What do you think?
Rate this book
Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats
Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. It enables an enterprise to architect, design, implement, and operate a coherent cybersecurity program that is seamlessly coordinated with policy, programmatics, IT life cycle, and assessment. Fail-safe cyberdefense is a pipe dream. Given sufficient time, an intelligent attacker can eventually defeat defensive measures protecting an enterprise’s computer systems and IT networks. To prevail, an enterprise cybersecurity program must manage risk by detecting attacks early enough and delaying them long enough that the defenders have time to respond effectively. Enterprise Cybersecurity shows players at all levels of responsibility how to unify their organization’s people, budgets, technologies, and processes into a cost-efficient cybersecurity program capable of countering advanced cyberattacks and containing damage in the event of a breach. The authors of Enterprise Cybersecurity explain at both strategic and tactical levels how to accomplish the mission of leading, designing, deploying, operating, managing, and supporting cybersecurity capabilities in an enterprise environment. The authors are recognized experts and thought leaders in this rapidly evolving field, drawing on decades of collective experience in cybersecurity and IT. In capacities ranging from executive strategist to systems architect to cybercombatant, Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams, and Abdul Aslam have fought on the front lines of cybersecurity against advanced persistent threats to government, military, and business entities. Executives, managers, architects, IT professionals, customers and vendors of cybersecurity services, and engineering students will learn from this book Enterprise Cybersecurity is for people and organizations interested in modern cybersecurity and who are responsible for leading, designing, deploying, operating, managing, and supporting cybersecurity capabilities in an enterprise environment.
578 pages, Paperback
First published March 11, 2015
21 people are currently reading
44 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
February 17, 2026
This is a well-written and thoughtfully structured book on designing a cybersecurity program from the ground up. It provides a comprehensive overview of what it takes to build an enterprise-grade cyber defense capability, moving beyond theory into practical organizational design.
The book covers a wide range of foundational topics: the benefits and characteristics of a cybersecurity program, cyber strategy and governance, functional security domains, enterprise process implementation, cloud and mobile security, security operations, incident response models, defense-in-depth, auditing for risk and compliance, training and awareness, and managing cybersecurity through analytics and metrics. Overall, it offers a holistic blueprint for organizations seeking to design and operationalize a robust cyber program.
What I particularly appreciated is how the book frames cybersecurity not as a bolt-on technical control, but as a business enabler. Too often, cybersecurity is treated as a regulatory checkbox or an IT overhead function. In reality, effective controls must align with an organization’s risk appetite and compliance culture. They must also meet business process performance SLAs. Once security technologies are implemented, maintaining a balance between protection and system performance becomes a constant strategic exercise, especially given the overhead many tools introduce.
Another key insight is the importance of minimizing digital footprint—especially for companies holding large volumes of PII and financial data. Reducing exposed attack surface and carefully sequencing cybersecurity initiatives based on strategic integration and dependency mapping is critical. For a CISO, understanding operational interdependencies and implementing controls in the right order can make the difference between resilience and disruption.
The book’s treatment of incident response is structured and practical. It emphasizes:
1. Identifying the root cause—defining the issue and its scope.
2. Neutralizing the threat—developing contingency plans informed by strategic observation and orientation.
3. Enforcing corrective controls—to mitigate and prevent recurrence.
It then expands into threat intelligence–oriented measures:
4. Collecting incident-specific data in an actionable format.
5. Analyzing patterns within the context of infrastructure and attacker capability.
6. Disseminating findings objectively to leadership and stakeholders.
I also found the discussion around deception strategies and advanced threat actors particularly compelling. While intrusion tools have evolved and access to offensive capabilities has become increasingly democratized (especially with AI and automation), the attacker’s mindset—privilege escalation, critical path navigation, and endgame orientation—remains fundamentally consistent.
Deception, therefore, remains powerful. The book draws parallels between classical siege strategies and modern cyber deception techniques such as honeypots, decoys, and breadcrumbs. When designed strategically, these mechanisms not only detect malicious intent but can help map attacker behavior, identify false positives, and even support counterintelligence research in controlled sandbox environments. In advanced cases, deception can shift the balance—turning an attack into an opportunity for deeper defensive insight.
The growing role of AI adds another layer of urgency. As rootkits and AI-powered tools lower the barrier to entry for less sophisticated attackers, establishing secure baselines and continuously validating controls becomes even more critical.
One of the most practical aspects of my broader learning in this space—complementing this book—was a case study involving Jerry Perullo at ICE (DHS context). It illustrated how cybersecurity programs differ depending on reporting structures and organizational priorities. Some CISOs are highly technical and hands-on, fluent in threat intelligence and architecture. Others operate from a risk and compliance lens, translating cyber exposure into financial and regulatory impact for executive stakeholders.
ICE’s approach stood out because security is treated as a growth enabler rather than a compliance obligation. Availability, resilience, and operational continuity in a trading exchange environment require cybersecurity to scale directly with business growth. Their structure reflects this balance:
• Cybersecurity Operations: incident response, forensics, investigations, architecture, and controls.
• Security Assurance: application security, red teaming, governance, vendor risk, and compliance.
They follow a three-lines-of-defense model:
1. IT and operational staff implement and capture control data.
2. Risk management models impact and aligns threat intelligence with business analysis.
3. Cyber audit ensures regulatory and legal compliance.
The key takeaway is that cybersecurity must evolve in tandem with enterprise growth. Mature programs move from relying heavily on external consultants to developing internal capabilities that scale, integrate new systems, and absorb inherited risk without losing operational agility.
In summary, this book provides a strong structural foundation for designing a cybersecurity program. For practitioners, CISOs, MBA students, and security leaders, it serves as both a roadmap and a strategic lens—reminding us that cybersecurity is most effective when it is aligned with business value, risk intelligence, and long-term enterprise scalability.
The book covers a wide range of foundational topics: the benefits and characteristics of a cybersecurity program, cyber strategy and governance, functional security domains, enterprise process implementation, cloud and mobile security, security operations, incident response models, defense-in-depth, auditing for risk and compliance, training and awareness, and managing cybersecurity through analytics and metrics. Overall, it offers a holistic blueprint for organizations seeking to design and operationalize a robust cyber program.
What I particularly appreciated is how the book frames cybersecurity not as a bolt-on technical control, but as a business enabler. Too often, cybersecurity is treated as a regulatory checkbox or an IT overhead function. In reality, effective controls must align with an organization’s risk appetite and compliance culture. They must also meet business process performance SLAs. Once security technologies are implemented, maintaining a balance between protection and system performance becomes a constant strategic exercise, especially given the overhead many tools introduce.
Another key insight is the importance of minimizing digital footprint—especially for companies holding large volumes of PII and financial data. Reducing exposed attack surface and carefully sequencing cybersecurity initiatives based on strategic integration and dependency mapping is critical. For a CISO, understanding operational interdependencies and implementing controls in the right order can make the difference between resilience and disruption.
The book’s treatment of incident response is structured and practical. It emphasizes:
1. Identifying the root cause—defining the issue and its scope.
2. Neutralizing the threat—developing contingency plans informed by strategic observation and orientation.
3. Enforcing corrective controls—to mitigate and prevent recurrence.
It then expands into threat intelligence–oriented measures:
4. Collecting incident-specific data in an actionable format.
5. Analyzing patterns within the context of infrastructure and attacker capability.
6. Disseminating findings objectively to leadership and stakeholders.
I also found the discussion around deception strategies and advanced threat actors particularly compelling. While intrusion tools have evolved and access to offensive capabilities has become increasingly democratized (especially with AI and automation), the attacker’s mindset—privilege escalation, critical path navigation, and endgame orientation—remains fundamentally consistent.
Deception, therefore, remains powerful. The book draws parallels between classical siege strategies and modern cyber deception techniques such as honeypots, decoys, and breadcrumbs. When designed strategically, these mechanisms not only detect malicious intent but can help map attacker behavior, identify false positives, and even support counterintelligence research in controlled sandbox environments. In advanced cases, deception can shift the balance—turning an attack into an opportunity for deeper defensive insight.
The growing role of AI adds another layer of urgency. As rootkits and AI-powered tools lower the barrier to entry for less sophisticated attackers, establishing secure baselines and continuously validating controls becomes even more critical.
One of the most practical aspects of my broader learning in this space—complementing this book—was a case study involving Jerry Perullo at ICE (DHS context). It illustrated how cybersecurity programs differ depending on reporting structures and organizational priorities. Some CISOs are highly technical and hands-on, fluent in threat intelligence and architecture. Others operate from a risk and compliance lens, translating cyber exposure into financial and regulatory impact for executive stakeholders.
ICE’s approach stood out because security is treated as a growth enabler rather than a compliance obligation. Availability, resilience, and operational continuity in a trading exchange environment require cybersecurity to scale directly with business growth. Their structure reflects this balance:
• Cybersecurity Operations: incident response, forensics, investigations, architecture, and controls.
• Security Assurance: application security, red teaming, governance, vendor risk, and compliance.
They follow a three-lines-of-defense model:
1. IT and operational staff implement and capture control data.
2. Risk management models impact and aligns threat intelligence with business analysis.
3. Cyber audit ensures regulatory and legal compliance.
The key takeaway is that cybersecurity must evolve in tandem with enterprise growth. Mature programs move from relying heavily on external consultants to developing internal capabilities that scale, integrate new systems, and absorb inherited risk without losing operational agility.
In summary, this book provides a strong structural foundation for designing a cybersecurity program. For practitioners, CISOs, MBA students, and security leaders, it serves as both a roadmap and a strategic lens—reminding us that cybersecurity is most effective when it is aligned with business value, risk intelligence, and long-term enterprise scalability.
Displaying 1 of 1 review