As this is a curated collection of books from a personal library, please be mindful that some books may be out of print, have more current editions, or be available in digital formats. A large portion of the books presented are related to research and reference.
Cybersecurity Leadership
The CISO Desk Reference Guide, Volume 1, 3rd Edition is the greatly anticipated update to the first volume of the highly respected two-volume set written by experienced practitioners and intended for recently hired or promoted Chief Information Security Officers (CISOs). These easy-to-use guides are also perfect for individuals aspiring to become CISOs, as well as business and technical professionals interested in the topic of cybersecurity. Those with the titles Chief Technology Officer (CTO), Chief Information Officer (CIO), and Chief Privacy Officer (CPO) will gain critical insights, and members of the board of directors and other executives responsible for information protection will find them invaluable.As a desk reference guide written specifically for CISOs, we hope this book and its companion CISO Desk Reference Guide, Volume 2, become trusted resources for you, your teams, and your colleagues in the C-suite. The different perspectives offered by the authors can be used as standalone refreshers, and the five immediate next steps for each chapter give the reader a robust set of actions based on roughly 100 years of relevant experience that will help you strengthen your cybersecurity programs.
The CISO Desk Reference Guide, Volume 2, 3rd Edition is the greatly anticipated update to the second volume of the highly respected two-volume set written by experienced practitioners and intended for recently hired or promoted Chief Information Security Officers (CISOs). These easy-to-use guides are also perfect for individuals aspiring to become CISOs, as well as business and technical professionals interested in the topic of cybersecurity. Those with the titles Chief Technology Officer (CTO), Chief Information Officer (CIO), and Chief Privacy Officer (CPO) will gain critical insights, and members of the board of directors and other executives responsible for information protection will find them invaluable. As a desk reference guide written specifically for CISOs, we hope this book and its companion CISO Desk Reference Guide, Volume 1, become trusted resources for you, your teams, and your colleagues in the C-suite. The different perspectives offered by the authors can be used as standalone refreshers, and the five immediate next steps for each chapter give the reader a robust set of actions based on roughly 100 years of relevant experience that will help you strengthen your cybersecurity programs.
Todd Fitzgerald, co-author of the ground-breaking (ISC)2 CISO Leadership: Essential Principles for Success, Information Security Governance Simplified: From the Boardroom to the Keyboard, co-author for the E-C Council CISO Body of Knowledge, and contributor to many others including Official (ISC)2 Guide to the CISSP CBK, COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamental Certification, is back with this new book incorporating practical experience in leading, building, and sustaining an information security/cybersecurity program.CISO COMPASS includes personal, pragmatic perspectives and lessons learned of over 75 award-winning CISOs, security leaders, professional association leaders, and cybersecurity standard setters who have fought the tough battle. Todd has also, for the first time, adapted the McKinsey 7S framework (strategy, structure, systems, shared values, staff, skills and style) for organizational effectiveness to the practice of leading cybersecurity to structure the content to ensure comprehensive coverage by the CISO and security leaders to key issues impacting the delivery of the cybersecurity strategy and demonstrate to the Board of Directors due diligence. The insights will assist the security leader to create programs appreciated and supported by the organization, capable of industry/ peer award-winning recognition, enhance cybersecurity maturity, gain confidence by senior management, and avoid pitfalls.The book is a comprehensive, soup-to-nuts book enabling security leaders to effectively protect information assets and build award-winning programs by covering topics such as developing cybersecurity strategy, emerging trends and technologies, cybersecurity organization structure and reporting models, leveraging current incidents, security control frameworks, risk management, laws and regulations, data protection and privacy, meaningful policies and procedures, multi-generational workforce team dynamics, soft skills, and communicating with the Board of Directors and executive management. The book is valuable to current and future security leaders as a valuable resource and an integral part of any college program for information/ cybersecurity.
Learn to effectively deliver business aligned cybersecurity outcomes In The CISO Evolution: Business Knowledge for Cybersecurity Executives, information security experts Matthew K. Sharp and Kyriakos “Rock” Lambros deliver an insightful and practical resource to help cybersecurity professionals develop the skills they need to effectively communicate with senior management and boards. They assert business aligned cybersecurity is crucial and demonstrate how business acumen is being put into action to deliver meaningful business outcomes. The authors use illustrative stories to show professionals how to establish an executive presence and avoid the most common pitfalls experienced by technology experts when speaking and presenting to executives. The book will show you how to: • Inspire trust in senior business leaders by properly aligning and setting expectations around risk appetite and capital allocation • Properly characterize the indispensable role of cybersecurity in your company’s overall strategic plan • Acquire the necessary funding and resources for your company’s cybersecurity program and avoid the stress and anxiety that comes with underfunding Perfect for security and risk professionals, IT auditors, and risk managers looking for effective strategies to communicate cybersecurity concepts and ideas to business professionals without a background in technology. The CISO Evolution is also a must-read resource for business executives, managers, and leaders hoping to improve the quality of dialogue with their cybersecurity leaders.
Have you ever wondered why so many companies and their security leaders fail in today's cyber challenges? Regardless if you are new in this role and look for guidance, or you are considering yourself an expert and just wish to verify that you haven't forgotten anything - this book will help you to tackle the subject right - by building "security by design". The content covers your initial phases in the job such as setting expectations, base lining, gap analysis, capabilities building, and org chart variances. It then leads you to define security architecture, addressing a secure development process, application security and also security policy levels. Further items such as awareness programs, asset management, teaming up with audit, risk management, and finally the strategy development are covered. Then we dive into ROIs, trust relationships, KPIs, incident response, forensics, before we run into crises management by looking at some specific examples of personal experience of the author - himself a C(I)SO for many years. The book is ending by providing advice how to deal with other executive management, and what kind of education, certifications, and networking you need to focus on. If you consistently apply the content and advice provided in this book, you should be all set to succeed in your role as C(I)SO.
This book is written by a C(I)SO for C(I)SOs – and also addresses CEOs, CROs, CLOs, CIOs, CTOs, Security Managers, Privacy Leaders, Lawyers, and even Marketing and Sales executives. It is written by a seven-time career CISO for other visionaries, leaders, strategists, architects, compliance and audit experts, those politically interested, as well as, revolutionaries, and students of IS, IT, and STEM subjects that want to step up their game in InfoSec and Cybersecurity. The book connects the dots about past data breaches and their misconceptions; provides an international perspective on privacy laws like GDPR and several others, about threat actors and threat vectors; introduces strategy and tactics for securing your organization; presents a first glimpse on leadership; explains security program planning and backup plans; examines team building; conceptualizes the governance board; explores budgets; cooperates with the PMO; divulges into tactics; further elaborates on leadership; establishes the reporting structure; illustrates risk assessments; elucidates security processes, principals, and architectural designs; enumerates security metrics; skims compliance; demonstrates attack surface reduction; explicates security intelligence; conceptualizes S-SDLC (SecDevOps); depicts security management; epitomizes global leadership; illustrates the cloud’s weaknesses; and finishes with an outlook on IoT. If you are in need of strong, proven, battle-tested security advice for a progressing security career, if you’re looking for the security wisdom of a global, experienced leader to make smart decisions, if you are an architect and want to know how to securely architect and design using guiding principles, design patterns, and controls, or even if you work in sales and want to understand how (not) to sell to the CISO – this is your almanac – and you will read and reference it many times.Michael S. Oberlaender is one of the best globally renowned security leaders; he has worked for over two and a half decades in global executive security roles for several global market-leading companies. Mr. Oberlaender is a sought-after conference speaker, panelist, and moderator; he has published numerous thought-leadership articles in the leading security journals, and is the author of the famous book C(I)SO - And Now What – How to Successfully Build Security by Design.Mr. Oberlaender sits on the Advisory Board for the companies TriagingX and SentinelOne, previously sat on that of NetSkope, and is an active and supportive member of ISACA, (ISC)², ISSA, InfraGard, and several industry associations. He is certified as CGEIT, CISM, CISSP, CRISC, CISA, ACSE, GSNA, TOGAF-9, and CNSS-4016. He holds a Master of Science (Physics) from the Ivy League ranking university, University of Heidelberg, in Germany.
Women are fundamentally different to men and, when it comes to cybersecurity, one thing is certain… IF YOU’RE SHORT ON WOMEN YOU’RE LESS SAFE. Women matter in cybersecurity because of the way they view and deal with risk. Typically, women are more risk averse, compliant with rules, and embracing of organisational controls and technology than men. They’re also extremely intuitive and score highly when it comes to emotional and social intelligence, which enables them to remain calm during times of turbulence – a trait that’s required when major security breaches and incidents occur. As cybercrime, terrorism and warfare is increasing, and the number of women in cybersecurity is declining, now is the time to take action. By combining stories, interviews and data with practical advice, the golden rules and checklists, IN Security provides the means to turn things around. When you read this book you’ll understand why the numbers of women have fallen, along with strategies for attracting, identifying, and retaining more women in cybersecurity. This book is essential reading for anyone in cybersecurity or looking to get into it.
With the rising cost of data breaches, executives need to understand the basics of cybersecurity so they can make strategic decisions that keep companies out of headlines and legal battles. Although top executives do not make the day-to-day technical decisions related to cybersecurity, they can direct the company from the top down to have a security mindset. As this book explains, executives can build systems and processes that track gaps and security problems while still allowing for innovation and achievement of business objectives. Many of the data breaches occurring today are the result of fundamental security problems, not crafty attacks by insidious malware. The way many companies are moving to cloud environments exacerbates these problems. However, cloud platforms can also help organizations reduce risk if organizations understand how to leverage their benefits. If and when a breach does happen, a company that has the appropriate metrics can more quickly pinpoint and correct the root cause. Over time, as organizations mature, they can fend off and identify advanced threats more effectively. The book covers cybersecurity fundamentals such as encryption, networking, data breaches, cyber-attacks, malware, viruses, incident handling, governance, risk management, security automation, vendor assessments, and cloud security.
Cybersecurity threats are on the rise. As a leader, you need to be prepared to keep your organization safe.Companies are investing an unprecedented amount of money to keep their data and assets safe, yet cyberattacks are on the rise--and the problem is worsening. No amount of technology, resources, or policies will reverse this trend. Only sound governance, originating with the board, can turn the tide.Protection against cyberattacks can't be treated as a problem solely belonging to an IT or cybersecurity department. It needs to cast a wide and impenetrable net that covers everything an organization does--from its business operations, models, and strategies to its products and intellectual property. And boards are in the best position to oversee the needed changes to strategy and hold their companies accountable. Not surprisingly, many boards aren't prepared to assume this responsibility.In A Leader's Guide to Cybersecurity, Thomas Parenty and Jack Domet, who have spent over three decades in the field, present a timely, clear-eyed, and actionable framework that will empower senior executives and board members to become stewards of their companies' cybersecurity activities. This includes: • Understanding cyber risks and how best to control them • Planning and preparing for a crisis--and leading in its aftermath • Making cybersecurity a companywide initiative and responsibility • Drawing attention to the nontechnical dynamics that influence the effectiveness of cybersecurity measures • Aligning the board, executive leadership, and cybersecurity teams on prioritiesFilled with tools, best practices, and strategies, A Leader's Guide to Cybersecurity will help boards navigate this seemingly daunting but extremely necessary transition.
This book enables newcomers, business professionals as well as seasoned cybersecurity practitioners and marketers to understand and to explain the discipline to anyone. This book is not about technology and no technical knowledge or prior background is required to understand this book. The book is also highly recommended as a general management and leadership book.Cybersecurity involves people, policy, and technology. Yet most books and academic programs cover only technology. Hence the implementation of cybersecurity as a people powered perpetual innovation and productivity engine is not done. People think they can buy cybersecurity as a product when in fact the discipline is the modern practice of digital business strategy. People also equate cybersecurity with information security or security alone. However, security is a state, while cybersecurity is a process. Too many people equate cybersecurity with computer science even though cybersecurity is a business discipline.
Unlock the Secrets to Excelling as a Business Information Security Officer.In today's rapidly evolving digital landscape, the role of the Business Information Security Officer (BISO) is more critical than ever. As the bridge between cybersecurity and business objectives, the BISO plays a pivotal role in safeguarding organizations and ensuring the secure and effective use of information resources. "Mastering BISO" by Kris Hermans is your comprehensive guide to excelling in this influential position.Inside this transformative book, you will: 1 Gain a deep understanding of the BISO role, responsibilities, and the strategic importance it holds within organizations, from aligning cybersecurity with business objectives to ensuring regulatory compliance. 2 Learn proven strategies for assessing and managing information security risks, developing effective security policies and controls, and building a strong cybersecurity culture throughout the organization. 3 Enhance your leadership and communication skills to effectively collaborate with executives, board members, and cross-functional teams, translating complex technical concepts into actionable business language. 4 Dive into real-world case studies and practical examples that illustrate successful approaches to information security leadership, allowing you to apply valuable insights to your own organization.Authored by Kris Hermans, a highly respected authority in the field, "Mastering BISO" combines extensive practical experience with a deep understanding of cybersecurity and business integration. Kris's passion for empowering professionals shines through as they guide readers through the complexities of the BISO role, equipping them with the knowledge and insights needed to excel.Whether you're an aspiring cybersecurity professional or a seasoned BISO seeking to enhance your skills, this book is your essential resource. Executives, managers, and other professionals looking to collaborate effectively with their organization's BISO will also find valuable insights within these pages.Excel as a Business Information Security Officer. Order your copy of "Mastering BISO" today and equip yourself with the knowledge and tools to protect organizations, drive strategic initiatives, and navigate the dynamic world of cybersecurity leadership.
Caught in the crosshairs of “Leadership” and “Information Technology”, Information Security professionals are increasingly tapped to operate as business executives. This often puts them on a career path they did not expect, in a field not yet clearly defined. IT training does not usually includemanagerial skills such as leadership, team-building, communication, risk assessment, and corporate business savvy, needed by CISOs. Yet a lack in any of these areas can short circuit a career in information security.CISO Leadership: Essential Principles for Success captures years of hard knocks, success stories, and yes, failures. This is not a how-to book or a collection of technical data. It does not cover products or technology or provide a recapitulation of the common body of knowledge. The book delineates information needed by security leaders and includes from-the-trenches advice on how to have a successful career in the field.With a stellar panel of contributors including William H. Murray, Harry Demaio, James Christiansen, Randy Sanovic, Mike Corby, Howard Schmidt, and other thought leaders, the book brings together the collective experience of trail blazers. The authors have learned through experience―been there, done that, have the t-shirt―and yes, the scars. A glance through the contents demonstrates the breadth and depth of coverage, not only in topics included but also in expertise provided by the chapter authors. They are the pioneers, who, while initially making it up as they went along, now provide the next generation of information security professionals with a guide to success.
The CISO Desk Reference Guide Executive Primer is written primarily for the CISO's colleagues. The primary perspective of this book is one of expectation. What are the expectations the CEO should have for their CISO? What support should the CFO expect to provide the organization's CISO in support of their mission? What are the expectations the CISO will place on their colleagues to help make the organization more resilient? What kind of support should a CISO expect from the board? As important, what expectations should the entire leadership team, including the board, place on the CISO in terms of communications, teaching, expertise, risk assessment, metrics, meeting regulatory requirements, and preparing the organization to detect, respond to, and recover from cyber incidents?
ROADMAP TO INFORMATION SECURITY: FOR IT AND INFOSEC MANAGERS provides a solid overview of information security and its relationship to the information needs of an organization. Content is tailored to the unique needs of information systems professionals who find themselves brought in to the intricacies of information security responsibilities. The book is written for a wide variety of audiences looking to step up to emerging security challenges, ranging from students to experienced professionals. This book is designed to guide the information technology manager in dealing with the challenges associated with the security aspects of their role, providing concise guidance on assessing and improving an organization's security. The content helps IT managers to handle an assignment to an information security role in ways that conform to expectations and requirements, while supporting the goals of the manager in building and maintaining a solid information security program.
As a working cybersecurity professional, every attempt is made to separate professional and personal endeavors in a manner consistent with reducing conflicts of interest and maintaining ethics. Statements contained within this site are the explicit and implicit goals, objectives, endorsements, and educated opinion of the author of this site and not those of current or former employers.
