Cantitate/Preț
Produs
Total produse
Vezi coșul
The CISO Playbook: The Adversarial Mindset de Andres Andreu

The CISO Playbook: The Adversarial Mindset: Security, Audit and Leadership Series

Autor Andres Andreu, Hector Monsegur
en Limba Engleză Paperback – 5 oct 2026
Guiding security leaders and executives who hold the privilege of defending modern organizations, “The CISO Playbook - The Adversarial Mindset” is a leadership-focused blueprint for outmaneuvering adversaries that iterate relentlessly. In an era where attackers view corporate defenders as “dumb, weak, and ineffective” due to organizational drag and over-reliance on static tools, this book empowers leaders to reclaim the initiative by adopting a true adversarial mindset.
Harnessing the concept of Decision Advantage, the book moves beyond treating incidents as isolated technical events by thinking in adversary terms: objectives, constraints, and tradecraft. It bridges the gap between attacker methods and board-level risk, showing how to translate security outcomes into the language of economics, EBITDA, and revenue protection.
Operationalizing lessons from real-world campaigns like SolarWinds, Volt Typhoon, and Operation Aurora, the text connects tradecraft to operational reality. It introduces the unique metric of Time-to-Hazard Neutralization, moving past ticket metadata to focus on the verified removal of risk from the environment.
Spotlighting the rise of the “Artificial Adversary,” a central thread details how AI-enhanced human actors and autonomous systems act with malicious intent. From industrialized “vibe hacking” to active scanning and autonomous reconnaissance, the book reveals how AI accelerates the attacker’s OODA loop and how CISOs must respond by compressing their own defensive cycles.
Translating theoretical models into repeatable methods, the text provides strategies for terrain engineering, deception, and resilience-centric incident response. Written for CISOs, deputies, and security leaders, it serves those who both brief members of C-Suites and boards and also run outcome-based programs. Instead of remaining a reactive enforcer, readers will find a blueprint for becoming a proactive Enterprise Risk Leader. Navigating this shift ultimately rewards the disciplined observation required to outthink the opponent.
 
Citește tot Restrânge

Din seria Security, Audit and Leadership Series

  • Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program
    Preț: 39994 lei
  • 20% Beautiful Security: When Science Meets Cybersecurity
    Preț: 38795 lei
  • 11% Cognitive Hack and Cognitive Risk Set
    Preț: 61524 lei
  • 20% Fire Brigades to Firewalls: A Public Safety Guide to Cybersecurity
    Preț: 35490 lei
  • 20% Cumulative Effect: Cyber Security Guide for Directors and CEOs
    Preț: 37187 lei
  • Transforming Cybersecurity Audit Practices with Agility and Artificial Intelligence (AI)
    Preț: 45110 lei
  • Digital Momentum: Building Real Change-Ready Enterprises
    Preț: 45169 lei
  • 20% The Change Agent, Auditor Essentials, and Operational Auditing Three-Book Set
    Preț: 115855 lei
  • Bridging the Gap: Strengthening the Bond between Audit Committee and Internal Audit
    Preț: 41430 lei
  • CISO: Evolution of a Vocation: Confessions of a Recovering CISO
    Preț: 41748 lei
  • 20% Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework
    Preț: 35945 lei
  • 20% Controlling Privacy and the Use of Data Assets Set
    Preț: 66332 lei
  • 20% Operational Auditing: Principles and Techniques for a Changing World
    Preț: 39908 lei
  • 15% Corporate Governance: A Pragmatic Guide for Auditors, Directors, Investors, and Accountants
    Preț: 43536 lei
  • 20% The Security Leader’s Communication Playbook: Bridging the Gap between Security and the Business
    Preț: 49393 lei
  • 20% Rising from the Mailroom to the Boardroom: Unique Insights for Governance, Risk, Compliance and Audit Leaders
    Preț: 51533 lei
  • 20% Artificial Intelligence Perspective for Smart Cities
    Preț: 28849 lei
  • 20% Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications
    Preț: 137387 lei
  • The Security Hippie
    Preț: 31928 lei
  • 20% University Auditing in the Digital Era: Challenges and Lessons for Higher Education Professionals and CAEs
    Preț: 51514 lei
  • Practitioner's Guide to Business Impact Analysis
    Preț: 35651 lei
  • Radical Reporting: Writing Better Audit, Risk, Compliance, and Information Security Reports
    Preț: 21916 lei
  • 20% Evidence-Based Cybersecurity: Foundations, Research, and Practice
    Preț: 47802 lei
  • 20% Leading the Internal Audit Function
    Preț: 50786 lei
  • 20% Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Technology Product
    Preț: 125887 lei
  • 20% Operational Assessment of IT
    Preț: 34095 lei
  • 20% Controlling Privacy and the Use of Data Assets - Volume 1: Who Owns the New Oil?
    Preț: 34364 lei
  • 20% The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity
    Preț: 99179 lei
  • 20% Say What!? Communicate with Tact and Impact: What to say to get results at any point in an audit
    Preț: 50996 lei
  • 20% Auditing Information and Cyber Security Governance: A Controls-Based Approach
    Preț: 53383 lei
  • 20% The Auditor’s Guide to Blockchain Technology: Architecture, Use Cases, Security and Assurance
    Preț: 31921 lei
  • Finding Your Granite: My Four Cornerstones of Personal Leadership
    Preț: 33716 lei
  • 20% The Complete Guide for CISA Examination Preparation
    Preț: 28656 lei
  • 20% Next-Generation Enterprise Security and Governance
    Preț: 67508 lei
  • 20% Information System Audit: How to Control the Digital Disruption
    Preț: 46089 lei
  • Cognitive Risk
    Preț: 30317 lei
  • Internal Audit Practice from A to Z
    Preț: 38271 lei
  • 20% Mind the Tech Gap: Addressing the Conflicts between IT and Security Teams
    Preț: 29152 lei
  • Cognitive Hack: The New Battleground in Cybersecurity ... the Human Mind
    Preț: 38939 lei
  • Modern Management and Leadership: Best Practice Essentials with CISO/CSO Applications
    Preț: 31951 lei
  • 20% Software Quality Assurance: Integrating Testing, Security, and Audit
    Preț: 30407 lei
  • 20% The Complete Guide to Cybersecurity Risks and Controls
    Preț: 97194 lei
  • 20% Auditor Essentials: 100 Concepts, Tips, Tools, and Techniques for Success
    Preț: 47492 lei

Preț: 29105 lei

Preț vechi: 41838 lei
-30% Precomandă

Puncte Express: 437
Paperback 29105 lei
Hardback 69587 lei

Carte nepublicată încă

Livrare prin curier în România Precomanda se expediază când titlul devine disponibil.
Transport gratuit de la 40000 lei Plată online sau ramburs, în funcție de opțiunile comenzii.
Retur gratuit în 14 zile Comandă securizată și suport în română.
 Precomandă

Wish list
Gift list
Am citit!
Adaugă în listă
Doresc să fiu notificat când acest titlu va fi disponibil:
Trimite

Specificații

ISBN-13: 9781041200567
ISBN-10: 1041200560
Pagini: 280
Ilustrații: 22
Dimensiuni: 178 x 254 mm
Ediția:1
Editura: CRC Press
Colecția CRC Press
Seria Security, Audit and Leadership Series

Public țintă

Professional Practice & Development, Professional Reference, and Professional Training

Cuprins


Chapter 1 - The Need to Understand the Adversary: 1.1 How Cyber Adversaries View Defenders, 1.2 Who Are the Adversaries?, 1.3 The Psychology of the Cyber Adversary, 1.4 Threat Intelligence and Adversary Analysis, 1.5 How to Adopt an Adversarial Mindset, 1.6 Benefits of Adopting an Adversarial Mindset, 1.7 Adversary Anecdote - MAC Attack at 30,000 Feet, 1.8 Historical Case Studies in Adversarial Thinking, 1.9 Case Study - The SolarWinds Attack (2020), 1.10 Understanding the Adversary as a Strategic Imperative, 1.11 Conclusion, References; Chapter 2 - The Motivations of Attackers: 2.1 The Psychological Drivers of Cybercrime, 2.2 The Forensic Psychology Perspective on Cybercriminals, 2.3 Socioeconomic and Cultural Factors of Cybercrime, 2.4 Case Study - The Twitter Hack (2020), 2.5 The Evolution of Cyber Threat Actors, 2.6 Adversary Anecdote - Boast, Toast, and Breach, 2.7 Leveraging the Adversarial Mindset, 2.8 Conclusion, References; Chapter 3 - Cognitive Biases and Decision-Making in Cyber Warfare: 3.1 Why Bias Matters to CISOs, 3.2 The Adversary’s Decision-Making Process, 3.3 Groupthink in Cybersecurity Teams, 3.4 Case Study - Operation Aurora (2009), 3.5 How CISOs Can Overcome Bias in Cybersecurity Leadership, 3.6 Adversary Anecdote - Deepfakes, Shallow Checks, 3.7 How CISOs Can Make Bias-Resistant Decisions, 3.8 Conclusion, References; Chapter 4 - The Attacker’s Toolbox – Techniques, Tactics, and Procedures: 4.1 Understanding the Attacker’s Approach, 4.2 Adversary Anecdote - Jackpot Pivot: Casino to Code, 4.3 Advanced Persistent Threats (APTs) - The Long Game, 4.4 Case Study - The Sony Pictures Hack (2014), 4.5 Building an Adversary-Focused Defense Strategy, 4.6 Conclusion, References; Chapter 5 - Acting Like an Attacker - Red Teaming for Leadership: 5.1 What Exactly is Red Teaming?, 5.2 Why CISOs Need Red Teaming in Their Security Strategy, 5.3 The Business Case for Red Teaming - Moving Beyond Compliance, 5.4 Understanding Red Teaming vs. Penetration Testing, 5.6 How CISOs Can Implement Red Teaming in Their Organizations, 5.7 Building a Realistic Adversary Simulation Program, 5.8 Integrating Adversary Simulations into Business Leadership, 5.9 Adversary Anecdote - Controls Don’t Coordinate Themselves, 5.10 Overcoming Common Challenges in Red Teaming, 5.11 Case Study - U.S. Department of Defense Cyber Table Top Exercises, 5.12 Some Examples of Red Teaming in Action, 5.13 The Future of Adversary Simulation - AI, Autonomous Agents, and the Next Frontier of Threat Emulation, 5.14 Conclusion, References; Chapter 6 - Cyber Deception and Psychological Warfare: 6.1 Cyber Deception, 6.2 Case Study - The Use of Deception Techniques in Exposing the APT1 Group, 6.3 Psychological Warfare, 6.4 Adversary Anecdote - Official Updates, Unofficial Backdoors, 6.5 Case Study - Israeli Cyber Warfare Tactics, 6.6 Conclusion, References; Chapter 7 - Breaking the Attacker’s Kill Chain: 7.1 Understanding the Cyber Kill Chain, 7.2 Disrupting the Kill Chain at Each Stage, 7.3 Adversary Anecdote - Cut the Wire, Cut the Story, 7.4 Conclusion, References; Chapter 8 - Adversary Informed Threat Intelligence - Turning Data into Action: 8.1 Understanding Threat Intelligence, 8.2 Why Threat Intelligence Fails in Many Organizations, 8.3 Adversary Anecdote - Indicators Don’t Defend, Teams Do, 8.4 Integrating Threat Intelligence into Security Operations, 8.5 Using MITRE ATT&CK for Intelligence-Driven Security, 8.6 Case Study - The Capstone Turbine Breach (2023), 8.7 Future of Cyber Threat Intelligence - AI-Driven Threat Prediction, 8.8 From Detection to Anticipation, 8.9 Conclusion, References; Chapter 9 - Adversary Informed Cyber Resilience and Incident Response: 9.1 What is Cyber Resilience?, 9.2 The Adversarial Informed Approach to Cyber Resilience, 9.3 Adversary Anecdote - Breaking News: You’ve Been Owned, 9.4 The Adversarial Informed Approach to Incident Response, 9.5 Case Study - The NotPetya Attack - A Cyber Resilience Success Story (2017), 9.6 The Role of AI in Next-Gen Incident Response, 9.7 Conclusion, References; Chapter 10 - The Artificial Adversary - AI Technologies: 10.1 AI Technologies in Cybersecurity, 10.2 Adversary Anecdote - Click Install, Ship Secrets, 10.3 Case Study - GTG-1002: The First Reported AI-Orchestrated Cyber-Espionage Campaign (2025), 10.4 Conclusion, References; Chapter 11 - The Artificial Adversary: 11.1 Offense - AI as a Weaponized Tool, 11.2 Defense - AI-Driven Capabilities and Strategies, 11.3 Autonomous Adversary - Beyond Human Control, 11.4 Case Study - RunSybil - Autonomous AI Agents Simulate Real-World Hacking (2024), 11.5 AI Governance, Security Frameworks, and Maturity Models, 11.6 Ethical and Legal Considerations, 11.7 Metrics and KPIs for AI Security Effectiveness, 11.8 Adversary Anecdote - Prompt, Paste, Profit, 11.9 Emerging Artificial Threat Trends, 11.10 Conclusion, References; Chapter 12 - The Future of the CISO as an Adversary Aware Entity: 12.1 Future Cyber Adversaries, 12.2 From Security Enforcer to Enterprise Risk Leader, 12.3 Building Decision Advantage, Not Just Defenses, 12.4 Adversary Anecdote - When the Pipes Talk, 12.5 Regulatory and Fiduciary Shifts, 12.6 Case Study - The Volt Typhoon Campaign (2023), 12.7 The Evolving Role of the CISO, 12.8 Conclusion; Appendix A - Example Adaptive IR Playbook - Ransomware With Possible Data Theft: Phase 0: Activation (T0 to T0+15m) - Containment, Phase 1: Evidence Preservation (ENTER once incident mode is declared; start by T0+60m; run in parallel through Phases 2–3), Phase 2: Initial Access and Privilege Check (start by T0+1h; checkpoint findings by T0+4h), Phase 3: Containment Hardening (ENTER after Gate A classification; begin immediately for A2 outbreaks, otherwise begin by T0+4h; core guardrails in place by T0+12h), Phase 4: Recovery Execution (begins after Gate D decision; typically ~T0+24h onward depending on scope/confidence), Phase 5: Post-Incident Improvements (T0+7d to T0+30d), Gate A: Scope Classification (complete by T0+30m), Gate B: Exfiltration / Double-Extortion Determination (start by T0+2h; re-assess at least every 2h until de-escalation), Strategic Note, Gate C: Eradication Confidence (before any restoration), Gate D: Restore Strategy Selection (decision by T0+24h; execute restore waves from T0+24h to T0+72h+ depending on scope/confidence); Appendix B - Mindset-Informed Adversary Emulation with Open-Source Tools: B.1 Objective, B.2 Tools and Building Blocks, Installing CALDERA with the Stockpile Plugin, B.3 High-Level Workflow, B.4 Roles and Responsibilities, B.5 Exercise 1: Mindset-Informed Emulation of APT29 (SolarWinds-Style Post-Compromise), Adversary Objective.

Notă biografică

Andres Andreu is currently the Chief Executive Officer (CEO) at Constella Intelligence, a 4X Chief Information Security Officer (CISO), and a renowned cybersecurity leader. He holds prestigious credentials including CISSP and ISSAP and is a Boardroom Certified Qualified Technology Expert (QTE). With a diverse career traversing federal government, corporate sectors, and entrepreneurial ventures in cybersecurity, he is a mentor, startup advisor, and an acclaimed author.
His government tenure includes a significant impact in lawful intercept technology within federal law enforcement, earning three U.S. Department of Justice awards for his contributions to drug law enforcement. Transitioning to the corporate realm, Andres made a mark at Ogilvy & Mather as a partner and Chief Application Architect, later consulting for high-profile entities like the United Nations. As a founding member and key executive at Bayshore Networks (acquired by Opswat in 2021) and cybersecurity leader at Constella Intelligence, 2U, Inc./edX, and Hearst, his expertise has been pivotal in shaping varying cybersecurity landscapes.
Andreu's leadership and innovative approaches have garnered him accolades such as a Top 100 CISO (C100) by Security Current, Top 50 Information Security Professional, and recognition in leading industry publications. His experience encompasses both offensive and defensive cybersecurity strategies, underpinned by a philosophy that balances executive and employee objectives.
Author of “The CISO Playbook”, “Professional Pen Testing Web Applications”, and contributor to “97 Things Every Application Security Professional Should Know”, his work extends beyond writing to inventing, with patents in cybersecurity innovations. He is also an active member of the Forgepoint Capital Cybersecurity Advisory Council.
A Cuban immigrant and proud American citizen, Andres balances his professional achievements with a happy marriage and four wonderful kids. He is an International level certified Judo coach with USA Judo, and an artist. Andreu's multifaceted career and personal achievements highlight his profound impact on the cybersecurity field and beyond.
Hector Monsegur, known globally online as “Sabu,” is one of the most infamous names in the history of hacking. As the driving force behind the legendary hacking collective LulzSec, an offshoot of Anonymous, he spearheaded high-profile breaches against Sony Pictures, PBS, Fox.com, and multiple government systems. His campaigns during the early 2010s redefined the scale and spectacle of cyber intrusions, making him a symbol of the hacker underground and a pivotal figure in the evolution of digital security.
After his arrest in 2011, Monsegur shocked the world by cooperating with U.S. federal authorities, helping to disrupt major planned cyberattacks and prevent untold damage. This unexpected turn gave him rare insight into both sides of the cybersecurity battlefield - the tactics of hackers and the mechanisms of law enforcement. His transformation from blackhat to security insider is a story of redemption and reinvention, steeped in controversy, credibility, and unmatched real-world experience.
Today, Hector is Chief Research Officer at SafeHill, a cutting-edge cybersecurity research firm dedicated to protecting organizations from the kinds of threats he once unleashed. SafeHill’s services include elite penetration testing and its flagship threat exposure management platform, SafeHill SecureIQ, which enables businesses to identify, prioritize, and eliminate vulnerabilities before attackers can exploit them. Under his leadership, SafeHill is quickly earning a reputation as a disruptive force in the cybersecurity industry.
Beyond his work at SafeHill, Monsegur is an accomplished co-author, adjunct professor, and sought-after keynote speaker. He brings his signature edge and authenticity to classrooms, conferences, and boardrooms alike, training professionals and students to think like hackers while defending like strategists. His experience bridges underground hacking culture and enterprise-level security operations, making him one of the few experts who truly understands the full spectrum of cyber risk.

Descriere

Guiding security leaders and executives who hold the privilege of defending modern organizations, “The CISO Playbook - The Adversarial Mindset” is a leadership-focused blueprint for outmaneuvering adversaries that iterate relentlessly.