Thursday, July 07, 2005

My Criteria for Good Technical Books

I was recently asked if I would review an upcoming book. In my reply, I listed four criteria I use when making my review evaluations.

  1. Accuracy. If a book contains several large or numerous small technical errors, I will lower my rating. I may stop reading entirely if I lose confidence in the author's capacity to deliver reliable information. This is a problem if I am reading a book outside my core expertise.

  2. Originality. I really dislike reading books that cover material already published elsewhere. I do not mind some repetition if the result makes sense, but in most cases authors should just start covering new material. For example, I would prefer a new book on network attack and defense to avoid explaining TCP/IP. Authors: if a book explaining your introductory material already exists, cite that title and present your new material in your book. Brian Carrier's book is a great example of how to make me happy. He doesn't bother explaining security; he sets up the reader with citations and then starts explaining file systems. Awesome.

  3. Candor. I cannot stand books that claim to cover one topic and then completely fail to do so. I must name names here to make my point: Scene of the Cybercrime: Computer Forensics Handbook spends over 540 pages on generic security issues before finishing with two chapters on what can only loosely be called forensics. Check the Table of Contents to see what I mean. That book pales in comparison with Incident Response, 2nd Ed.

  4. Lack of implementation details. I like to hear good security theory and techniques. However, if the author doesn't tell me how to implement this advice, I question why he or she bothered to mention it. I do not demand examples of every scenario. For example, I become suspicious when I read a chapter titled "securing servers," but never see a single invocation of command line syntax. Some reviewers of my latest book want me to address networking configuration outside of Cisco-land. I don't have the time, expertise, or equipment to cover Juniper, Foundry, and so on, but my Cisco examples should make the point clear.

What makes you like a technical book? My favorite ten books of the past ten years are listed at Bookpool, and those ten meet my criteria.


Chris Buechler said...

Right on! Those are four of my biggest, and I'd also add:

Zealot authors - Nothing irks me like a zealot of any type. The kind of person that doesn't see anything lacking about the specific technology at hand (if it's specific to some commercial or open source product), and thinks it's the only solution for the problem it intends to address. The type of book that reads more like marketing material than good technical information far too frequently.

Of course we all have our biases, especially when putting in as much time on a specific technology as is required for a book, but many authors would be well served by consciously avoiding this. Broadening their horizons through experience with competing products, keeping an open mind and clearly seeing the advantages of the competition, and understanding there is never a single product that is best fit for every circumstance would give many authors a better perspective.

Grammatical errors - They really bug me. I'm the type of person that spots and is bothered by most every grammatical error in a publication, to the point that I get caught up on them. Not a quality most of us in this industry have though, so I wouldn't say it's a big deal overall.

Originality is the number one thing I really like about Tao of NSM. A bit of the introductory material is repetitive in topic from many other security books, but I didn’t skip it like I usually do because it brought a fresh viewpoint, and explained things differently from any other security book I've read. Richard brought a great perspective to these things, which definitely made them worthwhile. Even if you're familiar with these topics, it's nice to read another perspective. After that point, I didn't have to deal with yet another thorough explanation of TCP/IP basics, the OSI model, etc. etc. The Tao of NSM is up there as one of the most original books I’ve ever read. Not material you'll find in any one of a few dozen other security books, and not material you can find yourself on Google. Truly a valuable book, nice work Richard. It also seemed to have far fewer grammatical errors than most technical books. :)

Anonymous said...

Shizzle, Richard,

I don't see my book anywhere on your list! ;-(

Is it because I do Windows? ;-)

H. Carvey
"Windows Forensics and Incident Recovery"

Saar Drimer said...

My quick and dirty way of evaluating a technical book is by looking at the index. It tells a lot (as you mention) about the content but also about usability; this comes in handy especially when evaluating reference books.

My golden book: "The Art of Electronics" by Horowitz and Hill.

(I've written more about this method on my weblog: )