• Phil Venables

Non-Technical Books. Recommended List

Updated: Jan 3, 2020

For some reason, first at a TAG_Cyber event and then coincidentally at 2 other events, the question of what books security people should read to develop their executive management and leadership skills has come up. Here is my list.


  1. Soul of a New Machine by Tracy Kidder. Story of the build of a Data General mini computer in the 1980’s. Riveting story of design choices amid intense competition.

  2. High Output Management by Andy Grove. The definitive book on effective management and leadership.

  3. Pentium Chronicles by Robert Colwell. Story of the design of the Pentium. Classic management, consensus building, hard engineering leadership choices.

  4. Only the Paranoid Survive by Andy Grove. Another classic. How to manage and turn crises to opportunity.

  5. Helmsmen and Heroes by William Gosling. How to think about control theory to get the right outcomes.

  6. The Hard Thing About Hard Things by Ben Horowitz. How to think about building anything from a start-up to a new team/project in a larger organization.

  7. The Systems Bible by John Gall. The grand tour of systems thinking, a discipline becoming ever more critical in this complex world.

  8. Against the Gods - The Remarkable Story of Risk by Peter Bernstein. The definitive book on risk and how to manage it.

  9. The Mythical Man Month by Fred Brooks. Decades old but still relevant for all major projects/activities.

My favorite is Soul of a New Machine simply for the line in it where one of the designers quit after months of wrestling on nano-second level problems, he left this on his terminal: "I'm going to a commune in Vermont and will deal with no unit of time shorter than a season.”




278 views0 comments

Recent Posts

See All

Situational Drivers of Cyber-Risk

Many years ago I wrote down a list of the drivers that create information / cyber-risk or that otherwise compel the need to mitigate this risk. They all, perhaps unsurprisingly, remain consistent. I d

2020 Short Review

At the risk of being too understated, 2020 was an interesting year. In this blog I’ve covered many topics across the range of strategy and tactics for running enterprise security and risk programs. Be

Security Ratings: Love, Loathe or Live With Them?

Security ratings services tend to be loved or loathed. Loved if you consume them and it makes your job easier, especially if you have no other method of assessing the security of organizations that yo

Subscribe for updates.

© 2020 Philip Venables.