The Pragmatic CSO

From the Desk of a
Pragmatic CSO

Hi, my name is Mike. This is my story.

I’m a Chief Security Officer for a mid-sized company. I’m probably a lot like you.

I used to spend my days with a fire extinguisher strapped to my back, trying to make sure the house wasn’t burning down. I’d get emails and calls at all hours telling me about potential issues and things I need to add to my To-Do list. I’d grovel to get a new piece of equipment to stop the latest attack vector. Every 6 months the auditors would come in and tell me I’m an idiot. It wasn’t very much fun.

Sound familiar? Thankfully I met a few folks that put me in touch with a group that could help me. I learned there were a few root causes to many of my issues:

  • Security is viewed as a technical function – I was the “firewall” or “VPN” guy, not a member of the management team. Thus I had no credibility. I had spent a boatload of money and had very little to show for it. I had no plan. I couldn’t describe success to the senior management of my company, so they wouldn’t invest in helping me to protect their assets.

  • The bad guys are getting better – It used to be so easy. The bad guys would knock on the front door and I’d block them. Now, not so much. They use really sneaky attack and take advantage of my unsuspecting user community. They try to stay undetected and they steal my private data.

  • The auditors are tougher – With all of the frequent privacy breaches, the auditors are hypersensitive to pretty much everything. They would crawl into dark places in my environment and point out silly things, just to make me miserable.
It felt like all I did was fill out reports, make spreadsheets for business cases, and sit in meetings with auditors.

That’s not why I took this job.

Like I said, I wasn’t having much fun. 
Read the Introduction

Want to check out the intro?
Fill out the form and it's yours, plus you'll get a special tip on how to be a Better CSO for the next 5 days. Best of all, it's free!

If you sign up, we will never share your information, and you'll also receive the Pragmatic CSO Weekly newsletter.

Check out the latest editionPragmatic CSO Weekly
Mike, The Pragmatic CSO

The Pragmatic CSO changed everything

Thankfully, I found out about the Pragmatic CSO just in time. The group showed me that I was addicted to the heat of the battle. That I was thriving on reacting to the latest attack and I would pull out all the stops to get that new piece of equipment that was going to change everything.

I was wrong. The Pragmatic CSO folks took me through their 12-step program that allowed me to get back on top of my game. You can get a lot more detail on the program here ( It was a lot of hard work and I really had to change my perspective, but it was worth it.

Now I’m back in charge. Here are just a few of the changes in my daily existence:

  • Senior management asks my opinion – Security is part of the team now, so before a new initiative or application gets rolled out, we make sure there aren’t any critical holes.

  • I have a plan – Through the Pragmatic CSO, I built a business plan for my security operation and got the funding that I need in order to my job. As long as I hit my objectives, I can execute on my plan.

  • I don’t chase the attack de jour – I know what’s important to protect and I make sure those business systems are protected. It makes my priorities very clear on a daily basis.

  • The auditors are my friends – Believe it or not, my last audit took 1/3 the time. By changing my perspective with the auditors, I gave them what they needed and they helped me accomplish what I needed to. Who would have thought I could get a win-win with the auditors?

The Pragmatic CSO book is my story. You’ll ride shotgun with me as I went through the process. It’s kind of like Reality TV, but without the bikinis. You’ll see where I messed up and hopefully you’ll learn from my mistakes. Thankfully my coach was with me the entire time, making sure I stayed on the straight and narrow.

Now I want to give back to the community. I want you to know about the Pragmatic CSO. It changed the way I do my job and I’m happy again. I can’t promise you the same results, but you have nothing to lose.

Don’t just take my word for it, here's what some security experts think about the Pragmatic CSO:

The most important feature of "P-CSO" (as it's called) is that it is a business book. P-CSO teaches readers (assumed to be techies, for the most part) how to think like a businessperson who reports and interacts with other businesspeople.

Even though P-CSO is written for Chief Security Officers in the corporate world, I found its business focus helpful for me as a consultant and business person. If any of what I wrote resonates with you, I strongly recommend buying and reading The Pragmatic CSO. All CSOs should also have a copy, period."

            - Richard Bejtlich, TaoSecurity (

Mike Rothman's The Pragmatic CSO presents a fresh, human approach to the intimidating world of managing enterprise security. It provides real-world examples and lays out the basics any Chief Security Officer needs to succeed. It's an easy, entertaining read that every business executive with an interest in securing their enterprise should have. If there's a "must read" book for business managers grappling with broad enterprise security challenges, this book is one of the best I've seen.

            - Ken Camp (

A realistic and holistic model to succeed in these tough new times.  In short a pragmatic methodology to becoming a successful security manager and a happier person.  He calls the book and the soon to be launched community the Pragmatic CSO Don't let the CSO part fool you.  If you are in any way, shape or form responsible for security as part of your job or want to learn what to do to get a handle on a near impossible task, this book and the content to follow on the web site is for you.  At $97 dollars for the PDF version it is a steal and I would not waste any time before buying it.

I think the Pragmatic CSO will go down as a milestone in the security management arena.

              - Alan Shimel  (

I highly recommend this book to CSO’s and security managers of any type.  It gives a good feel for the business side of securing a network.  I wish I had this before I decided to get out of security management.

            - Michael Farnum (

Buy it. You'll thank me for it.

Actually, I guess I have more to say than that. I've been doing security for over ten years, and this is the first time I have read a book about security that not only made sense, but actually gave some decent advice on how to do something about it.

Having read it, it's far beyond good.

            - Mike Murray (

The author of the Pragmatic CSO program, Mike Rothman, has been doing this for years. As META Group’s first network security analyst, he was advising clients before the Internet was even called the Internet. For over 15 years, he’s had a front row seat as the attacks changed – but the results stayed the same. Most organizations are still woefully unprepared to protect their corporate assets.

It was Rothman’s idea that CSOs need to act more like business people in order to thrive. So the Pragmatic CSO is designed to make sure that regardless of your skill level and management chops, you’ll be able to proceed through the program. He’s also designed this cool Web community (available February 2007) that provides me with a place to ask questions and get more information about the program and interact with many of my P-CSO brethren.

BUY the Book  Buy the PDF

Still Skeptical?

You don’t believe me, do you? I was skeptical at first as well. The claims were hard to believe:

To be clear, the Pragmatic CSO is not cold fusion. The idea of a security program has been around for a long time. But the Pragmatic CSO takes a different tack on the security program, how it’s packaged, who the audience is, and how to give senior executives what they want.

You can pay your favorite auditor to park 5 bodies on site and execute on a security program for you. I tried that once. It didn’t help my credibility one bit and cost a boatload of money.

You can also consult some of those high-priced analysts that will charge you $50,000 to send you a few research notes and spend an hour on the phone with you. That was just out of my budget range. The owner of my company is so tight with money he squeaks when he walks.

I'm sure you are wondering what something like the Pragmatic CSO costs. You can get the Book for $97, which includes a personalized PDF. Or if you just want the PDF, that's $87. What does your time cost? What does your credibility cost? How much did you spend on Tums last year when things went haywire? Right, probably more than that. I know I spent a lot more than $97 on stuff that never made it out of the box.

And if you want to buy multiple copies for other folks, like your boss - so he/she understands what you are doing or your friends, you can get some pretty good volume discounts. If you buy 2-5 copies, then each copy costs $77. If you want more than 6, then each copy is $57. $10 less for PDF only. So stock up, you'll be a hero when all your friends become Pragmatic CSOs.

I think buying the Pragmatic CSO book will be the best $97 you'll spend all year. For less than you probably spend at Starbucks a month, you'll be able to get back in control of your security environment. Dare I say it, but it's worth 20 times the price. Even better,  YOU HAVE NOTHING TO LOSE. If you don't like the book, just ask Mike Rothman for your money back within 30 days - no questions, no heartburn.

So don't delay. Buy it NOW and good luck.

Best Regards,

Mike (the security products addict)

PS:  Seriously, if you don't like the book, let Mike Rothman know within 30 days of your purchase and your money will be refunded promptly. And he won't even ask you to return the shredded PDF file.

PPS:  The first 100 customers will get a limited edition full size (18x24) poster depicting the Pragmatic CSO process. It's the same cool artwork used throughout the book, and it'll be sent to you FREE. It's a great, constant reminder to stay focused on being Pragmatic. But only if you BUY NOW. Remember, only 100 of these posters will be sent out.

BUY the Book  Buy the PDF

Security Incite Logo
"No Bias. No Bull. Real Incite."
© 2007 Security Incite, a Geronimo Enterprises LLC company
Privacy Policy | Integrity Policy