Book written by Matthew K. Sharp and Kyriakos "Rock" Lambros

Book review by Georgianna Shea

Bottom Line

This is a must-read book for the aspiring CISO. However, I do not recommend the book for the Cybersecurity Canon Hall of Fame because it applies to a narrow scope of cybersecurity professionals.

Review

Cybersecurity may be your world, but it isn't everybody's world. Read this book to understand how to align cybersecurity with the business mission and strategy effectively.  

I enjoyed "The CISO Evolution: Business Knowledge for Cybersecurity Executives" for several reasons. First, it is easy to read, with entertaining personal stories of the authors woven throughout the book. Second, it marries the world of business with that of the cybersecurity professional, which computer science and cybersecurity education organizations rarely do. Finally, it provides valuable resources to include a website with various tools, templates, and guides available for download. 

As the title states, Matthew K. Sharp and Kyriakos "Rock" Lambros wrote the book for the cybersecurity executive. However, the odds are you will not be a cybersecurity executive unless you have mastered the skills discussed in the book. For this reason, the book is a must-read for aspiring cybersecurity executives and an excellent desktop reference for the existing executive. 

Cybersecurity is a field that requires constant learning. Unfortunately, the cyber-career development path rarely includes business-related books and education. This results in many cyber professionals feverishly googling standard business terms and failing to communicate with the business leaders around them adequately. 

Sharp and Lambros skillfully demonstrate how cybersecurity jargon and technical data, no matter how compelling to the cyber professional, mean nothing to the decision maker. The authors illustrate the need for cybersecurity professionals to be able to speak the business language and understand how cybersecurity is aligned to business practices to be effective. More importantly, the authors provide valuable tools and resources on the website https://www.cisoevolution.com/, including:

• Business Impact Analysis Template
• Career History Form
• Competency Interviewing Guide
• Corrective Action Plan
• Crisis Communications Bank
• Criticality Analysis Process Model
• Information Security Project Portfolio Dashboard
• Interview Executive Summary
• Job Scorecard
• Risk Acceptance Form
• Risk Register Submission Template
• Risk Register Template

Back in the day, if you had a technical background, you found you were a candidate for the new and emerging CISO role. Today, technical skills are not enough. The authors explain the evolution of the CISO while detailing what knowledge is required to be an effective CISO. Gone are the days when being technically proficient was enough to be a CISO. Thank you, Matthew and Rock, for creating this one-stop shop resource that provides a bridge to the business world for the cyber professional!  

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!