My Criteria for Good Technical Books

I was recently asked if I would review an upcoming book. In my reply, I listed four criteria I use when making my review evaluations.

1. Accuracy. If a book contains several large or numerous small technical errors, I will lower my rating. I may stop reading entirely if I lose confidence in the author's capacity to deliver reliable information. This is a problem if I am reading a book outside my core expertise.


2. Originality. I really dislike reading books that cover material already published elsewhere. I do not mind some repetition if the result makes sense, but in most cases authors should just start covering new material. For example, I would prefer a new book on network attack and defense to avoid explaining TCP/IP. Authors: if a book explaining your introductory material already exists, cite that title and present your new material in your book. Brian Carrier's book is a great example of how to make me happy. He doesn't bother explaining security; he sets up the reader with citations and then starts explaining file systems. Awesome.


3. Candor. I cannot stand books that claim to cover one topic and then completely fail to do so. I must name names here to make my point: Scene of the Cybercrime: Computer Forensics Handbook spends over 540 pages on generic security issues before finishing with two chapters on what can only loosely be called forensics. Check the Table of Contents to see what I mean. That book pales in comparison with Incident Response, 2nd Ed.


4. Lack of implementation details. I like to hear good security theory and techniques. However, if the author doesn't tell me how to implement this advice, I question why he or she bothered to mention it. I do not demand examples of every scenario. For example, I become suspicious when I read a chapter titled "securing servers," but never see a single invocation of command line syntax. Some reviewers of my latest book want me to address networking configuration outside of Cisco-land. I don't have the time, expertise, or equipment to cover Juniper, Foundry, and so on, but my Cisco examples should make the point clear.
   

What makes you like a technical book? My favorite ten books of the past ten years are listed at Bookpool, and those ten meet my criteria.