In June 2020, Volume 1 and Volume 2 of the CISO Desk Reference Guide® were inducted into the Cybersecurity Canon Hall of Fame. We are grateful for the recognition of our peers and feel humbled and honored that our books have been able to help advance the study of our field.
The order of the essays within each chapter follows the arc of our differing backgrounds and perspectives. Bill Bonney’s essays lead off each chapter and provide a high-level view that reflects his background in the finance industry and the structured governance that comes with working in a highly regulated industry. Matt Stamper’s essays come next, and his perspective on simultaneously providing services to many customers provides insight into a highly programmatic approach. Finally, Gary Hayslip’s essays finish each chapter, and his vast experience in the trenches as a hands-on cyber expert provides you with a treasure trove of lists and lessons that you can repeatedly reference. We deviate from this approach for Chapters 7, 12, and 20, where we provide a single, unified essay.
Along with a shared desire to help, each of us has enjoyed over 30 years of success in the Information Technology field, but with very different backgrounds. It became apparent as we got to know each other by participating in panel discussions and speaking at industry events that these different backgrounds brought diverse and complementary perspectives to the cybersecurity community’s current problems. What started as a panel discussion on the role of the modern CISO sparked such a lively audience discussion that we began to consider turning this topic into a book for new CISOs and CISOs at mid-size firms in particular.
The decision to write the CISO Desk Reference Guide, Volumes 1 and 2, came from the shared realization by the authors that the dramatic escalation in cyber threats was not going to peak anytime soon. Instead, cybercrime would continue to move “down the food chain” as more relative economic value is managed via interconnected computer networks. As a result, mid-sized firms, in particular the kinds that make up the local commercial base in San Diego, would come under increasing pressure as targets both for their value and as the supposed “weaker links” in the supplier ecosystem of larger, multinational companies.
In February 2022 we added the CISO Desk Reference Guide Executive Primer, written primarily for the CISO’s colleagues. We believe that as the CISO continues to work more and more closely with members of the C-suite, it is imperative that these colleagues have a foundational understanding of the role a CISO can and should play, how to support the CISO, and what to expect of the CISO. Though directed at the C-suite, we think this is also an excellent primer for CISOs to learn even more about how they can contribute at the highest level of the organization.