Bill Bonney, Gary Hayslip, and Matt Stamper met in the summer of 2014 as members of the very inclusive and collaborative cybersecurity community of San Diego, California. Besides being the eighth largest city in the U.S. and a very welcoming community, San Diego is home to several pockets of technological innovation. These include very successful biotechnology, life sciences, and mobile technology industries; a plethora of defense contractors and aerospace research companies; a blossoming startup community in the Internet of Things (IoT) and Cybersecurity; and a thriving academic environment. San Diego is also home to the fewest number of “Fortune 500” company headquarters, per capita, in the U. S.
The decision to write this book came from the shared realization by the authors that the dramatic escalation in cyber threats was not going to peak any time soon. Cybercrime would continue to move “down the food chain” as more relative economic value is managed via interconnected computer networks. Mid-sized firms in particular, the kind that make up the local commercial base in San Diego, would come under increasing pressure as targets both for their own value and as the supposed “weaker links” in the supplier ecosystem of larger, multinational companies.
Each of the authors has enjoyed over 30 years of success in the Information Technology field, but they have very different backgrounds. It became obvious as they got to know each other by participating on panels and speaking at industry events that these different backgrounds brought diverse and complementary perspectives to the problems the cybersecurity community currently faces. What started as a panel discussion on the role of the modern CISO sparked such a lively audience discussion that the authors began to consider turning this topic into a book for new CISOs and CISOs at mid-size firms in particular.
But to allow those different perspectives to come through as obviously in print as they did during interactive sessions, they decided to take a unique approach in writing this book. Instead of dividing up topics or co-authoring each chapter, they decided to have each author write a separate essay about each topic from their own unique perspective. While this approach presents minor duplication and an interesting transition in styles from one essay to the next, the authors believe that this tri-perspective take on each topic will provide a number of benefits to the reader.
The book is conceived as a desk reference guide and structured as nine chapters with an introduction, three essays, and a summary for each chapter. The introduction highlights the different perspectives that each author brings to the chapter and sets the tone with the questions that the authors used to frame their thoughts. The summary pulls together five key points and five immediate next steps for the reader and his or her team, making this a very practical guide for CISOs.
The order of the essays within each chapter follows the arc of our authors’ differing backgrounds and perspectives. Bill Bonney’s essays lead off each chapter and provide a high-level perspective that reflects his background in the finance industry and the structured governance that comes with working in a highly regulated industry. Matt Stamper’s essays come next and his perspective on providing services to many customers simultaneously provides insight into a highly programmatic approach. Gary Hayslip’s essays finish each chapter and his vast experience in the trenches as a hands-on cyber expert provides the reader with a treasure trove of lists and lessons that they can repeatedly reference.
As a desk reference guide written specifically for CISOs, we hope this book becomes a trusted resource for you, your teams, and your colleagues in the C-suite. The different perspectives can be used as standalone refreshers and the five immediate next steps for each chapter give the reader a robust set of 45 actions based on roughly 100 years of relevant experience that will help you strengthen your cybersecurity programs. In the conclusion of this book we provide contact information and encourage you to join the community of CISOs who use these resources. We also encourage you to provide us with feedback about the guidance and about our tri-perspective approach to this book. We hope you like it.
Copyright © 2016 CISO DRG JV – All Rights Reserved.