Books of December - What I Read Over The Holidays

One of the greatest gifts my company gives me and my fellow co-workers is the holiday break. After an intense year, two full weeks off feels like a real luxury. No calls. No meetings. Just time for family, fun, and recovery. It is a rare opportunity to truly step back, disconnect, and reset.

I also use this time to read. A lot.

This December, I devoured six books on my Kindle. Some were cybersecurity focused. Some were self help. Some were pure fun. Others offered a completely different way to think about the world. Taken together, they reinforced something I have come to appreciate over time. Good leadership, especially in cybersecurity, requires technical depth, business fluency, self awareness, and a solid understanding of the broader geopolitical environment.

Here are my reviews.

Zone to Win by Geoffrey Moore

I first read Zone to Win about eight years ago, and it became a practical method I used in a past role as an infrastructure leader to evaluate and introduce new technologies into the organization.

From a CTO and cybersecurity perspective, this book is valuable because it provides a clear operating model for separating innovation from stability. Moore’s four zones, Performance, Productivity, Incubation, and Transformation, help leaders avoid a common failure mode. Forcing experimental or emerging technologies into production environments that are not designed to manage their risk.

The framework reinforces a discipline that is especially relevant to cybersecurity. Not all systems deserve the same controls, governance, or tolerance for failure. Incubation and Transformation zones allow for controlled experimentation with new tools, architectures, and platforms. Performance and Productivity zones emphasize resilience, compliance, and operational rigor. That distinction made it much easier to justify sandboxed environments, phased security reviews, and differentiated risk acceptance to executives.

While Zone to Win is not a security book, its real strength is giving technology leaders a shared language to align innovation, risk, and business intent. For CTOs managing cloud adoption, zero trust initiatives, or emerging security platforms, it remains a strong conceptual guide for introducing change without destabilizing the enterprise.

Cybersecurity’s Dirty Secret by Ross Young

Unpopular Opinion by Joshua Copeland

If you are new to the CISO role, or a grizzled vet, these two books are well worth the investment. They cover similar ground but from very different angles. One is practical and tactical. The other is raw, reflective, and brutally honest.

Ross Young’s book stands out for anyone who struggles with the business side of security leadership. He offers excellent call outs on working with finance teams, building defensible budgets, and developing healthier relationships with vendors. His guidance is rooted in real organizational dynamics and helps security leaders translate technical needs into business value. If you have ever found yourself stuck justifying spend to a CFO or navigating procurement challenges, this book gives you language and tactics you can use immediately.

Joshua Copeland’s book is a very different experience, in the best way. It is the kind of read that has you nodding your head, laughing, and saying, yes, I have made that mistake too. Copeland’s voice is candid and self aware, and he does not sugarcoat the realities of cybersecurity leadership. Where Young gives you tools, Copeland gives you perspective. The human side of the role. The missteps. The lessons you do not learn in training or board meetings. Best read with a bourbon in hand, it feels more like a conversation with a seasoned peer than a textbook.

Together, they are complementary. Young helps you operate more effectively with finance and business stakeholders. Copeland helps you survive and learn from the inevitable bumps along the way.

Both deserve a spot on a CISO’s bookshelf.

Headamentals by Suzy Burke

The break is also a time to fix yourself, and Headamentals is a timely reminder of exactly that.

The book focuses on a battle many leaders know well. The clash between your inner Monster, the critical voice that fuels doubt and anxiety, and your inner Maverick, the part of you that shows up with confidence, clarity, and purpose. For those of us who are constantly in front of people, presenting, leading, or making high stakes decisions, that inner Monster can easily take over.

What makes Headamentals effective is how practical it is. Burke offers clear, actionable techniques to recognize unhelpful thought patterns, manage anxiety, and deliberately strengthen your Maverick mindset. This is not abstract self help. It is grounded guidance you can actually apply.

If you are looking to quiet self doubt, reset mentally, and enter the new year stronger than you left the last one, this is a refreshing and worthwhile read.

World War H by FX Holden

World War H is exactly what you would hope for if you like your techno thrillers with teeth. Tom Clancy meets future war, anchored by a genuinely memorable female lead.

As a fan of FX Holden’s Future War series, this latest installment delivers on what he does best. Unpacking emerging technologies and exploring how they could realistically be weaponized in future conflicts. World War H is a sharp warning about hybrid warfare and how a nation state can create chaos at scale using something as seemingly benign and deniable as a video game. The premise feels uncomfortably close to today’s headlines.

Is it worth reading as a security leader. Absolutely. Without giving away the plot, the book raises important questions about influence operations, asymmetric attack surfaces, and the increasingly blurred line between civilian technology and national security.

And then there is the protagonist. Bunny O’Hare is one of those characters you either love instantly, or frankly, there is something wrong with you. Strong. Outspoken. Smart. Unapologetic. Think Starbuck from the Battlestar Galactica reboot dropped into a near future conflict.

The Tragedy of Great Power Politics by John J. Mearsheimer

This is a dense book, but dense in the best possible way.

As a former international relations junkie, I have long viewed global politics through the realist lens shaped by Hans Morgenthau. Nations act in their own interest to survive. What I did not fully appreciate until reading Mearsheimer is that realism itself has factions. His contribution, offensive realism, argues that great powers do not just seek security. They seek dominance. Competition is inevitable.

Mearsheimer builds his case methodically, backing it with historical examples spanning roughly 400 years. The result is a powerful framework for understanding why cooperation between major powers is fragile and often temporary.

Why does this matter to cybersecurity leaders. Because we are entering a period of unbalanced multipolarity. The rise of China, America First, a more assertive Europe, regional powers in Asia, and a revanchist Russia fundamentally change the game board from the bipolar and unipolar worlds of the last 80 years. In this environment, cyber operations and influence campaigns are not anomalies. They are logical outcomes.

If you are looking for tactical cyber advice, this is not that book. But if you want a strategic framework to understand where we are headed, and why cyber conflict will intensify, it is well worth the time.

Closing thoughts

What struck me most across these books is how interconnected the themes are. Cybersecurity is not just about tools, controls, or architectures. It is about leadership. Self awareness. Business fluency. And understanding the world we operate in. The threats we face do not exist in isolation. They are shaped by human behavior, organizational dynamics, and global power shifts.

The holiday break gave me the space to slow down, reflect, and recharge. These reads challenged some assumptions, reinforced others, and reminded me that growth as a security leader does not come from any single domain. It comes from continually sharpening how we think, how we lead, and how we show up, both professionally and personally.

As we head into the new year, my takeaway is simple. Invest in your perspective. The technology will keep changing. The pressure will not ease. But the clarity you bring to the role, and the mindset you carry into it, can make all the difference.