We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Executive Summary
Disrupt or Die: What the World Needs to Learn from Silicon Valley to Survive the Digital Era is not something I would say is a must-read for all cybersecurity professionals; but for those cybersecurity executives looking to better develop empathy, and business alignment, this is a book I would suggest reading. My recommendation is this is not a must read for those in the cybersecurity industry or for the canon. At a technical level, this book covers a lot of technologies from the product and CEO seat verses exploring any cybersecurity implications. If you’re looking for ways to secure new technology, this book is not for you. However, this book explores how leadership and companies need to change how they innovate, and the adoption of technology is a critical element of that. As leaders or companies begin to adapt to the type of thinking and methodologies this book explores, CISOs and cybersecurity leaders need to be aware and prepared to ensure this is not perceived as the one area in the company that isn’t being disruptive in the way they think.
The author spends most of the book introducing key concepts related to product management and leadership, providing key examples to support the idea that modern companies need to innovate to survive. Furthermore, the author introduces key ways companies can go about innovating, such as ensuring that product management is not buried within the ranks of the company. When executive management is focusing all its time on the current state of the company and not innovation, the company is in a death spiral usually only seen when disruptive new competition enters the market.
Review
Jedidiah Yueh is a two-time CEO who has successfully built and sold Silicon Valley companies. He is the chairman and founder of Delphix, a software company that focuses on enabling large enterprise companies to accelerate their software development processes. This gives the author of this book a unique point of view, that of a self-driven disruptive entrepreneur, but also in that his company set out to support and introduce some of these concepts though his own products. In this regard, the author is providing insights and observations of his success but also of how other larger companies are thinking and operating – in some cases, in the wrong ways. In the context of the cyber industry and my recommendations, I would say this book provides great insights into leadership, entrepreneurs, but it is not a must read.
As a reviewer, I recommend this book to anyone who is looking to better understand how to drive business alignment as a cybersecurity executive. More importantly, not from the lenses of what is my business doing today, but rather, what key steps do I need to take now within my cybersecurity organization, so we are best prepared to support the future company and its process that, if not understood, could greatly disrupt, and introduce risk to the organization.
One of the biggest fundamental points the author makes is that CEOs needs to be close to product management. There are countless examples where the author speaks about situations in which he was talking with a CEO of a major retailer where it was clear the company was not being led from the top into a digital transformation strategy. The author suggests that the best way for a company to stay ahead of innovation and become disruptive is to have an actively product-driven leadership organization. In some cases, the CEO is the leader of product, even when others hold titles such as CTO. The author describes how CEO Elon Musk spends roughly 80 percent of his time leading and supporting and, in some cases, micromanaging the engineering and product leadership. Amazon has a similar structure in which they have implemented a model called “thin engineering.” Product management and engineering are single leaders. When applied to cybersecurity, the same point can be made. Innovation is only sustainable if its embraced and adopted. Without having cybersecurity close to leadership managing risk, the business could be very successful in developing innovation, but may quickly loose trust and market share due to the cyber risks overlooked during this “need to be faster” mindset.
The book also introduces a lot of concepts around product leadership focusing on entrepreneurship. For those cybersecurity leaders looking to perhaps make a go at building their own products, this book is a must-read. The author explores the methods for understanding your market and looking for those “market seems” to rip for disruption. The reader can look at this from the lens of “am I in a market that has gaps that need to be filled” or of a developing entrepreneur who needs to be developing this sixth sense of observation to find ways to disrupt, such as the example of Uber. The author talks about the point in which this company was first developed: the founders of the company having a difficult time finding a taxi. Or, in the case of Facebook, where they wanted to find ways to network within the school with other people.
Conclusion
Disrupt or Die provided me with a completely new way of looking at cybersecurity leadership. Often, we are reactionary to risks as well as disruption that occurs within our company. As we move into an even more modern, fast-moving set of companies, we as cybersecurity leaders need to rethink our roles and realize that some of the very things we frown on, such as the speed and risks that company are taking, may be necessities in order to survive. I don’t think any cybersecurity executive wakes up thinking, “How can I do my best to ensure my organization is slowed down by my cyber organization.”
Reading this book provides you with a better understanding of the ways your leadership need to start thinking, or if you happen to be working in one of these agile disruptive organizations, its simply about developing a better understanding of what is driving the business. In the end, cybersecurity executives must continue to understand what it means to support the business, secure the technologies within, and drive the cybersecurity program into better alignment. This book provides solid examples of what future companies may look like, even within your current organization. In some cases, this could simply be about how to move your cybersecurity organization into a mini-startup within a bigger slow-moving company. There is benefit in making your cyber program as agile as possible; eventually it may be the only way to properly align to the business – and thus secure it.