Bill Bonney - Ciso Desk Reference Guide Volume 2: A Practical Guide for Cisos

CISO Desk Reference Guide

A Practical Guide for CISOs

Volume 2

Bill Bonney

Gary Hayslip

Matt Stamper

Praise for

CISO Desk Reference Guide

A Practical Guide for CISOs

Volume 2

This book, and its volume one companion, will provide any CISO, newbie or ragged veteran, the reference material to build and improve their security programs.

Rick Howard
CSO
Palo Alto Networks

~~~~~

I n this, the second instalment of The CISO Desk Reference Guide, Stamper, Hayslip and Bonney team up once again to deliver a seamless continuation of its predecessor. Each author gives us a revealing lens through which to view the remit of a CISO they challenge the reader to operate to a much higher standard, explaining exactly how to do so. The book's power resides in each author's ability to synthesize and to present this in pragmatic prose, conveying the importance of the role of a CISO.

Jane Frankland
Founder of Cyber Security Capital
Board Advisor ClubCISO, U.K.

~~~~~

The best disposition I have read on how to, in practical terms, address the cyber talent scarcity issue. Weve been talking about the problem for years...the authors give actionable steps for how CISOs can build a blended capability program - FTE hiring, cross- and up-skilling existing talent, creating security evangelists across the organization, and leveraging MSSPs for commodity functions. This scarcity of skills is not going away, so its crucial we take pragmatic steps to address it.

Kirsten Davies
Chief Security Office
Barclays Africa Group Ltd.

~~~~~

This is how its done, plain and simple. This is the Rosetta Stone of security, connecting the technology, the business and the people. The devil is in the details, and this book details it in a way that is personal, usable and, above all, practical.

Sam Curry
CSO
Cybereason

~~~~~

"Volume 2 applies the very original and effective Desk Reference approach to more key CISO concerns, from the cybersecurity skills gap to incident response and crisis management."

Stephen Cobb , CISSP
Senior Security Researcher
ESET North America

~~~~~

This CISO Desk Reference, Volume 2, is by far the best CISO reference available today. If you are aspiring to become a CISO, this book will help you design a comprehensive security program If you are currently a CISO, this book will provide you unique guidance about the strategic and operational intricacies of a modern security program!"

Selim Aissi
CISO
Ellie Mae

~~~~~

" The second volume of the CISO Desk Reference Guide is a perfect continuation of the definitive first volume. Volume 2 provides insights, best practices and utility in useful and practical chapters. I am grateful to the authors for generously sharing their years of hard-earned experience and knowledge. They are raising the bar for security professionals everywhere ."

Todd Friedman
Chief Information Security Officer
ResMed

~~~~~

" AMAZING! I JUST LOVED THE BOOK! Being a new CISO, I have got to be learning every day The authors have only emphasised that, promoting continuous learning for the CISOs. They did an amazingly great job.

Magda Lilia Chelly, CISSP, PhD
Managing Director | CISO As A Service
Responsible Cyber Pte. Ltd., Singapore

Copyright 2018 CISO DRG Joint Venture

ALL RIGHTS RESERVED

No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form, or by any means whether by electronic, mechanical, photocopy, recording or otherwise, without the prior written permission of the copyright owner except in the case of a brief quotation embodied in a critical review and certain other noncommercial uses permitted by copyright law. For all other uses, requests for permission may be sent to the publisher, Attention: Permissions Coordinator, at the address below:

DISCLAIMER: The contents of this book and any additional comments are for informational purposes only and are not intended to be a substitute for professional advice. Your reliance on any information provided by the publisher, its affiliates, content providers, members, employees or comment contributors is solely at your own risk. This publication is sold with the understanding that the publisher is not engaged in rendering professional services. If advice or other expert assistance is required, the services of a competent professional person should be sought.

To contact the authors, write the publisher at the address provided above, Attention: Author Services.

Cover illustration and original artwork

by Gwendoline Perez

Copy Editing by Nadine Bonney

Acknowledgments

Bill Bonney: I would like first to thank my wife, Nadine, for her loving support and willingness to help us tackle Volume 2. She is my rock, and I cannot imagine doing this without her. I am grateful for the support and camaraderie from my colleagues in the San Diego Information Security community, especially the members of the San Diego CISO Round Table. Thank you also to all the CISOs in the worldwide community who have given us feedback and encouragement as weve published the two volumes that make up the CISO Desk Reference Guide, we hope it makes a difference. And once again, thank you to my partners Gary and Matt for their friendship and collaboration, this has been even more rewarding than I had hoped!

Matt Stamper: Working on a book never happens in a vacuum. You need the support and patience of your family and friends as you work on research, drafting content, refining ideas, and ultimately building a narrative that can be carried throughout the entirety of the work. My wife Lisa and our twin daughters Lauren and Danielle have been supportive throughout this entire process. I am blessed to be Lisas husband and Danielles and Laurens dad. Im also thankful for the love and support of my mom and my dad who gave me a love of learning. This effort certainly would not have been possible without the patience of my co-authors Bill and Gary. Their friendship and sense of humor have been constant and appreciated. I am also indebted to the broader CISO community for their shared insights and experiences. Equally important, Id like to acknowledge and thank the San Diego Cyber Center of Excellence (CCOE), the San Diego CISO Round Table, and the San Diego ISACA and InfraGard chapters. The collaboration among San Diegos cyber community is second to none.

Gary Hayslip: I would like to tell my wife of 28 years, Sandi, thank you for your patience and calming influence. Your love and support have allowed me to stay focused as we continue this project. You are my best friend, and I thank you for putting up with my late-night rewrites and rambling debates with Matt and Bill. I often say that cybersecurity cant mature in a box, but as part of a community it will flourish and protect organizations. With that in mind, Id like to thank the collaborative San Diego cybersecurity community. I am truly grateful for the support and partnership that I have received over the last 20 years. I especially appreciate my friends and colleagues at Peerlyst, ISC2, ISACA, ISSA, OWASP, CCOE, InfraGard, EvoNexus and the CISO Round Table. Each of you in your way contributed to the knowledge and passion that I have today for cybersecurity and the role of CISO. I am honored to count many of you as mentors, friends, and peers. Finally, I want to thank my two co-authors, Bill Bonney and Matt Stamper. I am happy I listened to your idea over fish tacos and beer. Walking this path together has been amazing. I am honored to count you as friends, and I look forward to continuing this journey together.