The CISO Journey


Book Description

The book takes readers though a series of security and risk discussions based on real-life experiences. While the experience story may not be technical, it will relate specifically to a value or skill critical to being a successful CISO. The core content is organized into ten major chapters, each relating to a "Rule of Information Security" developed through a career of real life experiences. The elements are selected to accelerate the development of CISO skills critical to success. Each segments clearly calls out lessons learned and skills to be developed. The last segment of the book addresses presenting security to senior execs and board members, and provides sample content and materials.




Secure Cloud Transformation


Book Description

All organizations are embarking on a journey to the cloud. Their users are online and taking advantage of productivity tools like SalesForce. Enterprises are in the midst of transitioning to Office 365. This book maps the journey of 16 leading enterprises around the world including Fannie Mae, Siemens, Google, Microsoft, and Amazon itself.




The Ciso Journey


Book Description

The book takes readers though a series of security and risk discussions based on real-life experiences. While the experience story may not be technical, it will relate specifically to a value or skill critical to being a successful CISO. The core content is organized into ten major chapters, each relating to a Rule of Information Security developed through a career of real life experiences. The elements are selected to accelerate the development of CISO skills critical to success. Each segments clearly calls out lessons learned and skills to be developed. The last segment of the book addresses presenting security to senior execs and board members, and provides sample content and materials.




The CISO Evolution


Book Description

Learn to effectively deliver business aligned cybersecurity outcomes In The CISO Evolution: Business Knowledge for Cybersecurity Executives, information security experts Matthew K. Sharp and Kyriakos “Rock” Lambros deliver an insightful and practical resource to help cybersecurity professionals develop the skills they need to effectively communicate with senior management and boards. They assert business aligned cybersecurity is crucial and demonstrate how business acumen is being put into action to deliver meaningful business outcomes. The authors use illustrative stories to show professionals how to establish an executive presence and avoid the most common pitfalls experienced by technology experts when speaking and presenting to executives. The book will show you how to: Inspire trust in senior business leaders by properly aligning and setting expectations around risk appetite and capital allocation Properly characterize the indispensable role of cybersecurity in your company’s overall strategic plan Acquire the necessary funding and resources for your company’s cybersecurity program and avoid the stress and anxiety that comes with underfunding Perfect for security and risk professionals, IT auditors, and risk managers looking for effective strategies to communicate cybersecurity concepts and ideas to business professionals without a background in technology. The CISO Evolution is also a must-read resource for business executives, managers, and leaders hoping to improve the quality of dialogue with their cybersecurity leaders.




Why CISOs Fail


Book Description

This book serves as an introduction into the world of security and provides insight into why and how current security management practices fail, resulting in overall dissatisfaction by practitioners and lack of success in the corporate environment. The author examines the reasons and suggests how to fix them. The resulting improvement is highly beneficial to any corporation that chooses to pursue this approach or strategy and from a bottom-line and business operations perspective, not just in technical operations. This book transforms the understanding of the role of the CISO, the selection process for a CISO, and the financial impact that security plays in any organization.




Cybersecurity Leadership


Book Description

This book enables newcomers, business professionals as well as seasoned cybersecurity practitioners and marketers to understand and to explain the discipline to anyone. This book is not about technology and no technical knowledge or prior background is required to understand this book. The book is also highly recommended as a general management and leadership book. Cybersecurity involves people, policy, and technology. Yet most books and academic programs cover only technology. Hence the implementation of cybersecurity as a people powered perpetual innovation and productivity engine is not done. People think they can buy cybersecurity as a product when in fact the discipline is the modern practice of digital business strategy. People also equate cybersecurity with information security or security alone. However, security is a state, while cybersecurity is a process. Too many people equate cybersecurity with computer science even though cybersecurity is a business discipline. Written by Dr. Mansur Hasib a globally acclaimed scholar, practitioner, and author with a Doctor of Science in cybersecurity and over ten years experience designing and running award-winning cybersecurity education programs on a global scale. The author also served as Chief Information Officer and implemented profitable digital transformations and cybersecurity strategy in healthcare, biotechnology, education, and energy for more than 30 years. This book is widely acclaimed by practitioners and scholars alike as the definitive book on cybersecurity leadership and governance. Dr. Hasib is a sought after speaker and has won multiple global awards such as: 2020 Cybersecurity Champion of the Year; 2020 People's Choice Award in Cybersecurity; 2019 Best Cybersecurity Higher Education Program in the USA; 2019 Outstanding Global Cybersecurity Leadership; 2018 Best Cybersecurity Higher Education Program in the USA; 2018 Hall of Fame; 2017 People's Choice Award in Cybersecurity; 2017 Information Governance Expert of the Year; 2017 (ISC)2 Americas ISLA Award. Dr. Hasib enjoys table tennis, comedy, and travel and has been to all 50 states of the USA. Twitter @mhasib Subscribe free to YouTube Channel with 200+ videos: https://www.youtube.com/@DrMansurHasib Contact for speaking invites and author-signed books: https://www.cybersecurityleadership.com




CISO Desk Reference Guide


Book Description

An easy to use guide written by experienced practitioners for recently-hired or promoted Chief Information Security Offices (CISOs), individuals aspiring to become a CISO, as well as business and technical professionals interested in the topic of cybersecurity, including Chief Technology Officers (CTOs), Chief Information Officers (CIOs), Boards of Directors, Chief Privacy Officers, and other executives responsible for information protection.As a desk reference guide written specifically for CISOs, we hope this book becomes a trusted resource for you, your teams, and your colleagues in the C-suite. The different perspectives can be used as standalone refreshers and the five immediate next steps for each chapter give the reader a robust set of 45 actions based on roughly 100 years of relevant experience that will help you strengthen your cybersecurity programs.




The Security Hippie


Book Description

The Security Hippie is Barak Engel’s second book. As the originator of the “Virtual CISO” (fractional security chief) concept, he has served as security leader in dozens of notable organizations, such as Mulesoft, Stubhub, Amplitude Analytics, and many others. The Security Hippie follows his previous book, Why CISOs Fail, which became a sleeper hit, earning a spot in the Cybercannon project as a leading text on the topic of information security management. In this new book, Barak looks at security purely through the lens of story-telling, sharing many and varied experiences from his long and accomplished career as organizational and thought leader, and visionary in the information security field. Instead of instructing, this book teaches by example, sharing many real situations in the field and actual events from real companies, as well as Barak’s related takes and thought processes. An out-of-the-mainstream, counterculture thinker – Hippie – in the world of information security, Barak’s rich background and unusual approach to the field come forth in this book in vivid color and detail, allowing the reader to sit back and enjoy these experiences, and perhaps gain insights when faced with similar issues themselves or within their organizations. The author works hard to avoid technical terms as much as possible, and instead focus on the human and behavioral side of security, finding the humor inherent in every anecdote and using it to demystify the field and connect with the reader. Importantly, these are not the stories that made the news; yet they are the ones that happen all the time. If you’ve ever wondered about the field of information security, but have been intimidated by it, or simply wished for more shared experiences, then The Security Hippie is the perfect way to open that window by accompanying Barak on some of his many travels into the land of security.




The CISO Playbook


Book Description

A CISO is the ultimate guardian of an organization's digital assets. As a cybersecurity leader ,a CISO must possess a unique balance of executive leadership, technical knowledge, strategic vision, and effective communication skills. The ever-evolving cyberthreat landscape demands a resilient, proactive approach coupled with a keen ability to anticipate attack angles and implement protective security mechanisms. Simultaneously, a cybersecurity leader must navigate the complexities of balancing security requirements with business objectives, fostering a culture of cybersecurity awareness, and ensuring compliance with regulatory frameworks. The CISO Playbook aims to provide nothing but real-world advice and perspectives to both up-and-coming cybersecurity leaders as well as existing ones looking to grow. The book does not approach cybersecurity leadership from the perspective of the academic, or what it should be, but more from that which it really is. Moreover, it focuses on the many things a cybersecurity leader needs to “be” given that the role is dynamic and ever-evolving, requiring a high level of adaptability. A CISO's career is touched from many differing angles, by many different people and roles. A healthy selection of these entities, from executive recruiters to salespeople to venture capitalists, is included to provide real-world value to the reader. To augment these, the book covers many areas that a cybersecurity leader needs to understand, from the pre-interview stage to the first quarter and from security operations to the softer skills such as storytelling and communications. The book wraps up with a focus on techniques and knowledge areas, such as financial literacy, that are essential for a CISO to be effective. Other important areas, such as understanding the adversaries' mindset and self-preservation, are covered as well. A credo is provided as an example of the documented commitment a cybersecurity leader must make and remain true to.




The CISO’s Transformation


Book Description

The first section of this book addresses the evolution of CISO (chief information security officer) leadership, with the most mature CISOs combining strong business and technical leadership skills. CISOs can now add significant value when they possess an advanced understanding of cutting-edge security technologies to address the risks from the nearly universal operational dependence of enterprises on the cloud, the Internet, hybrid networks, and third-party technologies demonstrated in this book. In our new cyber threat-saturated world, CISOs have begun to show their market value. Wall Street is more likely to reward companies with good cybersecurity track records with higher stock valuations. To ensure that security is always a foremost concern in business decisions, CISOs should have a seat on corporate boards, and CISOs should be involved from beginning to end in the process of adopting enterprise technologies. The second and third sections of this book focus on building strong security teams, and exercising prudence in cybersecurity. CISOs can foster cultures of respect through careful consideration of the biases inherent in the socio-linguistic frameworks shaping our workplace language and through the cultivation of cyber exceptionalism. CISOs should leave no stone unturned in seeking out people with unique abilities, skills, and experience, and encourage career planning and development, in order to build and retain a strong talent pool. The lessons of the breach of physical security at the US Capitol, the hack back trend, and CISO legal liability stemming from network and data breaches all reveal the importance of good judgment and the necessity of taking proactive stances on preventative measures. This book will target security and IT engineers, administrators and developers, CIOs, CTOs, CISOs, and CFOs. Risk personnel, CROs, IT, security auditors and security researchers will also find this book useful.