We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Exponential Organizations is not a must-read for all cybersecurity professionals. You do not need the information in this book to do your day-to-day cybersecurity job today, and I am not recommending it as a Cybersecurity Canon candidate. However, it is a must-read for business leaders as a roadmap for what we all might be facing in the next 10 to 15 years. The authors describe how some future-thinking companies are taking advantage of an information-processing-capability phenomenon whereby the number of calculations per second, per $1,000 has been doubling since the early 1900s. This phenomenon of doubling compute power has manifested exponentially in such research areas as artificial intelligence, robotics, biotech, nanotech, medicine, neuroscience, energy, and computing. All of these technologies have been doubling in price-performance every couple of years.
This kind of rapid growth is changing the standard business problem of managing and selling scarcity, like oil, to managing and selling abundance, like energy. The implications are staggering both in terms of how the world will change and in terms of what future businesses will look like. This book is about how organizations are already taking advantage of this notion of “exponential organizations” and how you might evolve your current organization into this new framework.
In 2014, Jeremiah Owyang, a founding partner at Kaleido Insights, noticed that a number of companies had emerged across multiple verticals that were completely disrupting the marketplace. These companies, like Airbnb and Uber, were outperforming the competition by a factor of four or more by staying small and flat but leveraging the information provided by their customer base. In other words, they were destroying their competition by operating counter to what every other business in the world was doing. Owyang coined this phenomenon the "collaborative economy.”  In that same year, Ismail, Malone, and Geest published this book, Exponential Organizations, which characterizes the kinds of companies that have had success with this new way of thinking. 
In Exponential Organizations, the authors describe how some future-thinking companies are taking advantage of an information-processing-capability phenomenon that has been noticed by the likes of Gordon Moore, Intel’s founder, and famous futurist Ray Kurzweil. Moore predicted in 1965 that the number of components on integrated circuits would double every year.  Kurzweil went further back and noticed the same doubling pattern as far back as the early 1900s.  Kurzweil came up with an interesting metric to track the behavior: what is the number of calculations per second, per $1,000. In 1900, with Charles Babbage’s mechanical Analytical Engine, the number of calculations was extremely small at 0.000005821.  But every five to ten years, that numbered doubled. By 1949, the number was 1.837, and we were off to the races. By 1977, the number was 26,870. By 1998, the last year in the study, the number was 133,300,000. 
This phenomenon of doubling compute power has manifested exponentially in such research areas as artificial intelligence, robotics, biotech, nanotech, medicine, neuroscience, energy, and computing. All of these technologies have been doubling in price-performance every couple of years. What the authors of Exponential Organizations say is that this kind of rapid growth is changing the standard business problem of managing and selling scarcity, like oil, to managing and selling abundance, like energy.  For example, they predict that within 10 years, because of this exponential doubling in the renewable energy space alone, there will be enough solar power available to produce five times what is needed in the world today. Energy will become essentially free and entrepreneurs in those markets will have to figure out how to profit in a new environment where the value of the “thing” is essentially zero.
The implications are staggering both in terms of how the world will change and in terms of what future businesses will look like. This book is about how organizations are already taking advantage of this notion “exponential organizations” and how you might evolve your current organization into this new framework.
Ismail, Malone, and van Geest define the key attribute of an exponential organization as “a minimum 10x improvement in output over four to five years.”  That is a metric that is easy to detect, and the authors describe how the organizations that attain those metrics are different from the traditional business. One of the authors of Exponential Organizations, Salim Ismail, is the founding executive director of Singularity University, whose mission is to train visionary entrepreneurs to use these exponential ideas to solve some of the world’s intractable problems.  He believes that, if you don’t transform your own organization into an exponential organization in the very near future, your competition will start to sprint away from you by leaps and bounds.  I have said similar things about the DevOps movement, and I believe that most exponential organizations in the future will have embraced DevOps as the key development strategy to attain their goals. 
As the authors point out, most traditional organizations fail to see the doubling effect in their own industries. They project linearly as to what the future will hold. “That is: x amount of work takes y amount of resources, 2x needs 2y, and so on of ever-greater arithmetic magnitude.”  But, exponential organizations work by reducing staff and hierarchy and informationally enabling their company. They enlist their customer base and their communities for every aspect of the business. “They float atop the existing infrastructure rather than try to own it.”  An x amount of work takes less than y resources but the impact on growth is 2n (exponential). And these are just some of the recognizable companies that have managed to pull this off:
- Airbnb: 90x more listings per employee
- GitHub: 109x more repositories per employee
- Valve: 30x more market cap per employee
- Tesla: 30x more market cap per employee
The authors note that successful exponential organizations tend to have three key components: a Massive Transformative Purpose (MTP) statement, some key external attributes of SCALE (staff on demand, community & crowd, algorithms, leveraged assets, and engagement), and some key internal attributes of IDEAS (interfaces, dashboards, experimentation, autonomy, and social).
An MTP is kind of a vision statement, but it has more definition and is way more aspirational. It is not like a mission statement that states what an organization does. The MTP is more about what the organization desires to accomplish. It should be so well-crafted that it starts a cultural movement within the community. Here are some example MTPs of exponential organizations :
- TED: “Ideas worth spreading.”
- Google: “Organize the world’s information.”
- X Prize Foundation: “Bring about radical breakthroughs for the benefit of humanity.”
- Tesla: “Accelerate the transition to sustainable transportation.”
- Palo Alto Networks: “To protect our way of life in the digital age by preventing successful cyberattacks.
- Unit 42 – Palo Alto Networks intelligence team: “Stop bad guys from winning.”
Exponential Organizations is not a must-read for all cybersecurity professionals. You do not need the information in this book to do your day-to-day cybersecurity job today. I am not recommending it as a Cybersecurity Canon candidate. However, it is an important book for business leaders as a roadmap for what we all might be facing in the near future, say 10 to 15 years. In other words, how we flip our business away from a scarcity mindset and toward an abundance mindset might very well determine if our organizations survive. How we information-enable our organizations so that we break free of the traditional shackles of linear thinking toward exponential thinking will determine if we remain competitive in the marketplace.
There is one thing to note: transforming into an exponential organization is radical change for most organizations. As the authors points out, change from the status quo is almost immediately attacked by the organization’s immune system – an immune system that will fight any change that deviate from its current path. Organizations that have had success here build black ops teams that operate on the fringe of the organization and which report to the CEO only. This gives the black ops team some breathing room to make things happen without the constant pressure from the organization’s immune system.
That is what happened when Palo Alto Networks helped build the Cyber Threat Alliance: an alliance of security vendors dedicated to sharing adversary playbook intelligence with each other so that our common customers do not have to develop the intelligence themselves. When we began, there were many people within the Palo Alto Networks organization who thought it was nuts to give away our intelligence for free and complete insanity to share it with our greatest competitors. But the CEO gave the mission to a team on the fringe who could operate freely and gave them resources to accomplish the task. Today, the Cyber Threat Alliance is a non-profit company that consists of security vendors who share threat intelligence with each other every day as a best practice.
 “The Exponential Enterprise: Your Most Feared Competitor Now Has A Name,” by Giovanni Rodriguez, Forbes, 31 October 2014, last visited 8 May 2018,
 Exponential Organizations, by Salim Ismail, Michael S. Malone, Yuri van Geest, 14 October 2014, Diversion Books,
 “Cramming more components onto integrated circuits,” by Gordon E. Moore, Electronics, Volume 38, Number 6, 19 April 1965, last visited 4 July 2018,
 “Exponential Growth in Computing,” by Ray Kurzweil, The Singularity is Near, last visited 8 May 2018,
 “Exponential Organizations,” by Salim Ismail, at USI, 9 July 2015, last visited 8 May 2018,
 “Hi, We’re Singularity University; We prepare you to seize exponential opportunities,” Singularity University, last visited 10 July 2018,
 “The Cybersecurity Canon: Site Reliability Engineering: How Google Runs Production Systems,” by Rick Howard, 26 September 2017, last visited 11 July 2018,
 “The Motivating Power of a Massive Transformative Purpose,” by Alison E. Berman, Singularity Hub, 8 November 2008, last visited 11 July 2018,
 “Analytical Engine: COMPUTER,” by Paul A. Freiberger and Michael R. Swaine, Encyclopedia Britannica, last visited 11 July 2018,
“How 20-Year-Old Kylie Jenner Built A $900 Million Fortune In Less Than 3 Years,” by Natalie Robehmed, Forbes, 11 July 2018, last visited 11 July 2018,
“What is Moore's Law?” by Lee Bell, 28 August 2016, last visited 8 May 2018,
“Abundance: The Future Is Better Than You Think,” by Peter H. Diamandis and Steven Kotler, Free Press, 2012, Last Visited 9 May 2018
Exponential Organizations by Salim Ismail,” by Sheldon Nesdale, 21 December 2015, last visited, 8 May 2018,
“Organizations of the Future,” by Mark Looi, Medium, 9 May 2017, last visited 8 May 2018,
“Salim Ismail – Exponential Organizations,” USI Blog, 8 December 2015, last visited 8 May 2018,
The Singularity is Near: When Humans Transcend Biology, by Ray Kurzweil, Penguin, 2006,