Buch, Englisch, 288 Seiten
Insights from a Career in Cybersecurity
Buch, Englisch, 288 Seiten
ISBN: 978-1-394-39538-5
Verlag: Wiley
Transform your approach to cybersecurity leadership with specific, actionable techniques from a 25+ year veteran of the industry
In Lessons From the Frontlines: Insights from a Career in Cybersecurity, a 25+ year veteran of cybersecurity leadership, Assaf Keren, delivers an essential new approach to leading cybersecurity teams. Keren combines engaging, real-life stories drawn from decades spent in the industry – including his current role as Chief Security Officer at Qualtrics and former Chief Information Security Officer in PayPal – with hands-on, specific frameworks for implementing effective solutions in an environment that doesn’t tolerate error.
Lessons From the Frontlines goes beyond generic theory and high-level concepts. It dives deep into practical strategies for working cybersecurity professionals, explaining how to develop the personal characteristics you’ll need to succeed, build leadership competencies your teams will expect from you, address your own mental and physical health needs so you can deal with the challenges you’ll face, and apply all these lessons at scale in organizations of any size.
The author walks you through: - How to move from permission-seeking approaches to intent-based action that allows you to execute solutions in dynamic environments in real time
- Strategies for maintaining optimism and a healthy outlook that permits you to endure difficult periods and excel in adversity
- Techniques for building proactive, forward-thinking, and creative solutions that achieve more than reactive and defensive responses to threats
Perfect for practicing and aspiring cybersecurity executives, Lessons From the Frontlines is a must-read strategy guide for all cybersecurity practitioners and professionals interested in rising to – or excelling in – cybersecurity leadership roles.
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
Acknowledgments
About the Author
Part I Personal Foundations
Chapter 1 Curiosity The Foundation of Everything From Military to Information Security The Danger of “Knowing Enough” The Long Road Back to Competence Curiosity in Practice Question Everything Explore Actively Connect Dots Share Knowledge Building Curiosity Into Your Teams and Leadership Creating Systematic Curiosity Curiosity Audits and Cross-Training Curiosity as a Diagnostic Tool Questions for Systematic Curiosity The Business Case for Curiosity Questions for Reflection Moving Forward
Chapter 2 Grit From Limitation to Possibility Grit vs. Stubbornness Building Grit from Difficult Feedback Grit in High-Pressure Security Situations Building Grit in Security Teams The Physical Dimensions of Grit Recognizing Walls in Others The Role of Support Systems The Compound Effect of Grit Questions for Building Personal Grit Moving Forward
Chapter 3 Optimism Communicating with Realistic Hope Optimism in Action: Leadership During Crisis Optimism as Strategic Thinking Building Optimistic Security Teams Celebrating Learning from Incidents Focusing on Capability Improvement Treating Challenges as Development Opportunities Maintaining Perspective About Security’s Value The Business Case for Optimism Practical Optimism Moving Forward
Part II Core Leadership CompetenciesChapter 4 Execution The Shift to Intent-Based Leadership From Permission to Communication Building Internet-Based Teams Competency-Based Autonomy Decision Rights and Organizational Accountability Avoiding the Leadership Bottleneck Accountability Without Micromanagement Two-Way Doors vs. One-Way Doors in Security Two-Way Door Security Decisions One-Way Door Security Decisions Security-Specific Decision Framework Execution in Security Operations Learning from Execution Failures Building Decision-Making Capability Questions for Reflection
Moving Forward
Chapter 5 Change Management Change as Leadership Competency The Human Element of Change Resistance Transparency and Candor in Change Communication Balancing Honesty with Motivation Building Change-Ready Security Teams Managing the Pace and Scope of Security Change The Art of the Possible Change Management in Security Context Leading Through Uncertainty Questions for Reflection Moving Forward
Chapter 6 Business and Finance Acumen The Business Function Imperative Learning from Business-Savvy Security Leaders Three Questions That Define Business Understanding Understanding Sales: Enabling Deal Flow Understanding Engineering: Protecting Development Flow Understanding Finance: Quantifying Security Value Financial Frameworks for Security Decisions A Comprehensive Framework for Security Investment Planning Top-Down Analysis: Benchmarking Security Spend Bottom-Up Analysis: Capability-Based Investment Planning
Applying the Core, Context, Commodity Framework to Security Investments
The Wall Street Journal Test for Investment Decisions
Integration and Executive Presentation
Measuring Investment Effectiveness
A Critical Lesson About Board Relationships
Beyond the Basics: What Security Leaders Need to Know
Balancing Protection and Enablement
Risk in Business Context
Speaking the Language of Business
The Stock Price Philosophy
Building Business Relationships
Questions for Reflection
Moving Forward
Chapter 7 Diplomacy The Challenge of First Impressions Reading the Room Understanding Motivations and Concerns Navigating Organizational Dynamics The Power of Non-Transactional Relationships Crisis as Relationship Catalyst Beyond Relationship Building Building Security Champions Adapting Diplomatic Style Across Cultures and Contexts The Cost of Cultural Misunderstanding Diplomatic Adaptation Across Different Contexts The Preparation Imperative When Not to Execute: The Importance of Alignment The Execution Trap The “Clear is Kind” Principle Execution Requires Aligned Intent When to Walk Away Lessons for Organizational Execution Questions for Reflection Moving Forward
Chapter 8 State Reality, Inspire Hope The Framework That Changed Everything State Reality: The Foundation of Trust The Issue With Problem-Focused Communication When Reality is Really Bad Inspire Hope: The Path Forward Hope Through Capability and Action Hope Through Collaborative Problem-Solving Getting the Right People in the Room Practical Applications Across Security Leadership The Mindset Shift: From Problem Identifier to Solution Builder Building the Muscle for Balanced Communication When Hope Requires Long-Term Perspective Questions for Reflection Moving Forward
Part III The Human Side of Leadership
Chapter 9 Acknowledging Mental Challenges The Control Trap The Human Cost Learning the Recognize the Signs The Leadership Style Connection The Hidden Cost of Security Leadership Building Sustainable Security Leadership Creating Psychologically Safe Security Teams Building Inclusive Security Teams Culture Add vs. Culture Fit The Role of Support Systems Warning Signs of Burnout for Security Leaders Intervention and Recovery Questions for Reflection
Moving Forward
Chapter 10 Self-Help Strategies The Power of Leadership Vulnerability Building Personal Resilience Systems Managing PTSD in a High-Pressure Leadership Role Leading Through Crisis: Pandemic-Related Lessons in Vulnerability Building Non-Transactional Connection The Weather Check System Weekly Connection Calls Creating Organizational Support Systems Practical Daily and Weekly Strategies Daily Practices Weekly Practices Recovery from High-Stress Periods Immediate Recovery (Hours to Days) Medium-Term Recovery (Weeks to Months) Professional Help and When to Seek It Building Industry-Wide Change Questions for Reflection Moving Forward
Chapter 11 Building a Supportive Community of Mentors and Peers Common Challenges in Emerging Security Leaders The Power of True Mentorship What Makes Mentorship Work? The Daily Network Effect Building Your Professional Network Becoming a Mentor Yourself Industry Communities and Professional Development The Reciprocal Nature of Community Maintaining Relationships Over Time The Importance of Professional Support Systems Creating Organizational Cultures That Support Mental Health The Mental Challenge When Everything Depends on You The Unique Mental Challenges of Security Leadership Recognizing the Entrepreneur’s Paradox in Security Leadership The Compound Stress of Multiple Responsibilities Learning to Separate Identity from Outcomes Building Mental Resilience Through Diverse Experience Questions for Reflection Moving Forward
Part IV Strategic Leadership
Chapter 12 Leading From the Front What “Leading From the Front” Actually Means Being the First to Embrace Uncertainty Taking Ownership of Outcomes, Not Just Processes Creating Calm in Chaos Developing Others Whilst Driving Results The Evolution Across Leadership Director: Leading by Example VP: Leading Through Vision and Strategy CISO: Leading Through Influence and Inspiration The SOC Transformation: Leading Through Massive Change Year One: Building Foundation and Allies Year Two: Proving Value and Scaling Year Three: Achieving Comprehensive Coverage The Principle of “Experiences Over Scope” Leading Leaders: The Meta-Challenge The Strategic vs. Tactical Balance Building Organizational Resilience Questions for Reflection Moving Forward
Chapter 13 Product Thinking in Security The Services vs. Product Mindset Learning Product Management at Scale Applying Product Thinking to Internal Security Understanding Your Internal Customers Designing for User Experience Building Scalable Security Capabilities Measuring Product Success in Security The User Experience Imperative The PayPal Context: Balancing Security and Innovation The Anti-Pattern: Security as Productivity Killer Product Thinking and Security Strategy Portfolio Management for Security Capabilities Platform Thinking in Security Architecture The Trust and Security Brand Promise Designing Security That Feels Like a Feature Taking Responsibility for Brand Protection Customer Journey Mapping for Security The Business Case for Product-Driven Security Challenges of Product Thinking in Security Building Product-Thinking Security Teams Product Thinking and Vendor Relationships Questions for Reflection Moving Forward
Afterword The Leaders We Need The Journey Continues What I Hope for You Your Next Steps A Personal Note
Appendix: Case Study—Applying the Security Leadership Framework to Real-World AI Challenges The Moment of AI Acceleration Applying the Curiosity Framework Demonstrating Grit Through Challenge Maintaining Optimism in an AI World The Hope Framework Executing Without Permission Managing Change at AI Speed Business Acumen in the AI Era Diplomacy and Relationship Building Mental Health and AI Acceleration Results and Lessons Learned Questions for Your AI Journey Moving Forward
Index
Acknowledgments
About the Author
Part I Personal Foundations[MT1]
Chapter 1 Curiosity The Foundation of Everything[MT2] From Military to Information Security The Danger of “Knowing Enough” The Long Road Back to Competence Curiosity in Practice Question Everything Explore Actively Connect Dots Share Knowledge Building Curiosity Into Your Teams and Leadership Creating Systematic Curiosity Curiosity Audits and Cross-Training Curiosity as a Diagnostic Tool Questions for Systematic Curiosity The Business Case for Curiosity Questions for Reflection Moving Forward
Chapter 2 Grit From Limitation to Possibility Grit vs. Stubbornness Building Grit from Difficult Feedback Grit in High-Pressure Security Situations Building Grit in Security Teams The Physical Dimensions of Grit Recognizing Walls in Others The Role of Support Systems The Compound Effect of Grit Questions for Building Personal Grit Moving Forward
Chapter 3 Optimism Communicating with Realistic Hope Optimism in Action: Leadership During Crisis Optimism as Strategic Thinking Building Optimistic Security Teams Celebrating Learning from Incidents Focusing on Capability Improvement Treating Challenges as Development Opportunities Maintaining Perspective About Security’s Value The Business Case for Optimism Practical Optimism Moving Forward
Part II Core Leadership CompetenciesChapter 4Execution The Shift to Intent-Based Leadership From Permission to Communication Building Internet-Based Teams Competency-Based Autonomy Decision Rights and Organizational Accountability Avoiding the Leadership Bottleneck Accountability Without Micromanagement Two-Way Doors vs. One-Way Doors in Security Two-Way Door Security Decisions One-Way Door Security Decisions Security-Specific Decision Framework Execution in Security Operations Learning from Execution Failures Building Decision-Making Capability Questions for Reflection
Moving Forward
Chapter 5 Change Management Change as Leadership Competency The Human Element of Change Resistance Transparency and Candor in Change Communication Balancing Honesty with Motivation Building Change-Ready Security Teams Managing the Pace and Scope of Security Change The Art of the Possible Change Management in Security Context Leading Through Uncertainty Questions for Reflection Moving Forward
Chapter 6 Business and Finance Acumen The Business Function Imperative Learning from Business-Savvy Security Leaders Three Questions That Define Business Understanding Understanding Sales: Enabling Deal Flow Understanding Engineering: Protecting Development Flow Understanding Finance: Quantifying Security Value Financial Frameworks for Security Decisions A Comprehensive Framework for Security Investment Planning Top-Down Analysis: Benchmarking Security Spend Bottom-Up Analysis: Capability-Based Investment Planning
Applying the Core, Context, Commodity Framework to Security Investments
The Wall Street Journal Test for Investment Decisions
Integration and Executive Presentation
Measuring Investment Effectiveness
A Critical Lesson About Board Relationships
Beyond the Basics: What Security Leaders Need to Know
Balancing Protection and Enablement
Risk in Business Context
Speaking the Language of Business
The Stock Price Philosophy
Building Business Relationships
Questions for Reflection
Moving Forward
Chapter 7 Diplomacy The Challenge of First Impressions Reading the Room Understanding Motivations and Concerns Navigating Organizational Dynamics The Power of Non-Transactional Relationships Crisis as Relationship Catalyst Beyond Relationship Building Building Security Champions Adapting Diplomatic Style Across Cultures and Contexts The Cost of Cultural Misunderstanding Diplomatic Adaptation Across Different Contexts The Preparation Imperative When Not to Execute: The Importance of Alignment The Execution Trap The “Clear is Kind” Principle Execution Requires Aligned Intent When to Walk Away Lessons for Organizational Execution Questions for Reflection Moving Forward
Chapter 8 State Reality, Inspire Hope The Framework That Changed Everything State Reality: The Foundation of Trust The Issue With Problem-Focused Communication When Reality is Really Bad Inspire Hope: The Path Forward Hope Through Capability and Action Hope Through Collaborative Problem-Solving Getting the Right People in the Room Practical Applications Across Security Leadership The Mindset Shift: From Problem Identifier to Solution Builder Building the Muscle[MT3] for Balanced Communication When Hope Requires Long-Term Perspective Questions for Reflection Moving Forward
Part III The Human Side of Leadership
Chapter 9 Acknowledging Mental Challenges The Control Trap The Human Cost Learning the Recognize the Signs The Leadership Style Connection The Hidden Cost of Security Leadership Building Sustainable Security Leadership Creating Psychologically Safe Security Teams Building Inclusive Security Teams Culture Add vs. Culture Fit The Role of Support Systems Warning Signs of Burnout for Security Leaders Intervention and Recovery Questions for Reflection
Moving Forward
Chapter 10 Self-Help Strategies The Power of Leadership Vulnerability Building Personal Resilience Systems Managing PTSD in a High-Pressure Leadership Role Leading Through Crisis: Pandemic-Related Lessons in Vulnerability Building Non-Transactional Connection The Weather Check System Weekly Connection Calls Creating Organizational Support Systems Practical Daily and Weekly Strategies Daily Practices Weekly Practices Recovery from High-Stress Periods Immediate Recovery (Hours to Days) Medium-Term Recovery (Weeks to Months) Professional Help and When to Seek It Building Industry-Wide Change Questions for Reflection Moving Forward
Chapter 11 Building a Supportive Community of Mentors and Peers Common Challenges in Emerging Security Leaders The Power of True Mentorship What Makes Mentorship Work? The Daily Network Effect Building Your Professional Network Becoming a Mentor Yourself Industry Communities and Professional Development The Reciprocal Nature of Community Maintaining Relationships Over Time The Importance of Professional Support Systems Creating Organizational Cultures That Support Mental Health The Mental Challenge When Everything Depends on You The Unique Mental Challenges of Security Leadership Recognizing the Entrepreneur’s Paradox in Security Leadership The Compound Stress of Multiple Responsibilities Learning to Separate Identity from Outcomes Building Mental Resilience Through Diverse Experience Questions for Reflection Moving Forward
Part IV Strategic Leadership
Chapter 12 Leading From the Front What “Leading From the Front” Actually Means Being the First to Embrace Uncertainty Taking Ownership of Outcomes, Not Just Processes Creating Calm in Chaos Developing Others Whilst Driving Results The Evolution Across Leadership Director: Leading by Example VP: Leading Through Vision and Strategy CISO: Leading Through Influence and Inspiration The SOC Transformation: Leading Through Massive Change Year One: Building Foundation and Allies Year Two: Proving Value and Scaling Year Three: Achieving Comprehensive Coverage The Principle of “Experiences Over Scope” Leading Leaders: The Meta-Challenge The Strategic vs. Tactical Balance Building Organizational Resilience Questions for Reflection Moving Forward
Chapter 13 Product Thinking in Security The Services vs. Product Mindset Learning Product Management at Scale Applying Product Thinking to Internal Security Understanding Your Internal Customers Designing for User Experience Building Scalable Security Capabilities Measuring Product Success in Security The User Experience Imperative The PayPal Context: Balancing Security and Innovation The Anti-Pattern: Security as Productivity Killer Product Thinking and Security Strategy Portfolio Management for Security Capabilities Platform Thinking in Security Architecture The Trust and Security Brand Promise Designing Security That Feels Like a Feature Taking Responsibility for Brand Protection Customer Journey Mapping for Security The Business Case for Product-Driven Security Challenges of Product Thinking in Security Building Product-Thinking Security Teams Product Thinking and Vendor Relationships Questions for Reflection Moving Forward
Afterword The Leaders We Need The Journey Continues What I Hope for You Your Next Steps A Personal Note
Appendix: Case Study—Applying the Security Leadership Framework to Real-World AI Challenges The Moment of AI Acceleration Applying the Curiosity Framework Demonstrating Grit Through Challenge Maintaining Optimism in an AI World The Hope Framework Executing Without Permission Managing Change at AI Speed Business Acumen in the AI Era Diplomacy and Relationship Building Mental Health and AI Acceleration Results and Lessons Learned Questions for Your AI Journey Moving Forward
Index [MT1]AQ: please confirm if positioning of Parts is correct or indicate changes. [MT2]AQ: see query in chapter 1. I have created this contents list using heading levels in the chapters. It’d be worth you ensuring these levels are all as you wanted them to be. [MT3]Skill or Muscle - see author answer in ch 8