In this week's episode of the Future of Cyber Risk podcast, David speaks with Joshua Brown, VP and Global CISO at H&R Block, who explains the importance of not being alarmist when raising risk concerns and avoiding leading a conversation with "no."
Joshua also discusses why storytelling is such a huge part of his role and shares some advice for cybersecurity professionals, including a reminder that technology is the enforcement mechanism for our solutions, not the solution itself.
Topics discussed:
- How Joshua started in philosophy and ended up at a tech desk, then building a security team.
- Signs that it's time to discard the old way of doing things for something better.
- How Joshua knows he's getting his ideas across during his meetings with board members and how that affects their desire to take risks.
- How being a good storyteller can help a CISO communicate with their team and the company.
- The importance of listening, building relationships, and understanding motivations within your team.
- Advice for cybersecurity professionals on communication, planning, and maintaining transparency.
Key Takeaways:
- Craft compelling cybersecurity narratives that resonate with stakeholders, illustrating the risks and solutions in a context that matters to them, not just from a technical perspective.
- Engage with your team regularly to understand their needs. Effective leadership in cybersecurity involves continuous learning and adaptation.
- Watch for signs that something isn’t working and see if you can try something new.
- Listen to the questions you’re being asked: they can tell you about how well you’re being understood.