I have been an information technology and cybersecurity professional for over two decades. I’ve learned over and over again that “people are the weakest link.” You can build the most secure system in the world, with stringent password requirements. But if the user writes their password down and leaves it where someone else can see it, system security is irrelevant! The easiest way to gain access to a system is via “social engineering” – to trick a human being into giving you the access you need, rather than trying to hack the systemitself. The books on this list will help the reader lower their chances of being exploited like this.
Security expert Bruce Schneier wrote this excellent book, talking about the “Goliaths” who are looking to exploit individuals’ data. Focusing more on politics (specifically US politics) than the other books on this list, Schneier talks about the Edward Snowden classified information reveal. He talks about mass surveillance conducted by the US and other governments around the world, and lays out in detail why this should concern us all.
Data is everywhere. We create it every time we go online, turn our phone on (or off) or pay with a credit card. This data is stored, studied, bought and sold by companies and governments for surveillance and for control. "Foremost security expert" (Wired) Bruce Schneier shows how this data has led to a double-edged Internet-a Web that gives power to the people but is abused by the institutions on which those people depend.
In Data and Goliath, Schneier reveals the full extent of surveillance, censorship and propaganda in society today, examining the risks of cybercrime, cyberterrorism and cyberwar. He…
I’ve spent more than a decade working on infrastructure, from my early days at LinkedIn, where we had to do a massive DevOps transformation to save the company, to co-founding Gruntwork, where I had the opportunity to work with hundreds of companies on their software delivery practices. From all of this, I can say the following with certainty: the DevOps best practices that a handful of the top tech companies have figured out are not filtering down to the rest of the industry. This is making the entire software industry slower, less effective, and less secure—and I see it as my mission to fix that.
This is a book for practitioners, by a practitioner, full of practical learnings that I was able to start using in my work immediately.
I especially appreciated the parts teaching the core principles of infrastructure as code (e.g., systems are disposable, consistent, can easily be reproduced, etc.), core practices of infrastructure as code (e.g., use definition files, self-documented systems and processes, version all the things, etc.), and the idea of antifragile systems (rather than just systems that you prevent from breaking) and autonomic systems (rather than just automated systems).
Six years ago, Infrastructure as Code was a new concept. Today, as even banks and other conservative organizations plan moves to the cloud, development teams for companies worldwide are attempting to build large infrastructure codebases. With this practical book, Kief Morris of ThoughtWorks shows you how to effectively use principles, practices, and patterns pioneered by DevOps teams to manage cloud-age infrastructure.
Ideal for system administrators, infrastructure engineers, software developers, team leads, and architects, this updated edition demonstrates how you can exploit cloud and automation technology to make changes easily, safely, quickly, and responsibly. You'll learn how to define everything as…
As a kid, I used to do all the math problems in my textbooks just for fun, even if they weren’t part of a homework assignment. My grandchildren cringe when I tell them this. I am a researcher and educator in secure software engineering and have enjoyed a productive career in software development and management, software engineering and software security research, and software and secure software engineering education.
This book is a “how-to” guide for teams developing secure software. Written by a team of experts, it covers the important issues in developing software that is better able to prevent successful attacks. The book contains many references, a strategy, and an implementation guide with cross-references. For each topic, the maturity of practice at the time of writing is provided, as well as an indication of the audience.
"This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle."
-Steve Riley, senior security strategist, Microsoft Corporation
"There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one."
Art, technology, and science…I have been seamlessly traversing domains all my life. I grew up with twin interests in physical sciences and visual arts, finding beauty in math and art and seeing creativity as being one thing rather than something living in compartments. Art influenced my research in chaos and complexity, and blurring boundaries characterized my work as dean of engineering when creating educational/research initiatives in design, art, entrepreneurship, energy, and sustainability. I also received visible external recognition as a Guggenheim Fellow and member of both the National Academy of Engineering and the National Academy of Sciences, as well as the American Academy of Arts and Sciences.
This book will open your eyes and make you see the world with an augmented lens.
Networks are everywhere; in biology, social systems, economics, and technologies, and the study of networks connects mathematics, physics, computer sciences, biology, and social sciences, producing fascinating connections. This book brings together all this, highlighting the interconnections between ideas and technical work in different areas and telling us how networks emerge, and how they evolve.
A cocktail party. A terrorist cell. Ancient bacteria. An international conglomerate. All are networks, and all are a part of a surprising scientific revolution. In Linked , Albert-Laszlo Barabasi, the nation's foremost expert in the new science of networks, takes us on an intellectual adventure to prove that social networks, corporations, and living organisms are more similar than previously thought. Barabasi shows that grasping a full understanding of network science will someday allow us to design blue-chip businesses, stop the outbreak of deadly diseases, and influence the exchange of ideas and information. Just as James Gleick and the Erdos-Renyi model…
I’ve spent more than a decade working on infrastructure, from my early days at LinkedIn, where we had to do a massive DevOps transformation to save the company, to co-founding Gruntwork, where I had the opportunity to work with hundreds of companies on their software delivery practices. From all of this, I can say the following with certainty: the DevOps best practices that a handful of the top tech companies have figured out are not filtering down to the rest of the industry. This is making the entire software industry slower, less effective, and less secure—and I see it as my mission to fix that.
This book felt like a chance to sit with a few experienced Ops people and hear their war stories.
The book is full of concrete, actionable learnings that are essential for running software, including operational requirements (e.g., configuration, draining, hot swaps, feature toggles, graceful degradation, etc.), software architecture (e.g., three-tier web service, four-tier web service, load balancing models etc.), scaling patterns (e.g., horizontal duplication, service splits, caching, etc.), resiliency patterns (software vs hardware resiliency, spare capacity, failure domains, etc.), and much more.
I loved being able to pick up decades of experience and hard-won knowledge by just flipping through a few pages of a book!
"There's an incredible amount of depth and thinking in the practices described here, and it's impressive to see it all in one place."
-Win Treese, coauthor of Designing Systems for Internet Commerce
The Practice of Cloud System Administration, Volume 2, focuses on "distributed" or "cloud" computing and brings a DevOps/SRE sensibility to the practice of system administration. Unsatisfied with books that cover either design or operations in isolation, the authors created this authoritative reference centered on a comprehensive approach.
Case studies and examples from Google, Etsy, Twitter, Facebook, Netflix, Amazon, and other industry giants are explained in practical ways that…
Ever since touching my first computer (the Apple IIC) in 1985, broadcasting a radio show in 1988, logging onto the world wide web in 1991, launching my first podcast in 2004 or producing the highly viewed YouTube show The Download in 2020 I've been interested in what Marshall McLuhan has dubbed, "The Medium is the Message." Not only how media and technology are used but how it intersects with humanity, education, entertainment, marketing and popular culture to drive word of mouth. To me, marketing isn't just about the technology or the quantified metrics but about how it shapes long lasting impressions on people and leads to sustained behavioral change.
Shirky explained the fascination with how everyone becomes media long before TikTok was even a gleam in the eye of its founder Zhang Yiming. In this world that becomes louder, faster, and where attention is harder to come by we might think that it becomes every person for themselves. Not so. Communities become stronger and we enter the age of "We" rather than the age of "Me." A fascinating read on the power of organizations that don't rely on traditional organization hierarchies. If you want to know how good ideas spread in the 21st Century, this is a good book to read.
“A fascinating survey of the digital age . . . An eye-opening paean to possibility.” —The Boston Globe
“Mr. Shirky writes cleanly and convincingly about the intersection of technological innovation and social change.” —New York Observer
An extraordinary exploration of how technology can empower social and political organizers
For the first time in history, the tools for cooperating on a global scale are not solely in the hands of governments or institutions. The spread of the internet and mobile phones are changing how people come together and get things done—and sparking a revolution that, as Clay Shirky shows, is changing…
I love computers, and especially computer systems. I’m interested in how different pieces of hardware and software, like processors, operating systems, compilers, and linkers, work together to get things done. Early in my career, as a software security tester, I studied how different components interacted to find vulnerabilities. Now that I work on compilers, I focus on the systems that transform source code into a running program. I’m also interested in how computer systems are shaped by the people who build and use them—I believe that creating safer, more reliable software is a social problem as much as a technical one.
One of the best ways to understand how software works is to study how it fails. When I was just starting my career in software security, I read this book to learn about binary exploits like buffer overflows. It’s been a long time since I’ve written a binary exploit, but digging into the nitty-gritty, low-level details of how software runs on a real system has helped with everything I’ve done as an engineer since.
A lot has changed since this book was published in 2008 (and running the accompanying Live CD has gotten trickier), but the fundamental concepts are as relevant as ever.
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope. Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective. The included LiveCD provides a…
I am an information architect, writer, and community organizer on a mission to make information architecture education accessible to everybody. I started practicing IA in pure pursuit of stronger visual design, but in the two decades since have developed an insatiable appetite for understanding and teaching the practical skills that make people better sensemakers, regardless of their role or medium. The books I chose for this list are all foundational to me becoming the sensemaker that I am today. I offer them as suggestions because they are not the books you will find should you search for “Information Architecture” yet they have all become my go-to recommendations for helping others to strengthen their own sensemaking.
You might not think of excitement when you hear the words “Digital Governance” but I can assure you that this book is a real page-turner…especially if your job involves managing large-scale information messes. There is a special kind of chaos that only information and knowledge workers can understand and this book paints a picture so many of us have seen in practice but in a way that leaves the reader inspired to fight another day, instead of wallowing in a sea of information-induced self-pity.
I recommend this book because I have seen too many information architecture efforts die on the vine due to a lack of good governance. The frameworks and recommendations in this book mean I always have a playbook to hand to teams in need.
Few organizations realize a return on their digital investment. They’re distracted by political infighting and technology-first solutions. To reach the next level, organizations must realign their assets—people, content, and technology—by practicing the discipline of digital governance. Managing Chaos inspires new and necessary conversations about digital governance and its transformative power to support creativity, real collaboration, digital quality, and online growth.
Joanne McNeil has written about internet culture for over fifteen years. Her book considers the development of the internet from a user's perspective since the launch of the World Wide Web. Her interest in digital technology spans from the culture that enabled the founding of major companies in Silicon Valley to their reception in broader culture.
Beginning with Stewart Brand’s influence through his projects like The Whole Earth Catalog, the WELL, and Wired magazine, this book examines the unique culture of Silicon Valley. An essential history and one that clarifies the tech industry’s seemingly contradictory values of revolution and corporate power.
In "From Counterculture to Cyberculture", Fred Turner details the previously untold story of a highly influential group of San Francisco Bay Area entrepreneurs: Stewart Brand and the Whole Earth network. Between 1968 and 1998, via such familiar venues as the National Book Award - winning "Whole Earth Catalog", the computer-conferencing system known as WELL, and, ultimately, the launch of the wildly successful Wired magazine, Brand and his colleagues brokered a long-running collaboration between San Francisco flower power and the emerging technological hub of Silicon Valley. Thanks to their vision, counterculturalists and technologists alike joined together to reimagine computers as tools…
Researching DevilsGame, about an Internet meltdown caused by an unknown evil, I exposed myself to some harrowing truths. I learned how astonishingly frail our internet ecosystem is and how imperiled it is by bad actors who have burrowed deeply and often invisibly into its infrastructure. So, beyond writing a fictional thriller, I was moved to ring a warning bell! And I hope by formatting DevilsGame as “hyperlinked fiction,” mixing real news sites with fictional sites created for the novel, readers will experience the story in a way that parallels and parodies the way we experience real, live crises these days: navigating from fact to fiction, often without observing the boundaries.
I was stunned by the authors' dire and dramatic warning that the interests and methods of two mighty authoritarian regimes–China and Russia–are increasingly coming into alignment, and this alignment is spawning increasingly deadly threats to, and attacks on, the very foundations of our democracy and national security.
I found myself agreeing as the authors demonstrate how the United States government is failing to fully acknowledge and effectively respond to these massive threats–but I was also somewhat encouraged, as they do offer solutions and provide a ray of hope that we can restructure our approach to Chinese and Russian threats by streamlining our bureaucratic agencies and purpose-building them to directly confront them.
The United States is being bombarded with cyber-attacks. From the surge in ransomware groups targeting critical infrastructure to nation states compromising the software supply chain and corporate email servers, malicious cyber activities have reached an all-time high. Russia attracts the most attention, but China is vastly more sophisticated. They have a common interest in exploiting the openness of the Internet and social media—and our democracy—to erode confidence in our institutions and to exacerbate our societal rifts to prevent us from mounting an effective response. Halting this digital aggression will require Americans to undertake sweeping changes in how we educate, organize…
