Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The Illusion of Due Diligence: Notes from the CISO Underground Paperback – April 27, 2010
|New from||Used from|
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Customers who bought this item also bought
About the Author
Since 1982 Jeff has worked in leadership positions at Fortune 1000 organizations. Jeff is currently an independent consultant working in the cyber security and cyber intelligence fields. He was awarded the RSA 2007 Conference award for Excellence in the Field of Security Practices and his team won the 2007 SC Magazine Award - Best Security Team award. He has BA in Special Studies - Middle East Studies and Arabic Language from Trinity College as well as a MS in Information Assurance from Norwich University. Jeff also holds the CISSP, CISM and NSA-IAM certifications. Jeff served in the United States Air Force as a cryptologic linguist and in the United States Army National Guard as an Armored Scout Platoon Leader. Jeff has published many articles, contributed to numerous books, and sits on a number of advisory boards.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
As he should. Being a security practitioner for the past 25 years
I have come to the conclusion that unless security is mandated by law
Good read and true to what security really means in the corporate world.
Mr. Bardin seems to be very qualified, and he has written some very good columns for CSO Online, where I first saw mention of this document. And I have no doubt that Mr. Bardin adheres to the highest personal standards of professionalism and integrity.
But this is not a finished book. It reads like a very rough first draft, filled with typographic errors and badly constructed sentences. The overall tone of the book is that of a disgruntled employee complaining about all the incompetent and malicious managers he has had to put up with. There are a few useful insights buried in the text, but most of the material consists of attacks on the character, qualifications and ethics of various individuals.
What I was hoping for was some insight into the challenges of working within the business culture, dealing with opposition and competing agendas, forming strategic alliances, making the case for security to management. Instead, I got one long rant, with no useful content.
The author is not afraid to expose his own failures, and convey lessons learned, as well as discuss what has worked and his critical observations on how that too can be improved.
I highly recommend this book to all those in the information security and risk management profession, especially to those who are new to the challenges of management in this profession.
It's plain to see that the author cares about the information security profession. Juxtaposed against that care is his tendency to align himself with characters who are likely to cause trouble. For example, I cannot understand how the author chose to do business with "Ariel," a pseudo-partner who was really an incompetent competitor. I blame the author for his woes with that relationship, but does that mean I should pay attention to how he dealt with the consequences? Similarly, the author took a job working for "the Little Corporal," despite knowing it would be a mess from the beginning! I could cite other examples: resorting to blackmail to keep a job, political power-plays at start-ups, etc. Amazing.
The bottom line is this: should I be listening to the advice of a person who constantly puts himself in compromising positions? Your answer to this question defines if you should read it.
One final note: the book is self-published, so it lacks the presentation and polish one would (usually) enjoy if delivered by a professional publisher. The language and formatting are rough in places but not overly distracting.