In this week's episode of the Future of Cyber Risk podcast, David speaks with Joshua Brown, VP and Global CISO at H&R Block, who explains the importance of not being alarmist when raising risk concerns and avoiding leading a conversation with "no."

Joshua also discusses why storytelling is such a huge part of his role and shares some advice for cybersecurity professionals, including a reminder that technology is the enforcement mechanism for our solutions, not the solution itself.

Topics discussed:

• How Joshua started in philosophy and ended up at a tech desk, then building a security team.
• Signs that it's time to discard the old way of doing things for something better.
• How Joshua knows he's getting his ideas across during his meetings with board members and how that affects their desire to take risks.
• How being a good storyteller can help a CISO communicate with their team and the company.
• The importance of listening, building relationships, and understanding motivations within your team.
• Advice for cybersecurity professionals on communication, planning, and maintaining transparency.

Key Takeaways:

• Craft compelling cybersecurity narratives that resonate with stakeholders, illustrating the risks and solutions in a context that matters to them, not just from a technical perspective.
• Engage with your team regularly to understand their needs. Effective leadership in cybersecurity involves continuous learning and adaptation.
• Watch for signs that something isn’t working and see if you can try something new.
• Listen to the questions you’re being asked: they can tell you about how well you’re being understood.