Why CISOs Fail

Released in 2017, the first edition of Why CISOs Fail reimagined the role of the Chief Information Security Officer in a new and powerful way. Written to be easily consumable by both security pros as well as everyone who must deal with them, the book explores the different realms in which security leaders fail to deliver meaningful impact to their organizations, and why this happens. Its central thesis—that security is primarily a human behavioral discipline rather than a technology one—has been gaining increased attention as a core tenet of the field, and the book was ultimately inducted into the cybersecurity canon as a leading book on security management. In this freshly updated edition, Barak Engel adds new sections that correspond with the chapters of the original book: security as a discipline; as a business enabler; in sales; in legal; in compliance; in technology; and as an executive function. He explores new ideas in each operational area, providing essential insights into emerging aspects of the discipline. He then proposes two critical concepts for security management—the concept of "digital shrinkage" and the transition from CISO to CI/SO—that together offer a new paradigm for any organization that wants to become truly successful in its security journey. Why CISOs (Still) Fail is delivered in Barak's conversational, humoristic style, that has attracted a global audience to this and his other book, The Security Hippie. As he notes, the book's goal is to entertain as much as to inform, and he dearly hopes that you have fun reading it.