From strategy and psychology to history and decision-making, these are the books CISOs recommend to sharpen your thinking, influence your leadership style, and help navigate the complexity of modern security careers.
Exploring risk from different angles
CISOs, not surprisingly, are interested in risk as it relates to cybersecurity, with some keen to understand future risk measurement and how to make better decisions.
How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen, was recommended by several CISOs including Daniel Schatz, Qiagen’s CISO, and Wolfgang Goerlich, faculty IANS and Oakland County’s CISO.
James Blake, Cohesity’s CISO, said it’s a useful resource that provides spreadsheets and methods for semi-quantitative risk assessment. Similar to FAIR (factor analysis of information risk), this book provides tools and approaches for more accurate risk measurement beyond the traditional risk matrix. “I’d recommend this book to anyone working in cyber risk because it offers meaningful ways to analyze and communicate risk to business leaders,” Blake says.
Superforecasting: The Art and Science of Prediction by Philip E. Tetlock and Dan Gardner, was also recommended by Schatz.
The book takes a closer look at what makes or breaks good forecasts in a well-written and entertaining manner. “I think this is a useful book for anyone trying to wrap their head around what the future might bring and consequently it should be of particular interest to risk managers,” tells Schatz. “Along with the fundamentals of good forecasts and many examples, the authors provide good guidance on how to get to better estimates based on some basic steps.”
Improving focus and decision making in complex environments
In a role defined by continual alerts and competing priorities, CISOs need to rely on their decision-making skills and an ability to find focus. These books explore how to reduce digital noise.
Daniel Schatz suggestedThinking, Fast and Slow by Daniel Kahneman that explores the dual systems of the brain — fast, intuitive thinking, and slow, rational thinking — how the human mind can be tripped up by error and prejudice, and strategies for making better decisions.
Schatz recommended the book for the insights into how humans make decisions and when they’re most vulnerable to mistakes. “This understanding is essential for effectively managing human risk and selecting security strategies that account for real-world behavior,” he says.
On a related topic and co-written by Daniel Kahneman, Noise explores why humans are so susceptible to noise in judgment — and what we can do about it. It was recommended by Wolfgang Goerlich.
“Security leaders operate in high-stakes environments where constant alerts, evolving threats, and business pressures create a cycle of burnout and reactive decision-making,” said Elliott Franklin, CISO at Fortitude Re.
Franklin recommended Yeah, But: Cut Through The Noise To Live, Learn, And Lead Better by Marc Wolfe because it provides readers with strategies to find clear headspace for thinking and making better decisions — something that’s important for busy CISOs. “Wolfe speaks directly to the internal dialogue that often holds leaders back — those rationalizations that delay change or innovation. It encourages cutting through noise, both external and internal, to lead with clarity and confidence,” Franklin says.
Gretchen Rubin’s Better Than Before and Cal Newport’s Digital Minimalism offer tools to protect what matters most — your time, focus, and well-being, says Franklin.
“Security leaders often operate in “always on” mode, but Cal Newport’s push toward intentional tech use is a vital reminder: your attention is a resource, and boundaries are not a luxury, they’re a necessity. Meanwhile, Rubin’s habit framework helps leaders design systems to support their goals, whether that’s better sleep, less email, or more presence at home. Together, these books form a toolkit for leading better — not just at work, but in life,” adds Franklin.
Human Hacked: My Life and Lessons as the World’s First Augmented Ethical Hacker by Len Noe was recommended by George Gerchow, faculty at IANS Research and Bedrock Security’s CSO.
The book goes beyond the hype to explore the complexity of augmented decision-making and the unintended consequences we’re already seeing. “Len pulls back the curtain on how humans, not just machines, are being reshaped by AI. His point of view is grounded, provocative, and seriously worth reading. Full disclosure: Len is a good friend. People like him are rare and, honestly, a little scary. I’m just glad he’s on our side,” he says.
Understanding human risk in cybersecurity
When it comes to security, CISOs know better than most that managing risks and vulnerabilities lies in human behaviour as much as technical tools. These books provide expert insights into the human side of cybersecurity, such as social engineering.
The Art of Deception by Kevin Mitnick, was recommended by Gaurav Kapil, CISO at Bread Financial, because its core message remains relevant today. “One of the original and most well-known hackers, Kevin Mitnick shares fascinating real-world examples of social engineering and the human side of cybersecurity vulnerabilities. While it’s an older book, it remains a foundational read for anyone interested in understanding how attackers exploit trust to breach systems,” Kapil says.
Secrets and Lies: Digital Security in a Networked World by Bruce Schneier is also recommended by Kapil because it breaks down technical concepts in an accessible way.
“A highly respected voice in cybersecurity, Bruce Schneier offers timeless insights into the complexities of digital security. It also explores why focusing solely on technology isn’t enough and requires addressing human behavior, in addition to reevaluating organizational practices,” Kapil says.
The Art Thief by Michael Finkel, about the world’s most prolific art thief who stole hundreds of valuable pieces from museums and evaded law enforcement for years, had a remarkable number of connections to cybersecurity, according to Katie Jenkins, CISO at Liberty Mutual.
“The overarching theme of theft in plain sight had connections to social engineering and how — similar to cyber adversaries — skill in deceiving others can yield remarkable gain for the criminal actor,” says Jenkins.
It also highlights the critical role in identifying and managing vulnerabilities — whether it’s physical security in museums and galleries or virtual security in the case of cybersecurity. “In both this literary world and the world of a cybersecurity professional, the core connection is about protecting valuable assets from resourceful, motivated adversaries. Both highlight human elements — trust, psychology, ingenuity — as well as technical/physical controls,” she says.
Rethinking what effective leadership means
It takes dedication to be the best leader. Cybersecurity leaders can turn to books that offer guidance and lessons on developing strong leadership skills, but they’re not always the standard management books.
“As a CISO, I’ve learned that effective cybersecurity leadership isn’t just about technical experience or even business strategy. It’s also about possessing the necessary skills to be a trusted and empathic leader,” says Vanta CISO Jadee Hanson.
Hanson nominatedDare to Lead by Brené Brown because it challenges the traditional notion of leadership by emphasizing emotional intelligence and resilience — qualities that are essential for leading in high-stakes environments. “The book helps leaders foster cultures of accountability and openness, which are crucial for building transparent and adaptive organizations. It’s a must-read for leaders looking to cultivate trust through genuine connection and authenticity, within their teams and across their organizations.”
Good leadership is also about providing the right feedback and with this in mind, Radical Candor by Kim Scott was recommended by Bethany DeLude, Carlyle Group’s CISO. The book highlights the value of honest, specific and direct feedback delivered in an empathetic, timely and respectful manner.
“Her use of a practical and actionable framework, bolstered by real world examples, creates an instructive and compelling map for building a culture of open communication, accountability and employee development,” says DeLude.
Books are a reminder that there’s more to life than work
In a profession that rarely switches off, books offer CISOs a chance to reflect, recharge, and reconnect with meaning beyond the day job. As a CISO, it’s easy to get drawn into the never-ending work day and Thornton Wilder’s Our Town is a reminder to put work into perspective.
“When I read — and reread — the book, I’m reminded to nurture and be present in my whole life,” says DeLude.
DeLude recommended this book because it’s a reminder that paying better attention to balance unlocks creativity and leads to greater impact in professional life. “By reflecting, I’ve solved more of the hardest work problems after a weekend of family fun or while out on a walk than stationed in my office.”
The Alchemist by Paulo Coelho, a book with a simple story but a powerful message, was recommended by Nicole Dove, head of security engineering, Games, at Riot Games.
“The main character is on a journey to follow a dream — he’s unsure and knows he’s deviating from what tradition says he should do — but he follows his heart. That’s something I truly relate to. I’ve read the book numerous times, and each time I walk away with a new gem. No matter the phase of life I’m in, I can always relate to the character and a stop along his journey. In the end, what he discovers is even greater than he imagined. And that is a story that I too hope to tell,” she says.
The final recommendation is a book that challenges professionals to rethink their purpose and value in IT, according to Fortitude Re’s Elliott Franklin.
Get Out of I.T. While You Can: A Guide to Excellence for People in I.T. by Craig Schiefelbein.
“For CISOs and cybersecurity leaders, it’s a bold reminder that excellence isn’t just technical — it’s about strategic impact and personal fulfillment. If your role no longer aligns with your values, it might be time to reimagine your path, not abandon it.”
No Responses