Why CISOs Fail (2^nd Ed.) Security, Audit and Leadership Series

Released in 2017, the first edition of Why CISOs Fail reimagined the role of the Chief Information Security Officer in a new and powerful way. Written to be easily consumable by both security pros as well as everyone who must deal with them, the book explores the different realms in which security leaders fail to deliver meaningful impact to their organizations, and why this happens. Its central thesis?that security is primarily a human behavioral discipline rather than a technology one?has been gaining increased attention as a core tenet of the field, and the book was ultimately inducted into the cybersecurity canon as a leading book on security management.

In this freshly updated edition, Barak Engel adds new sections that correspond with the chapters of the original book: security as a discipline; as a business enabler; in sales; in legal; in compliance; in technology; and as an executive function. He explores new ideas in each operational area, providing essential insights into emerging aspects of the discipline. He then proposes two critical concepts for security management?the concept of "digital shrinkage" and the transition from CISO to CI/SO?that together offer a new paradigm for any organization that wants to become truly successful in its security journey.

Why CISOs (Still) Fail is delivered in Barak's conversational, humoristic style, that has attracted a global audience to this and his other book, The Security Hippie. As he notes, the book's goal is to entertain as much as to inform, and he dearly hopes that you have fun reading it.

0. Why?. 1. The Dismal Discipline. 1.2 A Case Study 2. The Business of Being CISO. 2.2 Incidents, Schmincidents 3. Let it Rain. 3.2 Fear Mongering 4. Don’t Call me Sue. 4.2 Orange Coverall Blues 5. Comply, Oh My. 5.2 Voluntary Self-Immolation 6. Techs-Mechs. 6.2 Follywood 7. The CISO, Reimagined. 7.2 A New Paradigm

Barak Engel brings over three decades of information security experience into his writings. As the originator of the vCISO concept, he has served in the CISO role in dozens of organizations such as Stubhub, Mulesoft, Amplitude Analytics, and BetterUp, and his consulting firm, EAmmune, has managed security for hundreds of brands globally. A sought-after speaker and writer, he has made numerous contributions to the field with his
thought-provoking insights about security as a business enabler, leading to the induction in 2021 of Why CISOs Fail into the Cybercannon. Barak serves on multiple security company advisory boards, and is a member of the Theia Institute, a security think tank.