Awesome CSO Resources

A curated list of resources for Chief Security Officers and aspiring security leaders spanning both cyber and physical security domains.

Cyber Security

Frameworks & Standards

NIST Cybersecurity Framework - Guidelines for mitigating organizational cybersecurity risks
ISO/IEC 27001 - Information security management systems standard
CIS Controls - Prescriptive, prioritized set of cybersecurity best practices
MITRE ATT&CK - Globally-accessible knowledge base of adversary tactics and techniques
OWASP Top 10 - Standard awareness document for developers and web application security

Risk Management Resources

Factor Analysis of Information Risk (FAIR) - Framework for understanding, analyzing and measuring information risk
Risk Management Framework (RMF) - NIST's structured process that integrates security and risk management activities

Tools

SecurityScorecard - Security ratings platform
BitSight - Security ratings for managing third-party risk, underwriting cyber insurance
Recorded Future - Security intelligence platform
Splunk - Platform for machine data analytics
IBM QRadar - Security information and event management (SIEM) solution

Books & Publications

The CISO Handbook - A practical guide to securing your company
How to Measure Anything in Cybersecurity Risk - By Douglas W. Hubbard and Richard Seiersen
CISO Desk Reference Guide - A practical guide for CISOs
Security Metrics: Replacing Fear, Uncertainty, and Doubt - By Andrew Jaquith

Certifications

Certified Information Systems Security Professional (CISSP) - Advanced-level security certification
Certified Information Security Manager (CISM) - Management-focused security certification
Certified Chief Information Security Officer (CCISO) - Certification for information security executives
GIAC Security Leadership (GSLC) - Certification validating knowledge of security leadership

Cyber & Physical Threat Intelligence

Frameworks & Methodologies

Intelligence Cycle - Traditional framework for intelligence collection and analysis
Diamond Model of Intrusion Analysis - Framework for analyzing intrusions

Platforms & Tools

ThreatConnect - Intelligence platform with analytics and automation
MISP - Open-source threat intelligence platform
Anomali - Threat intelligence platform
EclecticIQ - Threat intelligence platform
Flashpoint - Business risk intelligence platform

Information Sources

US-CERT - US Computer Emergency Readiness Team
CISA Alerts - Cybersecurity alerts from the Cybersecurity and Infrastructure Security Agency
FBI InfraGard - Partnership between the FBI and the private sector
OSAC - Overseas Security Advisory Council for international security information
DSAC - Domestic Security Alliance Council

Books & Publications

Intelligence-Driven Incident Response - By Scott J. Roberts and Rebekah Brown
The Tao of Open Source Intelligence - By Stewart K. Bertram
Open Source Intelligence Techniques - By Michael Bazzell

Certifications

Certified Threat Intelligence Analyst (CTIA) - EC-Council certification
SANS FOR578: Cyber Threat Intelligence - Training course for CTI professionals

Physical Security Threat Assessments

Frameworks & Methodologies

CARVER Matrix - Target analysis and vulnerability assessment technique
RAMCAP - Risk Analysis and Management for Critical Asset Protection
FEMA Risk Assessment - Methodology for assessing risks to critical infrastructure
Crime Prevention Through Environmental Design (CPTED) - Multi-disciplinary approach to deterring criminal behavior

Tools & Resources

DHS Infrastructure Survey Tool (IST) - Web-based security survey
Facility Security Plan Template - Template from the Interagency Security Committee

Books & Publications

Physical Security: 150 Things You Should Know - By Lawrence Fennelly and Marianna Perry
The Design and Evaluation of Physical Protection Systems - By Mary Lynn Garcia
Introduction to Security: Operations and Management - By P.P. Purpura

Certifications

Physical Security Professional (PSP) - ASIS certification
Certified Protection Professional (CPP) - ASIS certification
Certified Security Consultant (CSC) - IAPSC certification

Facilities Security

Standards & Guidelines

ISC Security Design Criteria - Federal facility security standards
ASIS Facilities Physical Security Measures Guideline - Comprehensive guidelines for facility protection
NFPA 730: Guide for Premises Security - Guidelines for physical security of buildings

Key Technologies

Access Control Systems - Guidelines for implementing access control
Video Surveillance Systems - Best practices for CCTV implementation
Alarm Systems - UL standards for alarm systems
Perimeter Security - Modern approaches to perimeter protection

Books & Publications

High-Rise Security and Fire Life Safety - By Geoff Craighead
Security Supervision and Management - By IFPO
Building Security: Handbook for Architectural Planning and Design - By Barbara A. Nadel

Resources

ASIS Facilities Physical Security Council - Professional council focused on facility security
GSA Security Standards - Federal standards for facility security

Executive/Dignitary Protection

Methodologies & Frameworks

Protective Intelligence - Threat assessment approach for VIP protection
Advance Work - Pre-event security planning

Best Practices

US Secret Service Best Practices - Overview of protection methodologies
Close Protection Protocols - Industry standard protection protocols
Travel Risk Management - Best practices for executive travel security

Books & Publications

Introduction to Executive Protection - By Dale L. June
The Protected - By Christopher Falkenberg
Confessions of a Protection Officer - By Timothy Spratt

Training & Certifications

Executive Protection Institute - Training programs for executive protection
Certified Protection Professional (CPP) - ASIS certification
Executive Protection Specialist (EPS) - Specialist certification

Insider Threat & Insider Risk

Frameworks & Programs

NITTF Insider Threat Program - National Insider Threat Task Force resources
CERT Insider Threat Center - Research and resources from Carnegie Mellon
CISA Insider Threat Mitigation - Government resources for insider threat programs

Tools & Technologies

User and Entity Behavior Analytics (UEBA) - Technology for detecting anomalous behavior
Data Loss Prevention (DLP) - Technologies to prevent data exfiltration
Privileged Access Management (PAM) - Tools to control privileged access

Books & Publications

Insider Threat: Prevention, Detection, Mitigation, and Deterrence - By Michael G. Gelles
Managing the Insider Threat: No Dark Corners - By Nick Catrantzos
The CERT Guide to Insider Threats - By Dawn M. Cappelli, Andrew P. Moore, and Randall F. Trzeciak

Case Studies & Lessons Learned

PERSEREC Espionage and Insider Threat Research - Research on espionage cases
Insider Threat Case Studies - Real-world examples and analysis

Certifications & Training

Certified Insider Threat Program Manager - Specialized certification
SANS FOR554: Insider Threat Management - Training course for insider threat professionals

Leadership & Management

Strategic Planning

Security Strategic Planning Framework - Framework for security strategy development
Balanced Scorecard for Security - Performance measurement framework

Team Building & Management

Security Leadership Competency Model - Skills and competencies for security leaders
Managing Security Teams - Harvard Business Review insights applicable to security

Communication & Influence

Executive Communication for Security Leaders - Strategies for effective communication
Building a Security Culture - ISACA guide to security culture

Books & Publications

The Art of the CISO - By Allan Alford
How to Become a CISO - By Christophe Foulon
CISO Leadership: Essential Principles for Success - By Todd Fitzgerald

Governance & Compliance

Frameworks & Standards

COBIT - Framework for governance and management of enterprise IT
NIST Privacy Framework - Tool for improving privacy protections
Payment Card Industry Data Security Standard (PCI DSS) - Information security standard for organizations that handle credit cards
HIPAA - Healthcare privacy and security regulations
GDPR - EU data protection regulation

Resources

Compliance Program Assessment Framework - DOJ framework for evaluating compliance programs
ISACA Control Objectives - Guide for control objectives

Books & Publications

Corporate Governance of Cybersecurity - Guide for board-level cybersecurity governance
IT Governance: Policies & Procedures - By Michael Wallace and Larry Webber

Incident Response

Frameworks & Methodologies

NIST Computer Security Incident Handling Guide - Comprehensive incident handling guide
SANS Incident Response Process - Industry standard IR methodology
ISO/IEC 27035 - Information security incident management standard

Tools & Resources

MITRE ATT&CK for ICS - Knowledge base of adversary tactics for industrial control systems
TheHive - Open-source incident response platform
CISA Incident Response Playbooks - Federal playbooks for incident response

Books & Publications

Blue Team Handbook: Incident Response Edition - By Don Murdoch
Computer Incident Response and Product Security - By Damir Rajnovic
Security Operations Center Guidebook - By Greg Farnham, et al.

Conferences & Communities

Conferences

RSA Conference - Major cybersecurity conference
Black Hat - Information security conference
GSX (Global Security Exchange) - ASIS International's annual security conference
Executive Security Council - Community for strategic security executives

Professional Organizations

ASIS International - Professional organization for security professionals
ISACA - Professional association focused on IT governance
(ISC)² - International Information System Security Certification Consortium
CSO Roundtable - ASIS resource for CSOs
Executive Security Council - Peer network for security executives

Online Communities

Security Weekly - Podcast and community for security professionals
SANS Reading Room - Free security resources
CSO Online - News and information for security executives
Reddit r/SecurityCareerAdvice - Community for security career discussions
LinkedIn Security Groups - Various professional security groups on LinkedIn

Contributing

This list is maintained as a community resource. Contributions are welcome!

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
LICENSE		LICENSE
README.md		README.md

License

AustinNCC/Awesome-CSO

Folders and files

Latest commit

History

Repository files navigation

Awesome CSO Resources

Contents

Cyber Security

Frameworks & Standards

Risk Management Resources

Tools

Books & Publications

Certifications

Cyber & Physical Threat Intelligence

Frameworks & Methodologies

Platforms & Tools

Information Sources

Books & Publications

Certifications

Physical Security Threat Assessments

Frameworks & Methodologies

Tools & Resources

Books & Publications

Certifications

Facilities Security

Standards & Guidelines

Key Technologies

Books & Publications

Resources

Executive/Dignitary Protection

Methodologies & Frameworks

Best Practices

Books & Publications

Training & Certifications

Insider Threat & Insider Risk

Frameworks & Programs

Tools & Technologies

Books & Publications

Case Studies & Lessons Learned

Certifications & Training

Leadership & Management

Strategic Planning

Team Building & Management

Communication & Influence

Books & Publications

Governance & Compliance

Frameworks & Standards

Resources

Books & Publications

Incident Response

Frameworks & Methodologies

Tools & Resources

Books & Publications

Conferences & Communities

Conferences

Professional Organizations

Online Communities

Contributing

License

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Packages