Why CISOs Fail

"The average tenure for a CISO today is two and a half years. Any CISO who reads this book and uses it as a guide will extend that average. Through his entertaining narration of experiences and their outcomes, Barak Engel brings the reader to the inevitable conclusion that integrating security into business practices should never be an adversarial process with internal partners. With this book, Barak shatters the myth that successful CISOs have to be technologists first and foremost – without attention to the role that security can play in facilitating business goals and objectives. His well-written and humorous anecdotes and musings make it crystal clear that a good CISO is a business enabler, and he provides experiential guidance on what that means in today’s threat environment. - Greg Reber, CEO, AsTech ""In the realm of cybersecurity, Barak champions the human perspective, a viewpoint often overlooked. The key lies in recognition; Overloading individuals with jargon and a multitude of problems simultaneously reduces the motivation. People thrive on logic; they need to understand the underlying problem and its significance in the cybersecurity landscape to feel motivated to solve it. Throughout history, the most groundbreaking inventions emerged from human motivation, evident in creations like Linux, Git, Falco, Wahuz, and Kubernetes etc. Barak advocates prioritizing cybersecurity issues logically and introduces gamification—an approach that taps into our inherent love for healthy competition and recognition. His innovative proposal of a leaderboard provides the acknowledgment individuals crave. Research attests that completing tasks brings immense satisfaction, and people have a finite capacity to solve problems daily. Barak, by uniting these ideas, has provided a fresh perspective that could revolutionize cybersecurity practices."" - Anshu Bansal, CEO, CloudDefense.AI “What sets this book apart is it's authenticity. It clearly defines how a CISO helps drive the business to innovate and grow. It prompts a mindset shift that every executive should come to understand about the true value of good cybersecurity in modern business.” - Mike Hamilton, VP of IT, Cruise “Why CISOs Fail"" by Barak Engel is an absolute gem in the world of cybersecurity literature. Engel's writing style is captivating, drawing readers in with a delightful blend of humor and playfulness. It's a rare treat to find a book on such a serious subject that manages to infuse fun into its pages while maintaining the utmost professionalism. Engel's prose is as engaging as it is informative, making this book a joy to read. What truly sets ""Why CISOs Fail"" apart is its ability to inject the much-needed human element into the realm of information security. I’ve personally found the insight offered in the book to be a contributing factor in elevating my own mindset in approaching information security with a central focus on people and the business. The results have been nothing short of remarkable with stakeholders delighted with the realized outcomes. Engel takes a thoughtful approach to dissecting the challenges Chief Information Security Officers face, offering profound insights into the personal and organizational dynamics that often go unnoticed. This book not only educates but also empathizes with the individuals tasked with safeguarding our digital world. It's a must-read for anyone in the field, and even those outside of it will find themselves thoroughly engrossed and enlightened by Engel's unique perspective. In a world where the stakes are high and the margin for error slim, ""Why CISOs Fail"" is a breath of fresh air that should be celebrated and widely shared. In this updated edition, Barak expands further on the first edition and introduces two pivotal concepts for security management that are poised to further solidify ""Why CISOs Fail"" as an essential reference for anyone seeking to navigate the complex landscape of information security with intelligence and finesse. I highly recommend this book to anyone curious about the information security field and strongly encourage it for members of my team and cross-functional security partners.” - Michael Choui, CEO, Atlas One This book describes the challenges of conventional security mindsets and provides actionable steps for security professionals to align with the business objectives. This alignments puts security as part of the trade-offs business executives are making daily instead of considering security only when required. The author's use of stories and humor makes it easy to recall the key points. This book is not for those who think the current security approach is successful, but it is a guide for those who realize the existing approach needs to change to be successful. While the read is quick the concepts are very deep and thought provoking - I highly recommend this book. - Dave Tempero, Sr IT Director, Nintendo As a CISO, this book generally mirrored, sometimes to a freakish level, the exact thoughts I have when I'm talking to security people at other companies. The number of conversations I get in where the focus is on checkbox lists with password complexity questions and whether they can get audit rights for AWS from me is really boggling. I wish all of them had this book to learn from so they can start seeing the massive disservice they are doing both to themselves as well as to their own security posture by focusing on the wrong things. From ensuring you take in business context to the examples of how to drive conversations with security personnel on the other side regardless of if you are the vendor or the customer, Why CISOs fail should be more broadly read across the security organization, not just at the top. - Norris Lee, Sr TPM Director, Slack “Focused yet irreverent, this is the little book that could. In a narrative that somehow manages to cover tremendous ground while keeping tight, Barak conveys important ideas and lessons that everyone can enjoy, and does so with grace and humor. You don’t need to be a secu- rity pro to appreciate this text, either. If security somehow touches on your daily work, like it does almost everyone’s, and there is one book you want to read to get a better handle on the subject, then you could do a whole lot worse than picking this one up.” - Brian Laing, SVP of Corporate Development & Strategic Alliances, Lastline, Inc. “Barak’s book offers refreshing perspectives on how to focus an infor- mation security program on business risk. His experiences shine through. If you are looking for academic concepts, look elsewhere. Barak offers real-world, pragmatic advice. This book is a great resource for CISOs, IT leaders and Information Security practitioners!” - Gideon T. Rasmussen, CISSP, CRISC, CISA, CISM, CIPP. “Barak’s real-world stories paint a true picture into the role of the CISO as a business enabler. Reading, digesting, and learning from those scenarios alone will add years of experience to any aspiring CISO’s skills. A fantastic piece!” - Branden R. Williams, DBA, CISSP, CISM, Author and Cybersecurity Expert. “Life sometimes offers us mentors and friends, people who will sug- gest that you may be doing the wrong things or that you don’t even have the right objectives. Barak’s book highlights how technical secu- rity management is a case of asymmetric warfare and that no system is good enough to withstand all attacks all the time. His words explore where CISOs find themselves today and in the future, managing cus- tomers, the board, and legal expectations. He articulates the prob- lem for third-party cloud dependency and provides useful clear advice such as ‘what to ask your cloud vendor.’ We learn about the ‘power of negative inference thinking,’ and the art of selling to the business versus selling to a customer. Barak leaves the reader empowered to partner with sales, leveraging security as a critical feature set driv- ing upsell opportunities. My favorite takeaway from this reading was understanding what people say versus what they want. Spend a day with a security guru and enjoy the journey into the mind of a modern day CISO.” - Robin Basham, M.IT, M.Ed., CISSP, CISA, CGEIT, CRISC, CEO/CISO EnterpriseGRC Solutions. “Forget CISOs. This book is a must-read for every CEO who’s seri- ous about security and who needs to understand the challenges faced by their own Chief Protection Officer.” - Neal O’Farrell, Founder, Brainisphere, Executive director of the identity-theft council. “You know, Barak, people sometimes ask me to read what they had written, and it’s kinda awkward, because that stuff isn’t usually very good, and how do you tell them that? But I found myself engaged all the way through, really enjoying the writing, the tales and the humor, and even feeling like I understand what’s going on. That’s so neat!” - Some guy called Ed ""Pragmatic, entertaining and enlightening! Barak reframes the definition of a CISO away from misconceptions and limited views, toward one that is much better positioned to help a business thrive. I believe this book is valuable to rising security leaders as well as any executive that operates in a high growth, complex and global environment."" -- Eddie Medina, Cofounder, BetterUp"