Assaf Keren, Chief Security Officer at Qualtrics and cybersecurity leadership expert, author of Leadership in Cyber book

Leadership in Cyber: Lessons from the Frontlines
Real stories and practical frameworks for building resilient security teams, communicating with clarity, and leading with impact.

After 25 years in cybersecurity—from startup founder to Fortune 500 CISO roles—I've learned that the leaders who thrive aren't necessarily the most technically brilliant. They're the ones who've learned to navigate the complex human side of security work. This book is built from real experiences, honest failures, and hard-won lessons from the frontlines.

Learn practical communication tools like "State Reality, Inspire Hope," discover people-first leadership approaches that sustain performance without burnout, and gain experience-tested insights for leading security teams at any scale—from startups to enterprises.

Assaf Keren, Chief Security Officer at Qualtrics and former PayPal CISO, distills decades of hard-won lessons into practical guidance for modern security leaders.

Order on Amazon View All Retailers Read Excerpts

Available Now from major retailers.

As Featured In:

Leadership in Cyber - Lessons from the Frontlines book cover, cybersecurity leadership guide by Assaf Keren, published by Wiley, available December 2025

"There was a wall in basic training that I couldn't get over. Just over 2 meters tall. Full kit and weapon required. Every time I approached that wall during the obstacle course, something inside me would shut down. Then one weekend, when my leave was canceled again, something changed. A squad leader worked with our small group of struggling soldiers. The individualized attention, the different approach—something just clicked. The following week, I got over that wall. Not gracefully, but I made it. That wall taught me something I've carried through 25 years of cybersecurity leadership: Most of the walls we face are mental, not physical."

— Chapter 2: Grit

"I had prepared for weeks. In front of PayPal's CEO and executive team, I was ready to demonstrate the seriousness of our security challenges. For 15 minutes, I cataloged everything that was wrong. Following what I thought was security best practice, I was making sure the CEO 'understood how bad things were.' Then Dan Schulman interrupted me. Visibly annoyed. 'I don't need you to tell me that things are bad. I know they are. What are you doing about it?' After the meeting, Dan taught me a framework that transformed my leadership: 'State Reality, Inspire Hope.'"

— Chapter 8: Communication

"I sat on the message for three days before hitting send. During the pandemic, one of my leaders told me an employee was struggling with PTSD, afraid for their job because they needed medication to control stress. I'd been dealing with PTSD from my military service for years. Only my wife and kids knew. But someone needed to hear they weren't alone. So I went to a public Slack channel and wrote: 'I am dealing with this.' That message went out before my parents knew about my PTSD. The response was overwhelming—and supportive. But more importantly, it shifted something fundamental in our team culture."

— Chapter 10: Self-Help Strategies

"The room went silent. Then the pushback started. At a CISO roundtable, we were discussing how to measure security leadership success. Others mentioned budgets, compliance scores, and frameworks. I said: 'We are measured by the stock price and the success of the business.' Security is fundamentally a business function. We protect AND enable. We ensure customers and employees are protected while the business thrives. When security enables business success, everyone wins."

— Chapter 6: Business and Finance Acumen

"Multiple advisors said this when I left my role as CTO of a 50+ person team to join PayPal as Head of Global Incident Response—managing just 4 people initially. They were measuring the wrong thing. Career progression isn't based on the size of your team but the level of experiences you bring to the table. That 'step backward' led to rebuilding PayPal's global SOC across three continents, achieving 80% automation of security operations, and eventually becoming a CISO who could operate at any scale."

— Chapter 12: Leading from the Front

Real Stories from the Frontlines

From the wall in basic training that changed everything, to the CEO meeting at PayPal that transformed how you communicate, to the Slack message about PTSD that shifted team culture. These aren't theoretical frameworks—they're battle-tested lessons from 25 years of cybersecurity leadership.

Practical Frameworks That Work

Learn the "State Reality, Inspire Hope" communication framework, understand why experiences matter more than scope, and discover how to balance technical expertise with human skills. These are the tools that actually work in real security environments.

Leadership Through Failure

Every security leader has failed. The question isn't whether you'll face walls, harsh feedback, or burnout—you will. The question is: Will you learn from them and help others do the same?

John Wiley & Sons publisher logo - world's leading technical and professional publishing company, publisher of Leadership in Cyber book

Published by the world's leading technical publisher

Praise for Lessons from the Frontlines

★★★★★

"A no-BS leadership book every security leader should read"

"This is the best book on the human side of security leadership I've read. There are many great books about implementing frameworks, but very few give a well-rounded perspective about how to lead... Assaf's book is neither generic nor boring. It has so much depth and breadth that any CISO will find something they'll learn."

Ross Haleliuk

✓ Verified Purchase
★★★★★

"Immediately impactful!"

"I'm already loving the impacts of practicing what is taught... As 4-time CISO, I love that it speaks to the HUMAN side of this security leadership role. Had instant resonance with a number of the principles."

Matt Hillary

CISO, Drata

✓ Verified Purchase
★★★★★

"Recommended for any tech leader"

"The best thing about this book is its substance. It's not one of those leadership books full of fluff... This book is clear, concise, educational and relatable."

Michelle Chance

VP, Developer Productivity, PayPal

✓ Verified Purchase
★★★★★

"Outstanding read for aspiring and current leaders"

"He balances a practical how-to-guide style approach with compelling story telling... The most important lesson Assaf teaches is the importance of being a human no matter the situation."

Adam Arellano

Field Chief Technology Officer, Harness

✓ Verified Purchase
★★★★★

"Battle-tested wisdom"

"I wish I'd had this book early in my career. Keren cuts through the noise... This isn't theory—it's battle-tested wisdom that will make you more effective from day one."

Guy Bejerano

CEO, Safebreach

★★★★★

"Intense leadership challenge"

"Building and sustaining security in major enterprises is much more than a technical discipline... Assaf's personal journey contains lessons for all security professionals."

Phil Venables

Former CISO Goldman Sachs

As Featured In

Article

"Why a CISO spent $20 to create a deepfake of his boss"

Assaf Keren created a deepfake video of his Qualtrics president to demonstrate AI dangers. The $20 experiment illustrates how accessible AI-powered tools have become for hackers.

Fortune Logo Fortune Magazine
Video Interview

Building Digital Trust in the Age of AI

Assaf shares insights on navigating digital trust in an era of AI. Learn how to balance innovation with security and prepare for tomorrow's threat landscape.

TechFellows Logo TechDogs
Podcast

Risking it All in Cybersecurity: Mental Health & Resilience

Jake and Assaf dive into the psychological challenges facing security professionals. Strategies for preventing burnout and building resilient teams in high-pressure environments.

Podcast Logo The secureGOAL Podcast
Article

For Qualtrics security chief, it's all about safeguarding the data

Assaf explains the unique challenges of being data custodians. Key insights on balancing innovation with security, protecting customer data, and building programs that scale.

FastForward Logo FastForward
Interview

Attackers are faster technology innovators than companies

Assaf explains how cybercriminals leverage AI and automation more effectively than most companies. Insights on closing the innovation gap and treating security as technology-first.

Cyber Daily Logo Cyber Daily
Article

AI resistance more harmful than good

Assaf argues that restricting AI usage may actually increase security risks. The article explores why AI literacy is critical and how hands-on experience prepares employees to identify sophisticated attacks.

Frontier Enterprise Logo Frontier Enterprise

Bring Lessons from the Frontlines to Your Team

Assaf Keren delivers powerful keynotes on leadership, resilience, and the human side of cybersecurity. Perfect for CISO summits, corporate kickoffs, and industry conferences.

Inquire for Speaking

About Assaf

Assaf Keren, Chief Security Officer at Qualtrics, former PayPal CISO, cybersecurity speaker and author with 25+ years experience

Assaf Keren is the Chief Security Officer at Qualtrics, where he leads the company's global security strategy and operations. With over 25 years of experience in cybersecurity, Assaf has built and led security teams at some of the world's most innovative companies, including PayPal, where he served as Chief Information Security Officer.

An entrepreneur at heart, Assaf founded and sold two cybersecurity companies before joining the corporate world. His military service provided the foundation for his leadership philosophy, and his experience spans from startup environments to Fortune 500 companies. He holds several patents in cybersecurity and has been recognized as one of the most influential CISOs in the industry.

Assaf serves on corporate boards and advisory panels, including the prestigious WSJ Technology Council. He is a sought-after speaker at security conferences worldwide and was recently featured in Fortune Magazine for his groundbreaking $20 deepfake experiment that revolutionized security awareness training at Qualtrics. Assaf is also the host of popular cybersecurity podcasts, regularly sharing insights on AI security, team resilience, and the psychological challenges of security leadership.

Connect on LinkedIn

Buy "Lessons from the Frontlines" - The Cybersecurity Leadership Book

Available Now

Order now at major retailers worldwide

Cybersecurity Leadership Speaker

Book Assaf Keren for your next cybersecurity conference, CISO summit, or security leadership event. Expert keynote speaker with 25+ years of real-world experience.

Why Book Assaf Keren as Your Cybersecurity Speaker?

  • 25+ years of cybersecurity leadership experience - From startup to Fortune 500
  • Former CISO at Fortune 500 companies - Real-world executive experience
  • Startup founder and executive experience - Understands both sides of the business
  • Author of "Lessons from the Frontlines" - Published cybersecurity leadership expert
  • Engaging keynote speaker - Focuses on human aspects of security leadership
  • Conference and CISO summit speaker - Regular presenter at major security events

Book Assaf Keren for Your Cybersecurity Conference or CISO Summit

Ready to book a cybersecurity leadership speaker for your event? Contact us to discuss keynote presentations, CISO workshops, or security leadership training. We respond within 2-3 business days.

We'll get back to you within 2-3 business days.

Featured Keynote Presentations

"From Battlefield to Boardroom: Leading Cybersecurity in the Real World"

Drawing from 25+ years of experience, this keynote explores the human challenges of cybersecurity leadership, from military service to Fortune 500 CISO roles. Learn practical frameworks for building security culture and making tough decisions under pressure.

"The CISO's Dilemma: Balancing Security, Business, and People"

This presentation tackles the core challenges every security leader faces: communicating risk to executives, building cross-functional partnerships, and creating lasting security culture change. Real stories from the frontlines of cybersecurity leadership.

"Startup to Enterprise: Scaling Security Programs That Actually Work"

From early-stage security to enterprise-scale programs, learn how to build security capabilities that grow with your organization. Practical insights on team building, technology selection, and maintaining security posture during rapid growth.

Additional Speaking Topics

Building Security Culture
CISO Career Development
Cyber Risk Management
Data Protection Leadership
Security Awareness Training