The burnout rate of a Chief Information Security Officer (CISO) is pegged at about 16 months. In other words, that is what the average tenure of a CISO is at a business. At the end of their stay, many CISOs look for totally different avenues of work, or they try something else – namely starting their own Cybersecurity Consulting business. Although a CISO might have the skill and knowledge set to go it alone, it takes careful planning to launch a successful Cyber Consulting business. This ranges all the way from developing a business plan to choosing the specific area in Cybersecurity that they want to serve.
How to Start Your Own Cybersecurity Consulting Business: First-Hand Lessons from a Burned-Out Ex-CISO is written by an author who has real-world experience in launching a Cyber Consulting company. It is all-encompassing, with coverage spanning from selecting which legal formation is most suitable to which segment of the Cybersecurity industry should be targeted. The book is geared specifically towards the CISO that is on the verge of a total burnout or career change. It explains how CISOs can market their experience and services to win and retain key customers. It includes a chapter on how certification can give a Cybersecurity consultant a competitive edge and covers the five top certifications in information security: CISSP, CompTIA Security+, CompTIA CySA+, CSSP, and CISM.
The book’s author has been in the IT world for more than 20 years and has worked for numerous companies in corporate America. He has experienced CISO burnout. He has also started two successful Cybersecurity companies. This book offers his own unique perspective based on his hard-earned lessons learned and shows how to apply them in creating a successful venture. It also covers the pitfalls of starting a consultancy, how to avoid them, and how to bounce back from any that prove unavoidable. This is the book for burned-out former CISOs to rejuvenate themselves and their careers by launching their own consultancies.
Author(s): Ravi Das
Publisher: CRC Press/Auerbach
Year: 2022
Language: English
Pages: 172
City: Boca Raton
Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
Acknowledgments
About the Author
Chapter 1 Introduction – The CISO
About Myself
What the C-Suite Is
The C-Suite Roles
The Role of the Chief Information Officer (CIO)
The Role of the vCISO
The Key Differences between the vCISO and the CISO
The Benefits of the vCISO
Other Related CISO Roles
The Role of the vPO
The Role of the vCCO
The Role of the CISO
Security Operations
Cyber Risk and Cyber Resiliency
Defining Cyber Risk
How to Manage Cybersecurity Risk
Introduction – What Exactly Is Cyber Resiliency?
An Example of Cyber Resiliency
How the Definition of Cyber Resiliency Was Met
What Is the Difference between Cyber Resiliency and Cyber Security?
The NIST Special Publication 800-160 Volume 2
Data Loss
The Data Breach
Top Five Tips to Avoid a Data Breach
Internal Fraud Prevention
How to Avoid Internal Fraud
Identity and Access Management
Biometrics and Identity Management
Introduction
What Biometrics Is All About
How Biometrics Can Confirm Your Identity
Biometrics as a Replacement to the Password
An Introduction to the Zero Trust Framework
Introduction
What Exactly Is Zero Trust?
How to Implement the Zero Trust Framework
The Advantages of the Zero Trust Framework
Third-Party and Vendor Risk Management
How to Manage Third-Party Risk
Introduction
The Types of Third-Party Risks
How to Manage Third-Party Risks
The Importance of Vendor Compliance Management
Introduction
What Is Vendor Compliance?
The Components
Investigations and Forensics
The Use of Artificial Intelligence in Digital Forensics
How It Is Being Used
Governance
Understanding IT Governance, Risk, and Compliance
Introduction
What Exactly Do They Mean?
Other Factors That Keep the CISO Up at Night
What the CISO Can Do to Improve the Odds of Tenure
The Quantitative Backup
Further Reading
Chapter 2 The Business Plan
What Should I Focus My Business On?
Choosing the Legal Business Entity
The Different Kinds of Entities
The LLC
The S Corporation
The C Corporation
Getting the FEIN Number
Your Business’s Website
Establishing Payment Terms and Hiring Employees
Setting Up Payment Terms
Hiring New Employees
Do I Need a Brick-and-Mortar Presence?
The Financial Components of the Business Plan
The Profit and Loss Statement
The Cash Flow Statement
The Break-Even Point
Further Reading
Chapter 3 Launching the Threat-Hunting Business
Introduction
A Formal Definition of Proactive Threat Hunting
The Process of Proactive Threat Hunting and Its Components
Hiring Your Threat Hunting Team
Level 1 Questions
Question 1
Question 2
Question 3
Question 4
Question 5
Question 6
Question 7
Question 8
Question 9
Question 10
Level 2 Questions
Question 1
Question 2
Question 3
Question 4
Question 5
Question 6
Question 7
Question 8
Question 9
Question 10
Question 11
Level 3 Questions
Question 1
Question 2
Question 3
Question 4
Question 5
Question 6
Question 7
Question 8
Question 9
Question 10
The Characteristics of a Good Threat Hunter
The Value of a Good Threat Hunter
Launching the Threat Hunting Exercise
The Risk Assessment – What Needs to Be Examined
Determining What to Hunt For and How Often
Launching the Threat Hunting Remediation Exercise
Determining the Effectiveness of the Threat Hunting Exercise
Further Reading
Chapter 4 Staying Ahead of the Competition
The Top Five Certs
The Different Ways to Prepare for a Cybersecurity Certification
Be On Top of the Hiring Curve
Introduction
What Is the Solution???
Further Reading
Index
