Bill Bonney is a security evangelist, author and publisher, currently serving as the President of CISO DRG, Inc., a publisher of practical guides for information security executives, written by practitioners. Prior to CISO DRG, Bill was Vice President of Product Marketing and Chief Strategist at FHOOSH (now UBIQ), a maker of high-speed encryption software. Prior to FHOOSH, Bill was the Director of Information Security and Compliance at Intuit, and then Vice President of Product Marketing and a Principal Consulting Analyst at TechVision Research.

Bill holds multiple patents in data protection, access and classification, and is a member of the Board of Advisors for CyberTECH, a San Diego incubator, and on the board of directors for the San Diego CISO Roundtable, a professional group focused on building relationships and fostering collaboration in information security management. Bill is a highly regarded speaker and panelist addressing technology and security concerns. Bill co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 and 2, which are considered among the leading books for CISOs and aspiring CISOs. He holds a Bachelor of Science degree in Computer Science and Applied Mathematics from Albany University.

Why I chose Cybersecurity as my field: I began my career in the “big iron” mainframe era, working for Sperry Univac and then a relational database company called Unify. After 15 years or so, I went into consulting and built a web design and development firm. While we were celebrating some milestones with a little vacation in Cabo San Lucas, the 9/11 terrorist attacks occurred. I took this very personally because one of my last clients at Sperry was Cantor Fitzgerald, the bond trading firm that was decimated by the attack. I made a vow to friends and colleagues that when I reentered the corporate world, I would don the white hat. I had a feeling that the next theatre for mindless destruction would be the cyber realm.

CISO Desk Reference Guide Books

CISO Desk Reference Guide Volume 1

Volume 1 of the CISO Desk Reference Guide® provides a basis for any CISO — experienced, new to the role, or aspiring — to baseline their program and confidently assert strengths, weaknesses and next steps. In this book we pioneered the tri-perspective style to provide three distinct viewpoints on each topic.

CISO Desk Reference Guide Volume 2

Volume 2 of the CISO Desk Reference Guide® again uses the tri-perspective style to deliver a blueprint for CISOs to elevate their program and achieve excellence across all critical information security domains. It concludes with an exercise to assist the CISO in developing their own strategic information security plan.

Executive Primer

The CISO Desk Reference Guide: Executive Primer culls the executive and board relevant material from the two-volume set, and presents it in a concise form designed to educate the senior leadership team. The information is presented as a CISO’s eye view so the board or company executive can better understand the unique challenges the CISO faces and how to best support them.

Develop Your Cybersecurity Career Path

The CISO Desk Reference Guide: Develop Your Cybersecurity Career Path will show you how to enter the cybersecurity field at any level. Whether you are looking for an entry level position or want to translate years of experience to an entry at the right level, this book will help you explore the options for a career in cyber, and help you chart a path right for you.

Cyber Crisis Response introduces the SONAR Method™

Cyber Crisis Response introduces the SONAR Method™, a proven, proprietary framework for responding to and managing a range of cyber incidents, from singular events to the most complex cyber breaches and crises. Crisis response is complex, using the SONAR Method™ will help any practitioner take control of the incident before it escalates out of control.

Case Studies

In the CISO Desk Reference Guide: Case Studies, we will present a dozen or so high-profile breaches from the perspective of what controls and best practices could be deployed that would help prevent a similar breach from happening again. The objective is to learn from our adversaries and improve our collective defenses.

Security Compliance

Compliance does not equal security, but security compliance should never be dismissed as bureaucratic or waved away as a mere regulatory requirement. Much of what we think of as essential security hygiene is encapsulated by security frameworks relied upon to demonstrate compliance. The CISO Desk Reference Guide: Security Compliance shows how to both be compliant and use compliance to achieve a better security posture.

Bring Your Own Cyber

The third book in the CISO Desk Reference Guide® small business series is Bring Your Own Cyber. Best for very small businesses, this book teaches the basics, how to lock the doors and not be a cyber sap. No jargon, no formal program (except when legally required) and nothing to get in the way of doing business. What the owner needs to know, and how they get it done!


Turn Your Company Into an Incubator for Cyber Talent

We started planning our first true getaway vacation since the start of the pandemic, but this vacation would have a bit of a twist. It would be the first time leaving our rescue pup behind. We had adopted Henry just before California’s first shutdown. We started thinking about which of our pet parent friends might be available to dog sit. It didn’t even occur to us to ask our closest friend, since she wasn’t a pet parent herself. This is often the case at our companies as well. We usually don’t think to look close to home, because members of our workforce who are not already on the security...

read more

Our Progress in Cybersecurity Culture Is Improving, Now What’s Next?

Tricia Griffith, CEO of Progressive, the large insurance provider, said: “With the right people, culture, and values, you can accomplish great things.” [1] Several excellent analogies can be used to describe the global challenge we face in cyberspace. We can describe it as modern piracy, given the history of piracy impacting so many people while it was rampant, its criminal nature, and its use in proxy wars between the great naval powers of the 17th and 18th centuries. It could be thought of as similar to infectious disease, given how often software viruses are proximate to fraud and...

read more

How Digital Natives Are Shaping the Future of Data Privacy

With the California Consumer Privacy Act (CCPA) going into effect on January 1, 2020, I think it’s timely to look at how digital natives may change the way we view data privacy altogether. If you were a toddler when Voyager 1 and 2 buzzed Saturn in 1980 and 1981 respectively, you are a digital native, as is anyone who came along after you. Maybe you started high school when email and file-sharing started going mainstream, and by the time you graduated, The New York Times had a homepage, at least one of your parents was likely online, and we, consumers at large, were beginning to experience...

read more

Data Classification is the Key to Data Protection, Part I

“No, no!” said the Queen. “Sentence first – verdict afterwards.” “Stuff and nonsense!” said Alice loudly. “The idea of having the sentence first!”The value proposition for data is not in its protection (sentence), but in its use (verdict).In this series of articles, we’re going to explore an alternate value proposition for data classification and the benefits of thinking of data classification primarily as an enabler for using data rather than protecting data. In this first article, we’ll consider the fundamental reason that we want to classify data with this mindset. In the second article,...

read more

How We Want Recruiters and Hiring Managers to Behave

Gary Hayslip, my good friend and partner, and co-author of our book: “CISO Desk Reference Guide,” just wrote what I think is a very courageous blog about a hurtful and confusing experience he had while exploring a job opportunity. It certainly struck a chord with me, so I thought I’d relate some of my thoughts as well. But first, I’d like to commend him on the vulnerability he showed in writing his article in the first person. When our leaders are willing to be vulnerable, we all grow. Thank you, Gary. Gary mentioned in his article, “Cyber Recruiting, the good, the bad and the not so...

read more