eBook - ePub
Tribe of Hackers Security Leaders
Tribal Knowledge from the best in Cybersecurity Leadership
Marcus J. Carey, Jennifer Jin
This is a test
Buch teilen
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Tribe of Hackers Security Leaders
Tribal Knowledge from the best in Cybersecurity Leadership
Marcus J. Carey, Jennifer Jin
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Tribal Knowledge from the Best in Cybersecurity Leadership
The Tribe of Hackers series continues, sharing what CISSPs, CISOs, and other security leaders need to know to build solid cybersecurity teams and keep organizations secure. Dozens of experts and influential security specialists reveal their best strategies for building, leading, and managing information security within organizations. Tribe of Hackers Security Leaders follows the same bestselling format as the original Tribe of Hackers, but with a detailed focus on how information security leaders impact organizational security.
Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businessesand governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world's top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including:
- What's the most important decision you've made or action you've taken to enable a business risk?
- How do you lead your team to execute and get results?
- Do you have a workforce philosophy or unique approach to talent acquisition?
- Have you created a cohesive strategy for your information security program or business unit?
Anyone in or aspiring to an information security leadership role, whether at a team level or organization-wide, needs to read this book. Tribe of Hackers Security Leaders has the real-world advice and practical guidance you need to advance your cybersecurity leadership career.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Tribe of Hackers Security Leaders als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Tribe of Hackers Security Leaders von Marcus J. Carey, Jennifer Jin im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Cryptography. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
1
Marcus J. Carey
“I'm a big motivator. I get people hyped up all the time.”
Twitter: @marcusjcarey • Website: www.linkedin.com/in/marcuscarey/
Marcus J. Carey is a cybersecurity community advocate and startup founder with more than 25 years of protecting government and commercial sensitive data. He started his cybersecurity career in U.S. Navy cryptology with further service in the National Security Agency (NSA).
Do you believe there is a massive shortage of career cybersecurity professionals?
This is going to be a little bit of cybersecurity heresy, but I don't believe that we need career cybersecurity professionals to be able to combat the risks that we currently have and will have in the future. If I could wave a magic wand, I'd enable all information technology, computer science, electrical engineers, etc., to be more knowledgeable, responsible, and accountable for cyber risk. That same magic wand would also eliminate most cybersecurity roles except for oversight and compliance.
We bridge the gap by making cybersecurity be part of everyone's job. Each area of responsibility should have cybersecurity stakeholders, such as system administrators, software developers, network engineers, etc. They should play a more accountable role. Together as a group, they would have more skin in the game because they would be directly to blame. I've seen too many times where security teams relegated to the sidelines are somehow still blamed for breaches. To implement this, the executive team must play an extremely critical role.
What's the most important decision you've made or action you've taken related to a business risk?
The most important decision I made as founder and CEO of a software company was not to implement corporate drug testing. Every business is different for sure, and many cannot allow this. From a traditional business risk perspective, many would argue it's a huge risk, especially if you're employing bus or forklift drivers.
I'm about to make a huge generalization about the tech scene, which includes people who build technology and my hacker community. There is a lot of recreational drug use. I'm certainly not advocating or saying that people actively use on the job. I'm saying that if you want technology talent, especially in places like Austin, you may have to take this risk.
In a knowledge economy, people get paid for what they know and not what they do on the weekends. Many of the most talented builders and hackers will not apply for jobs if they have drug testing policies. These policies could be blocking talented people who can write secure code for your organization from applying to be an employee. I know there are many counterarguments to this, but it's a risk that I took and would do again in the future.
How do you make hard decisions? Do you find yourself more often making people, process, or technology decisions?
One of my favorite books is How to Stop Worrying and Start Living by Dale Carnegie because it taught me an important lesson that I still use today. The hardest decisions usually come with worrying about the outcome. The book instructs you to think about the worst thing that could happen and create a game plan for that scenario. It's usually going to go better than that.
To be super honest, people or personnel decisions are always the hardest. Most of the technology is about the same. Most of the processes are based on some sort of scientific method if you stop to think about it. People are hard to predict.
The most critical decisions surrounding people are probably hiring and firing. Hire for potential, not for finished products. When someone stops believing in the mission, it is time to part ways. Letting people go is tough for most of us, but I've learned time after time that it doesn't ruin good relationships.
What's something that you struggle with as a leader, and how do you overcome that?
I'm a big motivator. I get people hyped up all the time. Since I'm pumping people up and getting them super confident, it guts them when I'm critical of their performance.
I've learned to take a balanced approach where I can't hype people up so much. I also try to talk with them more often so I can microdose any criticism without them feeling like a tsunami just hit.
How do you lead your team to execute and get results?
Communication is the absolute key. I believe cybersecurity teams should really adopt the mind-set that they are a small business inside a larger organization, even if it's a small team (e.g., one person). Cybersecurity teams are in the business of risk reduction. Everything that the team implements should be with that goal. No bull, just business; your internal and external customers can smell it from a mile away.
Do you have a workforce philosophy or unique approach to talent acquisition?
I'm confident that if you hire right, anyone can learn how to perform most roles if they are given six months of on-the-job experience. When hiring, make sure that you have a minimum viable candidate in mind. So many organizations try to hire the “perfect” candidate based on exactly what they have running in their enterprise. Even organizations in the same vertical do business and cybersecurity differently.
The minimal viable candidate will be kicking butt in a few months. Hire them, train them, equip them, and they'll pay you back in spades.
Have you created a cohesive strategy for your information security program or business unit?
I highly recommend everyone check out Traction by Gino Wickman. He has an approach that can be applied to any business or business unit. The book is great for setting monthly, quarterly, and yearly cybersecurity goals. Align those goals with the overall corporate strategy. Have monthly and quarterly meetings to track your progress. Hold everyone—including management—to those goals. Practice extreme ownership.
What are your communication tips for interacting with executive leadership?
Be super transparent. Make sure you are telling the same consistent story to everyone. If you are caught downstream or upstream telling different stories, people will lose respect and discredit what you may say in the future.
For example, don't hype risk to get your direct reports to work harder, only to downplay the risk to management. The opposite approach is common as well. People will lose confidence in their mission as an end result. It's terrible for morale.
How do you cultivate productive relationships with your boss, peers, direct reports, and other team members?
The best relationships are built on a sense of a common goal. For a boss and peers, that mission is corporate success. A productive relationship means making sure that they have the right information to reduce risk. Notice the phrase “reduce risk,” as it is impossible to eliminate risk.
Direct reports' and team members' relationships will be fostered on building each other up while reducing risk for the business. Everyone wants to experience professional growth, so by putting your personnel in positions to grow, they'll get what they need from your leadership position. Also, let them know you've got their backs at all times. They will reward you by kicking butt and taking names.
Have you encountered challenges collaborating with revenue-generating teams like sales and product development?
The elephant in the room for revenue-generating teams, such as sales and marketing, is that they will always want to jump on technology to increase sales and prospects. Development teams will see new widgets, languages, and other technology that makes their lives easier. This is a blessing to the company, which lives on revenue, and can be seen as a curse to a cybersecurity team.
The approach I recommend is that you and your team be research-driven and test these tools for yourself so you can understand how the business can use new technology as securely as possible. You have to be in the room when technology decisions are being made, and if you shoot everything down, you won't be in that room for too much longer. Either you'll move on or they'll ignore you.
Remember, your job is to allow the business to move fast without shooting itself in the foot. Cybersecurity should be a business enabler, not a hindrance.
Have you encountered challenges collaborating with technology teams like information technology and software development?
Cybersecurity professionals have gotten a bad name over the years for being the party poopers when it comes to technology. ...