
Author · Four-time CISO
Frontline Lessons in
Security Leadership
Assaf Keren — four-time CISO (PayPal, Qualtrics) and author of two books, writing about the human side of leading security.

About Assaf
25 Years on the
Frontlines of Cybersecurity
Assaf Keren is a four-time CISO whose security leadership roles include Qualtrics and PayPal, where he protected one of the world's largest financial platforms.
Assaf served in military and government roles and went on to found and sell two cybersecurity companies. He holds three security patents and is a member of the Wall Street Journal Technology Council.
His book Lessons from the Frontlines, published by Wiley, distills two decades of experience into an honest, people-first guide for security leaders, covering everything from crisis response to building teams that perform without burning out. His novel, The Downforce, brings the same operating model to life through story.
Today he writes about the human side of security leadership — the essays, frameworks, and hard-won lessons collected here.
From the Blog
Latest Insights
Frameworks and lessons from the frontlines of cybersecurity leadership.
Get new posts in your inbox
Frameworks and frontline lessons for security leaders. No spam, unsubscribe anytime.
The Books
Two books. One operating model.
The playbook states it. The novel lets you live it. Read either on its own, or both as a matched set.
Praise
What Leaders Are Saying
As both a former CISO and current CEO, I wish I'd had this book early in my career. Keren cuts through the noise to deliver what security leadership actually requires: practical frameworks forged through real failures and hard-won successes. This isn't theory, it's battle-tested wisdom that will make you more effective from day one.
Guy Bejerano, CEO, SafeBreach
I've known and admired Assaf for years. What makes this book so powerful is that it's not theory – it's hard-won lessons from someone who has built, rebuilt, and led security at the very top. Any current or aspiring security leader will walk away with practical insights they can apply immediately.
Sid Trivedi, Partner, Foundation Capital
Building and sustaining security in major enterprises is much more than a technical discipline. Rather, it's an intense leadership challenge balancing influence, grit and team building. Assaf's personal journey revealed in this book contains lessons for all security professionals - whether you are starting out or an established leader you will love this.
Phil Venables, Former CISO, Goldman Sachs / Google Cloud
Having worked alongside Assaf and navigated the high-stakes chaos of massive incident response under his leadership, I can say with certainty that this book captures the raw reality of cybersecurity at scale. The Downforce isn't a playbook or a manual; it's a gripping story that reflects the high-pressure act of managing technical crises while protecting business trust. The chaotic energy, the split-second decisions, and the stress of executive communication are incredibly authentic to what we experienced. Assaf distilled years of real-world, high-consequence battle scars into an invaluable, highly engaging masterclass.
Renana Friedlich-Barsky, CISO, LPL Financial
Finally, there's a book that absolutely nails the high-stakes reality of running security at a fast-paced tech company. The story perfectly captures the tension of vendor breaches, regulators, and the immense personal toll the job takes on a leader. Highly recommended for any security professional or executive, or really anyone who wants a fresh perspective on high-stakes roles.
Dimitry Shvartsman, CPO & Co-Founder, Prime Security
“As both a former CISO and current CEO, I wish I'd had this book early in my career. Keren cuts through the noise to deliver what security leadership actually requires: practical frameworks forged through real failures and hard-won successes. This isn't theory, it's battle-tested wisdom that will make you more effective from day one.”
Guy Bejerano
CEO, SafeBreach

