As part of the litany of professional-related activities taking place outside of work hours, I wanted to share a few of the major texts that are currently on my shelves. While all of these are worthy of retaining, I’ve highlighted a few that I’ve recently found myself referring to especially often. All of these are available from various online stores. If this list isn’t enough to keep you occupied, there’s more to be found at the SIRA reading list.

Security Measurement

  • Security Metrics, Andrew Jaquith
  • IT Security Metrics, Lance Hayden
  • Security Risk Management, Evan Wheeler

General Data Visualization and Visual Analytics

  • Now You See It, Stephen Few
  • Show Me the Numbers, Stephen Few
  • Information Dashboard Design, 2nd Edition, Stephen Few
  • Visualize This, NathanYau
  • Data Points, Nathan Yau
  • The Functional Art, Alberto Cairo
  • The Accidental Analyst, McDaniel & McDaniel

Security Specific Visualizations

  • Security Data Visualization, Greg Conti
  • Applied Security Visualization, Raffael Marty


  • The Manga Guide to Statistics, Shin Takahashi
  • Introduction to Probability and Statistics, Mendenhall, Beaver, Beaver
  • The Art of R Programing, Norman Matloff
  • R Graphics Cookbook, Winston Chang
  • Doing Bayesian Data Analysis, Kruschke

Risk Analysis

  • How to Measure Anything, Douglas Hubbard
  • The Failure of Risk Measurement, Douglas Hubbard
  • Risk Analysis: A Quantitative Gide, David Vose
  • Risk Assessment and Decission Analysis with Bayesian Statistics, Fenton & Neil