Review: Resilient Cybersecurity
Resilient Cybersecurity touches on nearly every major function of enterprise cybersecurity, from threat detection and identity management to vendor risk and regulatory compliance.
About the author
Mark Dunkerley is a cybersecurity and technology leader with over 20 years of experience working in higher education, healthcare and Fortune 100 companies.
Inside the book
The structure of the book mirrors the process of building a cybersecurity program from the ground up. Early chapters focus on understanding the current threat landscape and the CISO role. Dunkerley then moves into setting a foundation, creating a roadmap, and developing a long-term strategy. From there, he devotes individual chapters to each major program component, including vulnerability management, architecture, operations, awareness and training, and proactive services.
One of the book’s strengths is its consistent focus on the bigger picture. The author rarely dives into technical details or product-level guidance. Instead, he emphasizes strategy, leadership, and risk-based decision-making.
Another strong point is the way the book reflects current trends. There is clear attention given to challenges like workforce burnout, the impact of AI, and the complexity of cloud and hybrid environments. The importance of collaboration, executive communication, and well-being are also recurring themes. Dunkerley argues that cybersecurity is no longer just a technical function. It is a cross-organizational effort that requires buy-in from business leaders and users alike.
The book includes practical elements like screenshots, tables, diagrams, and illustrative examples to help explain its guidance on building a strong cybersecurity program. These features add useful context, especially for readers looking to understand how key concepts might play out in practice. However, the book leans more toward high-level strategy and planning rather than deep dives into specific incidents or technical case studies. For cybersecurity leaders, this broad approach makes it a solid resource for shaping or refining a program. But readers hoping for detailed, real-world scenarios may find it lacking in that level of specificity.
Who is it for?
Resilient Cybersecurity works best as a reference guide or onboarding tool for security leaders. It is not a book you sit down and read in a single weekend. Instead, it is one you consult when planning your program’s next step or evaluating how your organization handles identity, risk, or governance.
Dunkerley’s message is clear. Cybersecurity is now a leadership function as much as it is a technical one. Resilient programs depend not just on tools, but on people, planning, and a strong culture. If you are leading or shaping a cybersecurity program, especially if you are doing it for the first time, this book is worth a look.