Skip to main content

Book Club

First rule of Book Club is tell everyone about Book Club!

InfraSec Reserve runs "book club" for the practice. We watch talks, read articles, or read books on topics that relate to the InfraSec practice.

Discussion sections are scheduled every other week on Thursday afternoons. We record the Zoom discussion sections so that folks don't have to take notes. The event is on the Truss Events calendar and are open to all Trussels.

If you have any questions, please ask in the #infrasec Slack channel.

Planned "reading" for 2021

For 2021 we will be reading The DevOps Handbook by Gene Kim, Patrick Debois, John Willis, Jez Humble.

A TL;DR will be posted here before we discuss every other Thursday. Events are on the Truss calendar and are open to all Trussels.

Talks we have discussed in 2020

Suggested Reading/Possible book club candidates

Feel free to add to the list. Please mark that you added it so if we have questions we know who to ask.


  • “Incidents as We Imagine Them Versus How They Actually Are”, John Allspaw Probably the best introduction to incident analysis in a half hour I’ve ever seen, touching on why metrics-focused, surface-level approaches are doomed to failure. (Chas)
  • “Why Are Distributed Systems So Hard?”, Denise Yu This is a great talk on some of the fundamental questions about the difficulties in distributed systems in general (with some amazing hand-drawn art by the speaker). (Chas)
  • “Linux Systems Performance”, Brendan Gregg Brendan is probably the foremost expert on Linux performance tuning, and this is the latest iteration on his talk about what tools to use to find performance bottlenecks. This is much lower level than most of the work we do at Truss, but it’s a great talk for learning about how the OS is working under the hood. (Chas)
  • “Engineering Resilience Into Modern IT Operations”, J Paul Reed (Ignore the fact that the title for this video is something else, the reason will become clear when you watch) This is a great talk about how systems and people behave in ways to create resilience, and how simply engineering redundancies and adding automation is insufficient. (Chas)
  • “A Young Lady’s Illustrated Primer to Technical Decision Making”, Charity Majors This is a talk about how to figure out how to make technology tradeoffs when developing new systems -- how to make sure you are putting your effort in the right places in an increasingly complex software ecosystem. (Chas)
  • “Resilience In Complex Adaptive Systems”, Richard Cook, MD A great introduction to Safety Engineering. This talk has one of my favorite quotes about systems: “The thing that amazes you is not that your system goes down sometimes, it's that it’s up at all." (Jeremy)
  • “One Year after the Launch of the U.S. Digital Service: What’s Changed?”, Mikey Dickerson This was a LISA 2015 keynote about the rescue and the establishment of the USDS afterward, which was basically my first real introduction to civic tech. Mikey talks about a lot of the problems working within government and how they were able to get around them. As a bonus, you may see some familiar faces here… (Chas)


  • “The Infinite Hows”, John Allspaw A more in-depth exploration of how incident analysis should be done at a deeper level, and why the “five whys” method is not expansive enough to really give us the answers we need when it comes to incident analysis. (Chas)
  • “How Complex Systems Fail”, Richard Cook, MD A listicle going through the various reasons complex systems break. The surprise here (and SPOILER): this was written by a medical doctor, not an engineer, and it’s completely applicable to our work. (Jeremy)
  • “Automation Should Be Like Iron Man, Not Ultron”, Tom Limoncelli This article explains the issues with overengineering automation, how adding too much autonomy can obscure failures and actually make systems more fragile, rather than improving their stability. (Chas)
  • “Contempt Culture”, Aurynn Shaw How the practice of being critical about other folks technology choices leads to exclusion and a toxic culture. (Jeremy)

“DevSecOps” materials

These are good to read for folks working with a client that is learning how to build an effective "DevSecOps" practice in government orgs.


  • The DevOps Handbook by Gene Kim, Patrick Debois, John Willis, Jez Humble. So far has some nice nuggets of information and a better written version of what I try to convey to juniors about InfraSec Philosophy roots. (sEady)
  • The Phoenix Project by Gene Kim. An easy reading story that introduces examples of how our practice can be applied. (Eady)
  • Accelerate by Nicole Forsgren PhD, Jez Humble, Gene Kim. This is how to describe and pitch a "DevOps" workflow to execs that don't really get it. (Eady)
  • Google SRE Book A rather good reference book for several different practices that you can implement. (Eady)