With cyberattacks resulting in often devastating results, it’s no wonder executives hire the best and brightest of the IT world for protection. But are you doing enough? Do you understand your risks? What if the brightest aren’t always the best choice for your company? In The Smartest Person in the Room, Christian Espinosa shows you how to leverage your company’s smartest minds to your benefit and theirs. Learn from Christian’s own journey from cybersecurity engineer to company CEO.

Leadership development speaker & consultant Andy Ellis is the former CSO of Akamai, where he contributed to the creation of Akamai's billion‑dollar cybersecurity business. He now brings his speaking, consulting, and business knowledge to listeners with 1% Leadership—based on the reality that real-world leadership is messy and complicated; it rarely fits into an acronym or a dogmatic overarching philosophy. Ellis says that there are no “irrefutable laws” of leadership or power; there is no secret.

In Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, George Finney, chief security officer at Southern Methodist University, delivers an insightful and practical discussion of Zero Trust implementation. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT security director. Listeners will learn John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach.

In The CISO Evolution: Business Knowledge for Cybersecurity Executives, information security experts Matthew K. Sharp and Kyriakos "Rock" Lambros deliver an insightful and practical resource to help cybersecurity professionals develop the skills they need to effectively communicate with senior management and boards. They assert business aligned cybersecurity is crucial and demonstrate how business acumen is being put into action to deliver meaningful business outcomes.

Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing - as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

The topic of security culture is mysterious and confusing to most leaders. But it doesn't have to be. In The Security Culture Playbook, Perry Carpenter and Kai Roer deliver experience-driven, actionable insights into how to transform your organization's security culture and reduce human risk at every level. This book exposes the gaps in how organizations have traditionally approached human risk, and it provides security and business executives with the necessary information and tools needed to understand, measure, and improve facets of security culture across the organization.

Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles.

In The Art of Attack: Attacker Mindset for Security Professionals, Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to and how to use it to their advantage.

Cybersecurity involves people, policy, and technology. Yet most books and academic programs cover only technology. Hence the implementation of cybersecurity as a people powered perpetual innovation and productivity engine is not done. People think they can buy cybersecurity as a product when in fact the discipline is the modern practice of digital business strategy. People also equate cybersecurity with information security or security alone. However, security is a state, while cybersecurity is a process.

In our first publication, 90 Days: A CISO’s Journey to Impact, we profile some of the world’s leading enterprise cybersecurity leaders. They share their views on the role and advice to create rapid impact in a reasonable amount of time - 90 days. It is our hope that listeners, whether existing or future CISOs, gain insights to continuously improve and be their most effective selves.

Cybersecurity is an emerging career trend and will continue to become increasingly important. Despite the lucrative pay and significant career growth opportunities, many people are unsure of how to get started.

Finding the right position in cybersecurity is challenging. Being successful in the profession takes a lot of work. And becoming a cybersecurity leader responsible for a security team is even more difficult. In Navigating the Cybersecurity Career Path, decorated chief information security officer Helen Patton delivers a practical and insightful discussion designed to assist aspiring cybersecurity professionals entering the industry and help those already in the industry advance their careers and lead their first security teams.

It’s a signal paradox of our times that we live in an information society but do not know how it works. And without understanding how our information is stored, used, and protected, we are vulnerable to having it exploited. In Fancy Bear Goes Phishing, Scott J. Shapiro draws on his popular Yale University class about hacking to expose the secrets of the digital age. With lucidity and wit, he establishes that cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society.

How can we apply technology to drive business value? For years we've been told that the performance of software delivery teams doesn't matter - that it can't provide a competitive advantage to our companies. Through four years of groundbreaking research to include data collected from the State of DevOps reports conducted with Puppet, Dr. Nicole Forsgren, Jez Humble, and Gene Kim set out to find a way to measure software delivery performance - and what drives it - using rigorous statistical methods. This book presents both the findings and the science behind that research, making the information accessible for listeners to apply in their own organizations.

This is a breakdown of the NIST risk management framework process for cybersecurity professionals getting into security compliance. It is written in layman's terms, without the convoluted way it is described in the NIST SP 800-37 revision 2. It goes into what the information system security officer does at each step in the process and where their attention should be focused. Although the main focus is on implementation of the NIST 800 RMF process, this book covers many of the main concepts on certifications, such as the ISC2 CAP.

The race is on to become a digital enterprise. Every organization has a plan for updating products, technologies, and business processes. But that's not enough anymore. With disruptive startups outperforming industry stalwarts, executives everywhere are pushing greater growth and innovation. Staying competitive demands a complete digital transformation.

Look around you. Artificial intelligence is no longer just a futuristic notion. It's here right now - in software that senses what we need, supply chains that "think" in real time, and robots that respond to changes in their environment. Twenty-first-century pioneer companies are already using AI to innovate and grow fast. The bottom line is this: Businesses that understand how to harness AI can surge ahead. Those that neglect it will fall behind. Which side are you on?

The confluence of four technologies - elastic cloud computing, big data, artificial intelligence, and the internet of things - writes Siebel, is fundamentally changing how business and government will operate in the 21st century. Siebel masterfully guides listeners through a fascinating discussion of the game-changing technologies driving digital transformation and provides a roadmap to seize them as a strategic opportunity.

Red teaming. It is a practice as old as the Devil's Advocate, the 11th-century Vatican official charged with discrediting candidates for sainthood. Today, red teams - comprised primarily of fearless skeptics and those assuming the role of saboteurs who seek to better understand the interests, intentions, and capabilities of institutions or potential competitors - are used widely in both the public and private sector.

Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers - from home thermostats to chemical plants - are all online. All computers can be hacked. And Internet-connected computers are the most vulnerable. Forget data theft: Cutting-edge digital attackers can now crash your car, your pacemaker, and the nation’s power grid. In Click Here to Kill Everybody, renowned expert and best-selling author Bruce Schneier examines the hidden risks of this new reality.

Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles.

In Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, George Finney, chief security officer at Southern Methodist University, delivers an insightful and practical discussion of Zero Trust implementation. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT security director. Listeners will learn John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach.

This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. From understanding the need, to core risk management principles, to threats, tools, roles, and responsibilities, this book walks the listener through each step of developing and implementing a cybersecurity program. If you're a business manager or executive who needs to make sense of cybersecurity, this audiobook demystifies it for you.

In The Art of Attack: Attacker Mindset for Security Professionals, Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to and how to use it to their advantage.

Cybersecurity is an emerging career trend and will continue to become increasingly important. Despite the lucrative pay and significant career growth opportunities, many people are unsure of how to get started.

In The CISO Evolution: Business Knowledge for Cybersecurity Executives, information security experts Matthew K. Sharp and Kyriakos "Rock" Lambros deliver an insightful and practical resource to help cybersecurity professionals develop the skills they need to effectively communicate with senior management and boards. They assert business aligned cybersecurity is crucial and demonstrate how business acumen is being put into action to deliver meaningful business outcomes.

Cybersecurity Essentials provides a comprehensive introduction to the field, with expert coverage of essential topics required for entry-level cybersecurity certifications. An effective defense consists of four distinct challenges: securing the infrastructure, securing devices, securing local networks, and securing the perimeter. Overcoming these challenges requires a detailed understanding of the concepts and practices within each realm.

The NIST Cybersecurity Framework, intelligently designed to synchronize with top-tier industry practices, is a treasure trove for all cybersecurity enthusiasts, IT professionals, or organizational leaders determined to enhance their information systems security. This book, with its ability to translate complex concepts into accessible lessons, has the power to elevate beginners into adept cybersecurity practitioners.

No data is completely safe. Cyberattacks on companies and individuals are on the rise and growing not only in number but also in ferocity. And while you may think your company has taken all the precautionary steps to prevent an attack, no individual, company, or country is safe. Cybersecurity can no longer be left exclusively to IT specialists. Improving and increasing data security practices and identifying suspicious activity is everyone's responsibility, from the boardroom to the break room.

Cyber risk management is one of the most urgent issues facing enterprises today. This book presents a detailed framework for designing, developing, and implementing a cyber risk management program that addresses your company's specific needs. Ideal for corporate directors, senior executives, security risk practitioners, and auditors at many levels, this guide offers both the strategic insight and tactical guidance you're looking for.

Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies—and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable.

In the newly revised third edition of CompTIA CySA+ Study Guide: Exam CS0-003, a team of leading security experts and tech educators delivers comprehensive and accurate coverage of every topic and domain covered on the certification exam. You'll find clear and concise information on critical security topics presented by way of practical, real-world examples, chapter reviews, and exam highlights.

Cybersecurity involves people, policy, and technology. Yet most books and academic programs cover only technology. Hence the implementation of cybersecurity as a people powered perpetual innovation and productivity engine is not done. People think they can buy cybersecurity as a product when in fact the discipline is the modern practice of digital business strategy. People also equate cybersecurity with information security or security alone. However, security is a state, while cybersecurity is a process.

The Pentester BluePrint: Starting a Career as an Ethical Hacker offers listeners a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications.

Like it or not, your every move is being watched and analyzed. Consumers' identities are being stolen, and a person's every step is being tracked and stored. What once might have been dismissed as paranoia is now a hard truth, and privacy is a luxury few can afford or understand. In this explosive yet practical book, Kevin Mitnick illustrates what is happening without your knowledge - and he teaches you "the art of invisibility".