A CISO’s Playbook for Security Comms (with Jeffrey Brown)

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/2c/75/10/2c751067-115e-8f9c-e3c0-37b520066400/mza_12906314327932823493.jpg/600x600bb.jpg

All Things Human Risk Management

Hoxhunt

8 episodes

1 week ago

All Things Human Risk Management is the essential podcast for cybersecurity professionals seeking to strengthen their organization's human defenses. Get actionable insights on emerging threats, behavioral science, and data-driven training techniques to transform your employees from your biggest risk into your strongest defense.

Technology

RSS

All content for All Things Human Risk Management is the property of Hoxhunt and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43323265/43323265-1742826811416-7e0944dae7173.jpg

A CISO’s Playbook for Security Comms (with Jeffrey Brown)

All Things Human Risk Management

52 minutes 53 seconds

1 month ago

A CISO’s Playbook for Security Comms (with Jeffrey Brown)

Episode #7

Security leaders don’t need more slides - they need messages that move budgets, influence behavior, and reduce risk.

In this episode, host Eliot Baker sits down with CISO and author ⁠Jeffrey Brown⁠ to unpack a practical security communications playbook: metrics with a job, and how to build a report-button culture without blame.

What you’ll learn in this episode:

How to use Bottom Line Up-Front (BLUF) to get faster decisions from executives and the board - and when not to.
Turning “security talk” into business outcomes: mapping risk to revenue, resilience, and cost.
Metrics that matter: designing KPIs that show behavior change, not just completion rates.
Building a non-judgmental reporting culture (and why “Report > Don’t Click” works).
Instant feedback loops: faster reinforcement without punishment in phishing drills.
Story-first, stat-supported narratives that land across technical and non-technical audiences.
Practical cadences and mediums: what to send to execs, managers, and the whole org and how often.

Using analogies (brakes & airbags) to make layered defense memorable and actionable.

Timestamps:

(00:00) Introduction and Guest Introduction
(01:25) Jeffrey Brown's Background and Career Path
(03:22) The Importance of Communication in Cybersecurity
(06:10) Effective Cyber Awareness Strategies
(09:12) Challenges and Solutions in Cybersecurity Training
(25:48) The New Mandate for Security Leaders
(26:47) Effective Communication Strategies
(30:14) Building Influence and Relationships
(34:11) Crisis Communication and Incident Response
(39:34) Engaging with the Board and Continuous Improvement

Resources:

Our guide to to deepfakes: ⁠⁠https://hoxhunt.com/blog/deepfake-attacks⁠⁠
Hoxhunt guide to managing repeat clickers: ⁠⁠⁠https://hoxhunt.com/blog/repeat-offenders-phishing
How to change the narrative around security: https://hoxhunt.com/blog/changing-the-security-narrative

Host links:

Eliot Baker:⁠⁠⁠⁠ ⁠https://www.linkedin.com/in/eliotebaker/⁠⁠⁠⁠⁠
Jeffrey Brown:⁠ ⁠⁠⁠https://www.linkedin.com/in/jeffreywbrown

****

All Things Human Risk Management is a Hoxhunt Original Podcast.

⁠⁠⁠⁠Hoxhunt⁠⁠⁠⁠⁠ is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.

Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.