What a Security Leader Actually Does
TL;DR I was never a CISO by title. My networking partner and I were both directors, and since our boss was not security savvy, the two of us functioned as
Cybersecurity ghostwriting is a narrow specialty: a writer who can both handle the technical material and turn it into a book in the client’s voice. These articles come from a ghostwriter who ran enterprise security for two decades, wrote policies against NIST CSF and 800-53, and was technical editor on Cyberheist for KnowBe4. The expertise is real, which is why the books are accurate.
TL;DR I was never a CISO by title. My networking partner and I were both directors, and since our boss was not security savvy, the two of us functioned as
TL;DR Most security tools are theater. I sat through endless vendor pitches for products with huge dashboards full of blinking widgets that looked impressive and did almost nothing. Security is
TL;DR The human layer is the biggest security weakness, and the one people are least ready for, because they do not expect other people to be malicious. They do not
TL;DR Security is mostly boring work nobody wants to do. Patching, access reviews, and backups. I ran enterprise security for two decades, and the one time everything went wrong, it
TL;DR Attackers do not usually come through your firewall. If they do, you were sloppy, because firewalls and pen testing are the easy part. The real ways in are social
TL;DR I wrote the security policies and procedures for a company against NIST CSF and NIST 800-53, and these days I ghostwrite books for the security leaders who live this
If this sparked something, let's talk about turning your expertise into a finished book.