Introducing my new book! Boardroom Cybersecurity: A director's Guide to Mastering Cybersecurity Fundamentals

Back in March I started what i'll call 'a journey' to release my next book. As part of my role (and as a public speaker outside of work) I present to directors, boards and organisations nearly every week on various topics from pentests to security guidance and advice, to CISO services and consulting, to cyber-attacks and the dark web. The overwhelming feedback I get from most directors and boards is that even now, they just don't understand cyber, cyber risks, pentests, audits, compliance all these security areas where information is presented to them and they need to try and decipher it, to make decisions for their organisation (and to obtain assurance), and also how this translates back to their obligations and requirements as directors.

Because of this knowledge gap, all the information they receive is typically, filtered because they don't understand the concepts, so the c-suite could be painting any picture for the organisation, and the directors would have no idea, on the same token, the IT manager, as an example might be requesting a large amount of capital for certain cybersecurity technologies that may not even reduce the overall risk profile for the organisation, so the book empowers the reader with the knowledge to ask the right questions from both internal and external stakeholders.

My vision was for all directors, board members and C-suite to walk into their next board or management meeting with this handbook, to bridge that knowledge gap between IT, infosec and directors and boards, and to understand cyber-related information that’s presented to them, and to assist them with making decisions based off best-practices for securing all organisations and my almost 20 years worth' of cyber security experience.?

As a director and a member of the board they need to at least have a basic understanding of cyber security principles so that when an audit or pentest report or compliance report of internal security posture report is put in front of them, they understand the terminology, know how to read the results and benchmark, and identify how this translates back to due diligence and business objectives.

The Journey has been a long one..

In March I started and completed the first draft of the book, there was so much info in my brain I wanted to get down on paper and share to the masses, I completed my first manuscript in a matter of weeks. I wanted to ensure that my book ticked off the information, concepts, areas and addressed questions from real world directors and C-Suite on cyber risk and resilience. To this end, I decided to invite a number of people from different industries and management levels, from directors, C-Suite (including CEOs), IT Managers, compliance people and consultants to review my manuscript and provide feedback. A quick post on LinkedIn and I received an overwhelming response. I had to turn some people away as I had too many requests!

It's a daunting process just handing your manuscript out to the world to critique your work, but it was the only way I could ensure that the content was bang on, was not missing any areas, and in reflection, it was the best decision I had made. I have a long standing relationship with the CEO Institute, having presented at a large number of syndicate meetings and annual conferences over the years, and had some further amazing support from the CEO institute in connecting my manuscript with directors at different companies for review, and the feedback was extremely positive from all reviewers both on and off LinkedIn, with lots and lots of recommendations, refinements and additional areas to consider including. I want to personally thank the 10 of you who critiqued my book, you know who you are, you are amazing individuals, and it wouldn't be the work of art it is today if it wasn't for your feedback!

3 or 4 revisions later and my "final" manuscript was ready. I received one peice of great feedback in the manuscript reviews, which was to reach out and get my book reviewed through director development channels such as the Australian Institute of Company Directors (AICD), Board direction and others. Disappointingly, I reached out to all of these companies multiple times via email and phone, my emails went unanswered, my calls were "we cant assist here" or "send us an email and we will pass it on internally", super disappointing, I was shocked to say the least, I would assume that these sort of bodies would want to better the knowledge of their member base, but obviously not. Their loss.

Publishing

It was now time to source a publisher. For my first book, Hack Proof Yourself: The essential guide to securing your digital world, I opted to Self-Publish. I found an amazing self-publishing platform australian business called Tablo Publishing, which I used to publish this book, self-publishing is great as you have full control over your book, but since I last published, tablo seems to have gone bust, authors were no longer getting paid, their support no-longer answers messages and emails etc, which was disappointing. I looked into various other self-publishing options such as Ingram Spark, Draft2Digital etc, all had mixed reviews.

So I decided to go through a publishing house. It was also a bit of a bucket list item to be published externally I must admit. I had exposure to Packt publishing contacts through my early co-author contributions to the 'Learn Social Engineering' book published through them and reached out to them for this new book, they were keen to work with me and pitched my book to their board before returning with feedback. This process with packt took just under 2 months before I received feedback, and they wanted to proceed with my book, but it needed to be coauthored with someone in the US (as that's where their largest base was), required a bunch of changes to the content to cater for the US market, and would no longer be a book specifically targeted to the ANZ region, which was the whole reason I wrote the book. I decided to pass. In the many many weeks that followed I reached out to about 10 different publishing houses, from wiley to sage, to austin mcauley, springer and finally Apress. Most had coverage already for the topic, or were not keen to proceed, Lucky last, Apress, were super keen on my book and found my content filled a gap they were missing in their extensive library of books. I signed a contract with Apress in June. I'm absolutely stoked to introduce boardroom cybersecurity.

Introducing Boardroom Cybersecurity: A director's guide to mastering Cybersecurity Fundamentals

Boardroom duty is a comprehensive handbook designed for boards, directors and Management who have a responsibility over cyber security and ensuring cyber resilience for their organisation.? It provides practical to the point information to help directors make informed decisions for their organisation, as well as to understand the various cyber security concepts, from frameworks, to compliance, to audits and penetration testing, and empowers the reader with the information they need to ensure that their organisation does not become the next headline. It ties back in with AICD, APRA and other security principles as well as frameworks, governance, director responsibilities, handling incidents and lots more. It covers every realm you need to be across as a leader for your organisation to ensure a cybersecure and cyber resilient organisation. Apress have anticipated the book as a "fall" release, which in the us means September - November, i'm currently going through the motions to finalise the chapters with them. I will post links etc. when it becomes available for purchase.

#apress #bookpublishing #boardroomcybersecurity #cybersecurity #infosec #directors

?

?