Andreu / Monsegur | The CISO Playbook | Buch | 978-1-041-20056-7 | www.sack.de

Buch, Englisch, 280 Seiten, Format (B × H): 178 mm x 254 mm

Reihe: Security, Audit and Leadership Series

Andreu / Monsegur

The CISO Playbook

The Adversarial Mindset
1. Auflage 2026
ISBN: 978-1-041-20056-7
Verlag: Taylor & Francis Ltd

The Adversarial Mindset

Buch, Englisch, 280 Seiten, Format (B × H): 178 mm x 254 mm

Reihe: Security, Audit and Leadership Series

ISBN: 978-1-041-20056-7
Verlag: Taylor & Francis Ltd

Guiding security leaders and executives who hold the privilege of defending modern organizations, “The CISO Playbook - The Adversarial Mindset” is a leadership-focused blueprint for outmaneuvering adversaries that iterate relentlessly. In an era where attackers view corporate defenders as “dumb, weak, and ineffective” due to organizational drag and over-reliance on static tools, this book empowers leaders to reclaim the initiative by adopting a true adversarial mindset.

Harnessing the concept of Decision Advantage, the book moves beyond treating incidents as isolated technical events by thinking in adversary terms: objectives, constraints, and tradecraft. It bridges the gap between attacker methods and board-level risk, showing how to translate security outcomes into the language of economics, EBITDA, and revenue protection.

Operationalizing lessons from real-world campaigns like SolarWinds, Volt Typhoon, and Operation Aurora, the text connects tradecraft to operational reality. It introduces the unique metric of Time-to-Hazard Neutralization, moving past ticket metadata to focus on the verified removal of risk from the environment.

Spotlighting the rise of the “Artificial Adversary,” a central thread details how AI-enhanced human actors and autonomous systems act with malicious intent. From industrialized “vibe hacking” to active scanning and autonomous reconnaissance, the book reveals how AI accelerates the attacker’s OODA loop and how CISOs must respond by compressing their own defensive cycles.

Translating theoretical models into repeatable methods, the text provides strategies for terrain engineering, deception, and resilience-centric incident response. Written for CISOs, deputies, and security leaders, it serves those who both brief members of C-Suites and boards and also run outcome-based programs. Instead of remaining a reactive enforcer, readers will find a blueprint for becoming a proactive Enterprise Risk Leader. Navigating this shift ultimately rewards the disciplined observation required to outthink the opponent.

Andreu / Monsegur The CISO Playbook jetzt bestellen!

Zielgruppe

Professional Practice & Development, Professional Reference, and Professional Training

Autoren/Hrsg.

Andreu, Andres
Monsegur, Hector

Fachgebiete

Weitere Infos & Material

Chapter 1 - The Need to Understand the Adversary: 1.1 How Cyber Adversaries View Defenders, 1.2 Who Are the Adversaries?, 1.3 The Psychology of the Cyber Adversary, 1.4 Threat Intelligence and Adversary Analysis, 1.5 How to Adopt an Adversarial Mindset, 1.6 Benefits of Adopting an Adversarial Mindset, 1.7 Adversary Anecdote - MAC Attack at 30,000 Feet, 1.8 Historical Case Studies in Adversarial Thinking, 1.9 Case Study - The SolarWinds Attack (2020), 1.10 Understanding the Adversary as a Strategic Imperative, 1.11 Conclusion, References; Chapter 2 - The Motivations of Attackers: 2.1 The Psychological Drivers of Cybercrime, 2.2 The Forensic Psychology Perspective on Cybercriminals, 2.3 Socioeconomic and Cultural Factors of Cybercrime, 2.4 Case Study - The Twitter Hack (2020), 2.5 The Evolution of Cyber Threat Actors, 2.6 Adversary Anecdote - Boast, Toast, and Breach, 2.7 Leveraging the Adversarial Mindset, 2.8 Conclusion, References; Chapter 3 - Cognitive Biases and Decision-Making in Cyber Warfare: 3.1 Why Bias Matters to CISOs, 3.2 The Adversary’s Decision-Making Process, 3.3 Groupthink in Cybersecurity Teams, 3.4 Case Study - Operation Aurora (2009), 3.5 How CISOs Can Overcome Bias in Cybersecurity Leadership, 3.6 Adversary Anecdote - Deepfakes, Shallow Checks, 3.7 How CISOs Can Make Bias-Resistant Decisions, 3.8 Conclusion, References; Chapter 4 - The Attacker’s Toolbox – Techniques, Tactics, and Procedures: 4.1 Understanding the Attacker’s Approach, 4.2 Adversary Anecdote - Jackpot Pivot: Casino to Code, 4.3 Advanced Persistent Threats (APTs) - The Long Game, 4.4 Case Study - The Sony Pictures Hack (2014), 4.5 Building an Adversary-Focused Defense Strategy, 4.6 Conclusion, References; Chapter 5 - Acting Like an Attacker - Red Teaming for Leadership: 5.1 What Exactly is Red Teaming?, 5.2 Why CISOs Need Red Teaming in Their Security Strategy, 5.3 The Business Case for Red Teaming - Moving Beyond Compliance, 5.4 Understanding Red Teaming vs. Penetration Testing, 5.6 How CISOs Can Implement Red Teaming in Their Organizations, 5.7 Building a Realistic Adversary Simulation Program, 5.8 Integrating Adversary Simulations into Business Leadership, 5.9 Adversary Anecdote - Controls Don’t Coordinate Themselves, 5.10 Overcoming Common Challenges in Red Teaming, 5.11 Case Study - U.S. Department of Defense Cyber Table Top Exercises, 5.12 Some Examples of Red Teaming in Action, 5.13 The Future of Adversary Simulation - AI, Autonomous Agents, and the Next Frontier of Threat Emulation, 5.14 Conclusion, References; Chapter 6 - Cyber Deception and Psychological Warfare: 6.1 Cyber Deception, 6.2 Case Study - The Use of Deception Techniques in Exposing the APT1 Group, 6.3 Psychological Warfare, 6.4 Adversary Anecdote - Official Updates, Unofficial Backdoors, 6.5 Case Study - Israeli Cyber Warfare Tactics, 6.6 Conclusion, References; Chapter 7 - Breaking the Attacker’s Kill Chain: 7.1 Understanding the Cyber Kill Chain, 7.2 Disrupting the Kill Chain at Each Stage, 7.3 Adversary Anecdote - Cut the Wire, Cut the Story, 7.4 Conclusion, References; Chapter 8 - Adversary Informed Threat Intelligence - Turning Data into Action: 8.1 Understanding Threat Intelligence, 8.2 Why Threat Intelligence Fails in Many Organizations, 8.3 Adversary Anecdote - Indicators Don’t Defend, Teams Do, 8.4 Integrating Threat Intelligence into Security Operations, 8.5 Using MITRE ATT&CK for Intelligence-Driven Security, 8.6 Case Study - The Capstone Turbine Breach (2023), 8.7 Future of Cyber Threat Intelligence - AI-Driven Threat Prediction, 8.8 From Detection to Anticipation, 8.9 Conclusion, References; Chapter 9 - Adversary Informed Cyber Resilience and Incident Response: 9.1 What is Cyber Resilience?, 9.2 The Adversarial Informed Approach to Cyber Resilience, 9.3 Adversary Anecdote - Breaking News: You’ve Been Owned, 9.4 The Adversarial Informed Approach to Incident Response, 9.5 Case Study - The NotPetya Attack - A Cyber Resilience Success Story (2017), 9.6 The Role of AI in Next-Gen Incident Response, 9.7 Conclusion, References; Chapter 10 - The Artificial Adversary - AI Technologies: 10.1 AI Technologies in Cybersecurity, 10.2 Adversary Anecdote - Click Install, Ship Secrets, 10.3 Case Study - GTG-1002: The First Reported AI-Orchestrated Cyber-Espionage Campaign (2025), 10.4 Conclusion, References; Chapter 11 - The Artificial Adversary: 11.1 Offense - AI as a Weaponized Tool, 11.2 Defense - AI-Driven Capabilities and Strategies, 11.3 Autonomous Adversary - Beyond Human Control, 11.4 Case Study - RunSybil - Autonomous AI Agents Simulate Real-World Hacking (2024), 11.5 AI Governance, Security Frameworks, and Maturity Models, 11.6 Ethical and Legal Considerations, 11.7 Metrics and KPIs for AI Security Effectiveness, 11.8 Adversary Anecdote - Prompt, Paste, Profit, 11.9 Emerging Artificial Threat Trends, 11.10 Conclusion, References; Chapter 12 - The Future of the CISO as an Adversary Aware Entity: 12.1 Future Cyber Adversaries, 12.2 From Security Enforcer to Enterprise Risk Leader, 12.3 Building Decision Advantage, Not Just Defenses, 12.4 Adversary Anecdote - When the Pipes Talk, 12.5 Regulatory and Fiduciary Shifts, 12.6 Case Study - The Volt Typhoon Campaign (2023), 12.7 The Evolving Role of the CISO, 12.8 Conclusion; Appendix A - Example Adaptive IR Playbook - Ransomware With Possible Data Theft: Phase 0: Activation (T0 to T0+15m) - Containment, Phase 1: Evidence Preservation (ENTER once incident mode is declared; start by T0+60m; run in parallel through Phases 2–3), Phase 2: Initial Access and Privilege Check (start by T0+1h; checkpoint findings by T0+4h), Phase 3: Containment Hardening (ENTER after Gate A classification; begin immediately for A2 outbreaks, otherwise begin by T0+4h; core guardrails in place by T0+12h), Phase 4: Recovery Execution (begins after Gate D decision; typically ~T0+24h onward depending on scope/confidence), Phase 5: Post-Incident Improvements (T0+7d to T0+30d), Gate A: Scope Classification (complete by T0+30m), Gate B: Exfiltration / Double-Extortion Determination (start by T0+2h; re-assess at least every 2h until de-escalation), Strategic Note, Gate C: Eradication Confidence (before any restoration), Gate D: Restore Strategy Selection (decision by T0+24h; execute restore waves from T0+24h to T0+72h+ depending on scope/confidence); Appendix B - Mindset-Informed Adversary Emulation with Open-Source Tools: B.1 Objective, B.2 Tools and Building Blocks, Installing CALDERA with the Stockpile Plugin, B.3 High-Level Workflow, B.4 Roles and Responsibilities, B.5 Exercise 1: Mindset-Informed Emulation of APT29 (SolarWinds-Style Post-Compromise), Adversary Objective.

Andres Andreu is currently the Chief Executive Officer (CEO) at Constella Intelligence, a 4X Chief Information Security Officer (CISO), and a renowned cybersecurity leader. He holds prestigious credentials including CISSP and ISSAP and is a Boardroom Certified Qualified Technology Expert (QTE). With a diverse career traversing federal government, corporate sectors, and entrepreneurial ventures in cybersecurity, he is a mentor, startup advisor, and an acclaimed author.

His government tenure includes a significant impact in lawful intercept technology within federal law enforcement, earning three U.S. Department of Justice awards for his contributions to drug law enforcement. Transitioning to the corporate realm, Andres made a mark at Ogilvy & Mather as a partner and Chief Application Architect, later consulting for high-profile entities like the United Nations. As a founding member and key executive at Bayshore Networks (acquired by Opswat in 2021) and cybersecurity leader at Constella Intelligence, 2U, Inc./edX, and Hearst, his expertise has been pivotal in shaping varying cybersecurity landscapes.

Andreu's leadership and innovative approaches have garnered him accolades such as a Top 100 CISO (C100) by Security Current, Top 50 Information Security Professional, and recognition in leading industry publications. His experience encompasses both offensive and defensive cybersecurity strategies, underpinned by a philosophy that balances executive and employee objectives.

Author of “The CISO Playbook”, “Professional Pen Testing Web Applications”, and contributor to “97 Things Every Application Security Professional Should Know”, his work extends beyond writing to inventing, with patents in cybersecurity innovations. He is also an active member of the Forgepoint Capital Cybersecurity Advisory Council.

A Cuban immigrant and proud American citizen, Andres balances his professional achievements with a happy marriage and four wonderful kids. He is an International level certified Judo coach with USA Judo, and an artist. Andreu's multifaceted career and personal achievements highlight his profound impact on the cybersecurity field and beyond.

Hector Monsegur, known globally online as “Sabu,” is one of the most infamous names in the history of hacking. As the driving force behind the legendary hacking collective LulzSec, an offshoot of Anonymous, he spearheaded high-profile breaches against Sony Pictures, PBS, Fox.com, and multiple government systems. His campaigns during the early 2010s redefined the scale and spectacle of cyber intrusions, making him a symbol of the hacker underground and a pivotal figure in the evolution of digital security.

After his arrest in 2011, Monsegur shocked the world by cooperating with U.S. federal authorities, helping to disrupt major planned cyberattacks and prevent untold damage. This unexpected turn gave him rare insight into both sides of the cybersecurity battlefield - the tactics of hackers and the mechanisms of law enforcement. His transformation from blackhat to security insider is a story of redemption and reinvention, steeped in controversy, credibility, and unmatched real-world experience.

Today, Hector is Chief Research Officer at SafeHill, a cutting-edge cybersecurity research firm dedicated to protecting organizations from the kinds of threats he once unleashed. SafeHill’s services include elite penetration testing and its flagship threat exposure management platform, SafeHill SecureIQ, which enables businesses to identify, prioritize, and eliminate vulnerabilities before attackers can exploit them. Under his leadership, SafeHill is quickly earning a reputation as a disruptive force in the cybersecurity industry.

Beyond his work at SafeHill, Monsegur is an accomplished co-author, adjunct professor, and sought-after keynote speaker. He brings his signature edge and authenticity to classrooms, conferences, and boardrooms alike, training professionals and students to think like hackers while defending like strategists. His experience bridges underground hacking culture and enterprise-level security operations, making him one of the few experts who truly understands the full spectrum of cyber risk.

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.