Pragmatic Cybersecurity - Joe Marroquin

Coming in January 2025 to a bookstore near you

Just as Executive Points of View emerged from years of observation, reflection, and unfinished manuscripts, Pragmatic Cybersecurity is finally arriving in January. For those who know Joe well, this will not come as a surprise. He has been writing consistently since the early 2000s, producing essays, white papers, keynote drafts, and long form manuscripts at a pace that far exceeds the time available to formally publish them. There has never been a shortage of material, only a shortage of hours.

In fact, the idea for Pragmatic Cybersecurity predates Executive Points of View by many years. Long before cybersecurity became a board level concern or a regulated executive function, Joe was already using the phrase “pragmatic cybersecurity” to describe a style of leadership that valued proportion, judgment, and clarity over noise and posturing. Those who worked with him decades ago will recognize the term immediately. It has been part of his vocabulary, and his philosophy, for a very long time.

Ironically, it was the success of Executive Points of View that kept Pragmatic Cybersecurity in manuscript form longer than intended. While the genesis of the cybersecurity book came first, the momentum created by the blog, the energy of the COVID period, and the eventual publication of the Executive Points of View book pulled focus and time in a different direction. Both works, however, sat largely complete for years, evolving quietly as real world experience continued to shape them.

Once Executive Points of View reached completion, it became clear that the timing was right to bring both projects forward together. They are distinct works, but they share the same DNA. Both are written for leaders who have moved past theory and buzzwords and who now live in the space where accountability, judgment, and consequence intersect. Launching them in close proximity reflects how they were always meant to exist, as companion perspectives on leadership, governance, and responsibility.

Pragmatic Cybersecurity is a book for leaders who have outgrown acronyms for their own sake. It speaks plainly about maintaining compliance with SOX, GDPR, HIPAA, PCI, and SEC disclosure requirements while defending complex organizations against evolving threats and unrealistic expectations. It is not a book about tools. It is a book about people, decisions, and the discipline required to lead when time is short and the alarms never stop blinking.

The structure of the book reflects that intent. Early chapters ground the reader in the language and origins of the field, then move deliberately into the realities of leadership and governance. Part I includes chapters such as Cybersecurity, the Word, The Real Origins of Cybersecurity, Surviving in a Sea of Chiefs, What Kind of CISO Are You?, Finance for CISOs, The Vendor Ecosystem, Building Culture, Don’t Let the Staff Go Batman, and Governance and Control.

Part II reinforces the idea that cybersecurity is contextual, not universal. Chapters like One Size Does Not Fit All and Outsourcing explore how organizational scale, geography, and business models fundamentally change what effective security looks like in practice.

Part III looks forward without drifting into speculation. Chapters on Robotics and Automation, Artificial Intelligence, Keep the Lights Blinking, and The Road Ahead examine where technology is heading while keeping the focus firmly on leadership, accountability, and restraint.

At its core, Pragmatic Cybersecurity insists on integrity over perfection. It challenges leaders to build programs that are compliant by design, resilient by culture, and defensible both in an audit and during an incident response call at three in the morning. Written with dry humor and deliberate realism, it brings readers into the real boardroom, where budgets are finite, regulators are listening, and credibility matters more than maturity models.

Like Executive Points of View, this book is the result of years of lived experience rather than a reaction to current trends. It has waited its turn. January marks the moment it finally steps out of manuscript form and into the hands of leaders who understand that cybersecurity, at its highest level, is not a technical function but a matter of judgment, proportion, and conscience.