I've just posted on PCI Compliance Demystified about compliance being a business issue and realised that I owe a lot of what I'm saying to Mike Rothman. I bought The Pragmatic CSO last week and it arrived astoundingly quickly to be with me yesterday morning. I have been devouring it ever since, and sending Mike irritating "I would have done this" emails (well, he did ask). To his credit, Mike has taken everything without sending a "piss off smart-arse" reply.
Without turning this into a book review or hero-worship, everything in the book is spot on. These are the things which you wish you had known when you started your ascent up the security ladder, not just when you reach CSO. These are the things everyone selling to and communicating with a CSO should know about their job too.
Every classic mistake is illustrated in the book, and more importantly, the way to avoid or get out of the consequences. For those of us that have made them, this would seem obvious, but then considering this in a "lights on" moment I realised that it is not obvious or I wouldn't have made the same mistakes in the first place, not everyone has been through this, nor will they need to now.
So, could I have written the same book? Maybe, not as well as Mike though.
Did I think of writing it? No, no I bloody didn't.