The full reading list with notes is in samhita at /notes/read. This post is smaller: the books that actually changed how I approach something, where I can point to a specific shift in thinking or practice.
Four categories: security/technical, science and technology, fitness and philosophy/worldview.
Security and technical
Practical Malware Analysis, Sikorski and Honig
The textbook for malware analysis. The value is not the prose, it is the labs. Real malware samples with analysis methodology for each: static analysis, dynamic analysis, anti-analysis technique identification, unpacking, protocol reconstruction. Each chapter has labs in IDA Pro and OllyDbg against real samples.
The IDA Pro exercises are where understanding gets built. Sit with the PE format sections and work through the labs and you will understand what a PE header actually contains and why it matters. You can't get that from reading about it. You have to trace through it manually.
I worked through this during the Qualys malware lab period. The labs are what made it useful.
The Art of Memory Forensics, Ligh, Case, Levy, Walters
Companion to PMA, focused on what malware leaves in RAM. The Volatility framework is central, covering Windows, Linux and Mac memory forensics with the same lab-driven approach. Disk artifacts and memory artifacts are different problems. Malware that wipes disk traces may still be present in memory. Malware that injects into legitimate processes is visible in memory in ways that disk analysis won't surface. This book builds the methodology for looking in the right place.
Countdown to Zero Day, Kim Zetter
The definitive account of Stuxnet: how it was built, deployed and discovered. Covers the full arc from the technical sophistication of the weapon to the operational security around deployment to the analysis work that unraveled it.
The discovery narrative is the most useful part. Stuxnet was not found by a signature match. It was anomaly-driven analysis where something looked wrong in a way that took months to fully understand. The book makes clear how much can be hiding in a system that appears operational.
Code: The Hidden Language of Computer Hardware and Software, Charles Petzold
The book for understanding what happens below any programming language. Builds from first principles: binary representation, logic gates, adders, memory, processors, operating systems. Each step follows from the previous one.
If you work with software and want to understand what a compiler does to source code, what a CPU instruction actually causes, or why certain operations are faster at a hardware level, this is where to start. Detection work at the protocol and packet level benefits from understanding the lower layers.
Science and technology
Astrophysics for People in a Hurry, Neil deGrasse Tyson
The entry point for astronomy, which led to observing practice, a telescope, a ham radio license and eventually sdrmon. A short book, not deep, but it does what it needs to: builds enough interest and vocabulary to start learning seriously. The gateway book.
Fitness
Starting Strength, Mark Rippetoe
The approach to barbell training that works. The core argument: squat, deadlift, press and bench press with progressive load increase are the most effective way to build strength, learnable by anyone. The technique chapters are prescriptive, which serves a purpose — the lifts have to be done correctly for the loading to produce adaptation without injury.
Not the most interesting book on this list. The most practically useful. The program works. The technique cues work. Start here.
Can't Hurt Me, David Goggins
The Goggins framework, stripped of the extreme cases: deliberate exposure to difficult things builds the capacity to handle difficult things. The 40% rule says when your mind says you are done, you are at roughly 40% of actual capacity. The gap between that signal and actual failure is where mental conditioning happens.
The examples are extreme to the point of absurdity. The principle behind them is not. Callousing the mind is a real thing. The book describes the process more clearly than anything else I have read on it.
Philosophy and worldview
21 Lessons: What I've Learned from Falling Down the Bitcoin Rabbit Hole, Gigi
The best book on Bitcoin's philosophy, not its technology. The 21 lessons cover technology, economics and philosophy. The strongest sections are the philosophical ones: the nature of trust, proof of work as a commitment mechanism, what it means for a system to be trustless — not trusting no one, but not requiring trust to function.
If you want to understand why Bitcoin is different from other monetary systems, not just how it works technically, start here. First-principles thinking, no assumed familiarity with economics or philosophy.
The full reading list with notes is in samhita at /notes/read. The books above are the ones I would return to or recommend without qualification. The full list includes books that were informative but not transformative, books that were wrong in useful ways and books I abandoned.
The test: can I point to a specific decision or approach I handle differently because of having read it? For the books above, yes.