I’ve started a curated reading list for InfoSec engineers.
I was inspired by Mark McGranaghan’s Services Engineering reading list. I really enjoy these kinds of personal, highly-curated reading lists, and for some time I’ve wanted to pull together one of my own.
This is my list, not a definitive one — that is, these are resources I’ve found useful. As such it has some biases:
- It’s oriented towards providers of Software-, Platform-, and Infrastructure-as-a-Service.
- It tends to focus on the human factors aspects of security practice (there’s deeply technical stuff too, just not as much).
- There’s some random stuff that’s not explicitly “about InfoSec”, but that I’ve nonetheless found extremely useful in thinking about InfoSec. Dekker’s Field Guide to Understanding ‘Human Error’ is a good example of this kind of resource.
It’s incomplete — first because I’ve not yet sifted through my 10+ years of bookmarks for everything I should add, and second because I intended for this to be a living resource, something I’ll update as I find new things.
If you’ve got suggestions — for general topics, or specific reading suggestions — let me know!.