The Cybersecurity Canon: Cybersecurity Leadership: Powering the Modern Organization

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!

Book Review by Canon Committee Member, DaMon Ross: Cybersecurity Leadership: Powering the Modern Organization (2015) by Mansur Hasib

Executive Summary

Cybersecurity is such a new and dynamic profession, most practitioners have their hands full just keeping up with the latest attack tactics and technology. Leading a cybersecurity function within an organization requires a multidimensional individual who possesses not just core leadership skills but also a technical and business acumen to navigate the complex relationship between cybersecurity, IT and business functions within an organization. In the book Cybersecurity Leadership: Powering the Modern Organization, author Mansur Hasib provides a view into the successes and potential pitfalls of cybersecurity leadership at the executive level.

Review

The book Cybersecurity Leadership by Mansur Hasib covers several key “must-know” areas for those who are aspiring to or are already in executive cybersecurity leadership positions.

The book defines cybersecurity as “the strategic (mission-focused and risk optimized) management of information technology and systems, which maximizes confidentiality, integrity and availability using a balanced mix of technology, policy and people while perennially improving over time.” It also continues to expand on the three key tenets of people, policy and technology. Hasib does well at describing such complex topics as the seven essential functions of a CIO, the challenges that occur when organizations place the CIO as a direct report to the CFO, and why the CIO and CISO must have a mutually supportive relationship.

We get highlights of some of the challenges around people management of IT professionals that any real-world practitioner will have encountered. Hasib explains why leaders should never allow themselves to be “held hostage” by practitioners who play employers against each other with competing offer letters. He notes the importance of ethics and the role it plays in cybersecurity leadership. Hasib also highlights the sensitivity of those in this role and how ethics should be a critical requirement of a cybersecurity leader.

Cybersecurity Leadership places a wide lens on technology, covering everything from the view leaders should have on software purchases to healthcare IT. The author notes the importance of considering free and open-source software as possible solutions to common technology needs. There was also considerable attention given to the impact technology has had on higher education and public schools.

Mansur Hasib is a world-renowned, best-selling author, public speaker and thought leader. Hasib holds a Doctor of Science in Cybersecurity, several industry certifications, and 12 years of experience as a Chief Information Officer.

Conclusion

Cybersecurity is a complex profession, and leading a cybersecurity organization can be a daunting task. Cybersecurity Leadership will equip a reader, already seasoned in management, with a view into the relationships, challenges and requirements to lead in cybersecurity. Although I’d have preferred less focus on technology and more on content around people management / organizational topics, I consider this book a good read for any technology leader.