Cybersecurity Leadership Demystified
It is with the utmost excitement that I finally announce the availability of my new book “Cybersecurity Leadership Demystified ” You can get a copy now at Amazon, Packt and many other book retailers :
I am thankful to Melih Abdulhayoglu who wrote the foreword of the book and also thankful to all the experts who has contributed in the ask the expert bonus chapter. Thank you Marcus, Timothy C. Adel , Mert , Mike, Paula, Dr. Suleyman, Vladimir, Raif, Raymond and Sukru,
Dr Erdal Ozkaya.
About Cybersecurity Leadership Demystified
A comprehensive guide to becoming a world-class modern cybersecurity leader and global CISO
- Discover tips and expert advice from the leading CISO and author of many cybersecurity books
- Become well-versed with a CISO’s day-to-day responsibilities and learn how to perform them with ease
- Understand real-world challenges faced by a CISO and find out the best way to solve them
The chief information security officer (CISO) is responsible for an organization’s information and data security. The CISO’s role is challenging as it demands a solid technical foundation as well as effective communication skills. This book is for busy cybersecurity leaders and executives looking to gain deep insights into the domains important for becoming a competent cybersecurity leader.
The book begins by introducing you to the CISO’s role, where you’ll learn key definitions, explore the responsibilities involved, and understand how you can become an efficient CISO. You’ll then be taken through end-to-end security operations and compliance standards to help you get to grips with the security landscape. In order to be a good leader, you’ll need a good team. This book guides you in building your dream team by familiarizing you with HR management, documentation, and stakeholder onboarding. Despite taking all that care, you might still fall prey to cyber attacks; this book will show you how to quickly respond to an incident to help your organization minimize losses, decrease vulnerabilities, and rebuild services and processes. Finally, you’ll explore other key CISO skills that’ll help you communicate at both senior and operational levels.
By the end of this book, you’ll have gained a complete understanding of the CISO’s role and be ready to advance your career.
What You Will Learn:
- Understand the key requirements to become a successful CISO
- Explore the cybersecurity landscape and get to grips with end-to-end security operations
- Assimilate compliance standards, governance, and security frameworks
- Find out how to hire the right talent and manage hiring procedures and budget
- Document the approaches and processes for HR, compliance, and related domains
- Familiarize yourself with incident response, disaster recovery, and business continuity
- Get the hang of tasks and skills other than hardcore security operations
Who this book is for:
This book is for aspiring as well as existing CISOs. This book will also help cybersecurity leaders and security professionals understand leadership in this domain and motivate them to become leaders. A clear understanding of cybersecurity posture and a few years of experience as a cybersecurity professional will help you to get the most out of this book.
To order from Amazon click here :
As CISO – especially in a new organization – you need to balance being a Cybersecurity guru and business acumen. Of course you will also need to start creating a cybersecurity strategy – or revise it if it exists – creating a budget , build your team but also spend time o manage the expectations of your stakeholders.
Below are the 7 essentials of staring your CISO role :
- Do you know what are you doing in your next 100 days Do you know all your assets , crown jewels – are they reflected in your 100 days plan ?
- What is your Incident Response Plan? Are you ready to recover from a cyber attack ? Did you asses the organization and presented the finding to the board?
- Are you up to date ? Did you prioritize the essential 10-15 critical few key controls, are they tested and ready for coverage and maturity?
- What is your scope? Are roles and responsibilities defined in writing and assigned to accountable executives and their teams ?
- Do you have a measurable cyber-resilient culture change program in place ? Don’t forget its CISO’s priority to work with the CEO/ Board and create a cyber culture organization wide , with Assume Breach in mind
- Do you know your key customers ? Did you start to reach them out and build / strengthen relation?
- Create / define your partners ! Leverage new innovations
Where do CISO’s stand today ?
The role of chief information security officer (CISO) is not what it was five or 10 years ago. According to those who find themselves in the role today, that’s not necessarily a bad thing.
In the past, it used to be that chief security officers (CSOs) were over-glorified IT security administrators, babysitting the firewalls, arguing with software vendors over botched antivirus signature updates and cleaning spyware off of infected laptops and desktop PCs. True, that’s still the role some CSOs in Middle East region find themselves in, but for the majority the responsibility has shifted to looking at the big picture and designing the programme that balances acceptable risks against the unacceptable.
In an ideal world, today’s CISO hires someone else to handle all those technical security tasks. Of course, the question is whether you can inspire them to do what you once had to do or if you’ll turn them off with an attitude of superiority.
Being a CISO used to be a hard core cybersecurity role, however, the function of the CISO involves much more business leadership and risk management. Today, a CISO must be able to help executives at C-suite level to understand risk as it is about bits. CISOs in any enterprise organization in the Middle East must-have skills to be able explain security for non techies, build and maintain critical relationships and communicate at both senior and operational levels. Soft skills are critical to evangelizing security initiatives and celebrating wins, which need to be expressed as business outcomes.
Cybersecurity is gaining importance due to the increased number of cyberattacks and the huge losses that victims are reporting. However, in many organizations the implementation of cybersecurity comes as a consequence of a threat or an attack. Organizations can decide to mount reactive, proactive and operational cyber-defenses, or a combination of the three depending on financial capabilities and levels of exposure to threats. Having a CISO will go through the three types of approaches to implementing cybersecurity and help the organization to choose the optimal cyber-defense strategy.
The best ways to foster an atmosphere of innovation
Everything starts with having and building a team which you can relay, a team that can take ownership of ‘client problems, a team that can benchmark against the best. As a leader, CISOs prime focus should be to create a culture of innovation and build effective teams, which can focus on the work that needs to be done. We need to embrace experimentation and risk as well as listen to the teams we build and challenge as necessary. If you can empower your team with a leadership that inspires and values them, the innovation fostering atmosphere will eventually manifest itself.
What is a Cybersecurity Strategy ?
A cybersecurity strategy is a plan for managing organizational security risk according to a defined risk tolerance for the organization to meet the business and organizational objectives and goals. In addition, the cybersecurity strategy shouldn’t be focusing being secure as possible, but on being secure as necessary and for that to happen, you must balance security investments to keep security assurances strong.
Once you do that then you also need to understand the ‘threat actor factor’. Sophisticated attackers will only choose avenues that they can exploit successfully. If you look for weakest links, know your vulnerabilities and try to not have any misconfigurations, minimize the human error and have good vendors to trust you should be okay and this will build even more confidence on getting the right support from the business as well as the IT teams.
Cybersecurity Experts who has contributed in the book
I’m honored to welcome
Dr. Timothy Summers, Dr. Suleyman Ozturk, Dr. Mike Jankowski, and my very close friends Marcus Murray,
and Mert Sarica.
They shared their time, insight, and experiences freely and without reservation. I am thankful for the contribution of their expertise and wisdom in this book.
Let’s learn more about those experts :
Marcus Murray is the founder of Truesec and an internationally recognized cyber expert with 20+ years of experience in enabling organizations to predict, protect, detect and respond to cyber threats.
Marcus is frequently interviewed in national television, news press and media. He is also a top rated keynote speaker at cyber security and tech events worldwide, raising awareness about cyber threats, vulnerabilities and how to prevent cyber breach.
Marcus is the creator of state-of-the art cyber programs at Truesec and is a front runner in advanced threat intelligence and breach detection and response. He is also orchestrating large red team assignments, cyber incident response efforts and other cyber operations at global enterprise customers, government agencies, banks and military organizations.
Adel Abdel Moneim
Adel Abdel Moneim, Registered ITU/ARCC Cybersecurity Expert, has over 25 years of experience in the IT / Cyber Security fields, spending most of his career in Information Security Consultation and Training. Adel is Globally recognized as a security Top Influencer “IFSEC Global influencers in security and fire 2019 in Security thought leadership category. In 2020 and 2021 Adel was selected top influencer in the cyber security category ranking # 3 and # 2 respectively at the global level.
Becoming the first Licensed Penetration Tester (LPT) in Egypt (2008), it comes as no surprise that Adel has been awarded the instructor of the year / Circle of Excellence awards from EC Council for Africa / Middle East regions eight times between 2008 and 2016.
Dr. Timothy C. Summers
Dr. Timothy C. Summers is a seasoned, high-impact executive with broad strategic perspective and a proven track record in growing businesses, delivering solutions to problems, and developing and executing sound internal processes from the ground up. He is an ethical hacker, professor, frequent media commentator, TED speaker, and consulted expert internationally recognized as one of the world’s leading experts on cyber strategy, blockchain, normal chaos, and how hackers think. He is a trusted adviser and executive consultant to Fortune 500 companies, academic institutions, and governments worldwide.
Timothy specializes in the scholarship and practice of hacker cognitive psychology (the hacker’s mindset) and normal chaos paradigm enabling him to advise on building and sustaining organizations during times of uncertainty. Dr. Summers is an executive scholar with an in-depth understanding of disruptive technologies and their strategic applications, as well as international business expertise, having conducted business in North America, the UK, Europe, Africa, and Asia. He is a motivated self-starter who has developed a thriving, reputable consulting practice that is considered among the best in the world while maintaining a dedication to community service.
Mert is a well-known and respected Cyber Security Researcher, Speaker and Blogger.
As of 2020 October, Mert is an Executive Vice President / CISO of IT Security & Risk Management Group which incorporates Cyber Defense Center, Cyber Security Technologies, Cyber Security Architecture, Information Security & Risk Management teams (40 HCs) at Intertech. Intertech is an Information Technology subsidiary of DenizBank, owned by Emirates NBD
In January 2018 – September 2020 as the Vice President, Mert was responsible for the management of Akbank‘s Cyber Defence Center (CDC) which incorporates Vulnerability Management, Threat Detection, Threat Response & Intel and Security Engineering teams. (26 HCs)
In 2007 – 2017 Mert was responsible for performing and managing penetration tests, malware analysis, security incident detection and response as a Technical Lead in Threat & Vulnerability Management team at IBTech. (Information Technology subsidiary of QNB Finansbank)
In 2014 – 2016 Mert instructed Malware Analysis course in Cyber Security Graduate Program at Bahcesehir University.
In 2003 Mert’s career journey began by discovering a security vulnerability on the e-portal web application of the Yeditepe University where he was studying at that time. After sharing his findings with the executives of the university, he was awarded with an achievement grant and recruited as an Ethical Hacker. Mert graduated from Yeditepe University, Information Systems and Technologies in 2006 and Yeditepe University, Master of Business Administration program in 2010.
From the beginning of 2011 Mert spoke at more than 30 technical cyber security conferences. In addition, he was invited as a guest speaker to more than 40 universities to share his cyber security career journey and his profession “Ethical Hacker” to the students as a role model.
Dr Mike Jankowski-Lorek
Dr Mike is a security expert, solution architect & developer with more than 12-years experience in the field. He specializes in Databases, Network & Identity Management area, mainly for the Microsoft ecosystem.
Mike holds multiple certifications, especially security, database and software development related. He is know to be passioned about IT & education and he hold a PhD degree in Computer Science. Mike works at Cqure
Dr. Süleyman Özarslan
Dr Ozarslan is the a co-founder and VP of Picus Labs at Picus Security, which develops innovative cybersecurity software that assesses and validates the effectiveness of security controls.
He holds a Ph.D. degree in Information Systems from Middle East Technical University.
Dr Ozturk has received several academic and professional awards and medals throughout his career, such as the “SANS Institute RSA 2016 NetWars Global Interactive Cyber Range Award” and “Medal of Centre of Excellence Defense Against Terrorism.”
He trained security experts from 10 different countries as part of NATO Advanced Cyber Defence Training Courses. He has a special focus on cyber threats, malware analysis, penetration testing, application security, and security controls. Since 2002, He has published various academical papers in information security
After serving more than 23 years at Turkish Gendarmerie, he recently joined DIFOSE as CIO. DIFOSE which stands for Digital Forensic Services provides a superior level of investigative, consulting, and training services.
Vladimir Meloski is a Microsoft Most Valuable Professional on Office Apps and Services, Microsoft Certified Trainer and consultant, providing solutions based on Office 365, Exchange Server, and Microsoft Azure.
With a bachelor degree in computer sciences, Vladimir has devoted more than 20 years of professional experience in information technology. Vladimir has been involved in Microsoft conferences in Europe and in the United States as a speaker, moderator, proctor for hands-on labs, and technical expert. He has been also involved as an author and technical reviewer for Microsoft official courses, including Exchange Server 2019, 2016, 2013, 2010, 2007, Office 365 and Windows Server 2016 and 2012, and one of the book authors of “Mastering Microsoft Exchange Server 2016“, “Troubleshooting Microsoft Exchange Server 2016” and “Mastering Windows Server 2016”.
As a skilled IT professional and trainer, Vladimir shares his best practices, real-world experiences, and knowledge with his students and colleagues, and is devoted to IT community development by collaborating with user groups worldwide.
He enjoys his spare time in country with his son and wife.
Şükrü is one of the leading experts in the field of cybercrime investigations on a global scale. He is an award-winning speaker & technical expert in worldwide conferences organized by INTERPOL, EUROPOL, FIEP, NATO, and OSCE. He is the founder and CEO of DIFOSE
Multi-focused ICT specialist/architect with broad experience designing and implementing Microsoft centric IT infrastructures. Direct experience with companies ranging from small business to multi-national banking and governments.
Known as an inspiring speaker on a wide range of ICT subjects.
Also active as a Microsoft Certified Trainer, Author and ICT Journalist.
Specialties: Windows Modern Workplace, Cloud Transition, Security, PKI, Clustering, Windows based infrastructure design and implementation.
The book will help you to answer questions like
- Why is leadership important in cyber security ?
- Learn tp be effective cybersecurity leadership
- Who should lead cyber security ?
- What are the attributes of cyber security ?
- How CISO’s can reduce risks ?
- What is a security leader?
and you will learn :
- cybersecurity executive education
- cybersecurity leadership principles
- cybersecurity leadership training
- roadmap for cyber security career
Who leads cyber security?
Why is leadership important in cyber security?
cybersecurity leadership: powering the modern organization pdf
cyber security certifications
program development for business