Recommended Reading

Charles Jacobs' book is must reading for security professionals. Good security is based on a state of mind and Jacobs uses results of MRI scans to identify how people think and process information. He describes the success of participative management, rather than command and control methods. His ideas can be used by all security professionals help change the security culture of the organization.  Many examples are included to illustrate that:  "the less control we exert as managers, the more we get the behavior we need, and the less structure in our organizations, the better the performance."  
 "Welcome to the starfish revolution";  so says co-author Rod Beckstrom, former Director of the National Cyber Security Center.  While this book was published in 2006 and isn't directly about security, it also is must reading for security professionals.  The authors document the rise of leaderless organizations--the starfish organization.  We all face security challenges from this type of organization, whether terrorist groups or botnets, etc.  The way to combat such leaderless threats is to incorporate starfish like properties into your security program.  This book explains how to do that, while still retaining the central security policy making function that is needed in a structured organization.