As cybersecurity threats continue to evolve and become more complex, it's essential for Chief Information Security Officers (CISOs) to stay on top of their game. One often overlooked but valuable tool for staying ahead of the curve is reading books. While technical manuals and industry publications can provide valuable information, reading books can offer a unique perspective and a range of benefits that can help CISOs in their roles.
We asked our Advisory Board to provide a list of books they would recommend to our community and here are the top 12.
Confronting Cyber Risk: An Embedded Endurance Strategy for Cybersecurity by Gregory J. Falco and Eric Rosenbach. The first book was written by the two individuals who created the Harvard course that Advisory Board Member Randall Frietzsche is a part of and Head Program Tutor for. Witten by Eric Rosenbach and is Greg Falco, the book continues what students learned in the course and takes it to the next level.
The CISO Evolution: Business Knowledge for Cybersecurity Executives by Matthew K. Sharp and Kyriakos Lambros. The book takes cyber and brings in business knowledge - like finance, strategy, business enablement, board communications, etc. These are the business skills today's CISO needs to truly excel and be effective at the job of enabling a business securely.
CISO Desk Reference Guide Executive Primer: The Executive’s Guide to Security Programs by Bill Bonney, Gary Hayslip, and Matt Stamper. The primary perspective of this book is one of expectation. What are the expectations the CEO should have for their CISO? What support should the CFO expect to provide the organization's CISO in support of their mission? What are the expectations the CISO will place on their colleagues to help make the organization more resilient?
How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen. This book goes into the detail in measuring cyber risk. It is really a classic around cyber risk management, providing techniques and strategies. This book is often used in Master's Degree-level risk management courses. It goes into quantitative risk analysis, which is the Holy Grail of Cyber Risk Management.
Life 3.0: Being Human in the Age of Artificial Intelligence by Max Tegmark who discusses a variety of societal implications, what can be done to maximize the chances of a positive outcome, and potential futures for humanity, technology and combinations thereof.
Measuring and Managing Information Risk: A FAIR Approach by Jack Freund and Jack Jones. Jack is widely known as the guru around quantitative risk analysis, and uses the FAIR framework in quantifying cyber risk. I've heard Jack speak and he's really brilliant. While quantitative risk analysis is difficult, Jack makes it approachable as a goal for any organization.
Cryptonomicon by Neal Stephenson. It is a work of historic fiction with a lean on cyber. It has some relevance to startups and bitcoin and other grayer aspects of cyber. Plus, it gives you a flavor of what happened after ‘Imitation Game’ (movie) ended and has a bit of adventure.
Agency by William Gibson It is a 'sequel and a prequel’ to his previous novel The Peripheral (2014). The story line further explores the concept of the "Jackpot", a back-story element of The Peripheral. One plot is with a young woman who is testing a new form of avatar software developed by the military, for a start-up in San Francisco.
Start with Why by Simon Sinek. This book shows that the leaders who’ve had the greatest influence in the world all think, act, and communicate the same way—and it’s the opposite of what everyone else does. Sinek calls this powerful idea The Golden Circle, and it provides a framework upon which organizations can be built, movements can be led, and people can be inspired. And it all starts with WHY.
The Age of Surveillance Capitalism by Shoshana Zuboff. Shoshana Zuboff provides startling insights into the phenomenon that she has named surveillance capitalism. The stakes could not be higher: a global architecture of behavior modification threatens human nature in the twenty-first century just as industrial capitalism disfigured the natural world in the twentieth.
You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions By Ira Winkler who provide a proven and credible framework for understanding, measuring, and analyzing information risk of any size or complexity. It’s intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and fresh perspective on how to do a basic quantitative risk analysis.
Cybersecurity Workforce Diversity: A Guide for Cyber Leaders written by Dr. Vivian Lyon, who presents an argument that cyber teams must be as diverse as cybercriminals to protect sensitive systems from rising cyber attacks. She also discusses strategies for attracting and retaining a diverse workforce.
The top 12 books recommended for CISOs cover a range of topics, from cybersecurity to leadership and beyond. By delving into these titles, CISOs can gain valuable insights and perspectives that can help them stay ahead of the curve and make informed decisions in their roles. Whether you are a seasoned CISO or just starting out in the field, these books are sure to provide you with new ideas and strategies that you can use to enhance your effectiveness and lead your organization to success in the ever-evolving landscape of cybersecurity.
