• Phil Venables

Non-Technical Books. Recommended List

Updated: Jan 3, 2020

For some reason, first at a TAG_Cyber event and then coincidentally at 2 other events, the question of what books security people should read to develop their executive management and leadership skills has come up. Here is my list.


  1. Soul of a New Machine by Tracy Kidder. Story of the build of a Data General mini computer in the 1980’s. Riveting story of design choices amid intense competition.

  2. High Output Management by Andy Grove. The definitive book on effective management and leadership.

  3. Pentium Chronicles by Robert Colwell. Story of the design of the Pentium. Classic management, consensus building, hard engineering leadership choices.

  4. Only the Paranoid Survive by Andy Grove. Another classic. How to manage and turn crises to opportunity.

  5. Helmsmen and Heroes by William Gosling. How to think about control theory to get the right outcomes.

  6. The Hard Thing About Hard Things by Ben Horowitz. How to think about building anything from a start-up to a new team/project in a larger organization.

  7. The Systems Bible by John Gall. The grand tour of systems thinking, a discipline becoming ever more critical in this complex world.

  8. Against the Gods - The Remarkable Story of Risk by Peter Bernstein. The definitive book on risk and how to manage it.

  9. The Mythical Man Month by Fred Brooks. Decades old but still relevant for all major projects/activities.

My favorite is Soul of a New Machine simply for the line in it where one of the designers quit after months of wrestling on nano-second level problems, he left this on his terminal: "I'm going to a commune in Vermont and will deal with no unit of time shorter than a season.”




319 views0 comments

Recent Posts

See All

If Accounting were like Cybersecurity

It has always struck me how well the field of finance and more specifically accounting has done to standardize on its terms. This standardization is such that there is a general appreciation that when

Risk Management is not only about Reducing Risk - Updated

This is an update from a post of a couple of years ago prompted by some recent observations from a few different organizations. It seems there are still a large number of risk and security programs wh

Risk = Hazard + Outrage

There are four major insights that, above all others, have influenced my approach to security and risk management over the past decades. Two were, I think, my own. Although, to be fair these were deve