Book Review: Global CISO: Strategy, Tactics, and Leadership
Global CISO - Strategy, Tactics, & Leadership; by Michael S. Oberlaender. Self-Published; Available at Amazon.com; 297 Pages; $89.
At the beginning of every football season, the coach makes sure each player has a copy of the team playbook. Unless every player is on the same page and understands the team goals and strategy, there is no way victory can be achieved.
Similarly, a chief information security officer (CISO) must create a comprehensive playbook to set out the security strategy for their organization. This is a critical task, because an enterprise CISO has an incredibly important role to play in the organization.
In Global CISO - Strategy, Tactics, & Leadership, author Michael Oberlaender has written a guide to help CISOs and others who manage information security to understand the threats they are facing and create an appropriate strategy to develop countermeasures.
Ensuring that information security is done right can be a highly complex challenge. It is not just a technology issue. In addition, CISOs must manage people, compliance and regulations, business goals, and more. A CISO is often expected to do a lot with limited staff and budget. Having an effective strategy is key to getting this done—and here is where this book helps the reader.
For the newly minted CISO, the book provides a wealth of introductory information and data to use in creating an information security program. It is a good tactical guide that can show both new and experienced CISOs what they need to know to succeed in their role. This is crucial, because the CISO is often known as the chief information scapegoat officer. For a CISO to succeed, he or she must know how to avoid falling into that trap.
A point Oberlaender reiterates is that cybersecurity is a continuous process and function, not a one-time effort or technology solution. For the CISO who is looking for a guide to help with the process, this is a valuable reference.
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a senior information security specialist with Tapad, Inc.