Submitted by: Jo Anna Parker Martin 

When I look for cybersecurity books to review I specifically keep an eye out for books written by women and minorities for a broad range of perspectives. This one caught my interest with its strong title and black minimalist cover. The deciding factor was its length, coming in at 224 pages and only 10 chapters, making this a pretty short book during a month I knew would be quite busy for me. Allison Cerra, former Chief Marketing Officer at McAfee, claims The Cybersecurity Playbook is a “step-by-step guide to protecting your organization from unknown threats and integrating good security habits into everyday business situations.” Instead, this book is more like a fluffy self-help book for people who have never heard terms like Risk Management, MSSP, or incident response.

To be fair, the author notes in the book that she does not have a cybersecurity background and encourages sharing the material with lay persons. The book starts strong, opening with the story of McAfee’s social media getting hacked and how they (and she) responded. She is an engaging storyteller and uses analogies and metaphors well to explain concepts that a lay-reader may not be familiar with. By the end of the first chapter, I was hopeful that this would be a sensible read for non-technical people and the odd cybersecurity professionals. 

A few chapters later I was thoroughly disillusioned by the lack of meaty content and the syrupy presentation. Don’t get me wrong, it’s not necessarily terrible. The book is incredibly easy to read and accessible to anyone. The format is solid, each chapter opening with a story, followed by an explanation or more details, and wrapping up with actionable recommendations. She cleverly coins these action items “W.I.S.D.O.M.”  (What I’ll Say (and do) Differently On Monday), which is a cute idea. These suggestions run the gamut from very insightful (pie charts kind of suck) to totally obvious (“do not fall for the phish”), with most leaving a saccharine flavor behind. 

This unfortunately titled book will be misleading to most cybersecurity professionals “in the trenches”. To most SOC analysts, red teamers, and incident responders, a “cybersecurity playbook” involves detailed steps and procedures for responding to cybersecurity events, or outlining standard operating procedures and guidelines. This book is not that. More of a primer on how cybersecurity affects leadership, the book’s audience is mostly non-technical folks and C-level executives (CIOs, CFOs, etc.). Each section helpfully targets a specific type of role. In order they are:

• The Board/CEO
• The Employee
• The Product Developer
• HR Professionals
• Marketer/Communicator
• Finance Professional
• The Cybersecurity Professional

In an effort to appeal to such a wide audience, she frequently goes off on tangents with her stories. For example, later in the book, she spends several paragraphs outlining how earthquakes impact society, backing it up with a lot of scientific earthquake facts. It is not that this isn’t interesting or relevant when she brings it back around to the topic, but from a cybersecurity standpoint, she veers too far off the road. She wraps up with a few platitudes about how cybersecurity affects everyone and that we all should work together. Cerra appeals to “summoning the power of the crowd” in order to spread a culture of security throughout our organizations. While this is a commendable goal, it falls flat coming from a Chief Marketing Officer. I am still not certain this isn’t a large ad for McAfee disguised as a book.

Verdict: I could see this being useful for a new CISO with zero cybersecurity background, who got thrown into the role for whatever reason (we all know this happens), as well as any executives, board members or managers who are beginning to work with/for a CISO for the first time. I can also see this being interesting for cyber muggles who want to learn about “big picture” cybersecurity at large organizations, while not being asked to think too hard.

If that isn’t you, don’t read this book.