In Volume 2, we flip the focus from assessing to building. In Chapter 10, we look at talent – how to identify, grow, and retain the critical people and people skills so important for a successful cybersecurity program. Now that we had walked the CISO through assessing their program, capturing their inventory of business processes and tools, and aligning their staff, we can begin to describe how to prepare the organization to be the kind of resilient organization we believe will be necessary to be successful in the digital world we compete in today. We dedicate four chapters in Volume 2 to that resilience. We address education for the staff and the organization, monitoring the health and security of the organization’s digital assets, and using threat intelligence to help the organization stay ahead of (or at least keep up with) the changing threat landscape. Finally, using all of this focus on health, monitoring, and threats to inform the backups and recovery planning that are essential to helping the organization rebound from any disrupting event, not just a cyber event.

All of this set the stage for dealing with the inevitable flood of incidents, large and small. We believe that by treating the small incidents with the same formal process, the organization can stay sharp and respond with more agility to the existential threats that are becoming all too common. Key to that preparedness is the communication program that keeps the organization informed and responding as one. Finally, we discuss using all of this focus on health, monitoring, and threats to inform the backups and recovery planning that are essential to helping the organization rebound from any disrupting event, not just a cyber event.

Excerpts

Praise for the Book

4

This book, and its volume one companion, will provide any CISO, newbie or ragged veteran, the reference material to build and improve their security programs.

Rick Howard
CSO – Palo Alto Networks

5
4

“In this, the second instalment of The CISO Desk Reference Guide, Stamper, Hayslip and Bonney team up once again to deliver a seamless continuation of its predecessor. Each author gives us a revealing lens through which to view the remit of a CISO… they challenge the reader to operate to a much higher standard, explaining exactly how to do so. The book’s power resides in each author’s ability to synthesize and to present this in pragmatic prose, conveying the importance of the role of a CISO.”

Jane Frankland
Founder of Cyber Security Capital, Board Advisor ClubCISO, U.K.

5
4

“The best disposition I have read on how to, in practical terms, address the cyber talent scarcity issue. We’ve been talking about the problem for years…the authors give actionable steps for how CISOs can build a “blended capability” program – FTE hiring, cross- and up-skilling existing talent, creating security evangelists across the organization, and leveraging MSSPs for commodity functions. This scarcity of skills is not going away, so it’s crucial we take pragmatic steps to address it.”

Kirsten Davies
Chief Security Office – Barclays Africa Group Ltd.

5
4

This is how it’s done, plain and simple. This is the Rosetta Stone of security, connecting the technology, the business and the people. The devil is in the details, and this book details it in a way that is personal, usable and, above all, practical.”

Sam Curry
CSO – Cybereason

5
4

“Volume 2 applies the very original and effective Desk Reference approach to more key CISO concerns, from the cybersecurity skills gap to incident response and crisis management.” 

Stephen Cobb, CISSP
Senior Security Researcher, ESET North America

5
4

“This CISO Desk Reference, Volume 2, is by far the best CISO reference available today…. If you are aspiring to become a CISO, this book will help you design a comprehensive security program… If you are currently a CISO, this book will provide you unique guidance about the strategic and operational intricacies of a modern security program!”

Selim Aissi
CISO – Ellie Mae

5
4

The second volume of the CISO Desk Reference Guide is a perfect continuation of the definitive first volume. Volume 2 provides insights, best practices and utility in useful and practical chapters. I am grateful to the authors for generously sharing their years of hard-earned experience and knowledge. They are raising the bar for security professionals everywhere.”

Todd Friedman
Chief Information Security Officer – ResMed

5
4

AMAZING! I JUST LOVED THE BOOK! Being a new CISO, I have got to be learning every day… The authors have only emphasised that, promoting continuous learning for the CISOs. They did an amazingly great job.”

Magda Lilia Chelly, CISSP, PhD
Managing Director | CISO As A Service
Responsible Cyber Pte. Ltd., Singapore

5