The 19 best business books from my 60 book challenge

Published by:

I wrote about the 60 book challenge that I crushed last year and here are the 19 best business books out of the lot. I chose this list by making sure these are books that I would recommend to someone else – like you – and know that they are worth investing in. These books have solid content that is actionable and the writing style is approachable.

  1. The Millionaire Fastlane by MJ DeMarco – 7/10 This book barely makes the cut but it’s definitely worth getting past the rough spots for the gold. DeMarco does an excellent job explaining the concept of decoupling time from income which is critical for any successful business. Also, this book improves dramatically as it goes along, ending with solid business advice and actionable checklists for getting things done.
  2. The Five Dysfunctions of a Team by Patrick Lencioni – 8/10 This is a classic business fable. A new leader is put in charge of a failing company. As she solves the dysfunctions, the business turns around. It’s a quick, powerful read.
  3. Likable Business by Dave Kerpen – 8/10 Modern businesses need to be as genuine and transparent as nonprofits. Kerpen shows you how to create a public persona that resonates.
  4. Fast Focus – A Quick-Start Guide to Mastering Your Attention, Ignoring Distractions, and Getting More Done In Less Time! By Damon Zahariades – 8/10 A quick read that delivers!
  5. The Millionaire Messenger by Brendon Burchard – 8/10 How to be a content expert. This is a dense volume that includes positioning and the entire sales process.
  6. Nail It, Then Scale It: The Entrepreneur’s Guide to Creating and Managing Breakthrough Innovation by Nathan Furr and Paul Alstom – 8/10 Comprehensive guide to developing a product that you know will sell before you build it and then building your business around it.
  7. The 4 Disciplines of Execution By Chris McChesney, Sean Covey, and Jim Huling of Franklin Covey – 8/10 This book gets a bit dry in spots but I’ve read it 3 times so far because it’s amazing. Ideas are easy. Implementation is hard. 4DX teaches how organizations execute successfully. The writing hurts the score but the content is a solid “10”. Read this book!
  8. The Power of Habit by Charles Duhigg – 8/10 This isn’t just good information it’s a pretty fun read. Our habits define us, even if we’re a global corporation. If you want to change the culture, start with its habits!
  9. Mistakes Were Made (but not by me) by Carol Tavris and Elliot Aronson – 9/10 highly recommended! This is a science book about bias and self justification and it’s chamged how I process and respond to information. Get the audiobook narrated by Marsha Mercant and Joe Barrett. They keep the narrative moving even in the dry science parts. I was recommending this book before I finished reading it – you want this book!
  10. Creativity, Inc by Ed Catmull – 9/10 recommended! The story of Pixar. It wasn’t always the animation company that we love today and they weren’t even successful for quite some time. Real lessons from the man who did it.
  11. Good to Great by Jim Collins – 9/10. “Good is the enemy of great.” If you want an above-average company then read this book to understand what it takes.
  12. Oversubscribed by Daniel Priestly – 9/10 Do you want people lining up for your products? Do you want to have a bigger margin on those products?
  13. Outside In by Harley Manning and Kerry Bodine of Forrester Research – 9/10 How to develop excellent customer service in the Enterprise, applicable to small businesses as well. Improving customer service is the cheapest, most impactful investment you can make in your business.
  14. Napoleon Hill’s Keys to Success: The 17 Principles of Personal Achievement – 9/10 An old classic that helps you develop the habits for success.
  15. Make Your Mark: The Creative’s Guide to Building a Business with Impact by 99u/Behance – 9/10 I was surprised at how insightful this book is. Clarity of purpose and excellent communication will make your business operate smoothly and build an audience.
  16. Financial Peace by Dave Ramsey – 9/10 Not really a business book but if your personal finances are goofed up, you’ll carry that into your business or at least be distracted by it. Also, credit use is expensive! Giving up credit cards was one of the best things that I’ve done for myself.
  17. 23 Anti-Procrastination Habits by SJ Scott – 10/10 recommended! I keep re-reading this brilliant book filled with systems for getting things done! I keep telling people to read it, too. Like you – you should read this book!
  18. Never Split the Difference by Chris Voss – 10/10 This is the best book about negotiating and it’s written like an adventure novel because Voss was the chief negotiator for the FBI. Action packed stories punctuate the tips for getting what you want.
  19. The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies by Erik Brynjolfsson and Andrew McAfee – 10/10 This book will make you think. Automation and robotics are here. Automated transportation and drone strikes are just the beginning. 40% of today’s jobs won’t exist in 10 years. This book will explain what’s happening, what to expect, and (most importantly) how to be prepared.

If you want to discuss any of these leave a comment or chase me down on LinkedIn. Also, what are your favorite books?

The 60 Book Challenge

Published by:

The average person reads 5 books per year. The average CEO reads 4-5 books per month. Last year, I set a goal to read 60 books and I beat my goal by a month! This was a lot of fun and got me exploring new ideas. I liked it so much I decided to do it again this year!

As I finished each book, I wrote mini-reviews on Facebook including a scale of 1-10. I’m glad I did as I search through my reviews regularly.

  1. The Art of Work by Jeff Goins – 6/10
  2. God’s Favorite Place on Earth by Frank Viola – 3/10
  3. Answering the Call: The Doctor Who Made Africa His Life: The Remarkable Story of Albert Schweitzer by Ken Gire – 6/10
  4. Profit from the Positive by Margaret H. Greensburg and Senia Maymin, Ph.D. – 3/10  – This lousy book is just an ad for Strengthfinder.
  5. The Five Dysfunctions of a Team by Patrick Lencioni – 8/10
  6. Likable Business by Dave Kerpen – 8/10
  7. Unlocking Potential: 7 Coaching Skills that Transform Individuals, Teams, and Organizations by Michael K. Simpson – 3/10
  8. Before They are Hanged by Joe Abercrombie – 9/10
  9. Ask by Ryan Levesque – 3/10
  10. Strong Father’s, Strong Daughters by Meg Meeker, MD. – 9/10
  11. Fast Focus – A Quick-Start Guide to Mastering Your Attention, Ignoring Distractions, and Getting More Done In Less Time! By Damon Zahariades – 8/10
  12. Maximize Your Potential: Grow Your Expertise, Take Bold Risks, & Build an Incredible Career by 99U – 6/10
  13. John Dies at the End by David Wong – 7/10
  14. Sell or Be Sold by Grant Cardone – 7/10
  15. The Millionaire Messenger by Brendon Burchard – 8/10
  16. The Blade Itself by Joe Abercrombie – 7/10
  17. Mistakes Were Made (but not by me) by Carol Tavris and Elliot Aronson – 9/10
  18. Nail It, Then Scale It: The Entrepreneur’s Guide to Creating and Managing Breakthrough Innovation by Nathan Furr and Paul Alstom – 8/10
  19. 23 Anti-Procrastination Habits by SJ Scott – 10/10
  20. A Whole New Mind by Daniel H. Pink – 3/10
  21. Brave New World by Aldous Huxley – 7/10
  22. Enchantress (The Everman Saga Book 1) by James Maxwell – 8/10
  23. The Hidden Relic (The Everman Saga Book 2) by James Maxwell – 8/10
  24. The Path of the Storm (The Everman Saga Book 3) by James Maxwell – 8/10
  25. The Lore of the Everman (The Everman Saga Book 4) by James Maxwell – 8/10
  26. Be a People Person by John Maxwell – 4/10
  27. Fight by Luke Wordley – 7/10
  28. The Five Love Languages of Children by Gary Chapman and Ross Campbell – 7/10
  29. Winning the Brain Game by Matthew Eric May – 6/10
  30. Never Split the Difference by Chris Voss – 10/10
  31. Creativity, Inc by Ed Catmull – 9/10 recommended!
  32. Snow Crash by Neal Stephenson – 7/10
  33. Tribes by Seth Godin – 7/10
  34. Start with Why by Simon Sinek – 7/10
  35. The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies by Erik Brynjolfsson and Andrew McAfee – 10/10
  36. Contrarian’s Guide to Leadership by Steven B. Sample – 7/10
  37. Good to Great by Jim Collins – 9/10. Recommended.
  38. The New Edge in Knowledge by Carla O’Dell and Cindy Hubert – 6/10
  39. Dinner with a Perfect Stranger by David Gregory – 7/10
  40. Every Man’s Marriage by Stephen Arterburn and Fred Stoeker – 0/10 (terrible!)
  41. The Millionaire Fastlane by MJ DeMarco – 7/10
  42. David and Goliath by Malcom Gladwell – 6/10
  43. Oversubscribed by Daniel Priestly – 9/10
  44. The Best Service is No Service by Bill Price and David Jaffe – 6/10
  45. Die Empty by Todd Henry – 7/10
  46. Slaughterhouse-Five by Kurt Vonnegut – 7/10
  47. Outside In by Harley Manning and Kerry Bodine of Forrester Research – 9/10
  48. Napoleon Hill’s Keys to Success: The 17 Principles of Personal Achievement – 9/10
  49. Make Your Mark: The Creative’s Guide to Building a Business with Impact by 99u/Behance – 9/10
  50. 50 Days of Heaven by Randy Alcorn – 8/10
  51. Waking the Dead by John Eldredge. – 2/10
  52. Jesus>Religion by Jefferson Bethke – 8/10
  53. Courageous novelization by Randy Alcorn based on the movie by the Kendrick Bros – 6/10
  54. Cast of Characters by Max Lucado – 8/10
  55. Mirror Ball by Matt Redman – 7/10
  56. The 4 Conversations – 3/10
  57. Emotional Intelligence 2.0 by Travis Bradberry & Jean Greaves –  7/10
  58. The 4 Disciplines of Execution By Chris McChesney, Sean Covey, and Jim Huling of Franklin Covey – 7/10
  59. The Power of Habit by Charles Duhigg – 8/10
  60. Financial Peace by Dave Ramsey – 9/10

I’ll cover the best titles in more detail later.

I should probably note that my goals run from birthday to birthday, which for me is June 22nd.  Today, I finished book 15 so I’m already ahead of schedule!

Sleep Train Founder Dale Carlsen Interview Notes

Published by:

Last night I finally made it out to The Urban Hive and I’m really glad I did! I had a fantastic time meeting new people, learning about new ideas, and sitting in on a fireside chat with Dale Carlsen, the founder of Sleep Train. Sleep Train grew to 350 stores before he sold to Mattress Firm a couple of years ago. Dale was humble, funny, honest, and gave some great advice.

Here are my notes from the interview which was conducted by Rich Foreman of Apptology:

Surround yourself with great people, take care of them/treat them right, and make them successful.

Everybody needs a great night sleep.

Radio. Morning commute. Let the personalities do whatever they want – they know how to connect to their audience.

Culture is everything. Whatever you want, do it from the start. Don’t let it get diluted.

Take care of your people = Not about pay. Culture – inclusive. Not just the nucleus that’s the inner circle (Kinko’s). Everyone is part of the inner circle.

Train your employees so that they are experts at making customers so happy they tell other people.

What does the region need to be successful? Arts, sports, music…

GSEC Greater Sacramento Economic Counsel

Moneta – vc

Know your scale. Know your competitors.

Don’t hire your competitors people. Bad habits. (No loyalty?)

Hire college students. Not corrupted with other people’s bad habits. Fresh perspective for ideas. More mobile to move into developing regions. (reminds me of Starbucks)

Passion is vital. Can’t lead without passion. Why you’re better comes from you. Must be Authentic.

Makes a difference, not money. Have a philanthropic aspect of your business.

  • People will pay more because they know their money is going to help others.
  • Attracts better employees.
  • Keep sale ads separate from philanthropic effort ads. (Kinda like don’t pimp your customers)

CEO group = Great feedback, more honest, cross pollinate ideas across industries, plus moral support

Note: Comments in ellipses are my own random thoughts.

If you’re in the Sacramento area and a business owner I recommend checking out Urban Hive’s events. Just being there have me an energy boost!

Protect the Site

Published by:

This final look at website security issues from Effortless E-Commerce by Larry Ullman focuses on the common website attacks and what to do about them.

  • Denial of Service (DoS) attack: Brute force where zombie/slave computers from around the world try to access at the same time and overwhelm the server
    • Can’t really be stopped
    • Cost of being successful
    • Close unused ports, use a firewall, monitor network activity
  • SQL injection: Common attack where user inputs SQL script to try to pull data they shouldn’t have or cause damage
  • Remote File Inclusion (RFI) attack: Attempt to get server to include a file from another server. When fopen(), require(), or include() (or similar) are called, code from foreign server is activated and included as if it’s part of the original file.
  • Local File Inclusion (LFI): Similar to RFI but hopes to access a sensitive file on the same server
    • Shared hosting?
  • Make sure exec() and other functions that run commands are disabled
  • Malicious File Execution: File upload that is then activated by the user through the browser
    • Validate the filetype matches what you expect
    • Store outside of the public web directory
    • Change the name of the file – can’t be called if the user doesn’t know the name
  • Cross-Site Request Forgery (CSRF): Execute unauthorized commands from an authorized user.
    • Encourage users – especially admins – to log out
    • Restrict lifetime of authentication cookie
    • Don’t make sensitive info (like user id) public
    • Use POST (still possible but harder to do CSRF)
    • Create a tie between your site and your forms
      • Secret token uniquely generated for each request
  • Relying on a hacker to not know something is not security
  • Can use a CAPTCHA to prevent automated attacks

Protect the User

Published by:

While protecting the server and securing the site are important, you also want to protect your users. Effortless E-Commerce by Larry Ullman offers the following advice:

  • Trust makes the business thrive
  • Cross Site Scripting (XSS) attack: Site A has rogue javascript injected to read info about Site B.
    • strip_tags() – removes HTML, JavaScript, PHP from a string
      • May be modified to allow some tags
  • Educate customers about potential threats, including scams
    • Let customers know what information you will never ask for
    • Inform customers about dangers of sending personal info through email
  • Only grant permissions that are needed and only to those who need them
    • Should restrict who has admin rights, for example
  • Bad auth errors should not reveal which part of the authentication failed.
    • User/Pass combo does not match

Sessions

  • Set cookie to terminate after X time inactive on site
  • Be cautious about what you store locally (cookies)

Protect Information

Published by:

Protecting the information requires coordination of multiple layers of security from physical to policy. Effortless E-Commerce by Larry Ullman highlights several things to consider:

  • Only store the minimum data that you need
    • You don’t have to protect what you don’t have
    • You may need to collect info that you pass on but don’t need to save, like credit card details
  • Validate and sanitize user input
    • Always assume the input is wrong and verify it is correct
    • http://www.php.net/filter – functions for validating data (formerly PECL)
  • Only retrieve data from the server or DB that you actually need
    • No universal selectors like “*”
  • Regular, secured data backups
  • RAID arrays offer additional protection from hardware failure (and are faster than other drives)
  • Ensure software, OS, etc. are up to date.
    • Different versions of software may have different requirements or methods of doing things which may pose additional risks
  • If PHP and DB are on separate servers use SSL to protect data during transmission
  • Be cautious about what data you include in cookies, HTML, or in the URL
    • These are under the user’s control
  • Ensure server isn’t giving away sensitive info
  • No phpinfo() scripts

Secure Transactions

Published by:

The DB Security post mentioned that if PHP and MySQL are running on seperate servers, you should use SSL to transfer data. You also use SSL for any online credit card transactions or to protect sensitive information. In fact, Google now expects basic HTTPS encryption on all websites and penalizes websites that aren’t secured. So the benefits of website encryption are many and Effortless E-Commerce by Larry Ullman gives these tips:

  • SSL certificate must be purchased
  • 128-bit is usually fine
  • 256-bit is used for banking
  • SSL requires a lot of extra processing power
  • Some certs offer warranties
  • Don’t use shared certificates
  • “Green bar” offers visual que of security for users (builds trust)
  • The more you spend on the certificate, the better support you should get

So encryption increases expenses through hardware demands and the cost of the certificate but the trade-off is better security and peace of mind for both you and your viewers.

DB Security

Published by:

Now that PHP security is handled, let’s look at what Effortless E-Commerce by Larry Ullman says about Database security:

  • Delete all DBs whose name begins with “test” – MySQL allows any user to connect to them
  • Create unique, secure users with unique, extremely secure passwords
    • Separate users defined by types of activity
      • Public: SELECT
      • Customer: SELECT, INSERT, UPDATE
      • Admin: SELECT, INSERT, UPDATE, DELETE
    • Avoid giving: PROCESS, FILE, SHUTDOWN, GRANT, RELOAD, DROP, ALTER, CREATE
    • Don’t run MySQL as root – use limited user
    • Limiting permissions improves performance as each query must be check permissions
  • Change passwords regularly
  • Change root password upon installation
  • Limit access by IP address
    • –skip-name-resolve
    • –skip-networking
    • Improves performance
  • If running on a separate server from PHP use SSL to transfer data
  • Put as much functionality in the DB as possible (view tables, stored procedures, triggers, etc.)

PHP Security

Published by:

Looking past the server and hostingEffortless E-Commerce by Larry Ullman continues with the programming language level: PHP.

  • Don’t have phpinfo() publicly available
  • Make security changes global (not through a script)
  • open_basedir = limit directories PHP can open files
    • Don’t allow access to system files, etc
  • Disable register_globals
  • Error level = E_ALL
  • Disable display_errors
    • Use custom error handler to show safe messages to users
    • Detailed reports go to you via logs and/or email
  • If using shared host, change session directory
  • Avoid code that executes code on the server like system() or exec()
  • Validate data when manipulating server files and directories (more on this coming soon!)

Security: Server & Hosting

Published by:

My last post covered PCI Security and ended with some questions about how hosting fits into that. Effortless E-Commerce by Larry Ullman continued with these considerations:

Server Security

  1. Deny
  2. Authorize
  3. Record

Hosting Security

  • Shared hosting is not as good as VPS or Dedicated hosting
  • Admin-level control allows you to tighten and control security
  • Managed Services offer experts in server setup and maintenance
  • Determine how the host qualifies employees and limits access to the servers, both physical and administrative
  • Antivirus, software, and OS all need to be kept up to date
  • Password security
  • Server logs (access records)

This point stood out to me:

  • Determine how the host qualifies employees and limits access to the servers, both physical and administrative

I used to own a web hosting company and I’ve visited several others over the years with varying levels of security. Some were so lax or incompetent that there wasn’t any real security at all. Others had tight policies for visitors and for employees with cameras and server logs recording everything. The problem is that you can’t tell through a website if they are competent or not.

These articles brought some light to data center certifications:

You want to be sure that your data center is audited by a third party who actually visits the site in person to verify everything is on the up and up. If your data is breached at the physical level, your customers won’t care that it was your webhost’s mistake. After all, you chose them.