Like many engineers, I got thrown into management without any real guidance. I thought management was just telling people what to do. I thought there wasn’t any real science to it; you just needed to feel your way through it. I was wrong: there’s a whole field of study here, and you can learn a lot by, you know, studying!

This is the reading list I wish I’d been given as a new engineering manager. It’s organized roughly in the order that I’d want to have read them. If you’re a new engineering manager: I hope this list helps you succeed.

I’ve started a curated reading list for InfoSec engineers.

I was inspired by Mark McGranaghan’s Services Engineering reading list. I really enjoy these kinds of personal, highly-curated reading lists, and for some time I’ve wanted to pull together one of my own.

This is my list, not a definitive one — that is, these are resources I’ve found useful. As such it has some biases:

• It’s oriented towards providers of Software-, Platform-, and Infrastructure-as-a-Service.
• It tends to focus on the human factors aspects of security practice (there’s deeply technical stuff too, just not as much).
• There’s some random stuff that’s not explicitly “about InfoSec”, but that I’ve nonetheless found extremely useful in thinking about InfoSec. Dekker’s Field Guide to Understanding ‘Human Error’ is a good example of this kind of resource.

It’s incomplete — first because I’ve not yet sifted through my 10+ years of bookmarks for everything I should add, and second because I intended for this to be a living resource, something I’ll update as I find new things.