Shamane Tan prompted me to write this post with her question “Keen to hear your greatest takeaway from each book” in response to a question from Dan Goldberg where we discovered a mutual interest in three books: Shamane’s Cyber Risk Leaders, A Hacker I Am by Craig Ford, and The Five Anchors of Cyber Resilience by my colleague and friend Phillimon Zongo. I thought about her question and wanted to write some short and insightful answer, and then I realised that the right answer is ….. “I don’t know yet.” Now before you jump in and say that is an unsatisfactory answer and I am just dodging the question – let me explain.
For the love of reading
To say that I love reading is an understatement. Every month I am still somewhat shocked when I get my credit card statement and realise how much I have spent on books - again. One-click checkout on Amazon has made buying books super convenient but it is also fuelling my impulse buying. My reading addiction is probably still the after effects of our early married years when my wife Haniki and I couldn’t afford to buy books and spent many Friday evenings in the library to “stock up” on books for the weekend, or at the bookstore trying to read as much of the new release books as we could before the staff could see what we were doing and kicked us out.
I love to read widely - fiction, non-fiction, inside my field or outside. When we moved to Australia 23 years ago, we discovered Australian historical fiction and devoured it – authors like Peter Watt, Peter Yeldham and Judy Nunn became our guides to exploring our new adopted country from different perspectives. Five years ago, when we had the privilege to go and live in Switzerland for a few years, books about Switzerland and books by Swiss authors like Martin Suter became my way of getting to know the country and its people while improving my rudimentary high school German.
One of our greatest pleasures is “discovering” a new author, especially if they have been writing for several years with a series of books in print. People talk about Netflix creating a generation of “binge watchers” – well my Amazon Kindle account has turned me into a “binge reader.”
I am happy that our love of reading has also been passed on to our children. When one of our sons at age 5 got his first bedside table, he immediately ran to the bookshelf and came back with a pile of books to put on it “like Dad.” And for our first grandchild’s baby shower our daughter requested “No presents please, just books.”
Photo by Claudio Schwarz | @purzlbaum on Unsplash
Reading only becomes learning when we apply it in practice
So, when I read non-fiction – is that for enjoyment or for learning? Probably a bit of both. I love reading, mostly for enjoyment and relaxation, but I also have an insatiable curiosity and love to learn new things. Everyone learns differently. I find it very difficult to watch videos or sit at conferences and listen to people talk, however I find that I learn best by reading and then applying that knowledge, often by debating it with other people. I love tackling a problem together with other people and looking at how to apply new knowledge to a complex situation.
I don’t know which bits of insight from your books will stick and pop up at an unexpected moment, and which ones will have such an impact that it will become an indistinguishable part of who I am and what I do.
We are the sum of our reading
Our thinking and behaviour are shaped by our experiences, and the collective sum of our reading is no small part of this. One of the books which most influenced my thinking on cyber was “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon” by Kim Zetter. This quote summarises it well: “Stuxnet let the genie out of the lamp in terms of how you could do this kind of attack. You can now target all kinds of other devices,” says one former government worker. “Where does it end? It doesn’t seem like there’s any oversight of these programs. Sadly, the scientists are not pulling back the reins. They’re excited that someone is giving them money to do this research. I don’t think I ever saw anyone question what was being done. I don’t think there was a lot of consciousness about it.”
Other little snippets of insight have had a lasting influence on my thinking. More than 20 years ago I was fortunate to be in a full day session with Michael Porter, the “father of modern strategy”, at Harvard Business School. Many of the things I learned on that day have shaped and influenced my thinking and business career ever since, however the most profound bit of insight on the day came from the grey haired strategy consultant sitting next to me who said, in this thick Dutch accent: “Strategy is not what you do, it is what you NOT do.” At another education session on strategy at Instead ten years later I learned that good strategy is not about having the answer, but about framing the strategy in the right way by asking the right questions. Whenever I do any strategy work, and especially cyber strategy where there is always too much to do and not enough money, time or resources to do it, I combine these to ask: “what are we NOT going to do?” That question invariably helps focus the mind on what is essential and what is not.
So Shamane, when you ask what my greatest takeaways are – I will need to come back to you on that. I hope to get the opportunity to use what I have learned from each of you to help solve the next complex problem I come across.
All three your books are chock-full of insights, anecdotes and real life experiences, all covering the fascinating topics of cyber security and cyber resilience from different perspectives.
I don’t know which nuggets of insight will stick in the recesses of my brain and pop up just at the right time - maybe it will be Phil’s insights on the impact of cyber risk on the cost of capital, or maybe your chapters on “CISO and the Business: Money, Power and Influence.” Or maybe it will be Craig’s views on what to look for when hiring security talent – going beyond the technical skills and certificates and also looking at attributes like interest, community participation, attitude and personality fit - a topic I am very passionate about.
I do know that each of you have enriched my life and my thinking through your books.
Thank you for letting the light in
“Whenever you read a good book, somewhere in the world a door opens to allow in more light.” - Vera Nazarian
Thank you so much Phil, Shamane and Craig for the blood, sweat and tears that went into publishing your first books. I don’t know what motivated each of you to do it, but together with all your other readers I would like to express my sincere gratitude for opening the doors on your knowledge and allowing more light in.
Thank you for the immense enjoyment I could experience from reading your first books – I am looking forward to the next one!
Jan is a well-known veteran of the IT and cybersecurity industry. He is an independent cyber security strategy advisor to Boards and Executives. Jan was previously partner at a Big 4 professional services firm for more than 25 years, leading cyber security consulting projects for large global organizations.