Data Privacy Program Guide: How to Build a Privacy Program that Inspires Trust

CISO DRG Publishing is pleased to announce the availability of the Data Privacy Program Guide: How to Build a Privacy Program that Inspires Trust, the first book in the CISO Desk Reference Guide® Governance Series. This book was written by David Goodman, Justine Phillips, and Matt Stamper and is intended for Chief Privacy Officers and privacy professionals at all levels of the organization. This book focuses on building and managing privacy programs. From the author’s extensive and varied backgrounds, readers will gain unique insights, practical advice, and inspiration. Privacy professionals will learn how to create a privacy program that will help you improve your relationship with your customers while giving you the foundation for complying with the dizzying maze of privacy regulations. This is a groundbreaking book in the privacy space.

Congratulations David, Justine, and Matt, well done!

CISO Desk Reference Guide Executive Primer Forward


The CISO Desk Reference Guide has been a mainstay in my personal library since shortly after I first met Gary, Bill, and Matt in 2015. Newly appointed to my second stint as Deputy Chief Information Security Officer (CISO) and having just moved from Germany to Southern California, I was eager to build relationships in the lively cybersecurity community of San Diego. The community welcomed me with open arms, and I was able to join in on robust conversations, insightful presentations, and war-room problem solving for the latest/greatest malware strain or threat actor activity. If I were to attempt an analogy, I would say reading the chapters of the CISO Desk Reference Guide is like attending a gathering of those fantastic SoCal professionals: approachable, unassuming, informative, and thought-provoking.

Since that wonderful season of my career based in San Diego, I’ve slingshot around the world to a variety of CISO and CSO positions, taking with me their Reference Guide (which I’ve also passed on to members of my leadership teams), their friendship, and their trusted comradery in this global cybersecurity war we as CISOs wage day in and day out.

Gary, Bill, and Matt are a treasure trove of wisdom for future and established CISOs alike. Their dedication to contributing foundational wisdom to the cybersecurity community has rightly earned their two-volume Reference Guide set a prestigious position in the Cybersecurity Canon Hall of Fame. What sets them apart is that they don’t just “teach” the work, they also “do” the work. And by doing the work, they garner continuous insight and examples, which they then use to further teach the work. Theirs is a virtuous circle of support and insight for our cybersecurity community globally.

When the authors asked if I would be willing to read a draft and provide some feedback on the manuscript for their latest endeavor, CISO Desk Reference Guide: Executive Primer, I jumped at the opportunity. The premise of this Executive Primer is to assist non-cyber executives and non-execs in understanding the deep complexities of cybersecurity—without leaving their eyes watering from mind-numbing technical details. This is not a small task, but it is such important work. And this Executive Primer, as expected from the authors’ previous work, does not disappoint.

As CISOs, we must leverage both “science” and “art” in the work we do every day. The science is the complexity, breadth, and depth of the processes, technology, and people capabilities that we must leverage, develop, and continuously improve every day to protect, detect, respond, and recover. The art is a bit more nuanced and requires tremendous skill and honing: every presentation to the Audit Committee and exec and non-exec boards, every meet/greet with business executives, every town hall presentation to non-cyber audiences, every “lunch and learn” session we host, every cyber threat briefing we send out to all hands—these are all examples of where we must demystify the “science” of our work, by using the “art” of communication, influence, connecting seemingly unrelated dots, all while using business-friendly lexicon and relevant, contextualized examples which broaden understanding while eliciting support, partnership, urgency, and priority.

In theory, a better understanding of cybersecurity by our non-cyber exec and non-exec colleagues will lead to greater support for the work of cybersecurity, healthier and courageous challenges in our conversations and dealings, and laser-focused risk prioritization by you and me as we together reduce risk. In practice, and for many, this is a foundational paradigm shift: everyone owns security. Not just the CISO or the CISO Program…everyone. You, dear Reader, own security.

But how can you own something and effectively participate in and contribute to your part of cybersecurity if you don’t understand it, know why to prioritize it, or know what “good” looks like? Enter the CISO: Executive Primer. This Primer will get you well on your way to being familiar with and conversant in the work of the CISO Program at your company, just as we as practitioners and CISOs must be familiar with and conversant in your work, whether its finance, legal, HR, business imperatives, or company strategy. This Executive Primer will also give you a greater understanding of the story behind the story when you see a headline about the latest breach.

Personally, I believe you will come away with at least the beginnings of an understanding that cybersecurity is to no longer be a buried line item on IT’s budget but to rather be seen as a prominent enterprise-wide, escalating risk that each exec and non-exec alike need to have in the forefront of her or his mind when they consider acquisitions, market expansion, product innovation, channels to market, interactions with shareholders, engagement with customers and consumers, leveraging third-party vendors, suppliers, and contractors, broaden their digital transformation, and so on.

I’m thrilled the authors have put pen to paper on this Executive Primer, and I highly recommend you chew through and digest all of this rich yet approachable content. To follow the analogy I began with, reading this Executive Primer is like having a lengthy coffee (or whiskey!) chat with Gary, Bill, and Matt, garnering their wisdom and insights in an approachable, unassuming, informative manner. I believe it will empower you for better, thought-provoking conversations with your CISO. I believe it will change the way you view risk at your company. And I believe you, too, will become a cybersecurity enthusiast at work and at home.

Kirsten Davies
March 2022
Nashville, USA

Kirsten Davies is a five-time Information and Cyber Security Executive, safeguarding 2 Global 100 and 3 Fortune 250 companies representing over $230Bn in annual turnover.

Develop Your Cybersecurity Career Path now available as ePub

CISO DRG Publishing is pleased to announce the availability of Develop Your Cybersecurity Career Path in the ePub format. For Nook users, you can buy here: and for Apple iBook fans, buy here: We know many of our readers prefer eBooks and we are committed to providing our catalog in as wide a variety of formats as possible. Over the coming weeks, we’ll be publishing our entire catalog as ePubs on both platforms whenever possible.

Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level

CISO DRG Publishing is pleased to announce the availability of Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level, the first book in the CISO Desk Reference Guide® Practitioner Series. This book was written by Gary Hayslip, Christophe Foulon, and Renee Small to help those who are considering a career in cybersecurity. Whether you are just starting and are looking for an entry-level position or want to translate many years of experience to the right level, this book will provide proven, practical steps, guiding you from self-assessment through the search and interview and completing your journey to a career in cybersecurity.

For those who are exploring a career in cybersecurity, we first want to say, “Welcome, we need the help!” A job in cybersecurity is dedicated to a mission to protect. At the same time, it is very rewarding—both in knowing that what you do makes a difference and, frankly, unmatched job security.

Congratulations Gary, Chris, and Renee, we are proud to have Develop Your Cybersecurity Career Path in our growing catalog.