Why am I passionate about this?

Being able to understand and change reality through our knowledge and skill is literal magic. We’re building systems with so many exciting and unexpected properties that can be exploited and repurposed for both good and evil. I want to keep some of that magic and help people engineer – build great systems that make people’s lives better. I’ve been securing (and breaking) systems, from operating rooms to spaceships, from banks to self-driving cars for over 25 years. The biggest lesson I’ve learned is that if security is not infused from the start, we’re forced to rely on what ought to be our last lines of defense. This list helps you infuse security into your systems.


I wrote

Book cover of Threat Modeling: Designing for Security

What is my book about?

How to anticipate and address software threats before you’ve written a line of code. The proven tools in this book…

When you buy books, we may earn a commission that helps keep our lights on (or join the rebellion as a member).

The books I picked & why

Book cover of Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems

Adam Shostack Why did I love this book?

This book captures lessons from many authors at Google, some of whom I’ve worked with over the years. The chapters on availability (7, 8, 9) were a revelation to me. I had no idea how Google approaches the topic of resilience and recovery in their systems, and I now think of the whole topic very differently. The biggest takeaway is how to think about the design of systems.

By Heather Adkins, Betsy Beyer, Paul Blankinship , Ana Oprea , Adam Stubblefield

Why should I read it?

1 author picked Building Secure and Reliable Systems as one of their favorite books, and they share why you should read it.

What is this book about?

Can a system be considered truly reliable if it isn't fundamentally secure? Or can it be considered secure if it's unreliable? Security is crucial to the design and operation of scalable systems in production, as it plays an important part in product quality, performance, and availability. In this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.

Two previous O'Reilly books from Google-Site Reliability Engineering and The Site Reliability Workbook-demonstrated how and why a commitment to the entire service lifecycle enables organizations to successfully build, deploy, monitor, and maintain…


Book cover of Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

Adam Shostack Why did I love this book?

When I worked in application security at Microsoft, we still had products that shipped every few years. I learned to scale application security in that world, but many people live in a different world now. AAS helped me understand which of our approaches translated well, which had to be transformed, and which needed to be discarded or replaced. I regularly refer back to it, even a few years later.

By Laura Bell, Michael Brunton-Spall, Rich Smith , Jim Bird

Why should I read it?

1 author picked Agile Application Security as one of their favorite books, and they share why you should read it.

What is this book about?

Agile continues to be the most adopted software development methodology among organizations worldwide, but it generally hasn't integrated well with traditional security management techniques. And most security professionals aren't up to speed in their understanding and experience of agile development. To help bridge the divide between these two worlds, this practical guide introduces several security tools and techniques adapted specifically to integrate with agile development.

Written by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with…


Book cover of Designing Secure Software: A Guide for Developers

Adam Shostack Why did I love this book?

Loren’s been contributing to security for over 40 years, and this book captures his hard-won wisdom in a way that’s both humble and accessible. It scales from principles and design approaches to in-depth explanations of exactly how things go wrong and how to avoid those problems. (Also, I was honored to write the foreword.)

By Loren Kohnfelder,

Why should I read it?

1 author picked Designing Secure Software as one of their favorite books, and they share why you should read it.

What is this book about?

Designing Secure Software consolidates Loren Kohnfelder's more than twenty years of experience into a concise, elegant guide to improving the security of technology products. Written for a wide range of software professionals, it emphasizes building security into software design early and involving the entire team in the process. The book begins with a discussion of core concepts. The second part, perhaps this book's most important contribution, covers the process of designing and reviewing a software design with security considerations in mind. The final section details the most common coding flaws that create vulnerabilities, making copious use of code snippets written…


Book cover of Leading Change

Adam Shostack Why did I love this book?

As we move to a world in which security is everyone’s job, we have to understand that’s a change in what we expect of people, and change is hard. This book is short and actionable and will help security pros understand the changes that need to happen. Unlike a lot of business books, it’s not full of platitudes or repetition. Even when we’re not actively leading change, understanding the challenges leaders face enables us to plan and participate better to achieve our goals.

By John P. Kotter,

Why should I read it?

2 authors picked Leading Change as one of their favorite books, and they share why you should read it.

What is this book about?

The international bestseller--now with a new preface by author John Kotter. Millions worldwide have read and embraced John Kotter's ideas on change management and leadership. From the ill-fated dot-com bubble to unprecedented M&A activity to scandal, greed, and ultimately, recession--we've learned that widespread and difficult change is no longer the exception. It's the rule. Now with a new preface, this refreshed edition of the global bestseller Leading Change is more relevant than ever. John Kotter's now-legendary eight-step process for managing change with positive results has become the foundation for leaders and organizations across the globe. By outlining the process every…


Book cover of Flying Blind: The 737 Max Tragedy and the Fall of Boeing

Adam Shostack Why did I love this book?

Boeing used to be a paragon of how engineering-driven companies could deliver amazing products and amazing profits. This book chronicles how that changed, and how Boeing lost its guiding principles. It shows how prioritizing the stock price over the business or the people who flew in its planes led to decisions that literally killed hundreds of people. Engineering concerns were regularly set aside for schedule or cost reasons. Most of us don’t work on products whose failures cause hundreds of deaths, but there’s an important lesson about being proud of the work you do and the products you deliver, and how that can make for a great business.

By Peter Robison,

Why should I read it?

1 author picked Flying Blind as one of their favorite books, and they share why you should read it.

What is this book about?

NEW YORK TIMES BUSINESS BESTSELLER • A suspenseful behind-the-scenes look at the dysfunction that contributed to one of the worst tragedies in modern aviation: the 2018 and 2019 crashes of the Boeing 737 MAX.

An "authoritative, gripping and finely detailed narrative that charts the decline of one of the great American companies" (New York Times Book Review), from the award-winning reporter for Bloomberg.

Boeing is a century-old titan of industry. It played a major role in the early days of commercial flight, World War II bombing missions, and moon landings. The planemaker remains a cornerstone of the U.S. economy, as…


Explore my book 😀

Book cover of Threat Modeling: Designing for Security

What is my book about?

How to anticipate and address software threats before you’ve written a line of code. The proven tools in this book can be applied by anyone. They give you a structured and systematic approach that are be applied at any scale – from a website built with CI/CD to complex waterfall projects like spacecraft.

This book captures years of experience in a simple, accessible, and practical way.

Book cover of Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems
Book cover of Agile Application Security: Enabling Security in a Continuous Delivery Pipeline
Book cover of Designing Secure Software: A Guide for Developers

Share your top 3 reads of 2024!

And get a beautiful page showing off your 3 favorite reads.

1,224

readers submitted
so far, will you?

You might also like...

Uniting the States of America: A Self-Care Plan for a Wounded Nation

By Lyle Greenfield,

Book cover of Uniting the States of America: A Self-Care Plan for a Wounded Nation

Lyle Greenfield Author Of Uniting the States of America: A Self-Care Plan for a Wounded Nation

New book alert!

Why am I passionate about this?

I’ve always been fascinated by group dynamics, large and small. Why things functioned well, why they didn’t. It’s possible my ability to empathize and use humor as a consensus-builder is the reason I was elected president of a homeowners association, a music production association, and even an agricultural group. Books were not particularly involved in this fascination! But in recent years, experiencing the breakdown of civility and trust in our political and cultural discourse, I’ve taken a more analytical view of the dynamics. These books, in their very different ways, have taught me lessons about life, understanding those with different beliefs, and finding ways to connect and move forward. 

Lyle's book list on restoring your belief in human possibility

What is my book about?

We’ve all experienced the overwhelming level of political and social divisiveness in our country. This invisible “virus” of negativity is, in part, the result of the name-calling and heated rhetoric that has become commonplace among commentators and elected leaders alike. 

My book provides a clear perspective on the historical and modern-day causes of our nation's divisive state. It then proposes easy-to-understand solutions—an action plan for our elected leaders and citizens as well. Rather than a scholarly treatment of a complex topic, the book challenges us to take the obvious steps required of those living in a free democracy. And it…

Uniting the States of America: A Self-Care Plan for a Wounded Nation

By Lyle Greenfield,

What is this book about?

Lyle Greenfield's "Uniting the States of America―A Self-Care Plan for a Wounded Nation" is a work of nonfiction and opinion. Incorporating the lessons of history and the ideas and wisdom of many, it is intended as both an educational resource and a call-to-action for citizens concerned about the politically and culturally divided state of our Union. A situation that has raised alarm for the very future of our democracy.

First, the book clearly identifies the causes of what has become a national crisis of belief in and love for our country. How the divisiveness and hostility rampant in our political…


5 book lists we think you will like!

Interested in computer security, computer networks, and leadership?

Leadership 401 books