A few months back, I read this book The Cybersecurity Manager's Guide by Todd Barnum. It provides practical insights into the challenging role of cybersecurity management. The book promised to offer insights into aligning security goals with business objectives. It was published in March 2021.

Content Overview

The book is divided into twelve chapters that start by addressing foundational concepts, such as the eight domains of cybersecurity. Chapter three describes the following seven steps or areas that a cybersecurity manager should focus on to drive a successful cybersecurity program:

• Step 1: Cultivate Relationships

• Step 2: Ensure Alignment

• Step 3: Use the Four Cornerstones to Lay the Groundwork for Your Program

• Step 4: Create a Communications Plan

• Step 5: Give Your Job Away

• Step 6: Build Your Team

• Step 7: Measure What Matters

Chapters four to ten cover each of these focus areas in more detail. The last two chapters provide guidance on collaborating with the internal audit team to further the cybersecurity program and ideas for CISOs build trust and cultivate positive relationships throughout the organization.

Salient Features

• The author leverages his experience to offer actionable advice. The book is full of real-world examples and case studies from author’s own career.

• It is written in an easy-to-understand language making it a valuable resource for managers transitioning into cybersecurity roles.

• Rather than focusing solely on technology, the book emphasizes the importance of aligning cybersecurity strategies with overall business objectives.

• This book is ideal for mid- to senior-level managers looking to enhance their understanding of cybersecurity management, as well as new cybersecurity managers seeking practical guidance.

Not so salient Features

• The book does not dive into technical aspects of cybersecurity, which may leave more experienced technical professionals wanting.

• While practical, the book could have benefited from a deeper dive into long-term strategic planning for cybersecurity management.

My rating 4.0 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• Ethical Hacking by Daniel G. Graham

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-Driven Threat Hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Pentesting Azure Applications by Matt Burrough

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman