Preface

When I was in high school, I was appointed captain of the Newington College Basketball First Team. I felt elated; it was an ambition I had held for many years. Then, my coach, Mr. Herb Barker, who had played rugby for the Australian Wallabies and represented the country at the Commonwealth Games, asked me to ‘pass’ the ball rather than ‘shoot’. Having always been the best shooter on the team, this was a mental challenge as I found myself conflicted. Herb wanted me to make the team better. This was my first lesson in leadership.

This same transition from individual contributor to team enabler defines the CISO journey. The (probably technical) expertise that got you noticed must evolve into something broader: the ability to guide, influence and elevate others while navigating complex organisational dynamics.

A Day in the Life of a CISO is a personal mentoring and coaching session with 24+ CISOs and other cybersecurity leaders. This is not classic textbook material, but career lessons from each leader, told through real stories of crisis management, board presentations, team building, organisational change and the countless unexpected challenges that define our profession. Each story captures both the experience of what happened and the behaviour these leaders had to model in response.

My first book, The Aspiring CIO and CISO, was written to help you get the job. This book is intended to help you be successful as a CISO, once you are appointed to a CISO role. In many ways, that is when the real learning starts, as there will be many situations you will not have experienced before or had the opportunity to learn about firsthand.

To produce this book, I reached out to my network and the network of my contacts to invite CISOs and senior cybersecurity executives to join me in sharing their own scar tissue of learning. These battle-tested insights represent knowledge forged under real-world pressure, the kind that can only be gained through lived experience, not theoretical study. I wanted each leader to tell their own story and provide the advice they themselves wished someone had shared with them earlier in their career.

How to read this book

Each chapter in this book stands as an individual mentoring session, allowing you to learn from the experiences of the leaders who have contributed, whether you read the book sequentially or turn to specific chapters as situations arise in your own leadership journey.

Who this book is for 

This book is intended to help aspiring, new and current CISOs and cyber leaders learn from others who have walked the same or similar paths, and stood in the same CISO shoes. It is for those wanting to learn their craft from experienced CISOs and avoid making their mistakes. The book is your personal mentorship guide to being a CISO.

The CIO can also use this book to learn more about cybersecurity and help them to coach their own CISO. Today’s CISO position demands more than technical expertise; it requires strategic thinking skills, organisational influence and the ability to translate security concepts into business outcomes. Whether you’re leading security initiatives or supporting those who do, the real-world insights in this book from successful practitioners will help you understand not just what effective CISOs do but why they do it.

There is also another audience: the vendor ecosystem that needs to understand how CISOs think, evaluate solutions and make decisions rather than operating on assumptions about their needs. By providing insight into the CISO’s decision-making process, day-to-day work pressures and success metrics, this book will help vendors to build more meaningful relationships and deliver solutions that truly address CISO challenges.

What this book covers

Chapter 1, Sunrise on a New Day, by David J. Gee, marks the start of the CISO’s day. There is a real sense of physical and mental rejuvenation from the night’s rest and the stark realisation that significant challenges await before you can rest again. Just as your mind prepares for the myriad tasks and meetings that will fill the hours ahead, this chapter introduces the parts and chapters of this book, and the CISOs and other cybersecurity leaders who have contributed, providing a strategic overview of your day ahead.

Chapter 2, Hand-to-Hand Combat with Lazarus, by James McLeary, explains how he was confronted with a real nightmare scenario: brand new in the job, he found himself with a serious cyber incident to manage. This is a powerful chapter to start your day in the life of a CISO journey. As you read this, reflect on how you would handle this scenario yourself.

Chapter 3, Priorities for the New CISO, by Keith Howard, covers Keith’s personal insights into his strategic priorities as a new CISO and guidance on what he’d recommend you focus on in your first six months. This chapter is a great reference point for you in starting your CISO career.

Chapter 4, Cyber Threat Intelligence That Is Actionable, by Teresa Walsh, introduces the strategic importance of cyber intelligence to the new CISO through the form of a letter. Her letter to the CISO puts forward a proactive approach to defining what good looks like for cyber intelligence. Without attempting to address everything, the letter introduces key questions to be addressed and provides a starting point for further industry collaboration.

Chapter 5, How I Got to Be CISO, by Silvia Lam Ihensekhien, covers Silvia’s own journey into the CISO role and the lessons she learnt along the way. She also discusses the challenges of being a woman in a male-oriented industry and shares advice for the next generation of women in cybersecurity leadership.

Chapter 6, The Journey to CISO: From Humble Beginnings to Leadership, by Krzysztof Kostienko, contains Krzysztof’s story of moving into a CISO role, from Poland to the UK and then Hong Kong. Lessons he shares include being adaptive, taking calculated risks, being a good manager, developing trust networks and the importance soft skills.

Chapter 7, Stepping Up into a Global Role, by Sam Coco, takes us through Sam’s career journey from individual contributor to leader. This shift required a mindset change, which included learning how to build a new team, delegating and personal resilience.

Chapter 8, Diverse Paths to Cybersecurity Leadership, by Catherine Rowe, covers Catherine’s atypical journey from law to being a CISO. Catherine explains how she applies the skills she gained in law to cybersecurity and advocates for broader cybersecurity leadership recruitment practices.

Chapter 9, Overcoming Doubt, by Stéphane Nappo, explains how to operate in a world where uncertainty is normal, by embracing doubt and using it to your own personal advantage. The absence of doubt can lead to false levels of confidence, so getting the balance right takes some calibration.

Chapter 10, How to Defend with Less, by Adam Cartwright, covers prioritising to protect your most critical assets when you must make trade-offs due to budget constraints. As a CISO, this is where you really earn your pay, and if you get it right, then you reduce the risk for your enterprise.

Chapter 11, Being Brilliant at the Basics, by Sandro Bucchianeri, shares a commonsense approach to cybersecurity: getting the basics right. To be ‘brilliant at the basics’, you and your teams must be disciplined and focused. When your role as CISO has the added dimensions of leading geographically diverse teams, this task can be more complex. Sandro also shares his approach to managing teams effectively across different countries in this chapter.

Chapter 12, A CISO in Japan, by Osamu Terai, contains an overview of the unique challenges that are faced by CISOs in Japan, arguably one of the toughest assignments for a cyber leader in the world. This is a fascinating insight into managing cybersecurity with the odds stacked against you, across a number of dimensions.

Chapter 13, Navigating the C-Suite, Boards, and DOPE Dynamics, by Shamane Tan, shares an innovative approach to effective stakeholder engagement, particularly with the C-suite and board. All CISOs must prioritise advanced stakeholder management to be able to be successful.

Chapter 14, Systems Thinking for CISOs, by Phoram Mehta, is a way to reframe how you tackle your role. There is a complexity and focus on details within cybersecurity, and it is very easy to be drawn into these and to not see the bigger picture. In this chapter, Phoram shares the approach of systems thinking – a holistic approach that can provide you with a larger, more joined-up perspective.

Chapter 15, The CISO as a Change Agent, by Fal Ghancha, covers Fal’s approach to stretching into the role of driving change. This is not a natural role that the CISO has traditionally played but is becoming increasingly critical for enterprises. This is a mindset shift for the CISO and requires some new thinking to approach this responsibility.

Chapter 16, Alternate Career Paths to Consider, by Abbas Kudrati, explores some alternative career paths...