With cyberattacks resulting in often devastating results, it’s no wonder executives hire the best and brightest of the IT world for protection. But are you doing enough? Do you understand your risks? What if the brightest aren’t always the best choice for your company? In The Smartest Person in the Room, Christian Espinosa shows you how to leverage your company’s smartest minds to your benefit and theirs. Learn from Christian’s own journey from cybersecurity engineer to company CEO.

Leadership development speaker & consultant Andy Ellis is the former CSO of Akamai, where he contributed to the creation of Akamai's billion‑dollar cybersecurity business. He now brings his speaking, consulting, and business knowledge to listeners with 1% Leadership—based on the reality that real-world leadership is messy and complicated; it rarely fits into an acronym or a dogmatic overarching philosophy. Ellis says that there are no “irrefutable laws” of leadership or power; there is no secret.

In Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, George Finney, chief security officer at Southern Methodist University, delivers an insightful and practical discussion of Zero Trust implementation. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT security director. Listeners will learn John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach.

In The CISO Evolution: Business Knowledge for Cybersecurity Executives, information security experts Matthew K. Sharp and Kyriakos "Rock" Lambros deliver an insightful and practical resource to help cybersecurity professionals develop the skills they need to effectively communicate with senior management and boards. They assert business aligned cybersecurity is crucial and demonstrate how business acumen is being put into action to deliver meaningful business outcomes.

This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. From understanding the need, to core risk management principles, to threats, tools, roles, and responsibilities, this book walks the listener through each step of developing and implementing a cybersecurity program. If you're a business manager or executive who needs to make sense of cybersecurity, this audiobook demystifies it for you.

Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles.

In The Art of Attack: Attacker Mindset for Security Professionals, Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to and how to use it to their advantage.

Cybersecurity involves people, policy, and technology. Yet most books and academic programs cover only technology. Hence the implementation of cybersecurity as a people powered perpetual innovation and productivity engine is not done. People think they can buy cybersecurity as a product when in fact the discipline is the modern practice of digital business strategy. People also equate cybersecurity with information security or security alone. However, security is a state, while cybersecurity is a process.

In our first publication, 90 Days: A CISO’s Journey to Impact, we profile some of the world’s leading enterprise cybersecurity leaders. They share their views on the role and advice to create rapid impact in a reasonable amount of time - 90 days. It is our hope that listeners, whether existing or future CISOs, gain insights to continuously improve and be their most effective selves.

In 2014, the world witnessed the start of a mysterious series of cyberattacks. Targeting American utility companies, NATO, and electric grids in Eastern Europe, the strikes grew ever more brazen. They culminated in the summer of 2017, when the malware known as NotPetya was unleashed, penetrating, disrupting, and paralyzing some of the world's largest businesses—from drug manufacturers to software developers to shipping companies. At the attack's epicenter in Ukraine, ATMs froze. The railway and postal systems shut down. Hospitals went dark.

Finding the right position in cybersecurity is challenging. Being successful in the profession takes a lot of work. And becoming a cybersecurity leader responsible for a security team is even more difficult. In Navigating the Cybersecurity Career Path, decorated chief information security officer Helen Patton delivers a practical and insightful discussion designed to assist aspiring cybersecurity professionals entering the industry and help those already in the industry advance their careers and lead their first security teams.

It’s a signal paradox of our times that we live in an information society but do not know how it works. And without understanding how our information is stored, used, and protected, we are vulnerable to having it exploited. In Fancy Bear Goes Phishing, Scott J. Shapiro draws on his popular Yale University class about hacking to expose the secrets of the digital age. With lucidity and wit, he establishes that cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society.

How can we apply technology to drive business value? For years we've been told that the performance of software delivery teams doesn't matter - that it can't provide a competitive advantage to our companies. Through four years of groundbreaking research to include data collected from the State of DevOps reports conducted with Puppet, Dr. Nicole Forsgren, Jez Humble, and Gene Kim set out to find a way to measure software delivery performance - and what drives it - using rigorous statistical methods.

This is a breakdown of the NIST risk management framework process for cybersecurity professionals getting into security compliance. It is written in layman's terms, without the convoluted way it is described in the NIST SP 800-37 revision 2. It goes into what the information system security officer does at each step in the process and where their attention should be focused. Although the main focus is on implementation of the NIST 800 RMF process, this book covers many of the main concepts on certifications, such as the ISC2 CAP.

The confluence of four technologies - elastic cloud computing, big data, artificial intelligence, and the internet of things - writes Siebel, is fundamentally changing how business and government will operate in the 21st century. Siebel masterfully guides listeners through a fascinating discussion of the game-changing technologies driving digital transformation and provides a roadmap to seize them as a strategic opportunity.

The race is on to become a digital enterprise. Every organization has a plan for updating products, technologies, and business processes. But that's not enough anymore. With disruptive startups outperforming industry stalwarts, executives everywhere are pushing greater growth and innovation. Staying competitive demands a complete digital transformation.

Look around you. Artificial intelligence is no longer just a futuristic notion. It's here right now - in software that senses what we need, supply chains that "think" in real time, and robots that respond to changes in their environment. Twenty-first-century pioneer companies are already using AI to innovate and grow fast. The bottom line is this: Businesses that understand how to harness AI can surge ahead. Those that neglect it will fall behind. Which side are you on?

The confluence of four technologies - elastic cloud computing, big data, artificial intelligence, and the internet of things - writes Siebel, is fundamentally changing how business and government will operate in the 21st century. Siebel masterfully guides listeners through a fascinating discussion of the game-changing technologies driving digital transformation and provides a roadmap to seize them as a strategic opportunity.

Red teaming. It is a practice as old as the Devil's Advocate, the 11th-century Vatican official charged with discrediting candidates for sainthood. Today, red teams - comprised primarily of fearless skeptics and those assuming the role of saboteurs who seek to better understand the interests, intentions, and capabilities of institutions or potential competitors - are used widely in both the public and private sector.

Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers - from home thermostats to chemical plants - are all online. All computers can be hacked. And Internet-connected computers are the most vulnerable. Forget data theft: Cutting-edge digital attackers can now crash your car, your pacemaker, and the nation’s power grid. In Click Here to Kill Everybody, renowned expert and best-selling author Bruce Schneier examines the hidden risks of this new reality.

In Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, George Finney, chief security officer at Southern Methodist University, delivers an insightful and practical discussion of Zero Trust implementation. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT security director. Listeners will learn John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach.

Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles.

In How to Measure Anything in Cybersecurity Risk, Second Edition, a pioneering information security professional and a leader in quantitative analysis methods deliver yet another eye-opening text applying the quantitative language of risk analysis to cybersecurity. In the book, the authors demonstrate how to quantify uncertainty and shed light on how to measure seemingly intangible goals. It's a practical guide to improving risk assessment with a straightforward and simple framework.

In The Art of Attack: Attacker Mindset for Security Professionals, Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to and how to use it to their advantage.

In The CISO Evolution: Business Knowledge for Cybersecurity Executives, information security experts Matthew K. Sharp and Kyriakos "Rock" Lambros deliver an insightful and practical resource to help cybersecurity professionals develop the skills they need to effectively communicate with senior management and boards. They assert business aligned cybersecurity is crucial and demonstrate how business acumen is being put into action to deliver meaningful business outcomes.

Beginning in 2018, a powerful app for secure communications, called Anom, began to take root among drug dealers and other criminals. It had extraordinary safeguards to keep out prying eyes--the power to quickly wipe data, voice-masking technology, and more. It was better than other apps popular among organized crime syndicates, except for one thing: it was secretly run by law enforcement. Over the next few years, the FBI, along with law enforcement partners in Australia and parts of Europe, got a front row seat to the global criminal underworld.

In the newly revised third edition of CompTIA CySA+ Study Guide: Exam CS0-003, a team of leading security experts and tech educators delivers comprehensive and accurate coverage of every topic and domain covered on the certification exam. You'll find clear and concise information on critical security topics presented by way of practical, real-world examples, chapter reviews, and exam highlights.

Over the last decade, a single innovation has massively fueled digital black markets: cryptocurrency. Crime lords inhabiting lawless corners of the internet have operated more freely—whether in drug dealing, money laundering, or human trafficking—than their analog counterparts could have ever dreamed of. By transacting not in dollars or pounds but in currencies with anonymous ledgers, overseen by no government, beholden to no bankers, these black marketeers have sought to rob law enforcement of their chief method of cracking down on illicit finance: following the money.

Zero day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy's arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election and shut down the electric grid (just ask Ukraine). For decades, under cover of classification levels and non-disclosure agreements, the United States government became the world’s dominant hoarder of zero days.

The topic of security culture is mysterious and confusing to most leaders. But it doesn't have to be. In The Security Culture Playbook, Perry Carpenter and Kai Roer deliver experience-driven, actionable insights into how to transform your organization's security culture and reduce human risk at every level. This book exposes the gaps in how organizations have traditionally approached human risk, and it provides security and business executives with the necessary information and tools needed to understand, measure, and improve facets of security culture across the organization.