What do you think?
Rate this book
The Cybersecurity Manager's Guide: The Art of Building Your Security Program
If you're a cybersecurity professional, then you know how it often seems that no one cares about (or understands) information security. InfoSec professionals frequently struggle to integrate security into their companies' processes. Many are at odds with their organizations. Most are under-resourced. There must be a better way. This essential manager's guide offers a new approach to building and maintaining an information security program that's both effective and easy to follow.
Author and longtime chief information security officer (CISO) Todd Barnum upends the assumptions security professionals take for granted. CISOs, chief security officers, chief information officers, and IT security professionals will learn a simple seven-step process for building a new program or improving a current one.
Build better relationships across the organization
Align your role with your company's values, culture, and tolerance for information loss
Lay the groundwork for your security program
Create a communications program to share your team's contributions and educate your coworkers
Transition security functions and responsibilities to other teams
Organize and build an effective infosec team
Measure your company's ability to recognize and report security policy violations and phishing emails
Author and longtime chief information security officer (CISO) Todd Barnum upends the assumptions security professionals take for granted. CISOs, chief security officers, chief information officers, and IT security professionals will learn a simple seven-step process for building a new program or improving a current one.
Build better relationships across the organization
Align your role with your company's values, culture, and tolerance for information loss
Lay the groundwork for your security program
Create a communications program to share your team's contributions and educate your coworkers
Transition security functions and responsibilities to other teams
Organize and build an effective infosec team
Measure your company's ability to recognize and report security policy violations and phishing emails
236 pages, Kindle Edition
Published March 18, 2021
17 people are currently reading
58 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
November 17, 2023
Some of the messages in the book are really good, others are a really good example of why cybersecurity is such a broken industry. Take the advice included with a grain of salt.
August 25, 2024
I really enjoyed this book and it's actionable 7 steps to building a security program. It works for anyone working in the cybersecurity space who is responsible for a team, even if they are not the CISO. I really love that it references the CISSP 8 domains as a framework, and helps you focus on the biggest impact areas.
Highly recommended for every person in security with aspirations of management, especially if you are trying for a guerilla security program.
Highly recommended for every person in security with aspirations of management, especially if you are trying for a guerilla security program.
June 10, 2024
I found this book far more interesting than expected. The author summarises the dilemmas of a CISO well and gives practical advice which may not be obvious to new entrants - eg fundamentally organisations have different risk appetites, you can't do everything yourself, focus on the basics etc. A must read for new CISOs.
Displaying 1 - 3 of 3 reviews