The CISO Evolution: Business Knowledge for Cybersecurity Executives

by Matthew K. Sharp, Kyriakos Lambros

Learn to effectively deliver business aligned cybersecurity outcomes  

In The CISO  Business Knowledge for Cybersecurity Executives, information security experts Matthew K. Sharp and Kyriakos “Rock” Lambros deliver an insightful and practical resource to help cybersecurity professionals develop the skills they need to effectively communicate with senior management and boards. They assert business aligned cybersecurity is crucial and demonstrate how business acumen is being put into action to deliver meaningful business outcomes. 

The authors use illustrative stories to show professionals how to establish an executive presence and avoid the most common pitfalls experienced by technology experts when speaking and presenting to executives. The book will show you how  

Inspire trust in senior business leaders by properly aligning and setting expectations around risk appetite and capital allocation  Properly characterize the indispensable role of cybersecurity in your company’s overall strategic plan  Acquire the necessary funding and resources for your company’s cybersecurity program and avoid the stress and anxiety that comes with underfunding  Perfect for security and risk professionals, IT auditors, and risk managers looking for effective strategies to communicate cybersecurity concepts and ideas to business professionals without a background in technology.  The CISO Evolution is also a must-read resource for business executives, managers, and leaders hoping to improve the quality of dialogue with their cybersecurity leaders. 

Genres: Audiobook, Leadership

399 pages, Kindle Edition

Published January 13, 2022

Reviews

[Jari Pirhonen · Rating 4 out of 5]

Good reading for all technical cybersecurity professionals or "Chief IT Security Officers" who think about CISO career. If you manage to read the book and grow interested in business financials, communication and negotiation skills, business risks (instead of IT / cybersecurity risks), etc. you may feel comfortable in a CISO role. If you fall in to sleep, continue with your more technical career.

[Ali · Rating 4 out of 5]

If you’re a techie on track for an executive role in cybersecurity, then this is a great crash course for gaining business acumen and soft skills. I liked its practical advice fitting my swot analysis and also business cases & references to dig deeper. If you don’t fall in the targeted cybersecurity reader group, then there are better leadership and more readable personal or professional development books.

[Dolf van der Haven · Rating 4 out of 5]

Just like where IT Service Management had to be liberated from an IT-only focus and become Enterprise Service Management, Cybersecurity (or rather, Information Security) has to be liberated from a technology-only focus and establish itself as an intrinsic part of an organisation's business.
This book does a good job refocusing InfoSec executives to the business landscape. It forces (prospective) InfoSec leaders to look beyond the usual technological controls and tells them to look at their role from a business perspective. And it is modern, discussing current events (COVID-19) and topics (digital transformation), unlike the old CISSP and CISM type of manuals.
That said, there are some odd sections in here that InfoSec executives should alfeady be familiar with: a whole chapter on basic risk management and a job interviewing guide. The gung-ho style of writing may put off some readers as well.
Overall, this book is recommended for InfoSec leaders that have trouble escaping from a technical pigeon hole and want to be a more integral part of the business.

[Du · Rating 4 out of 5]

A really good book for anyone working in cybersecurity leadership. For me, it was a good intro to all of the different softer skills needed to work in cybersecurity. It covers subjects like building a business case, to communication and education to leading and managing. The most well-written chapters also happened to be the ones that I think are most important in cybersecurity, the chapters on business understanding and communication. This is a really good thing because leadership and management skills can be found in so many other books, but how to tie cybersecurity together with business and communicate cybersecurity is something that I haven't seen a lot of emphasis on.

Really recommend this book to any beginning cybersecurity leaders as it's one of those root books, that can lead you to dive deeper into any of the many subjects covered.

[Brian Rogers · Rating 1 out of 5]

DNF. This seems like it's good information, but I couldn't stand the audiobook. When I would try to listen, my mind would always wander. I just couldn't finish it. Someday I'll try to read this book in print.