The Great Resource Roundup

A fact of modern life: We love curated lists and recommendations. Yelp, Wirecutter, Rotten Tomatoes, Amazon, and so many more…we all have our go-tos. Recommendations make life easier, more interesting. With that thought in mind, I reached out to a diverse array of global ISACA members in IT Audit, IT GRC, IT Risk, and Cybersecurity to find out what they are consuming and would recommend. It’s still the Q1 of 2022, a great time re-up your game with new reads and ideas. Here’s a place to start!

And, before we get to the good stuff, a huge shout-out to the ISACA members from around the globe who contributed to this article. The contributions are such an amazing testimony to the generosity in knowledge sharing that is a hallmark of the ISACA community. Many thanks to all of your for working with me on this!

Podcasts/YouTube/People to follow

• Darknet Diaries (Contributor: Tiffany Yanagawa, Cybersecurity)
• Your Cyber Path – Kip Boyle via YouTube (Contributor: Samuel Famolu, IT GRC / Data Privacy)
• Heath Adams (aka “Cyber Mentor”) https://www.thecybermentor.com/ And you can follow Heath Adams on Twitter. (Contributor: Adam Kohnke, Cybersecurity)
• Gerald Auger – “Simply Cyber” via YouTube (Contributor Sam Famolu, IT GRC / Data Privacy)
• “Purl” (Pixar, Sparkshorts) https://www.youtube.com/watch?v=B6uuIHpFkuo
  (Short film on diversity and inclusion. Contributor: Brie Deadman, Information Security / PCI)
• The ProfG Podcast with Scott Galloway (on Apple podcasts, Amazon, etc.) (Contributor: Adi Agrawal, Digital Strategy & Risk Management)
• MySec.Tv. A YouTube channel covering a wide range of interesting security-related topics. https://www.youtube.com/user/MySecurityAustralia (Contributor: Chirag Joshi, Cybersecurity)

Books & Periodicals

• “Stop Overthinking” by Nick Trenton (Contributor: Ian Carlson, IT Audit)
• “Spy the Lie” by Michael Floyd et al. Techniques for how to actively listen to stakeholders and for sharpening your BS indicator. (Contributor: Jim Woo, Audit)
• “Think Again” by Adam Grant. (Contributor: Pam Nigro, Information Security)
• “Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World” by Jennifer Jin and Marcus J. Carey. IT and Cyber leaders share their principles and core values, how they grew and how they continue to navigate their work. (Contributor: Samuel Famolu, IT GRC / Data Privacy)
• “The 5 Languages of Appreciation in the Workplace: Empowering Organizations by Encouraging People” (Contributor: Jeanna Mascitti, IT Audit)
• “The Decision Book - Fifty Models for Strategic Thinking” by Michael Krogerus and Roman Tschappeler. (Contributor: Chirag Joshi, Cybersecurity)
• The Economist (recommended by several ISACA professionals in IT Risk and Cybersecurity)
• McKinsey Quarterly (diverse newsletters on myriad relevant topics) (Contributor: Adi Agrawal, Digital Strategy & Risk Management)

Research Resources

• Reddit (e.g., https://www.reddit.com/r/cybersecurity/), Quora, and Stack Exchange (Contributor: Shiteng Stone Zhou, Information Security)
• The EurAsia Group annual risk report, this year “Top Risks 2022” (https://www.eurasiagroup.net/issues/top-risks-2022) (Contributor: Scott Sheahen, IT Risk)
• CyberSeek.org (https://www.cyberseek.org/) (Contributor: Connor Burch, Cybersecurity)

Frameworks

• COBIT 5 and 2019 “Just reading COBIT will not help you apply it effectively in a given situation. You have to learn the underlying principles and how the framework supports them in order to be able to customize the approach to your own specific situation. Frameworks are not articles with a single message or conclusion.” (Contributor: Brian Selby, Information Security Governance)
• NIST, especially CSF & 800-53 (Recommended by a number of professionals in the ISACA community.)

BIG IDEAS

1. Contributor: Adam Kohnke, Cybersecurity Architect
   “What has really been profound to me is the correlation between IT auditing and penetration testing or ethical hacking. Both have a structured methodology, scoping and very similar reporting mechanisms to the point where it’s an eerily similar job function. What that in mind, any IT auditors looking to make a transition from IT audit to cybersecurity or offensive security might find the field very familiar. Sure, there are different approaches, tools and ways of thinking, but the shift isn’t as big as you might imagine.”

2. Contributor: Tiffany Yanagawa, Manager, Cybersecurity
   “You’ve got to have good stories to get audit clients on board with the risk … On that note, I have to recommend the podcast Darknet Diaries. These are real-life cybersecurity stories, dramatized but true. If you’re in audit and maybe lack some of that frontline experience (been there!) to draw upon for answers to ‘How is this an actual risk to me?’, retelling these stories is a good way to build rapport, not to mention listening to them will build your own confidence in being a risk professional.”

3. Contributor: Pam Nigro, Vice Chair, ISACA Board
   “Consumerization of Healthcare and Healthcare Informatics: As more and more data proliferates through wearable devices, ‘smart’ technology in hospitals, digitization and electronic medical records, the emergence of big data and data analytics in healthcare – all these systems are focused on interoperability that gives healthcare professionals better access for a complete picture of a patient. How can security, risk and privacy professionals help with the ethical use of that data, securing the information and protecting a patient's privacy?”

4. Contributor: Scott Sheahen, Global Head of Information Risk Management
   “I've been encouraging my third-party risk team to start brainstorming as to what else we should be doing to advance third-party risk topics in the organization … Conducting our typical risk assessments is the baseline service that we need to provide, but I would envision that there is more that we could be doing. Can we

5. Contributor: Adi Agrawal, Executive Coach & Advisor, Digital Strategy & Risk Management
   “Digital strategy and risk management failures. Consequences play out quicker, faster, bigger. Transformation is no longer an ‘option.”

There you have it, a buffet of enlightening, mind-blowing, and career-enhancing consumables! Make time for yourself and dive in. As Steve Jobs famously once said: “Learn continually. There is always ‘one more thing’ to learn!”