eBook - ePub
Tribe of Hackers Security Leaders
Tribal Knowledge from the best in Cybersecurity Leadership
Marcus J. Carey, Jennifer Jin
This is a test
Share book
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Tribe of Hackers Security Leaders
Tribal Knowledge from the best in Cybersecurity Leadership
Marcus J. Carey, Jennifer Jin
Book details
Book preview
Table of contents
Citations
About This Book
Tribal Knowledge from the Best in Cybersecurity Leadership
The Tribe of Hackers series continues, sharing what CISSPs, CISOs, and other security leaders need to know to build solid cybersecurity teams and keep organizations secure. Dozens of experts and influential security specialists reveal their best strategies for building, leading, and managing information security within organizations. Tribe of Hackers Security Leaders follows the same bestselling format as the original Tribe of Hackers, but with a detailed focus on how information security leaders impact organizational security.
Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businessesand governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world's top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including:
- What's the most important decision you've made or action you've taken to enable a business risk?
- How do you lead your team to execute and get results?
- Do you have a workforce philosophy or unique approach to talent acquisition?
- Have you created a cohesive strategy for your information security program or business unit?
Anyone in or aspiring to an information security leadership role, whether at a team level or organization-wide, needs to read this book. Tribe of Hackers Security Leaders has the real-world advice and practical guidance you need to advance your cybersecurity leadership career.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Tribe of Hackers Security Leaders an online PDF/ePUB?
Yes, you can access Tribe of Hackers Security Leaders by Marcus J. Carey, Jennifer Jin in PDF and/or ePUB format, as well as other popular books in Computer Science & Cryptography. We have over one million books available in our catalogue for you to explore.
Information
1
Marcus J. Carey
âI'm a big motivator. I get people hyped up all the time.â
Twitter: @marcusjcarey ⢠Website: www.linkedin.com/in/marcuscarey/
Marcus J. Carey is a cybersecurity community advocate and startup founder with more than 25 years of protecting government and commercial sensitive data. He started his cybersecurity career in U.S. Navy cryptology with further service in the National Security Agency (NSA).
Do you believe there is a massive shortage of career cybersecurity professionals?
This is going to be a little bit of cybersecurity heresy, but I don't believe that we need career cybersecurity professionals to be able to combat the risks that we currently have and will have in the future. If I could wave a magic wand, I'd enable all information technology, computer science, electrical engineers, etc., to be more knowledgeable, responsible, and accountable for cyber risk. That same magic wand would also eliminate most cybersecurity roles except for oversight and compliance.
We bridge the gap by making cybersecurity be part of everyone's job. Each area of responsibility should have cybersecurity stakeholders, such as system administrators, software developers, network engineers, etc. They should play a more accountable role. Together as a group, they would have more skin in the game because they would be directly to blame. I've seen too many times where security teams relegated to the sidelines are somehow still blamed for breaches. To implement this, the executive team must play an extremely critical role.
What's the most important decision you've made or action you've taken related to a business risk?
The most important decision I made as founder and CEO of a software company was not to implement corporate drug testing. Every business is different for sure, and many cannot allow this. From a traditional business risk perspective, many would argue it's a huge risk, especially if you're employing bus or forklift drivers.
I'm about to make a huge generalization about the tech scene, which includes people who build technology and my hacker community. There is a lot of recreational drug use. I'm certainly not advocating or saying that people actively use on the job. I'm saying that if you want technology talent, especially in places like Austin, you may have to take this risk.
In a knowledge economy, people get paid for what they know and not what they do on the weekends. Many of the most talented builders and hackers will not apply for jobs if they have drug testing policies. These policies could be blocking talented people who can write secure code for your organization from applying to be an employee. I know there are many counterarguments to this, but it's a risk that I took and would do again in the future.
How do you make hard decisions? Do you find yourself more often making people, process, or technology decisions?
One of my favorite books is How to Stop Worrying and Start Living by Dale Carnegie because it taught me an important lesson that I still use today. The hardest decisions usually come with worrying about the outcome. The book instructs you to think about the worst thing that could happen and create a game plan for that scenario. It's usually going to go better than that.
To be super honest, people or personnel decisions are always the hardest. Most of the technology is about the same. Most of the processes are based on some sort of scientific method if you stop to think about it. People are hard to predict.
The most critical decisions surrounding people are probably hiring and firing. Hire for potential, not for finished products. When someone stops believing in the mission, it is time to part ways. Letting people go is tough for most of us, but I've learned time after time that it doesn't ruin good relationships.
What's something that you struggle with as a leader, and how do you overcome that?
I'm a big motivator. I get people hyped up all the time. Since I'm pumping people up and getting them super confident, it guts them when I'm critical of their performance.
I've learned to take a balanced approach where I can't hype people up so much. I also try to talk with them more often so I can microdose any criticism without them feeling like a tsunami just hit.
How do you lead your team to execute and get results?
Communication is the absolute key. I believe cybersecurity teams should really adopt the mind-set that they are a small business inside a larger organization, even if it's a small team (e.g., one person). Cybersecurity teams are in the business of risk reduction. Everything that the team implements should be with that goal. No bull, just business; your internal and external customers can smell it from a mile away.
Do you have a workforce philosophy or unique approach to talent acquisition?
I'm confident that if you hire right, anyone can learn how to perform most roles if they are given six months of on-the-job experience. When hiring, make sure that you have a minimum viable candidate in mind. So many organizations try to hire the âperfectâ candidate based on exactly what they have running in their enterprise. Even organizations in the same vertical do business and cybersecurity differently.
The minimal viable candidate will be kicking butt in a few months. Hire them, train them, equip them, and they'll pay you back in spades.
Have you created a cohesive strategy for your information security program or business unit?
I highly recommend everyone check out Traction by Gino Wickman. He has an approach that can be applied to any business or business unit. The book is great for setting monthly, quarterly, and yearly cybersecurity goals. Align those goals with the overall corporate strategy. Have monthly and quarterly meetings to track your progress. Hold everyoneâincluding managementâto those goals. Practice extreme ownership.
What are your communication tips for interacting with executive leadership?
Be super transparent. Make sure you are telling the same consistent story to everyone. If you are caught downstream or upstream telling different stories, people will lose respect and discredit what you may say in the future.
For example, don't hype risk to get your direct reports to work harder, only to downplay the risk to management. The opposite approach is common as well. People will lose confidence in their mission as an end result. It's terrible for morale.
How do you cultivate productive relationships with your boss, peers, direct reports, and other team members?
The best relationships are built on a sense of a common goal. For a boss and peers, that mission is corporate success. A productive relationship means making sure that they have the right information to reduce risk. Notice the phrase âreduce risk,â as it is impossible to eliminate risk.
Direct reports' and team members' relationships will be fostered on building each other up while reducing risk for the business. Everyone wants to experience professional growth, so by putting your personnel in positions to grow, they'll get what they need from your leadership position. Also, let them know you've got their backs at all times. They will reward you by kicking butt and taking names.
Have you encountered challenges collaborating with revenue-generating teams like sales and product development?
The elephant in the room for revenue-generating teams, such as sales and marketing, is that they will always want to jump on technology to increase sales and prospects. Development teams will see new widgets, languages, and other technology that makes their lives easier. This is a blessing to the company, which lives on revenue, and can be seen as a curse to a cybersecurity team.
The approach I recommend is that you and your team be research-driven and test these tools for yourself so you can understand how the business can use new technology as securely as possible. You have to be in the room when technology decisions are being made, and if you shoot everything down, you won't be in that room for too much longer. Either you'll move on or they'll ignore you.
Remember, your job is to allow the business to move fast without shooting itself in the foot. Cybersecurity should be a business enabler, not a hindrance.
Have you encountered challenges collaborating with technology teams like information technology and software development?
Cybersecurity professionals have gotten a bad name over the years for being the party poopers when it comes to technology. ...