The Cybersecurity Canon – CISO: Desk Reference Guide; A Practical Guide for CISOs Volume 2

Share and earn Cybytes
Facebook Twitter LinkedIn Email


We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!


Executive Summary

I recommend “CISO: Desk Reference Guide; A Practical Guide for CISOs volume 2” be included in the Cybersecurity Canon Hall of Fame candidate list alongside its first volume companion. These two books will provide any CISO – newbie or ragged veteran – the reference material to build and improve their security programs. The authors present the essentials and represent the perfect example of what a desk reference guide should be: a collection and starting point for topics that all current and aspiring CISOs should know about. The content may not be the final word on many of these subjects, but it is a fantastic place readers can start to think about their own ideas regarding what the role of a CISO is and will be in the next decade. Where they take that knowledge from there is on them.



Full disclosure: I have known Gary Hayslip, one of the three authors of this guide, for a number of years. He is a no-nonsense network defender, and his wisdom expressed at the various security conferences we all attend has been, in many cases, the sole reason to go. He brings that same sensibility to volume two of the CISO’s Desk Reference Guide. Gary and his fellow authors, Bill Bonney and Matt Stamper, published volume one back in 2016; and Canon Committee member, Ben Rothke, recommended it as a Cybersecurity Canon Candidate at the end of last year. Rothke said that the book is “an excellent example” of what a desk reference guide should be: a collection and starting point for topics that all current and aspiring CISOs should know about. It may not be the final word on many of these subjects, but it is a fantastic place to start so that readers can begin thinking about and developing their own ideas regarding what the role of a CISO is.


Topics Covered

In volume one, they specifically covered these topics:

  • Office of the CISO organization
  • Policy and audit
  • Information classification
  • Third party-risk
  • Metrics
  • Board management
  • Risk management
  • Tools

For this volume, the authors complete the picture by including:

  • Finding talent
  • Cyber awareness training
  • Basic cyber hygiene
  • Monitoring
  • Threat intelligence
  • Continuity planning
  • Incident response
  • Recovery
  • Forensics
  • Strategic planning


This is not a book you read cover-to-cover; rather, you have it on your desk to refer to when you need a pointer or two. When I was in the U.S. Army, we called these things our “smart books,” and they contained bits and pieces of knowledge that we learned through the school of hard knocks. The best thing about these volumes is that you have three seasoned professionals giving us their notes so that we don’t have to go through the pain of discovery ourselves.


Picking Some Nits

As with any reference book on a topic as complex as this one, there are a few things here that might have used more detail or I felt didn’t explore certain sides of an issue.

In the talent section, the authors rightfully point out that there is a giant shortfall of qualified personnel for the over 2 million open positions in the industry today. Their general suggestions about how to fill your open positions are spot on. I was disappointed that they did not mention the diversity issues also prevalent in our industry. Minorities and women are severely underrepresented, and whatever your strategy is to hire for your team, it had better include a healthy dose of diversity and inclusion.

In the hygiene section, the authors make the case that basic common-sense actions to protect themselves will go a long way in preventing cyber adversaries from being successful. I was disappointed that they did not discuss the recent DevOps or DevSecOps movement, whereby the entire community is moving toward automating these kind of hygiene items.

In the threat intelligence section, the authors do a good job of defining what threat intelligence is; how it is not a one-size fits all; and that you have to build the kind of intelligence your organization needs based on your culture, your senior leadership’s desires, and what you think are the basic intelligence needs for your organization. They lay out the benefits of information sharing and describe a number of potential sharing organizations that any CISO might consider joining. I was pleased to discover a mention of the Palo Alto Networks open source intelligence sharing tool, MineMeld, that organizations can use to connect to one API, collect and reformat information, and redirect it to another API. But I was disappointed that they did not describe the intelligence life cycle. For any intelligence program to be effective, intelligence professionals continuously work their way through a four-stage cycle.

First, they define the CEO/CSO Information Requirements (CIRs). These are the high-level questions the leadership wants the intelligence team to work on. Second, they evaluate their sources of information through the lens of “can the intelligence team answer the CIRs.” If they can, fine. If they can’t, they need to seek additional intelligence sources. Third, they need to transform the raw information into intelligence reports. This is the actionable intelligence that you have heard everybody in our industry talk about. Lastly, they have to deliver those reports to the right customers to take action.



Like I said, I’m just picking some nits. I recommend that this book be included in the Cybersecurity Canon Hall of Fame candidate list, along with its first volume companion. These two books, alongside a Hall of Fame winner, “Winning as a CISO,” by Rich Baich, will provide any CISO, newbie or ragged veteran, the reference material to build and improve their security programs. All three books represent a block of material that is a great place to start. The block is not complete by any means. If it were, it would be over a thousand pages long and instantly out-of-date the day the authors published it. To misquote Ferris Bueller, “[Things] moves pretty fast. If you don’t stop and look around once in a while, you could miss it.” But these books present the essentials. Where you from there is on you.



“The Cybersecurity Canon – CISO Desk Reference Guide: A Practical Guide for CISOs Volume 1,” book review by Ben Rothke, 28 December 2017, last visited 14 March 2018,


“Winning as a CISO,” book review by Rick Howard, 12 January 2015, last visited 14 March 2018,


The post The Cybersecurity Canon – CISO: Desk Reference Guide; A Practical Guide for CISOs Volume 2 appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?