Reading & Book Club
What I'm reading — and the Saturday community that reads one book together every four weeks. Click any book for a summary.
Want to join the next cycle? Message Godfrey directly.
Join via WhatsAppClick any title to read a summary.
What it's about: Crucial Conversations offers a framework for handling high-stakes dialogue — the moments when opinions differ, emotions run high, and the outcome matters. The core argument is that the ability to navigate these moments skillfully is the single greatest predictor of personal and organizational success.
Why I'm reading it: As a technical PM, you're in crucial conversations constantly — scope disagreements, escalations, resource conflicts. This book gives you a shared language and repeatable method for those moments. It pairs directly with the Leadership bootcamp curriculum.
What it's about: A gripping investigative account of Sandworm — Russia's most destructive cyberattack group — and the real-world consequences of state-sponsored cyber warfare. Greenberg traces attacks on Ukraine's power grid, the NotPetya outbreak, and the group's evolution into a global threat actor.
Why I'm reading it: Understanding the operational reality of sophisticated threat actors is essential context for anyone building or managing security programmes. This book makes abstract threat intelligence viscerally concrete.
What it's about: Greene's deep study of human psychology and behavior — drawing on historical figures from across centuries to illuminate the patterns that drive human action: irrationality, status-seeking, emotional reactivity, and the unconscious forces that shape decisions.
Why I'm reading it: Leadership is ultimately the study of people. Understanding what actually drives human behavior — rather than what we tell ourselves drives it — is foundational to becoming an effective leader, negotiator, and communicator.
What it's about: Schneier argues that the Internet of Things has created a world where software vulnerabilities can kill people — cars, medical devices, power grids. The book is both a warning and a policy manifesto, calling for government intervention in security as a matter of public safety.
Why I recommend it: This book shifted how I think about risk management. When systems are physically connected to the world, security stops being an IT problem and becomes a governance problem — and that reframing changes everything about how you prioritize and communicate risk.
What it's about: Ries introduces the Build-Measure-Learn feedback loop as the fundamental unit of progress for any organization operating under conditions of uncertainty. The book makes a rigorous case for validated learning over output-based measurement.
Why I recommend it: The principles transfer directly to security programme management and agile project delivery. Most security programmes fail not because they lack tools, but because they optimize for the wrong metrics. This book teaches you to ask better questions about what success actually means.
What it's about: A comprehensive primer on how the internet works, why it's vulnerable, and what states and organizations are doing about it. Singer and Friedman are gifted at making complex technical and policy terrain accessible without sacrificing accuracy.
Why I recommend it: Essential reading for anyone bridging the technical and policy worlds. If you're explaining cybersecurity to executives or policymakers, this book gives you the vocabulary and framing to do it clearly.
What it's about: Goodman — a former law enforcement cyber expert — catalogues how crime, terrorism, and malicious actors are leveraging exponential technology. The book covers everything from organized cybercrime to the darker possibilities of AI, robotics, and synthetic biology.
Why I recommend it: A genuinely sobering book that expands your threat model well beyond the conventional. The chapters on insider threats and social engineering are particularly valuable for security practitioners who work with human risk factors.
What it's about: A technical and architectural deep-dive into the Zero Trust security model — moving away from perimeter-based security toward identity-based, continuously authenticated access. The book covers the theory, the tooling, and practical implementation patterns.
Why it's queued: Zero Trust is becoming the dominant security architecture paradigm, particularly in cloud environments. This book will directly inform both my AWS architecture work and my GRC advisory practice.
What it's about: Mitnick — the world's most famous hacker turned security consultant — walks through the techniques used by governments, corporations, and criminals to surveil individuals, and what individuals can do to protect their digital privacy.
Why it's queued: Understanding attack techniques from a practitioner perspective sharpens defensive thinking in ways that purely defensive literature doesn't. Mitnick's operational perspective is invaluable for security programme design.