Congratulations! You've reached the most important chapter of this book. It's also probably the most controversial chapter of this book. Every single word I've written in this book has been carefully chosen; every word has purpose and value. I recommend that you read the entire book at your own pace. You likely paid for the entirety of this book, and you should get as much out of it as you can, but if you can read only one chapter of this book, make sure it's this one. Let me tell you why.

If hiring the right cybersecurity professionals is the one thing you do right, then you will have people in place to help with the other seven steps in this book. If you've forgotten the other seven steps, doing this one step well will make up for it. All eight steps are vital for properly preparing your organization for the evolving cyber threat landscape, but this step is the one you'll have the least amount of support with outside of this book.

In the cybersecurity industry, there is a lot of bad advice about hiring, but there's a lot of good advice too. Finding the right sources of good advice is a similar concept to hiring the right people. If you're starting your security program from square one, how are you going to determine who you should be listening to? This chapter is all about how to choose the right people.

With that in mind, please think critically about my advice too. If my ideas can't withstand scrutiny, then they're not worth the paper ...