strategy regardless of the industry they operate in.
This book won't create a new framework or standard, but will translate those that exist into a commonsense selection for entrepreneurs, business leaders, and individual contributors. There is no wrong framework or standard that you could select, but not adopting one will certainly spell disaster for any organization, start-up, or 100-year-old organization. A phrase I vividly remember from my time in the Army deployed to Iraq that sums this up is “get off the X”; regardless of the decision, not making one is typically always wrong.
This book is the culmination of my experience of over 20 years in cybersecurity at start-ups, global tech companies, the National Security Agency, and US military. Since I started this preface with a favorite quote I'd like to close with one that I feel sums up how this book came about. In Nassim Nicholas Taleb's book Antifragile he writes, “I write with my scars.” I cannot agree more. Without spending many years doing this work and without the support of many professionals that have helped me along the way this book would not be possible. I hope that my experience helps you start-up secure.
NOTES
1 1. A security incident and event management tool is a system that ingests, processes, correlates, stores, and sometimes takes action on security log events from your systems. These systems can be your laptop, servers running in your cloud infrastructure, or even other security tools.
2 2. The “offensive security certified professional” is an intense certification that requires hands-on testing of an individual's skills of advanced penetration testing techniques. It is one of the more difficult certifications to achieve.
3 3. http://www.kauffman.org/∼/media/kauffman_org/research%20reports%20and%20covers/2015/05/kauffman_index_start-up_activity_national_trends_2015.pdf
4 4. http://www.csoonline.com/article/3075293/leadership-management/cybersecurity-recruitment-in-crisis.html
Acknowledgments
THANK YOU TO EVERYONE who has helped shape who I am over my career. This book absolutely would not have happened without your impact on my life.
Will Lin: I felt I would need an entire chapter to give you proper credit – you have shaped and changed my career and life in ways I may not even know yet.
Richard Seiersen: Thank you for writing one of my favorite books – if not for you, this book most likely would not have happened. I am in debt to your generosity.
Anne Marie Zettlemoyer: Your counsel has been priceless and I feel so very fortunate to call you a friend. Thank you for making me feel included.
Chris Cottrell: I am so thankful for and miss our long walks around the building and for you being a sounding board for my crazy career aspirations I was probably in over my head on. And most of all I value your trust in me. I hope we get to work together again. I am also thankful for [redacted].
Bridgett Nuxoll: You taught me more about cybersecurity than almost anyone. I thought I was the mentor but I was definitely the mentee. And I will always buy Crane & Co.
Jeff Dewberry: I sleep soundly every night knowing you are providing the blanket of freedom our country enjoys.
Yael Nagler: I can't find the words to express how appreciative I am to know you and benefit from your friendship and always accurate advice.
Koos Lodewijkx: Your mentorship has been a huge influence on this book, and while I might never be able to repay that debt, I hope I can at least pay it forward.
Ryan Naraine: Thank you for giving me my first break on a podcast and always being the voice of reason.
Kevin O'Brien: Your feedback has helped make this book even more valuable for the founders that will read it.
Paul Ihme: I appreciate your honesty, feedback, and friendship all these years. I feel lucky to have “come up” together from our days in the government.
Brian Markham: Thank you for making time for me and giving me your valuable experience to make this book a resource for founders. Who knew I'd gain a great friend from one interview?
Gary Hayslip: Thank you for your advice and support. You are always setting the example for cybersecurity leaders and I'm fortunate to continue learning from you.
Allan Alford: Your willingness to always help others is an inspiration to me. Thank you for the honest feedback.
Harold Moss: Thank you for your sound judgment and for leading by example.
Ganesh Pai: Your advice as a founder has been instrumental in helping my audience and giving other founders the critical information they need.
Masha Sedova: Thank you so much for your time and always putting users first. You are truly changing cybersecurity for the better.
Michael Piacente: Your kindness and thoughtfulness when giving your time is a gift. I still remember our first phone call that felt like I was talking to a longtime friend.
Sinan Eren: Thank you for your perspective as a serial founder and all that you have done and do for the cybersecurity community.
Chris Berry: Thank you for being the type of leader someone can aspire to be and teaching me to “ask for forgiveness, not permission.” It has served me well over my entire career.
John Scilieri: Your friendship and mentorship over the years helped me make all the right decisions. Thank you for the copy of The Obstacle Is the Way, which motivated me to take a risk that paid off and opened my eyes to Stoicism.
Eric Kough: You gave my resume on Monster.com a chance and opened countless doors for me. I'm forever in debt.
Joe Karolchik: It was a privilege to have you as a leader and mentor to learn from.
Victor Goltsman: I'm so grateful for the opportunity I had to work with you, and I try to apply every day what I learned from you.
Security Tinkerers: Thank you to each and every one of you. I am extremely fortunate to be in your company.
About the Author
Chris Castaldo is an industry-recognized chief information security officer (CISO) and expert in building cybersecurity programs for start-ups. Chris's cybersecurity experience stretches over 20 years in start-ups, Fortune 1000s, and the US Government. He has scaled cybersecurity programs and teams from the ground up, and he also advises start-ups. Chris is a US Army veteran and a Visiting Fellow at the National Security Institute at George Mason University's Antonin Scalia Law School.
Introduction
