• Phil Venables

Non-Technical Books. Recommended List

Updated: Jan 3, 2020

For some reason, first at a TAG_Cyber event and then coincidentally at 2 other events, the question of what books security people should read to develop their executive management and leadership skills has come up. Here is my list.


  1. Soul of a New Machine by Tracy Kidder. Story of the build of a Data General mini computer in the 1980’s. Riveting story of design choices amid intense competition.

  2. High Output Management by Andy Grove. The definitive book on effective management and leadership.

  3. Pentium Chronicles by Robert Colwell. Story of the design of the Pentium. Classic management, consensus building, hard engineering leadership choices.

  4. Only the Paranoid Survive by Andy Grove. Another classic. How to manage and turn crises to opportunity.

  5. Helmsmen and Heroes by William Gosling. How to think about control theory to get the right outcomes.

  6. The Hard Thing About Hard Things by Ben Horowitz. How to think about building anything from a start-up to a new team/project in a larger organization.

  7. The Systems Bible by John Gall. The grand tour of systems thinking, a discipline becoming ever more critical in this complex world.

  8. Against the Gods - The Remarkable Story of Risk by Peter Bernstein. The definitive book on risk and how to manage it.

  9. The Mythical Man Month by Fred Brooks. Decades old but still relevant for all major projects/activities.

My favorite is Soul of a New Machine simply for the line in it where one of the designers quit after months of wrestling on nano-second level problems, he left this on his terminal: "I'm going to a commune in Vermont and will deal with no unit of time shorter than a season.”




436 views0 comments

Recent Posts

See All

I typically don’t do book reviews, but this book was impressive and it resonated with many information security and risk management topics. To take a step back, I’ve developed a distaste for business

How much of your work that you would like to describe as a “grand” challenge is really more of a “grind”? As an industry we like to talk of grand challenges, moonshots and other grandiose terms. At on

Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and pernicious dependencies are at the heart of most security risks. Th