Resistance manual for accidental CISOs

Not all CISOs step into the role out of vocation or with the right context. Many arrive without a team, without a budget, without a clear mandate—and with the implicit expectation that “nothing can go wrong.” This book is written for them.

A Resistance Manual for Accidental CISOs is not a technical treatise or a catalog of tools. It is a realistic guide for those who must govern security in imperfect organizations, make decisions with incomplete information, and sustain the role under constant pressure.

Throughout the book, it addresses the first days in the position, the critical decisions of the early weeks, risk management without bureaucracy, the relationship with executive leadership, the conscious use of frameworks and certifications, the most common mistakes of the accidental CISO, and the personal wear and tear that comes with the role. All of this is approached with a clear principle: judgment before perfection.

You will not find promises of zero risk or universal recipes here. Instead, you will find practical concepts such as minimum viable visibility, lightweight governance, the “lite” incident response plan, documentation as self-protection, and negotiating with data rather than fear. Tools to decide, explain, and sustain decisions when resources never arrive as they should.

This book defends an uncomfortable but liberating idea: a good CISO is not the one who prevents every incident, but the one who helps the organization make better decisions before, during, and after them.

If you have just stepped into the role, if you have been feeling the wear for some time, or if you want to exercise the function with more judgment and less epic heroics, this book does not promise comfort. It offers something far more valuable: professional resilience.