Security Leadership Bookshelf
The GSO Security Leadership Bookshelf contains leadership principles and guidance proven to be effective for security leaders – at any position or level in their organization.
At GSO 2025 you will learn how security leaders have applied these materials and become confident and effective leaders within their own organization, just by using their innate skills and capabilities in ways they didn’t know they could.
These books are not just about what to do, but also how to do it and why.
When you register: You select one of the “Free Book Choice” items and we send it to you via Amazon.
Explore the Bookshelf
Select a book to see
The 360 Degree Leader
A Free Book Choice
IF YOU DON'T ALREADY HAVE THIS BOOK, IT SHOULD BE YOUR CHOICE. It has been rated the most valuable book by past GSO attendees.
Learn to lead up, lead across, and lead down. Organizations need 360° leaders.
Leadership is a choice you make, not a place you sit.
In many organizations, as you move up the ladder, you may even find that the amount of responsibility you take on increases faster than the amount of authority you receive.
- The more effectively you fulfill your role as a leader in the middle, the more fulfilled you will be.
- While poor leaders demand respect, competent leaders command respect.
- The key to leading yourself well is to learn self-management.
- When you help someone bigger than you, it makes you part of something bigger.
Leading successfully at one level is a qualifier for leading at the next.
—John C. Maxwell, The 360 Degree Leader
Eat that Frog
Free Bonus Book
that Everyone Gets
If you are like most people today, you are overwhelmed with too much to do and too little time. As you struggle to get caught up, new tasks and responsibilities just keep rolling in, like the waves of an ocean.
Because of this, you will never be able to do everything you have to do. You will never be caught up. You will always be behind in some of your tasks and responsibilities, and probably in many of them.
For this reason, you ability to select your most important task at each moment, and then to get started on that task and get it done both quickly and well, will probably have more of an impact on your success than any other quality or skill you can develop.
An average person who develops the habit of setting clear priorities and getting important tasks completed quickly will run circles around a genius who talks a lot and makes wonderful plans but who gets very little done.
This book is written to show you how to get ahead more rapidly in your career and to simultaneously enrich your personal life. Each of These twenty-one methods and techniques is complete in in itself. All are necessary. One strategy might be effective in one situation and another might apply to another task. All together, these twenty-one ideas represent a smorgasbord of personal effectiveness techniques that you can use at any time, in any order or sequence that makes sense to you at the moment.
The key to success is action. these principles work to being about fast, predictable improvements in performance and results. The faster you learn and apply them, the faster you will move ahead in your career—guaranteed!.
—Brian Tracy, EAT THAT FROG!
Becoming a Person of Influence
A Free Book Choice
You can be a model to the masses, but to go to the higher levels of influence, you have to work with individuals.
Positive influencers add value to other people.
For most people, it's not what they are that holds them back. It's what they think they're not.
The qualities of an influencer are:
- Integrity—builds relationships on trust
- Nurturing—cares about people as individuals
- Faith—believes in people
- Listening—values what others have to say
- Understanding—sees from their point of view
- Enlarging—helps others become bigger
- Navigating—assists others through difficulties
- Connecting—initiates positive relationships
- Empowering—gives them the power to lead
—John C. Maxwell, Becoming a Person of Influence
How to Lead When Your Boss Can't (or Wont')
A Free Book Choice
Many people are in this situation. Read this book to gain information that's critical to your personal and organizational success.
- The seven kinds of bad bosses, and what to do in each situation.
- How to deal with the limitations the situation puts on you.
- The seven key aspects of leading yourself in this situation.
- How to find ways to work with your boss, ways in which both you and your organization benefit, as well as your boss.
- Avoiding 21 landmines that could make your situation worse.
- How to prove your worth daily and never stop growing.
There is no downside to making growth your goal.
When you work for a boss who can’t or won’t lead, you feel trapped in a no-win situation.
But when you learn to work with difficult people, be productive in a challenging situation, and develop yourself as a leader, everything changes.
Your potential goes off the charts. Your prospects improve. Your “luck” changes. People seek to recruit you for their team. Organizations want you.
Do your best, and your time will come.
—John C. Maxwell, How to Lead When Your Boss Can't (or Wont')
Developing the Leader Within You
A Free Book Choice
LEADERSHIP: Everyone talks about it; few understand it. Most people desire to cultivate a high capacity for it; few actually do.
Everything rises and falls on leadership. The world becomes a better place when people become better leaders.
Developing yourself to become the leader you have the potential to be will change everything for you.
It will add to your effectiveness, subtract from your weaknesses, divide your workload, and multiply your impact.
Leaders become great not because of their power, but because of their ability to empower others.
—John C. Maxwell, Developing the Leader Within You 2.0
Soft Target Hardening
A Free Book Choice
SOFT TARGET HARDENING: Protecting People from Attack (Second Editon)
This book remains the first of its kind to explore the topic of soft targeting. The work studies the psychology of soft target attacks, our blind spots and vulnerabilities, and attributes making civilian-centric venues appealing appealing to bad actors.
Training and tactics for psycho-logical and infrastructure hardening, as well as planning and exercising strategies, provide a road map for those who own, operate, protect, and use soft target locations.
We should expect the replication of successful attacks abroad on our own soil. Additionally, in recent years, we’ve experienced a sharp increase in US citizens who radicalize and attempt to carry out violent attacks. Another aggravating factor is rising anger in society, and worse, the propensity to violently act on those impulses.
The good news? Soft target hardening will repel and mitigate all types of actors, from criminals to insiders. It will also make your building occupants and customers feel safer and empowered, allowing them to have a more enriching experience whether at school, church, medical appointments, shopping, or relaxing at a sporting or recreational event.
This book harnesses hundreds of sources with case studies, best practices, and method-ologies for identifying vulnera-bilities and mitigating risk.
Soft Target Hardening (Second Edition)
A Free Book Choice
You’ve already achieved a certain degree of success, and now you’re ready for the next level. However, with this challenge comes a new set of obstacles; sheer will and brute force are no longer enough to survive.
The question you’re facing now is a new one: How can you elevate yourself to a position of true leadership?
What if I told you that by reading this book and applying its core principles, you could eliminate all of your business-related frustrations? That you could have great employees at all levels who share your vision, communicate with each other, solve their own problems, and demonstrate accountability? That your organization could not only run seamlessly, but also have the potential to scale up as large as you see fit?
This book is not another silver bullet management book or flavor-of-the-month strategy. It contains no theory. It’s based on real-world experience, practical wisdom, and timeless truths. More importantly, it works.
—Gino Wickman, Traction
How to Be a Great Boss!
A Free Book Choice
WHAT IF EVERY DAY YOUR PEOPLE brought their “A game” to work? Do you believe that is even possible?
In the next 154 pages we intend to show that it is possible, and we will teach you the tools that will transform how well your people perform for you. You will discover how to:
- effectively delegate work and free yourself up to truly lead and manage
- assess your team and surround yourself with Great People
- apply five leadership practices and five management practices of all great bosses
- communicate powerfully with each of your employees, and
- deal with employees that don’t meet your expectations.
This book is different from any other leadership or management book you’ve ever read—and literally tens of thousands of them have been written.
What makes it different is its practical application and immediate impact. It offers no theory.
Instead, it offers a straightforward game plan to help you become a great leader and manager. We can say that because every word and tool in this book have been tested and proven by thousands of leaders and managers whose influence and results are undeniable.
This book is for you if:
- you are a leader, manager, or supervisor of people in a privately held . . . company; or
- you want to get the most out of your people and seek a simple, effective, and impactful way to become a great boss.
—Gino Wickman, How to Be a Great Boss
Words that Work
A Free Book Choice
It's not what you say, it's what people hear.
You can have the best message in the world, but the person on the receiving end will always understand it through the prism of his or her own emotions, preconceptions, prejudices and preexisting beliefs.
It's not enough to be correct or reasonable or even brilliant.
The key to successful communication is to take the imaginative leap of stuffing yourself right into your listener's shoes to know what they are thinking and feeling in the deepest recesses of their mind and heart.
How that person perceived what you say is evn more reasl, at least in a practical sense, than how you perceive yourself.
Words that work . . . not only explain but also motivate.
When we open our mouths, we are sharing with the world—and the world inevitably interprets, indeed sometimes shifts and distorts, our original meaning.
This book is about the art and science of words that work. Emining the strategic and tactical use of language in politics, business, and everyday life, it shows you you can achieve better results by narrowing the gap between what you intend to convey and what your audiences actually interpret.
Again, what matters isn't what you say, it's what people hear.
—Frank Luntz, Words that Work
Security Education, Awareness and Training
Our focus is almost entirely on performance – people doing things that either support or hinder your security program.
We'll talk about information and knowledge . . . We'll discuss attitudes . . . We'll examine that favorite security icon, security awareness . . . but only as they relate to performance.
Although all of those factors are important, our premise is that it's not what people know, or feel, or are aware of that determines the quality of security – it's what they do.
—Carl Roper, Dr. Lynn Fisher, and Joseph A. Grau, Security Education, Awareness and Training: SEAT from Theory to Practice
The Manager's Guide to Enterprise Security Risk Management
These days, security practitioners are often too busy dealing with threats and vulnerabilities and other urgent operational problems to ask themselves basic questions about what they do and why they do it.
- What is my role in the business environment, beyond the specific security tasks I’ve been assigned?
- Why are the tasks I do every day necessary for the enterprise?
- How is what I do perceived in the organization?
- What is the mission my department is chartered to accomplish?
That’s a serious problem, because in security, as in every other business discipline, if you aren’t sure what you’re trying to accomplish - why you’re doing what you’re doing - you can’t be sure you’re doing it right. And, just as important, you can’t be sure that you’re being recognized by the management in your organization as doing it right.
Enterprise security risk management is the application of fundamental risk principles to manage all security risks - whether information, cyber, physical security, asset management, investigations, or business continuity - in a comprehensive, holistic, all-encompassing approach.
A few examples of key principles from the ISO risk management standard 31000 (2009) are that risk management should:
- Be part of the decision-making process.
- Be transparent and inclusive.
- Be dynamic, iterative, and responsive to change.
- Be capable of continual improvement and enhancement.
That takes time, commitment, and above all a process: an ongoing life cycle.
—Brian J. Allen, Rachelle Loyear, The Manager’s Guide to Enterprise Security Risk Management
The Power of Negative Thinking
Free through Kindle Unlimited.
There is, admittedly, a large helping of my version of humor in the title chosen for this book, an obvious play on The Power of Positive Thinking by Norman Vincent Peale.
I wince every time I hear an announcer say in the last seconds of a close game, “Now we’ll see which team wants it the most.” Somebody will win, somebody will lose, but don’t ever tell me the difference every time is that the winner wanted to win more than the loser did.
Having the will to win is not enough. Everyone has that. What matters is having the will to prepare to win.
— Bob Knight, The Power of Negative Thinking: An Unconventional Approach to Achieving Positive Results
Security Metrics Management
Security professionals who understand the corporate and global environment have a better chance of personal and professional success than those who do not.
Remember that it is not the job of security personnel to accept the risks associated with business assets protection. That is the job of executive management who are responsible to the business owners, whether they be stockholders of a publicly traded company or private owners.
Remember to use the risk management process to support sound business decisions with regard to assets protection by incorporating the results of risk management findings into the executive management decision-making process, backed up by a good Security Measures and Metrics Program.
(Note: This book contains over 100 checklists, flowcharts, and other illustrations depict examples of security metrics and how to use them in the context of corporate security.)
—Gerald L. Kovacich CFE CPP CISSP and Edward Halibozek MBA, Security Metrics Management: How to Manage the Costs of an Assets Protection Program
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security metrics are the servants of risk management, and risk management is about making decisions. Therefore, the only security metrics we are interested in are those that support decision making about risk for the purpose of managing that risk.
For any game, without a way to score the play, you cannot improve your performance as a player. That is where we are today: no way to score the game and no way to improve our play. This is not just a failing; it is a risk in and of itself.
—Daniel E. Greer, Foreward, Security Metrics
The primary objective of this book is to quantitatively analyze information security activities. The chapters suggests ways of using numbers to illuminate an organization's security activities:
- Measuring security: Putting numbers around activities that have traditionally been considered difficult to measure
- Analyzing Data: What kinds of sources of security data exist, and how you can put them to work for you
- Telling a story: Techniques you can sue to marshal empirical evidence into a coherent set of messages
At a minimum I hope you will regard this book as a useful synthesis of current security measurement practices.
The word "practices" in that last sentence is important. I chose it carefully because of the implicit contrast with an apposing word: theory. In this book you will find plenty of anecdotes, lists of metrics, and ways of measuring security activities.
I wrote this book for two audiences: security practitioners and the bosses they report to. Practitioners need to know how , what and when to measure. Their bosses need to know what to expect. Bridging the gap between practitioners and management is what this book aims to achieve.
—Andrew Jaquith, Security Metrics: Replacing Fear, Uncertainty and Doubt
Measures and Metrics in Corporate Security
Over the past several years, the more I have worked with some really good security organizations to assess and develop their metrics programs, the more I am convinced that metrics is not about the numbers, it is about measuring people, process, and performance.
Much of what follows in this book is focused on examples of security management challenges and opportunities and the role and contribution I see for measurements and metrics.
—George Campbell, Measures and Metrics in Corporate Security
- Describes the basic components of a metrics program, as well as the business context for metrics
- Provides guidelines to help security managers leverage the volumes of data their security operations already create
- Identifies the metrics security executives have found tend to best serve security’s unique (and often misunderstood) missions
- Includes 375 real examples of security metrics across 13 categories
The Business Response to Misconduct Allegations
This is a step-by-step guide for what to do―and what not to do―in performing an investigation into claims of employee policy violations. It has been created for corporate professionals who are often the first to be contacted during a suspected employee-related claim, and who may not have investigative training.
This revised edition has been expanded to include background information for audit, facilities and building management, human resources, IT security, and other non-security business functions.
Sections of this book address the decision whether to investigate, the naming of investigators, investigation planning, interview techniques and issues, the importance of taking notes and written statements, investigations in union settings, and much more.
Also included are a series of checklists and templates to aid the investigative team before, during, and after an investigation. This playbook is an excellent risk management resource for audit professionals, human resources managers, site or facility managers, small business owners, or anyone who may be the first to receive reports of wrongdoing, regulatory violations, or prohibited workforce behavior.
The Business Response to Misconduct Allegations is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs.
—John D. Thompson, Esq. The Business Response to Misconduct Allegations (Third Edition)