Volumes
The How to CISO Volumes represent guidance to CISOs at specific points in their career: at transition points, or deep diving into specific areas. Each volume is presented both as a PDF, so you can take it with you wherever you go, as well as in HTML form here.
-
How to CISO Volume 0: The Idealized CISO Job Description
Many companies are not in dire need of a CISO right now, but need to define a role for their future CISO, often including a plan to develop the…
-
How to CISO Volume 1: The First 91 Days
Ninety days is generally the grace period (or “honeymoon,” if you’d like) that a new executive has to get acclimated to a new environment. At the end of this…
-
Preview: How to CISO Volume 2: Risk Measurement
As a CISO, you’re often going to be asked to measure risk. This has a lot of different meanings, depending on who is speaking, so you’re going to have…
Handbooks
Think of Handbooks as your very own Cliff Notes on various cybersecurity topics. Whether it’s how to model your organization, thinking about zero trust or AI, or writing job descriptions, Handbooks represent your quick guide to level up your CISO skill set.
-
Handbook: Applying Zero Trust Principles in a Cloud-Centric World
Zero Trust … but to Which Cloud? In the cloud-centric world enterprises increasingly operate in, there are different interesting environments that zero trust principles should be applied to. One…
-
Handbook: Environments
One challenge of being a CISO is understanding scope: when a colleague tells you a truth (hypothetically “We patch our systems regularly”), in what environment is that true? Maybe…
-
Handbook: Zero Trust Principles
In the 2010s, the cybersecurity community was introduced to the concept of zero trust, the idea that implicitly trusting remote systems might be a … bad idea. John Kindervagt…
Talks
How to CISO content has been featured in talks at various conferences, and we’ve collected those talks here for your quick reference: the talk slides, relevant How to CISO Volumes and Handbooks, and external books you might find interesting.
-
RSAC 2025 CISO BootCamp: The Idealized CISO
Welcome to the talk page for A Unicorn Designed by a Committee: The Idealized CISO. You can find additional resources here! Abstract Every CISO arrives by a different path,…
-
RSAC 2025: The CISO to VC Transition
Welcome to the talk page for My Journey – CISO to Partner at a VC Firm, as given at the Tejas Cyber Entrepreneurship Summit. There isn’t a particular abstract,…
-
RSAC 2025: Zero Trust To Give
Welcome to the Talk Page for Having Zero Trust to Give: What should have been next? You can find additional resources here! Abstract Zero Trust generally means either “Zero Trust…