Shostack + Friends Blog


Worthwhile Books Q2 2020

These are the books that I read in Q2 2020 that I think are worth your time. stack of 5 old books next to an open journal with pen

These are the books that I read in Q2 2020 that I think are worth your time. Sorry it's late. They're still worthwhile. :)


  • You'll See This Message When It Is Too Late, by Josephine Wolff. This is an interesting examination of the effects of finger-pointing and blame avoidance on the cybersecurity landscape, with chapter titles like "How the TJX breach set the sate for a decade of payment card conflict" and "what they aren't telling you is their rules are archaic." The most interesting contribution is a deep examination of who might be in the best position to deal with problems, which may be the victims of a crime, or it may be that the victims were forced to follow archiac, ineffective, or blame shifting rules. She points out the role that governments, ISPs, software vendors and others might play.
  • Permanent Record, by Edward Snowden is an interesting autobiography. Today, it's popular to form opinions of people by reading tweets or screeds for or against them. I found Snowden's thinking about what he did and why to be interesting and well reasoned.
  • Securing DevOps by Julien Vehent. Very solid advice without a lot of fluff. Sometimes wished for just a bit more on they 'why.'


  • Zucked, Roger McNamee. Interesting views of how Facebook is causing harm, and how Mark Zuckerberg is unwilling to listen. Most interesting is that it comes from an early investor.
  • Because Internet by Gretchen McCulloch. Fascinating and fun guide to how language is evolving on the internet, how our use of language is driven by when we started using the internet, and how emojis are like gestures that the fluent use to add depth to their words delivered through internet. 🤷‍♂️
  • Meeples Together by Christopher Allen & Shannon Appelcline is a study of "How and why cooperative board games work." If you care about designing for instructional goals, cooperation mechanisms are an incredibly attractive toolbox. Getting your students to work together to solve problems has incredible potential.
  • What If: serious scientific answers to absurd questions, by Randall Munroe of xkcd fame.
  • Leading Change by John Kotter. Let me be frank: I hate most business books. They are full of platitudes, puffery and other crap. This is not that. Many of my customers are going through change to deliver more secure software, and I had stumbled across some of the techniques here, reinvented others, and missed more. My practice is more helpful since I learned about the 8 steps for leading change.
  • Where Good Ideas Come From by Steven Johnson. I've been a fan of his work since The Ghost Map gave us the key that unlocked the final form of The New School. This is a study of how ideas come about, examining the myth of the lone inventor, and showing how networks and interaction help ideas mature and find a niche.
  • I Am C-3PO: The Inside Story by Anthony Daniels, the only person to appear in all 9 Star Wars episodes. A delightful memoir.


  • Fall; Or, Dodge in Hell by Neal Stephenson. This is what you get for complaining, incorrectly, that he can't write endings. An 892 page extended ending to Reamde, in which (SPOLIER) the protagonist, Dodge, dies at the very beginning. Way less depressing than Seveneves, even though most of the characters in this one also die. (That joke will be much funnier after you learn, early on, that uploading consciousness to supercomputers is a core plot device of "Fall.")

Photo by Debby Hudson.