I’ve started a curated reading list for InfoSec engineers.

I was inspired by Mark McGranaghan’s Services Engineering reading list. I really enjoy these kinds of personal, highly-curated reading lists, and for some time I’ve wanted to pull together one of my own.

This is my list, not a definitive one — that is, these are resources I’ve found useful. As such it has some biases:

  • It’s oriented towards providers of Software-, Platform-, and Infrastructure-as-a-Service.
  • It tends to focus on the human factors aspects of security practice (there’s deeply technical stuff too, just not as much).
  • There’s some random stuff that’s not explicitly “about InfoSec”, but that I’ve nonetheless found extremely useful in thinking about InfoSec. Dekker’s Field Guide to Understanding ‘Human Error’ is a good example of this kind of resource.

It’s incomplete — first because I’ve not yet sifted through my 10+ years of bookmarks for everything I should add, and second because I intended for this to be a living resource, something I’ll update as I find new things.

If you’ve got suggestions — for general topics, or specific reading suggestions — let me know!.