes examples.
  • Designing Data-Intensive Applications. Great! Best technical book I’ve read in quite some time. Absolutely fantastic.
  • Guerilla Capacity Planning. Nah. The concept is 10/10, but the material was pretty hard to slog through. I recommend future readers just read articles to get the gist.
  • The Hard Thing About Hard Things. Great! Absolutely incredible read. A large chunk I couldn’t appreciate (advice on hiring and managing executives), but even if you read the first few chapters about Ben Horowitz’s journey, it’s worth a read.
  • Radical Candor. Good. The concept of radical candor was so enlightening to me that I made it a line item in my personal leadership philosophy. This book should be required reading for all teams, managers of teams, and managers of managers, alike. My only gripe with this is that I think it could have been shorter; but otherwise, it was a fantastic read.
  • React Quickly. Meh. Fairly decent intro and walkthrough of front-end stack utilizing modern technology. It definitely focuses on breadth over depth (not a bad thing), but my hesitations are on the focus of the book on technology vs. design patterns. I could see this book being outdated in short order due to the pace of JavaScript evolution.
  • SQL Performance Explained. Good. Should be required reading for application back-end developers! This was a short, yet information-packed, guide to tuning databases and applications. I too often see developers treat databases as black box abstractions; it’s refreshing to see the author embrace full-stack ownership.
  • Two Scoops of Django 1.11. Good. There is a wealth of knowledge and experience tucked away in this book. I loved the opinionated take that the authors present, particularly on avoiding pitfalls that might take developers weeks or months to learn the hard way. I sincerely hope they release a new guide for Django >2.0!

Recently Abandoned

  • Think and Grow Rich. I know this is a classic, but I just couldn’t get into it. A lot isn’t quite relevant anymore, and the whole “follow these steps and you will receive riches” was so repetitive. I feel like I can sum up most of the book by saying, “have grit.”
  • Computer Organization and Design. I picked this up after reading OSTEP and made it about halfway through. I think the book was alright, but I just wasn’t as interested in the hardware elements as I thought I would be.


These are books I read a long time ago, and are memorable enough to mention.

  • On Writing Well. This is one of the few books I re-read every couple years. Not a word wasted.
  • Starship Troopers. Nothing like the movies! This was actually on military reading lists, and it’s more about civil-military relations more than anything.
  • Moonwalking With Einstein. Journalist turns memory champion. Fun read.

Other Reading Pipelines

  • Kevin Smiler (Melting Asphalt). He was the inspiration for this page!