Skip to content
Menu
menu

Book Review: Premier CISO—Board & C-Suite: Raising the Bar for Cybersecurity

Reviewed by Ben Rothke, CISSP, CISM, CISA
17 February 2025

0225-book-review-Premier-CISO.jpgPremier CISO—Board & C-Suite: Raising the Bar for Cybersecurity. By Michael Oberlaender. Self-published; 191 pages; $54.99.

For many organizations, CSO (chief security officer) can often mean chief scapegoat officer. As Dr. Eugene Spafford of Purdue University spells out in Spaf’s first principle of security administration, “If you have responsibility for security but have no authority to set rules or punish violators, your own role in the organization is to take the blame when something big goes wrong.”

So, how does a CSO avoid being made a scapegoat?

Michael Oberlaender is a CISO with extensive experience in the field. His Global CISO series of books includes Strategy, Tactics, & Leadership: How to Succeed in InfoSec and Cybersecurity and C(I)SO—And Now What?: How to Successfully Build Security by Design. Oberlaender has come out with a third volume in the series, Premier CISO—Board & C-Suite: Raising the Bar for Cybersecurity. In this book, he guides the CISO through the sometimes-treacherous waters of dealing with the executive board, which often sees information security as a detriment and impediment.

As Jean-Christophe Gaillard writes in The Cyber Security Leadership Handbook for the CISO and the CEO: How to Fix Decade-Old Issues and Protect Your Organization from Cyber Threats, too many organizations appoint a pure technologist as CISO and then expect that person to use technology to solve security problems. But more often, the issues are more significant than that, and technology won’t—and usually can’t—solve them.

Oberlaender takes a similar approach to Jack Freund and Jack Jones in their influential book Measuring and Managing Information Risk: A FAIR Approach. They argue that in order to succeed with the executive board and gain their trust, you have to be able to speak to them in a language they understand. More often than not, that is in the language of business, not technology.

The book focuses on pragmatic and practical strategies CISOs can use to help them succeed in their role. There is little theory here; the author shares his advice and tactics based on many decades of experience as a CISO and in several organizations.

It's said that “leaders are made, not born.” Real leadership skills are developed through hard work, experience, and learning. Those looking to become an effective CISO will find Premier CISO—Board & C-Suite: Raising the Bar for Cybersecurity a valuable resource.

 

Reviewer: Ben Rothke, CISSP, CISM, CISA, is a New York City-based senior information security manager with Tapad who has more than 20 years of industry experience in information systems security and privacy. His areas of expertise are risk management and mitigation, security and privacy regulatory issues, design and implementation of systems security, encryption, cryptography, and security policy development. Rothke wrote Computer Security—20 Things Every Employee Should Know.

 

Focus on Convenience Store

Ready, Steady, Go: Keeping Convenience Stores Safe from Physical Threats

Head-On Collision: Storefronts Are No Stranger to Vehicle Crashes

Making Coordination With Law Enforcement More Convenient

0225-sm-convenience-stores-legal

Best of Security Management

Government Security Professionals Grapple with Following Procedure Amid DOGE Demands

Parking Security: Modern Solutions for Timeless Threats

Soft Skills Pay Off for Retailers Creating Safer Workplaces

United States Designates 8 Cartels as Terrorist Organizations

5 Steps to Improve Situational Awareness and Public Safety at Large Events

Violence for the Sake of Violence: Understanding Nonideological Extremism
arrow_upward