“Focused yet irreverent, this is the little book that could. In a narrative that somehow manages to cover tremendous ground while keeping tight, Barak conveys important ideas and lessons that everyone can enjoy, and does so with grace and humor. You don’t need to be a security pro to appreciate this text, either. If security somehow touches on your daily work, like it does almost everyone’s, and there is one book you want to read to get a better handle on the subject, then you could do a whole lot worse than picking this one up.”
SVP of Corporate Development & Strategic Alliances, Lastline, Inc.
“Barak’s book offers refreshing perspectives on how to focus an information security program on business risk. His experiences shine through. If you are looking for academic concepts, look elsewhere. Barak offers real-world, pragmatic advice. This book is a great resource for CISOs, IT leaders and information Security practitioners!”
Gideon T. Rasmussen
CISSP, CRISC, CISA, CISM, CIPP
“Barak’s real-world stories paint a true picture into the role of the CISO as a business enabler. Reading, digesting, and learning from those scenarios alone will add years of experience to any aspiring CISO’s skills. A fantastic piece!”
Dr. Branden R. Williams
DBA, CISSP, CISM, Author and Cybersecurity Expert
“Life sometimes offers us mentors and friends, people who will suggest that you may be doing the wrong things or that you don’t even have the right objectives. Barak’s book highlights how technical security management is a case of asymmetric warfare and that no system is good enough to withstand all attacks all the time. His words explore where CISOs find themselves today and in the future, managing customers, the board, and legal expectations. He articulates the problem for third-party cloud dependency and provides useful clear advice such as ‘what to ask your cloud vendor.’ We learn about the ‘power of negative inference thinking,’ and the art of selling to the business versus selling to a customer. Barak leaves the reader empowered to partner with sales, leveraging security as a critical feature set driving upsell opportunities. My favorite takeaway from this reading was understanding what people say versus what they want. Spend a day with a security guru and enjoy the journey into the mind of a modern day CISO.”
M.IT, M.Ed., CISSP, CISA, CGEIT, CRISC, CEO/CISO EnterpriseGRC Solutions
“Forget CISOs. This book is a must-read for every CEO who’s serious about security and who needs to understand the challenges faced by their own Chief Protection Officer.”
Executive director of the identity-theft council, member of the Federal Communications Commission cybersecurity Round Table, member of the National initiative for cybersecurity education
"You know, Barak, people sometimes ask me to read what they had written, and it’s kinda awkward, because that stuff isn’t usually very good, and how do you tell them that? But I found myself engaged all the way through, really enjoying the writing, the tales and the humor, and even feeling like I understand what’s going on. That’s so neat!"
Some guy called Ed
The endorsements above are amazing!
Now check out (by clicking on the image to the left) the truly astonishing foreword, written by Lance James, the world's foremost authority on phishing and an expert's expert. That he agreed to write one was a true gift; what he wrote left me speechless.
— Ben Rothke
WHAT PEOPLE SAY
Excerpts: "Engel has been in the information security field for decades and this is his soliloquy on many of the bigger problems in information security management. At 125 pages, he lays out what is wrong; and he does that with a combination of humor, swagger and polemic. As someone who has significant industry experience, Engel is a voice who should be heard. [...] As someone who truly understands what information security really is; Engel dismisses security initiatives that don’t advance the state of infosec. "
Read the whole review on Ben's RSA blog!