Lately, I have found myself in a position where I need to make an ever increasing amount of leadership and strategy decisions in my career. Unlike, creating firewall rules and running vulnerability scans, developing and maintaining a proper security program takes much more wisdom and judgement and is rarely a matter of selecting between a static set of choices.
Matters of inter-department diplomacy and related conflicts are not something that can be patched-away.
Failure to execute a thoughtfully constructed plan can lead to unexpected turnover or general uncertainty and unhappiness in the security team itself.
Lastly, I believe there is still hope for the aspiring security leader (or for me at-least).
So whats my point? Its time to go back to school!
Using the details outlined in CISO Desk Reference Guide Volumes 1 & 2. I plan on complimenting my relatively technical skillset with the knowledge of how to apply it to solving organization wide security weaknesses.
Please refer to the figure below for the individual topics covered in each book.