ScaleSec Reading List: There’s nothing like losing yourself in a book
When folks interview here at ScaleSec, we discuss the need for equal parts tech acumen and empathy. It is usually easier to assess someone’s tech capabilities than to extrapolate their EQ (emotional quotient). One way I learn about someone during this process is to ask what they’ve been reading. I find out if they are blog readers, book readers, or maybe exclusively news.
I will often in turn share our booklist. In many instances, our first suggested book, The Phoenix Project, our interviewees have already read. If they haven’t, I highly suggest it as not only is it an easily consumed story, it helps see the challenges of our industry–it reflects a reality we work in every day.
Then I share that we have a “required” reading book in Trusted Advisor. This book provides many open-ended questions for those who are newer to consulting. The key to getting the objectives of a statement of work met is to be able to build a confidence with the client, that we are going to be able to meet both the letter and spirit of the needs of their engagement.
We sometimes make it a game to focus on a chapter in this book that seems especially relevant to a particular workstream: whomever can use a recognized phrase from the designated chapter in a meeting first wins. This approach encourages everyone to deep dive on a chapter, and come to recognize the relevance of the questions. We reference this book often here.
Another book that was added by one of our consultants is the Zero Trust Network. While not all clients will be using this architecture approach, coming at any cloud security problem with the assumption that failures are a given and assume you’ve been breached will set your mind to address security both defensively and offensively. We end up in lively discussions about the merits of a Zero Trust approach to architecture, and all leave smarter for it.
We also rely on a book delivered in a more reference style, Threat Modeling: Designing for Security. This step-by-step guide is great for our folks who may have been previously focused on coding and executing, less on the initial design. It is a great go-to book for refreshing this fundamental skill.
Back on the soft-skills development side, I personally have worked hard to absorb and apply the lessons learned in Radical Candor. The hardest skill as a manager to get comfortable with, in my opinion, is giving hard feedback.
I’ve seen the damage that can happen to the synergy of a team when managers avoid the difficult feedback. But I’ve also seen and experienced first hand that when I have mustered the courage to be radically candid, the results have been positive (eventually) for both of us. This book is a game-changer in this subject area.
“Inventing the Internet” is a fun exploration of the history of our world wide web. It’s crazy to consider how so many happenstance decisions led us to the connectivity we have today. Part sociology examination and part tense “drama” of the competing concerns of government and private sector ambitions, it is a fun read.
Final book highlight you might not expect is a “management” book I have been using for years before I ever cofounded ScaleSec. “How to Talk So Kids Will Listen & Listen So Kids Will Talk” is a book to help sleep-deprived parents learn to communicate with their children. However, the takeaway from this book, I maintain, is critical to any conversation: being and feeling heard. The techniques outlined in this book are timeless, kind, empathetic and easy to apply to every relationship you have in life. My team initially laughed at me when I told them this is my go-to management book, but then some of them snuck off and bought it. When they were done reading it, they were believers.
Thanks for taking the time to read about this “day in the life of” here at ScaleSec. I hope you find time in your life to enjoy books. If you think I am missing a great book from this list, mention @ScaleSec on Twitter with your recommendations.
Marsha Wilson is the CEO, Managing Partner, and Co-Founder of ScaleSec. After serving in the US Army, Marsha led technical consulting for Department of Defense, energy, healthcare, and more recently in DevOps / automation. She has over 15 years tackling business issues — managing risk, increasing revenues, controlling costs — necessary for clients to meet their strategic and financial goals. Marsha enjoys working with business leaders to address security risks, deriving solutions so teams operate at velocity. Marsha earned an MBA from Embry Riddle Aeronautical University, and holds CISSP, PMP, CISA, and OSCP certifications.
ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security and compliance that helps innovators meet the requirements of their most scrutinizing customers. We specialize in cloud security engineering and cloud compliance. Our team of experts guides customers through complex cloud security challenges, from foundations to implementation, audit preparation and beyond. Learn more at https://scalesec.com.