Continuous Learning Resources
Continuous learning is a core value here, professionally and personally. The below list represents some of our favorite sources.
Book List
Reading is a big time part of continuous, life-long learning. This list represents some of our absolute favorites across the soft skills we focus on here.
Why we like it:
This book will get you thinking about everything you think you know, the deeply held ideas you have, and how you put ideas and concepts together. This is a thought-provoking and deep read while at the same time being presented in a lighthearted and easily approachable way.
Why we like it:
Anyone in a leadership position likely experienced the frustration of saying one thing and having another thing be received or done. Leadership is language that talks about the systems and nonverbal elements of leadership that are so easily overlooked by those with the title of leader.
Why we like it:
The Effective Executive is one of Peter Drucker's most prolific works focused on the knowledge worker. In Drucker's definition, being effective is not just about getting more done; it's about getting the right things done and managing one's time effectively enough to do that.
Why we like it:
Corporate Explorer explores how large corporations can innovate while still running their organization. The recognition and acceptance that day-to-day operations provide value now and must continue are vital factors of the ambidextrous organization model described here. If you're a leader within a large organization struggling to find ways to explore new innovative solutions, this book is worth your time.
Why we like it:
An engaging and relatable way to explore the burden of dysfunctional IT and developer tooling. If you're looking to understand better the value of the DevOps movement and how to move your organization towards it potentially, this book is worth it. This also makes a great team book club selection, given the entertainment value you get alongside the education.
Why we like it:
Team Topologies looks at teams through the lens of an architect, reasoning about their purpose and interaction patterns like a series of APIs. While there's a focus on software development teams in this book, the lessons apply to anybody involved with the organization of people resources across teams.
Why we like it:
Who owns what, why, and how? These forces of ownership are layered into our daily lives, and if we can better understand them, we can better navigate complicated politics that emerge within organizations. Nobody likes it when you take away or break their stuff. Understanding ownership dynamics can send you into such situations more prepared.
Why we like it:
This is a must-read for anyone looking to improve their leadership skills and create a culture of trust and belonging within their team or organization. It explores the skills and traits that make a great leader, including vulnerability, courage, empathy, and accountability, and provides practical advice for developing these qualities.
Why we like it:
You may have heard the adage that less is more. This book goes deep into the design principles around subtraction, reduction, and generally having less. It touches on products of various kinds, processes, and policies. Finding the connection points back to your role in cybersecurity will be up to you.
Why we like it:
The public sector is almost universally thought of as a place where innovation is impossible, no matter the level (federal, state, or local). This book contains stories about innovation and how it can be replicated. Going through it is inspiring and will leave you excited if you work in an enormous bureaucracy.
Why we like it:
This book provides, in story form, practical solutions for building a culture of trust, accountability, and collaboration, making it a valuable resource for anyone looking to improve their team's performance. It offers practical guidance for overcoming common challenges and building a high-performing team.
Why we like it:
Extreme ownership is about a no-excuses approach to life, running a business, or getting into anything. Taking ownership over the part you played in anything, what you could have done differently, and how you'll be better next time is how you take control over making things better.
Newsletters
Newsletters can be a fantastic way to keep up with the latest information in the industry. These cover a lot of things about the development of self in cyber.
Why we like it:
We'd be remiss if we didn't plug our newsletter in here. But we feel very passionately that people who invest in technical and non-technical skills will be maximally impactful in this field.
Why we like it:
TLDRsec is an aggregate newsletter that touches on many different topics across cloud, appsec, detection engineering, and more. It's a good pulse on the latest tools, thinking, and ideas floating around the industry. Plus, if you want to see some of the awesome new tools released, this is an excellent place to do it.
Why we like it:
You cover a lot of ground with the CloudSecList newsletter. Tools, major updates from cloud providers, technical tutorials, and service updates/releases. If you've prioritized continuous learning and your organization has a cloud presence, this is a clutch resource.
Why we like it:
This is Annie Duke's compliment to her popular book by the same name. It's focused on how to help you make better decisions and think more clearly. Skills are very clearly applicable to more places than the poker table.
Why we like it:
Deploying Securely is focused mainly on vulnerability management and the processes around it, though not exclusively. Not only is this a critical activity in any security program, but it doesn't just tackle the issue from a tech perspective; it's approached from a people and process standpoint, which we feel is incredibly important.
Why we like it:
AppSec is still one of those sub-disciplines that can easily stay in the realm of deeply technical. Sandesh does a great job taking a step back and doing end-to-end looks at different pieces of an application security program. Are you thinking about static analysis needs? There's a lot more to consider than what tool to bring in. The same thing goes for the whole spectrum of a program.