A Comprehensive, Forward-Looking Guide to Modern Security Leadership

Redefining Information Security by Brian Wagner offers a compelling look at the evolving cybersecurity landscape and the critical need for organizations to adapt in order to maintain a strong security posture. Wagner makes a strong case for adopting a Zero Trust model—emphasizing constant vigilance and the proper management of threats and alerts as foundational to modern security.

He also stresses the importance of training and education in building a culture where security is prioritized across all levels of an organization. His vision for the evolving role of the CISO is particularly insightful: a leader not just in title, but as a driver of strategy and cultural transformation. This kind of leadership, he argues, sets the tone for the entire enterprise.

The book explores challenges and opportunities in regulated industries such as healthcare and finance, and provides practical discussions on risk assessment, risk management, and risk transfer. Wagner also touches on emerging trends and uses real-world examples to underscore the increasing complexity of the threat landscape.

Overall, this book offers an all-encompassing view of where cybersecurity has been and where it’s headed. While the challenges are significant, Wagner's insights make clear that innovation and strategic leadership can enable organizations not just to defend—but to thrive—in the face of the future.

Thank you to Kogan Page publishing, Brian Wagner, and NetGalley for the ARC.

Redefining Information Security was a really interesting read. It's billed as being for security and technology leaders - as I was reading I was thinking about this, and I actually think it would probably be most useful for IT leaders who haven't done too much in the way of security governance, or alternatively for earlier career people working in security who may be really into the tech but would like to learn more about the bigger picture. The bulk of book gives a great overview of today's threat landscape, challenges businesses face, what a CISO needs to think about and do, risk management and other threads of activity you'll see in most larger enterprises - giving food for thought for smaller companies too. For me the most insightful parts of this book were "Practical implementation: from theory to action", particularly setting security objectives, which is a concept that can be difficult for boards to grasp. The chapter on "Metrics for security empowerment" was a close second, it did what it said on the tin, giving solid ideas for what to measure. Definitely worth the time spent reading, and I'd recommend to others.