CISO Leadership : Essential Principles for Success book cover
1st Edition

CISO Leadership
Essential Principles for Success

ISBN 9780849379437
Published December 22, 2007 by Auerbach Publications
312 Pages 32 B/W Illustrations

FREE Standard Shipping
USD $105.00

Prices & shipping based on shipping country


Book Description

Caught in the crosshairs of “Leadership” and “Information Technology”, Information Security professionals are increasingly tapped to operate as business executives. This often puts them on a career path they did not expect, in a field not yet clearly defined. IT training does not usually includemanagerial skills such as leadership, team-building, communication, risk assessment, and corporate business savvy, needed by CISOs. Yet a lack in any of these areas can short circuit a career in information security.

CISO Leadership: Essential Principles for Success captures years of hard knocks, success stories, and yes, failures. This is not a how-to book or a collection of technical data. It does not cover products or technology or provide a recapitulation of the common body of knowledge. The book delineates information needed by security leaders and includes from-the-trenches advice on how to have a successful career in the field.

With a stellar panel of contributors including William H. Murray, Harry Demaio, James Christiansen, Randy Sanovic, Mike Corby, Howard Schmidt, and other thought leaders, the book brings together the collective experience of trail blazers. The authors have learned through experience—been there, done that, have the t-shirt—and yes, the scars. A glance through the contents demonstrates the breadth and depth of coverage, not only in topics included but also in expertise provided by the chapter authors. They are the pioneers, who, while initially making it up as they went along, now provide the next generation of information security professionals with a guide to success.

Table of Contents

What You Told Us: A CISO Survey, T. Fitzgerald
Who Companies Really Want to HIRE: How to Advance Your
Career and Have Great Success, J. Brocaglia
The Evolving Information Security Landscape, W.H. Murray
Business Drivers for Information Security, H. DeMaio
Security as a Business Function, P. Browne and S.R. Katz
Security Leadership, M.J. Corby and V.M. Carr
The Public Sector CISO: Life In The Fishbowl, L. McNulty
A CISO Introspection, H.A. Schmidt
How Savvy Are You: Can You Get What You Want? B. Lee
Why and How Assessment of Organization Culture Should Shape Security Strategies, D. Saracco
Selling Information Security, J.S. Christiansen
The Importance of an IT Security Strategy, R. Sanovic
Extending The Enterprise’s Governance Program To Information Risks, R. Moulton and R. Coles
Building Management Commitment through Security Councils, T. Fitzgerald
Measuring Security, W.H. Murray
Privacy, Ethics, and Business, R. Herold
Leading Th rough a Crisis: How Not to Conduct a Security Investigation, M.D. Rasch
Security Pitfalls, T. Fitzgerald
Security Leader Horizon Issues: What the Future Holds, S. Skolochenko

View More



Todd Fitzgerald, CISSP, CISA, CISM, CIPM, CIPP/US, CIPP/E, CIPP/C, CGEIT, CRISC, PMP, ISO27000, and ITILv3 certified, is Managing Director and CISO of CISO Spotlight, LLC.

Todd has built and led multiple Fortune 500/large company information security programs for 20 years across multiple industries, named 2016-17 Chicago CISO of the Year by AITP, ISSA, ISACA, Infragard and SIM, ranked Top 50 Information Security Executive, and Information Security Executive (ISE) Award Finalist, and named Ponemon Institute Fellow. Fitzgerald coauthored with Micki Krause the first professional organization Chief Information Security Officer Book, CISO Leadership: Essential Principles for Success (Auerbach, 2008). Todd also authored Information Security Governance Simplified: From the Boardroom to the Keyboard (Auerbach, 2012), and co-authored Certified Chief Information Security Officer Body of Knowledge (E-C Council, 2014), and has contributed to over a dozen others. Fitzgerald has participated in the development of materials for the Official (ISC)2 Guide to the CISSP CBK, Information Security Handbook Series, ISACA COBIT 5 for Information Security, and ISACA CSX Cybersecurity Fundamentals.

Fitzgerald is a top-rated RSA Conference speaker and is frequently called upon to present at international, national and local conferences for Information Systems Audit and Control Association (ISACA), Information Systems security Association (ISSA), Management Information Systems Training Institute (MISTI), COSAC, Centers for Medicare and Medicaid Services, T.E.N., and others. Fitzgerald serves on the HIPAA Collaborative of Wisconsin Board of Directors (2002-present), Milwaukee Area Technical College Security Advisory Board, and University of Wisconsin-La Crosse College of Business Administration Board of Advisors.

Prior senior leadership includes SVP, CAO Information Security Northern Trust, Global CISO Grant Thornton International, Ltd, Global CISO ManpowerGroup, Medicare Security Officer/External Audit Oversight WellPoint (now Anthem) Blue Cross Blue Shield-National Government Services, CISO North & Latin America Zeneca/Syngenta and senior Information Technology leadership positions with IMS Health, and American Airlines. Todd earned a B.S. in Business Administration from the University of Wisconsin-La Crosse and Master Business Administration with highest honors from Oklahoma State University.


"Contemporary information security is a relatively new specialty that continues to evolve. Even newer is the job title "chief information security officer." As a result, those who don the CISO mantle do so without an established playbook.

In CISO Leadership: Essential Principles for Success, a number of experienced and highly successful information security practitioners share their collective experiences—including mistakes. They provide valuable advice for those aspiring to become information security leaders.

A common theme throughout the book's 19 chapters is the idea that information security is about more than simply amassing technical knowledge. Rather, it is the combined set of skills that include leadership, team building, communication, risk assessment, and corporate business savvy. Lack of these skills has often resulted in a CISO's premature termination.

The book is divided into three sections all centered on the issue of leadership. Part I is titled "A Leadership Disconnect," while Part II "Leadership Mandate" features chapters on fundamental topics, such as career advancement, security as a business function, business drivers, and more. Part III, "Leadership Evolution," covers business savvy, organizational culture, selling security, and more.

For those with a forward career path in information security, CISO Leadership is a valuable guidebook. The authors' "war stories" can help you avoid the bumps as you go down that road. The breadth and depth of the experience of the authors makes this a unique book that you can use to further your information security career."

—Ben Rothke, Security Management