Book highlights: "Hit refresh" by Satya Nadella

Very telegraphically, these are my impressions after reading "Hit Refresh": 

- Impressive human being. He tells you how his personal experiences have shaped him, not only personally but also professionally.

Some of the ideas worth exploring that appear in the book are the following:

- Leadership is definitely an art.
- Empathy and compassion are skills leaders should have.
- We need to work comfortably with change and impermanence.
- "To be a leader here, oyur job is to find rose petals in a field of shit".
- The leader needs to link every employee's passion with the raison d'etre of the company.
- A sustainable ecosystem is required for a company to survive.
- Provide the environment for employees to find their personal balance.
- Other important topics: The link of technology, freedom and customers.
- The responsibility of a technology company with the world and the human beings.
- Most importantly, he also makes mistakes and learn from them.
- He is aware of the need to equally treat women and men in technology companies.

Learning every day

Book highlights: The Mathematics of Love by Hannah Fry

This brief book by Hannah Fry is inspired by her TED talk with the same title: The mathematics of love.

The main (very personal and non-comprehensive and biased) highlights I would like to share are:
- When finding a partner: Give people a chance. Reduce your requirement list to the minimum.
- Beauty is subjective and context-dependent. For singles, if you are invited to a party, get accompanied by a friend who is slightly less attractive (in general) than you.
- It's better to start a conversation with someone you feel attracted to rather than waiting for that someone to come to you. Maths say so.
- Online dating has potential (if people show themselves as they really are).
- Applying basic game theory, being disloyal is not economically benefitial.
- Complex network analysis help to study disease propagations.
- By showing rejection and disdain with your partner, the probability to split increases dramatically.

This time, nothing to do with Infosec. Or maybe yes?

food for thought?

Book tip: "Time management for system admins" by Thomas A. Limoncelli

Just some practical sentences about this book from 2005 by Thomas A. Limoncelli.

If you are working in Information Security or in Information Technology in general, and you need to improve managing your time and prioirities, this book deals with this eternal topic from a light (and IT based) viewpoint.

I do not favour a lot the omnipresent self-help books. However, this book could help if the reader needs to improve on this field or is under a lot of stress.

In a nuthsell, I would like to high light three points on time management:

- It needs to follow a focused and committed methodology.
- It helps organising any aspect of life.
- IT people has the advantage of being able to devise and use automation.

Happy reading!


Book review: "Own Your Future : How to Think Like an Entrepreneur and Thrive in an Unpredictable Economy" by Paul B. Brown et al. The ALBR process

I came accross this book by Paul B. Brown, Charles F. Kiefer and Leonard A. Schlesinger almost by chance. The title was enticing so I decided to give it a go. You can read it really fast and the structure is very approachable. Having an Information Security mindset, you can apply generic recommendations to our professional field and even try out some entrepreneurial experiments that could lead you to a professional change.

If you are going through a period of time after which you really need a positive? work-related change, reading this book could help you. As always, a little disclaimer: This post does not replace at any time the careful reading of the book and all points expressed here are extracted from the book but by no means complete, comprehensive or unbiased.

If I would have to summarise the book in only one sentence, I would say ALBR. The acronym of Act, Learn, Build and Repeat. This is what authors recommend to put in practice your own ideas. Note that they start with the word Action. The beauty of this book comes now: You select the scope and the context in which you will apply your own ideas: in your startup, with your current employer, at home, during your leisure time... actually these learning points can be applied everywhere and anytime.

I also like a lot the fact that this book, published in 2014 also proposes something that I was already suggesting in my first Information Security book: IT Securiteers - Information Security Management: Take baby steps, small steps so that you can always be in control and, if needed, revert back. Baby steps are an important risk-management measure.

The book is full of US-based examples. At the end of every chapter you have a nice little box with the key learning points (just as the IT Securiteers book, where you can also find a summary of the applicable MBA models at the end of every chapter).

The first section of the book describes how our professional world has changed compared to the one previous generations had and how this fact requires new skills (and new approaches) in all of us. Worth highlighting regarding risk management, the book confirms how the best entrepreneurs are quite risk averse.

The second section actually proposes the Act/Learn/Build/Repeat process to manage risk when starting off a new endevour. This process, plus the use of small baby steps, make you ready to fail safe, since there will never be something really major, or not manageable, at stake.

The third section is very realistic. It first confirms that not all our likes and passions will be payed by the market i.e. we can only follow our passion if we can (economically and realistically) afford it. Let's remember we need to live in this world. This is a convenient time to mention the model I wrote about in the IT Securiteers book on the intersection of your skills, your passions and the market to make a living.

The fourth section provides an interesting spin to starting something new: They propose to do it outside your everyday job. Certainly the possibility to start something new within your current job, providing even more value to your employers, should not be discarded. Actually, for those ranking high in risk-aversion, it is even recommendable. 

This section continues with the small steps approach and how your long term goals can only be achieved focusing on small deltas every day. This also applies to Information Security programmes and projects.

I like this sentence from the book: "Remember, your next job is probably not your last one".

Lastly, the authors remind you that you are the ultimate control point of both your job (and eventually, your life).

Happy future reading!


Away from monotony!

Book review: "Diary of a hedge fund manager" by Keith McCullough

Keith McCullough and Richard Blake wrote this book in 2011: "Diary of a Hedge Fund Manager: From the Top, to the Bottom, and Back Again". Keith McCullough was also the author of the mcmmacro blog (already discontinued in 2008). This book has nothing to do with Information Security. At least it does not have a explicit link. Why do I post this review then? Let's summarise it in telegraphic bullet points:

- Being a hedge fund manager is tough. The author mentions how starting work at 4 am was nothing extraordinary. Time required on a daily basis to follow companies and feel markets' sentiment is huge. Information security displays the same trait.

- The book uses the professional sports world (more specifically, hockey) as an analogy. In both fields, required efforts and focus and existing competition are comparable. Also applicable to Infosec? I think so.

- The mantra in hedge funding: Liquidity, transparency (well, actually the authors claim that during the first decade of this Century it was insufficient) and returns (on each and every single quarter!).

- This book also suggests a higher degree of self-involvement in personal financial investment strategies. I would also suggest the same for personal Information Security strategies.

- Short-term performance, during those early years of hedge funding, was given more priority than to adherence to principles. How is the Information Security field in this respect?

Please share your comment

Happy reading!

Expertise comes with time