Solid list. A few more:

- Threat modeling: “Security Engineering” by Ross Anderson and the EFF threat modeling guides

• Operational mindset: Schneier’s essays on real world security tradeoffs

• Failure analysis: postmortems and writeups of what didn’t work (often more valuable than success stories)

• System thinking: Zero Trust Networks from O'Reilly, even if you are not building networks it's a good overview on how to think beyond the perimeter based security model.