{"id":5789,"date":"2025-11-14T07:00:00","date_gmt":"2025-11-14T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5789"},"modified":"2025-11-14T07:00:00","modified_gmt":"2025-11-14T07:00:00","slug":"the-books-shaping-todays-cybersecurity-leaders","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5789","title":{"rendered":"The books shaping today\u2019s cybersecurity leaders"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

From strategy and psychology to history and decision-making, these are the books CISOs recommend to sharpen your thinking, influence your leadership style, and help navigate the complexity of modern security careers.<\/p>\n

Exploring risk from different angles<\/h2>\n

CISOs, not surprisingly, are interested in risk as it relates to cybersecurity, with some keen to understand future risk measurement and how to make better decisions.<\/p>\n

Superintelligence<\/a> by Nick Bostrom and The Gray Rhino<\/a> by Michele Wucker were put forward by Cribl CISO Mike Lyons. \u201cSuperintelligence is a very interesting look at the risks and rewards of AI and how to secure it. It can invoke an existential crisis as AI continues to play a larger role in our daily lives,\u201d says Lyons.<\/p>\n

The Gray Rhino invites readers to rethink their priorities. \u201cIt highlights how \u2018highly probable, high impact, yet neglected threats plague us every day and it takes grit and resolve to reduce their impact by making change happen,\u201d he says.<\/p>\n

The AI Mirror<\/a> by Shannon Vallor was recommended by Grammarly CISO Giles Douglas<\/a> \u201calthough probably not for the reason you might expect\u201d. The central thesis is that generative AI is trained on backwards-looking data and Vallor is deeply skeptical of artificial general intelligence. \u201cHowever, what struck me most is how this analysis applies to how generative AI is being embedded into security products,\u201d Douglas says.<\/p>\n

\u201cAI integration has allowed us to find anomalous patterns and analyze data at scale, but the book\u2019s focus on the flaws of this approach highlights the ethical implications of doing so. It demonstrates that these systems still need judgment \u2014 a human in the loop \u2014 and can struggle to find truly novel exploits of systems that fall outside of their training data.<\/p>\n

The book considers the implications of feeding massive amounts of security data into such systems can also have a side effect of building surveillance technology where there is pervasive monitoring, blurring the lines between robust monitoring and invasive practices. \u201cMy key takeaway: We still need humans to oversee security systems. The most effective programs will be those that thoughtfully integrate AI capabilities while maintaining strong human oversight and ethical guardrails.\u201d<\/p>\n

How to Measure Anything in Cybersecurity Risk<\/a> <\/em>by Douglas W. Hubbard and Richard Seiersen, was recommended by several CISOs including Daniel Schatz, Qiagen\u2019s CISO, and Wolfgang Goerlich, faculty IANS and Oakland County\u2019s CISO. James Blake, Cohesity\u2019s CISO, said it\u2019s a useful resource that provides spreadsheets and methods for semi-quantitative risk assessment. Similar to FAIR (factor analysis of information risk), this book provides tools and approaches for more accurate risk measurement beyond the traditional risk matrix. \u201cI\u2019d recommend this book to anyone working in cyber risk because it offers meaningful ways to analyze and communicate risk to business leaders,\u201d Blake says.<\/p>\n

Superforecasting: The Art and Science of Prediction<\/a> by Philip E. Tetlock and Dan Gardner, was also recommended by Schatz. The book takes a closer look at what makes or breaks good forecasts in a well-written and entertaining manner. \u201cI think this is a useful book for anyone trying to wrap their head around what the future might bring and consequently it should be of particular interest to risk managers,\u201d tells Schatz. \u201cAlong with the fundamentals of good forecasts and many examples, the authors provide good guidance on how to get to better estimates based on some basic steps.\u201d<\/p>\n

Improving focus and decision making in complex environments<\/h2>\n

In a role defined by continual alerts and competing priorities, CISOs need to rely on their decision-making skills and an ability to find focus. These books explore how to reduce digital noise.<\/p>\n

Daniel Schatz suggested Thinking, Fast and Slow<\/a> by Daniel Kahneman that explores the dual systems of the brain \u2014 fast, intuitive thinking, and slow, rational thinking \u2014 how the human mind can be tripped up by error and prejudice, and strategies for making better decisions. Schatz recommended the book for the insights into how humans make decisions and when they\u2019re most vulnerable to mistakes. \u201cThis understanding is essential for effectively managing human risk and selecting security strategies that account for real-world behavior,\u201d he says.<\/p>\n

On a related topic and co-written by Daniel Kahneman, Noise<\/a> explores why humans are so susceptible to noise in judgment \u2014 and what we can do about it. It was recommended by Wolfgang Goerlich. <\/p>\n

Elliott Franklin, CISO at Fortitude Re, recommended Yeah, But: Cut Through The Noise To Live, Learn, And Lead Better<\/a> by Marc Wolfe because it provides readers with strategies to find clear headspace for thinking and making better decisions \u2014 something that\u2019s important for busy CISOs. \u201cWolfe speaks directly to the internal dialogue that often holds leaders back \u2014 those rationalizations that delay change or innovation. It encourages cutting through noise, both external and internal, to lead with clarity and confidence,\u201d Franklin says.<\/p>\n

Gretchen Rubin\u2019s Better Than Before<\/a> <\/strong>and Cal Newport\u2019s Digital Minimalism<\/a> offer tools to protect what matters most \u2014 your time, focus, and well-being, says Franklin. \u201cSecurity leaders often operate in \u201calways on\u201d mode, but Cal Newport\u2019s push toward intentional tech use is a vital reminder: your attention is a resource, and boundaries are not a luxury, they\u2019re a necessity. Meanwhile, Rubin\u2019s habit framework helps leaders design systems to support their goals, whether that\u2019s better sleep, less email, or more presence at home. Together, these books form a toolkit for leading better \u2014 not just at work, but in life,\u201d adds Franklin.<\/p>\n

Human Hacked: My Life and Lessons as the World\u2019s First Augmented Ethical Hacker<\/a> by Len Noe was recommended by George Gerchow, faculty at IANS Research and Bedrock Security\u2019s CSO. The book goes beyond the hype to explore the complexity of augmented decision-making and the unintended consequences we\u2019re already seeing. \u201cLen pulls back the curtain on how humans, not just machines, are being reshaped by AI. His point of view is grounded, provocative, and seriously worth reading. Full disclosure: Len is a good friend. People like him are rare and, honestly, a little scary. I\u2019m just glad he\u2019s on our side,\u201d he says.<\/p>\n

Understanding human risk in cybersecurity<\/h2>\n

When it comes to security, CISOs know better than most that managing risks and vulnerabilities lies in human behaviour as much as technical tools. These books provide expert insights into the human side of cybersecurity, such as social engineering.<\/p>\n

The Cuckoo\u2019s Egg<\/a> <\/strong>by Cliff Stoll was recommended by International Seaways CIO\/CISO Amit Basu as one of the most important early narratives of cyber intrusion and defense.<\/p>\n

\u201cCliff Stoll\u2019s meticulous pursuit of a 75-cent accounting anomaly exposed an international espionage ring long before cybersecurity became a defined discipline,\u201d says Basu. \u201cHis story demonstrates enduring principles of our field: pay attention to small signals, follow the evidence with rigor, and build partnerships across technical teams, telecom providers, and law enforcement.\u201d<\/p>\n

At a time when automated detection and AI-driven analytics dominate, the book is a reminder that patient investigation, detailed logging, and curiosity often provide the first clues to a major breach. For cybersecurity professionals, it also highlights the human side of defense. \u201cStoll faced skepticism, shifting priorities, and bureaucratic delays, challenges still familiar to CISOs and security teams,\u201d he says. \u201cHis persistence and ability to translate technical findings into action across institutions underscore the leadership and communication skills that remain essential. I recommend this book because it combines the excitement of a real-life thriller with lessons on vigilance, collaboration, and creative problem solving that continue to guide effective cyber defense.\u201d<\/p>\n

The Art of Deception<\/a> by Kevin Mitnick<\/a>, was recommended by Gaurav Kapil, CISO at Bread Financial, because its core message remains relevant today. \u201cOne of the original and most well-known hackers, Kevin Mitnick shares fascinating real-world examples of social engineering and the human side of cybersecurity vulnerabilities. While it\u2019s an older book, it remains a foundational read for anyone interested in understanding how attackers exploit trust to breach systems,\u201d Kapil says.<\/p>\n

Secrets and Lies: Digital Security in a Networked World<\/a> by Bruce Schneier is also recommended by Kapil because it breaks down technical concepts in an accessible way. \u201cA highly respected voice in cybersecurity, Bruce Schneier offers timeless insights into the complexities of digital security. It also explores why focusing solely on technology isn\u2019t enough and requires addressing human behavior, in addition to reevaluating organizational practices,\u201d Kapil says.<\/p>\n

The Art Thief<\/a> by Michael Finkel, about the world\u2019s most prolific art thief who stole hundreds of valuable pieces from museums and evaded law enforcement for years, had a remarkable number of connections to cybersecurity, according to Katie Jenkins, CISO at Liberty Mutual. \u201cThe overarching theme of theft in plain sight had connections to social engineering and how \u2014 similar to cyber adversaries \u2014 skill in deceiving others can yield remarkable gain for the criminal actor,\u201d says Jenkins.<\/p>\n

It also highlights the critical role in identifying and managing vulnerabilities \u2014 whether it\u2019s physical security in museums and galleries or virtual security in the case of cybersecurity. \u201cIn both this literary world and the world of a cybersecurity professional, the core connection is about protecting valuable assets from resourceful, motivated adversaries. Both highlight human elements \u2014 trust, psychology, ingenuity \u2014 as well as technical\/physical controls,\u201d she says.<\/p>\n

Rethinking what effective leadership means<\/h2>\n

It takes dedication to be the best leader. Cybersecurity leaders can turn to books that offer guidance and lessons on developing strong leadership skills, but they\u2019re not always the standard management books.<\/p>\n

How to Win Friends and Influence People<\/a> by Dale Carnegie and David and Goliath<\/a> by Malcolm Gladwell are two books that Christina Cruz, director of cybersecurity at Advance, returns to again and again. \u201cCarnegie\u2019s book has shaped how I lead and communicate, especially in cybersecurity where influence often matters more than authority. It\u2019s helped me build trust across teams, navigate tough conversations with empathy, and connect with stakeholders who don\u2019t live in the technical weeds,\u201d Cruz says.<\/p>\n

Gladwell\u2019s David and Goliath reframed how Cruz thinks about risk and resilience. \u201cIn our field, we\u2019re constantly facing outsized threats with limited resources, and this book reminded me that being the underdog can be an advantage \u2014 if you\u2019re willing to think differently and act boldly.\u201d<\/p>\n

\u201cBoth books have challenged and expanded my perspective \u2014 not just as a cybersecurity leader, but as a person. They\u2019ve helped me approach problems with more creativity, lead with more intention, and stay grounded in the human side of what we do.\u201d<\/p>\n

Start with Why: How Great Leaders Inspire Everyone to Take Action<\/a> by Simon Sinek is another pick by Amit Basu because it\u2019s a powerful framework for leading teams and shaping strategy that is relevant to cybersecurity and technology leadership. \u201cSimon Sinek shows that enduring success begins with a clear purpose, your \u2018why\u2019 before focusing on \u2018how\u2019 or \u2018what\u2019,\u201d says Basu. \u201cIt helps transform security from a compliance obligation into a shared strategic advantage. The book also reinforces how purpose drives trust and resilience,\u201d he says.<\/p>\n

Sinek illustrates that people follow leaders who inspire, not just those who manage. In cybersecurity, where pressure and burnout are constant risks, a clearly stated \u2018why\u2019 keeps teams motivated and engaged through crises and long-term initiatives. \u201cI recommend Start with Why because it offers a clear and practical model for connecting daily operations to a larger vision, enabling leaders to inspire commitment and foster a culture where security and innovation thrive together,\u201d he says.<\/p>\n

The Five Dysfunctions of a Team<\/a> by Patrick Lencioni comes highly recommend by Vasanth Madhure, Couchbase CISO. \u201cIt completely changed my perspective on what makes a team work.\u201d<\/p>\n

The book breaks down why so many teams struggle, starting with the most basic issue: a lack of trust. When a team can\u2019t be vulnerable with each other, they avoid healthy conflict, which leads to a lack of real buy-in and accountability. This all adds up to a team that simply isn\u2019t getting meaningful results. \u201cUltimately, the book\u2019s core message is that trust is the bedrock of any successful team or relationship\u2014not just at work, but in everyday life. For me, this is a daily practice, especially in security, where building trust with everyone, from my team to our customers, is absolutely crucial,\u201d he says.<\/p>\n

\u201cAs a CISO, I\u2019ve learned that effective cybersecurity leadership isn\u2019t just about technical experience or even business strategy. It\u2019s also about possessing the necessary skills to be a trusted and empathic leader,\u201d says Vanta CISO Jadee Hanson. <\/p>\n

Hanson nominated Dare to Lead<\/a> by Bren\u00e9 Brown because it challenges the traditional notion of leadership by emphasizing emotional intelligence and resilience \u2014 qualities that are essential for leading in high-stakes environments. \u201cThe book helps leaders foster cultures of accountability and openness, which are crucial for building transparent and adaptive organizations. It\u2019s a must-read for leaders looking to cultivate trust through genuine connection and authenticity, within their teams and across their organizations.\u201d<\/p>\n

Good leadership is also about providing the right feedback and with this in mind, Radical Candor<\/a> <\/strong>by Kim Scott was recommended by Bethany DeLude, Carlyle Group\u2019s CISO. The book highlights the value of honest, specific and direct feedback delivered in an empathetic, timely and respectful manner. \u201cHer use of a practical and actionable framework, bolstered by real world examples, creates an instructive and compelling map for building a culture of open communication, accountability and employee development,\u201d says DeLude.<\/p>\n

Understanding the cybersecurity industry<\/h2>\n

Cult of the Dead Cow<\/a> <\/strong>by Joseph Mennwas put forward by Helen Patton, Cisco CISO and co-founder of the Cyber Canon Project, as an important history of the people in the cybersecurity industry. \u201cIt covers one of the most famous hacking groups and describes the impact of cybersecurity on businesses, personal and political lives. It\u2019s also a well-written, engaging read that will inform and entertain security and non-security people alike,\u201d says Patton.<\/p>\n

Cybersecurity Myths and Misconceptions<\/a> by Eugene H. Spafford, Leigh Metcalf and Josiah Dykstra was also recommended by Patton because it explains why \u201cconventional wisdom\u201d of the industry doesn\u2019t really seem to work. \u201cThe authors have done a masterful job in explaining why things that might seem logical don\u2019t, in practical terms, make sense. They dissect how the security industry has impacted how we talk about cybersecurity processes, and how that can sometimes be more harmful than helpful,\u201d she says.<\/p>\n

The book explores long-held industry practices that are now just \u201cunderstood\u201d and why those same practices no longer make sense. \u201cThey reveal how humans bring faulty assumptions and biases to the way we do cybersecurity. This book is one that every security practitioner should keep close, for them and for the people they work with.\u201d<\/p>\n

Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup<\/a> by Ross Haleliuk comes highly recommended by Lavy Stokhamer, global head of cybersecurity operations, Standard Chartered. \u201cAs CISOs, we\u2019ve moved far beyond being technical guardians. Today, we are business leaders. Our role demands not only securing the enterprise, but also making strategic bets on which technologies, vendors, and innovations will shape the future of our organisations,\u201d he says.<\/p>\n

\u201cThat\u2019s why Ross Haleliuk\u2019s book is such a valuable read. It peels back the curtain on the start-up world \u2013 how cybersecurity companies are built, what drives their success, and why so many fail. It\u2019s not about code or exploits, but about the market forces, investor pressures, and go-to-market strategies that ultimately determine whether a solution becomes a lasting partner or a short-lived experiment,\u201d he says.<\/p>\n

For technology leaders, this perspective is a strategic advantage. It sharpens the ability to separate enduring innovation from hype, anticipate which startups will thrive, and make decisions that align security with business resilience and growth.<\/p>\n

Books are a reminder that there\u2019s more to life than work<\/h2>\n

In a profession that rarely switches off, books offer CISOs a chance to reflect, recharge, and reconnect with meaning beyond the day job. As a CISO, it\u2019s easy to get drawn into the never-ending work day and Thornton Wilder\u2019s Our Town<\/a> <\/strong>is a reminder to put work into perspective. \u201cWhen I read \u2014 and reread \u2014 the book, I\u2019m reminded to nurture and be present in my whole life,\u201d says DeLude.<\/p>\n

DeLude recommended this book because it\u2019s a reminder that paying better attention to balance unlocks creativity and leads to greater impact in professional life. \u201cBy reflecting, I\u2019ve solved more of the hardest work problems after a weekend of family fun or while out on a walk than stationed in my office.\u201d<\/p>\n

The Alchemist <\/a>by Paulo Coelho, a book with a simple story but a powerful message, was recommended by Nicole Dove, head of security engineering, Games, at Riot Games. \u201cThe main character is on a journey to follow a dream \u2014 he\u2019s unsure and knows he\u2019s deviating from what tradition says he should do \u2014 but he follows his heart. That\u2019s something I truly relate to. I\u2019ve read the book numerous times, and each time I walk away with a new gem. No matter the phase of life I\u2019m in, I can always relate to the character and a stop along his journey. In the end, what he discovers is even greater than he imagined. And that is a story that I too hope to tell,\u201d she says.<\/p>\n

The final recommendation is a book that challenges professionals to rethink their purpose and value in IT, according to Fortitude Re\u2019s Elliott Franklin. Get Out of I.T. While You Can: A Guide to Excellence for People in I.T.<\/a> <\/strong>by Craig Schiefelbein. \u201cFor CISOs and cybersecurity leaders, it\u2019s a bold reminder that excellence isn\u2019t just technical \u2014 it\u2019s about strategic impact and personal fulfillment. If your role no longer aligns with your values, it might be time to reimagine your path, not abandon it.\u201d<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

From strategy and psychology to history and decision-making, these are the books CISOs recommend to sharpen your thinking, influence your leadership style, and help navigate the complexity of modern security careers. Exploring risk from different angles CISOs, not surprisingly, are interested in risk as it relates to cybersecurity, with some keen to understand future risk […]<\/p>\n","protected":false},"author":0,"featured_media":4108,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5789","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5789"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5789"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5789\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4108"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}