The Security Leader’s Communication Playbook
Bridging the Gap between Security and the Business
- Available for pre-order. Item will ship after September 13, 2021
This book is for cybersecurity leaders across all industries and organizations. It is intended to bridge the gap between the data center and the board room. This book examines the multitude of communication challenges that CISOs are faced with every day and provides practical tools to identify your audience, tailor your message and master the art of communicating. Poor communication is one of the top reasons that CISOs fail in their roles. By taking the step to work on your communication and soft skills (the two go hand-in-hand), you will hopefully never join their ranks. This is not a “communication theory” book. It provides just enough practical skills and techniques for security leaders to get the job done. Learn fundamental communication skills and how to apply them to day-to-day challenges like communicating with your peers, your team, business leaders and the board of directors. Learn how to produce meaningful metrics and communicate before, during and after an incident. Regardless of your role in Tech, you will find something of value somewhere along the way in this book.
Table of Contents
Chapter 1: Foundational Communication Skills.
Chapter 2: People Skills.
Chapter 3: The language of business risk.
Chapter 4: Company Culture.
Chapter 5: Better Business Writing.
Chapter 6: Say what? Verbal Communication Skills.
Chapter 7 Communication superpowers.
Chapter 8: Policies, Standards, Guidelines and Procedures.
Chapter 9: Training & Awareness.
Chapter 10: Driving change through metrics.
Chapter 11: The High stakes of incident response communication.
Chapter 12: Communicating with your team and colleagues.
Chapter 13: Managing up: Finding your boss’s communication style.
Chapter 14: The Board of Directors.
Chapter 15: Working with auditors.
Chapter 16: Your next job.
Chapter 17: Consultants and sales: Building and Maintaining Client Relationships.
Conclusion and key takeaways.
Jeffrey Brown is a recognized information security and IT risk expert with a strong track record of more than two decades implementing cost-effective controls for global Fortune 500 financial institutions, including Citigroup, Goldman Sachs, GE Capital, BNY Mellon and AIG. He is currently serving as the first Chief Information Security Officer (CISO) for the State of Connecticut. Jeff is active in the information security industry as a frequent speaker at various events and conferences and is the author of multiple articles and publications. He co-Chairs the Evanta New York CISO Executive Summit and works in an advisory capacity with various events, including the Cyber Investing Summit. He is a board advisor and mentor for iQ4 in their Virtual Cybersecurity Apprenticeship Challenge, which aims to prepare some 10,000 students for the workforce and help address the security skills shortage. Jeff holds a B.A. in Journalism with an English minor and an M.S. in Publishing from Pace University. He holds multiple security certifications including CISSP-ISSMP, CISM and CRISC.
Foreword for The Security Leader’s Communication Playbook by Jeffrey W. Brown
The CISO role has evolved so rapidly in Fortune-class organizations -- from a siloed technologist to now a C-Suite leader who advises on the confluence of infosec, risk and business initiatives. Jeff Brown is among a small cohort of security leaders who have been at the forefront of this evolution.
Jeff has led security teams in Fortune 500 financial services firms and now as the first CISO for the State of Connecticut. He’s brought that experience to this book and mixed it with his humanities training – he was a journalism major before he went into infosec – to offer an invaluable perspective on how CISOs must communicate to be effective.
Communication isn’t a CISO ‘nice-to-have’ -- it’s now an essential skill. One meeting, they need to help a sales regional head understand and own risk around customer data collection processes. The next meeting, they’re briefing the board on the risk associated with a new acquisition and presenting a mitigation roadmap. CISOs must be influencers across levels of the business. Communications skills drive influential interactions.
In this book, Jeff taps into his experience and skillset to provide clear, actionable guidance on the communication skills CISOs need to connect with the business. This hands-on guide doesn’t talk abstractly about how to communicate, but instead speaks directly to CISOs’ needs and is an essential part of any CISO’s library.