Dr. Erdal Ozkaya - Cybersecurity Leadership Demystified: A comprehensive guide to becoming a world-class modern cybersecurity leader and global CISO

Copyright 2021 Packt Publishing

This is an Early Access product. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the content and extracts of this book may evolve as it is being developed to ensure it is up-to-date.

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, ortransmitted in any form or by any means, without the prior written permission of the publisher,except in the case of brief quotations embedded in critical articles or reviews.

The information contained in this book is sold without warranty, either express or implied. Neither the author nor Packt Publishing or its dealers and distributors will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Early Access Publication: Cybersecurity Leadership Demystified

Early Access Production Reference: B17536

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK

ISBN: 978-1-80181-928-2

Copyright 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Welcome to Packt Early Access. Were giving you an exclusive preview of this book before it goes on sale. It can take many months to write a book, but our authors have cutting-edge information to share with you today. Early Access gives you an insight into the latest developments by making chapter drafts available. The chapters may be a little rough around the edges right now, but our authors will update them over time. Youll be notified when a new version is ready.

This title is in development, with more chapters still to be written, which means you have the opportunity to have your say about the content. We want to publish books that provide useful information to you and other customers, so well send questionnaires out to you regularly. All feedback is helpful, so please be open about your thoughts and opinions. Our editors will work their magic on the text of the book, so wed like your input on the technical elements and your experience as a reader. Well also provide frequent updates on how our authors have changed their chapters based on your feedback.

You can dip in and out of this book or follow along from start to finish; Early Access is designed to be flexible. We hope you enjoy getting to know more about the process of writing a Packt book. Join the exploration of new topics by contributing your ideas and see them come to life in print.

1. CISOs Role in Security Leadership
2. End to End Security Operations
3. Compliance and Regulations
4. Role of HR in Security
5. How Documentation Contributes to Security
6. Disaster Recovery and Business Continuity
7. Bringing the Stakeholders on Board
8. Other CISO Tasks
9. Congratulations! You are Hired
10. Security Leadership
11. Conclusion

In this day and age, the security of internet-connected devices and applications has increasingly become critical to the success of firms operating in the internet space. While the internet has provided numerous opportunities for businesses to conduct business, expand their operations, and reach their customers more easily, it has also introduced cybersecurity risks to both the businesses and the customers that interact with these businesses via digital platforms.

Cybercrime has been on the rise in recent years, and data breaches continue to wreak havoc among many companies globally. It has become essential for all businesses that deal with financial and other important data from customers to implement security measures in their organizations to ensure their organizations remain secure. Organizations now have departments that exclusively tackle security issues that affect an organization resulting from interactions with the digital world.

One of the key positions in modern organizations is the chief information and security officer (CISO), who is generally tasked with security-related duties.

In this chapter, you will learn who and what a CISO is, the requirements of the CISO role, the differences between other technology leadership roles, and what is required in the role for you to be successful. The chapter will also cover how to develop the core components needed to be a good CISO for your organization.

You can expect the following topics to be covered in this chapter:

• Defining a CISO and their responsibilities
• Understanding similarities and differences between a CISO and a chief security officer (CSO)
• Distinguishing between a chief information officer (CIO), a chief technology officer (CTO), and a CISO
• Designing a security leadership role
• Expanding the role of a CISO
• The changing role of a CISO
• How to become a CISO
• Learning about CISO certification

In this section, we provide a definitive description of the term CISO, the role of a CISO in a firm, and the importance of this position in any modern organization. The section attempts to provide readers with an introduction to the world of digital platforms, the role they play in organizations, and the integral role that CISO executives play in making all this happen.

A CISO has an executive-level position within an organization and is tasked with establishing and maintaining various mechanisms and structures that safeguard the informational and technological assets of the organization. CISOs are technologists who can participate in high-level initiatives as business strategists. CISOs ensure that information technology (IT) systems comply with security and regulatory requirements. In summary, a CISO is the top cyber executive of an organization.

The following screenshot shows a man interacting with a digital device that bears the name CISO and depicts a lock. It confers a message of the core role of CISO executives, keeping digital platforms safe from external threats:

In the next section, you will discover the responsibilities of a CISO.

The main responsibilities that a CISO performs in an organization include the following:

• Determining and establishing the right governance and security practices for the organization
• Creating and enabling a framework that ensures risk-free scalability of business operations