GLOBAL CISO - STRATEGY, TACTICS, & LEADERSHIP: How to Succeed in InfoSec and CyberSecurity (CISO SERIES)

If you’re in the cybersecurity world, "Global CISO" is one you need on your shelf. I’ve read quite a few books on cybersecurity, but this one stands out for its practical, no-nonsense approach. Michael has done a great job of laying out the challenges and solutions we face as CISOs. The book covers everything from dealing with privacy laws to building a solid security team, all with a practical, real-world focus.What I really like about this book is that it’s not just vague theory—it’s packed with actionable advice. It’s a guide that tells you exactly what you need to do to protect your organization. The emphasis on strategy, coupled with detailed discussions on metrics and compliance, makes this a must-read for anyone serious about cybersecurity leadership. Whether you’re trying to navigate the latest compliance requirements or figure out how to get your security program off the ground, Oberlaender’s got you covered.This is a book I know I’ll keep coming back to, and I’d recommend it to anyone who’s serious about succeeding in cybersecurity. It’s a solid, easy read with lots of great takeaways.

This was an incredible book to help you understand your strategy, tactics, and how to build the right leadership engagement. Not only did this book provide insight, it helps you break down where to begin, where to invest, and where to build and scale from a true Global CISO lens. Strong recommend for folks to put this in your book club as one of the better ones to buy.

As an aspiring CISO I found this book the have a significant relevance to my career. It starts off with a good history of various high profile security incidents that have occurred with the author weighing in on the subject with his experience and weaves in his knowledge and learnings. From there it transitions to a great deal of areas from functional security competencies such and compliance, risk frameworks, team composition, as well as the meat and potatoes of organizational security such as back up and disaster recovery, and access control. I particularly enjoyed sections regarding working with peers and executive teams and the pitfalls of balancing security and one’s budget as well as how a security team can prove their worth with KPIs, metrics and risk indicators.Over all this book covers all the areas you need to knowledge to become a security leader in your organization.

The book is geared towards aspiring CISOs . It does a decent job of giving you a running head start on designing a program. The first half of the book is one long “why” statement.The subcontext of “how to be successful” is interesting once you finish the book. I am not sure this hits that exact mark.There were typos. Not many but they really stood out when you saw them.The author uses terms like “lame” and “lol”.The diagrams were not in color but the text associated with them calls out color. This made the diagrams hard to use.At times, the author seems to use this more or an opportunity to say “look at me” rather than inform.I wish the book covered more on the budget side. Most security folks in leadership struggle with the corporate finance concepts because we are used to fending off bad guys.Overall, not worth 100 bucks. Maybe 40. There are far more cost effective books on this topic that cover the same ground.

This book clearly condenses the knowledge, expertise, and skills of the author, a seven-time career GLOBAL C(I)SO, in a comprehensive, yet entertaining and educating manner, that shows the decades of experience and global exposure to the subject of InfoSec and CyberSecurity. Readers will benefit from the direct approach, hitting the core of the matter right away without the typical buzzwords and superfluous fillwords. Instead, you are taken on a journey from the significant and important recent data breaches over the new GDPR, CCPA, China Security Law and other such laws and regulations, to the threat actors, be they nation states, criminals, or your competition. After showing you the size and global scope of the problem, you're then strategically guided through the various steps of cure, change, and preparation to overcome these challenges and succeed as GLOBAL CISO and in similar roles. The very robust, step-by-step approach that teaches you all the necessary artifacts and knowhow, guided by one of the world's most experienced CISOs, ensures your application of the subject matter knowledge taught as well as measurable success in your organizational change role. While reading, you are exposed to many valuable lessons learned by the author, and in parallel you build your first year security program, buying you the time to then develop longterm strategy and showing you how to build out your organization. How to design, architect, and implement SecDevOps and a S-SDLC model, how to secure your current and future states, incl. cloud, IoT, and other challenges are showcased and explained in-depth, before the author shares how to manage vendors and contracts; and how they should engage with you. Overall, this book is your roadmap to success, having you reference it for many years to come.

A great book, that will be a reference throughout the rest of my career!