Ben's Book of the Month: Review of "The CISO Journey"


Posted on by Ben Rothke

This month’s them is professional development. Just as personal development is a journey, so too is a person’s career part of the development process. In an aptly titled book The CISO Journey: Life Lessons and Concepts to Accelerate Your Professional Development (Auerbach Publications 978-1138197398), author Gene Fredriksen takes the reader on an information security journey.

Fredriksen spent decades as a CISO, and brings his life lessons to the book. The book is made for a person who is on the CISO track, or even a newly minded CISO, looking for guidance along their new journey.

Fredriksen details a number of interesting scenarios, all based on his real-world experience.  He then details what happened, including the successes, challenges and occasional failure along the way.  He takes a more management focused approach, rather than getting into the heavy technical details. The 10 chapters in the book correspond to what he calls the 10 rules of information security.

A book like this is important in that it is the CISO who often sets an organization’s security processes and technologies on an effective course. By drawing on Fredriksen’s years of experience and research; the reader is better able to define and prioritize the strategic and tactical steps they need to execute on to ensure their journey as a CISO is a smooth.

An important point the book reiterates is that the role of a CISO is not that of a technologist. Rather the CISO is an effective manager, leader and communicator.  He observed that technology is an important aspect of information security.  But being a good CISO means a lot more than just technical expertise.

The book does a good job of showing to develop and managing an effective enterprise security program.  This is not a trivial thing, and that precisely the journey the book helps the reader with.

For those looking to start their path down the road to being a CISO now or in the future, The CISO Journey is a good guide to help you along the way.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

professional development & workforce

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs