The Security Leader’s Communication Playbook and Leading the Digital Workforce Set

The Security Leader’s Communication Playbook

Preface

xvii

Acknowledgments

xix

Author

xxi

Introduction

1

Part 1 Communication Foundational Skills

13

1 Foundational Communication Skills

15

2 People Skills

43

3 The Language of Business Risk

59

4 Company Culture

79

5 Better Business Writing

93

6 Say What? Verbal Communication Skills

119

7 Communication Superpowers

157

Part 2 Communication in the Real World

183

8 Policies, Standards, Guidelines and Procedures

185

9 T raining and Awareness

203

10 Driving Change through Metrics

217

11 The High Stakes of Incident Response Communication

235

12 Communicating with Your Team and Colleagues

249

13 Managing Up: Finding Your Boss’s Communication Style

269

14 The Board of Directors

279

15 Working with Auditors

295

16 Your Next Job

305

17 Consultants and Sales: Building and Maintaining Client Relationships

325

Appendix

341

Index 361

Leading the Digital Workforce

Preface

Acknowledgements

About the Author

Part 1: Foundations

Chapter 1 Playing the long game of leadership

Chapter 2: The average IT leader is…average

Chapter 3 Master your mindset

Chapter 4 IT leadership peak performance

Part 2: Leadership in action

Chapter 5 Starting a new job: How to thrive

Chapter 6 A crash course in strategic planning

Chapter 7 Building a high-performance team

Chapter 8 Execution and getting things done

Chapter 9 Leading from anywhere: A guide to the hybrid office

Chapter 10 Giving back: Industry leadership and the next generation of leaders

Chapter 11 Leading from the edge: The future of work

Conclusion

Appendix

Biography

Jeffrey Brown is a recognized information security and IT risk expert with a strong track record of more than two decades implementing cost-effective controls for global Fortune 500 financial institutions, including Citigroup, Goldman Sachs, GE Capital, BNY Mellon and AIG. He is currently serving as the first Chief Information Security Officer (CISO) for the State of Connecticut. Jeff is active in the information security industry as a frequent speaker at various events and conferences and is the author of multiple articles and publications. He co-Chairs the Evanta New York CISO Executive Summit and works in an advisory capacity with various events, including the Cyber Investing Summit. He is a board advisor and mentor for iQ4 in their Virtual Cybersecurity Apprenticeship Challenge, which aims to prepare some 10,000 students for the workforce and help address the security skills shortage. Jeff holds a B.A. in Journalism with an English minor and an M.S. in Publishing from Pace University. He holds multiple security certifications including CISSP-ISSMP, CISM and CRISC.

Foreword for The Security Leader’s Communication Playbook by Jeffrey W. Brown

The CISO role has evolved so rapidly in Fortune-class organizations -- from a siloed technologist to now a C-Suite leader who advises on the confluence of infosec, risk and business initiatives. Jeff Brown is among a small cohort of security leaders who have been at the forefront of this evolution.

Jeff has led security teams in Fortune 500 financial services firms and now as the first CISO for the State of Connecticut. He’s brought that experience to this book and mixed it with his humanities training – he was a journalism major before he went into infosec – to offer an invaluable perspective on how CISOs must communicate to be effective.

Communication isn’t a CISO ‘nice-to-have’ -- it’s now an essential skill. One meeting, they need to help a sales regional head understand and own risk around customer data collection processes. The next meeting, they’re briefing the board on the risk associated with a new acquisition and presenting a mitigation roadmap. CISOs must be influencers across levels of the business. Communications skills drive influential interactions.

In this book, Jeff taps into his experience and skillset to provide clear, actionable guidance on the communication skills CISOs need to connect with the business. This hands-on guide doesn’t talk abstractly about how to communicate, but instead speaks directly to CISOs’ needs and is an essential part of any CISO’s library.

"I remember having a conversation with a friend about my desire to become a security architect. He told me, "Be wary; the security realm is politically charged and full of less competent people. Everywhere he had worked had derogatory opinions on the security departments and architects." As I read this book, I couldn't help but wish that all security practitioners had access to this informative guide. Having worked in various security organizations, I have witnessed the success and failure of the security function. The common factor that distinguishes these scenarios is how well the security leadership and teams comprehend and align their work with the business objectives. This book is a valuable manual for every security practitioner who seeks to bring value to their organization. Personally, I will hold this book close to my heart as I progress in my career."

 

-- John Kuforiji PMP

Leading the Digital Workforce, focuses on being and becoming a leader. One of the core principles that many organizations I have worked with struggle with is who should be a leader. Some people truly are not cut out to be a leader. They need to gain the skills outlined in this book. These include mastering your mindset, managing emotions, and other foundational skills to help you become a leader. The author argues that anyone can improve their leadership skills and that great leaders are not necessarily born that way. For me, the concept of mastering your emotions resonated. Over the years of my career, I have found some of the skills listed in this book, including managing your emotions and mastering your mindset, to be useful tools.
 
The component or one part of the book that, in considering this book, stands out for me beyond the tools given early in the book is the concepts of worthy leaders that are incredibly useful. The first is one that I haven't seen often and that I find incredibly insightful—simply determining whether one can and should be a leader. Leaders and managers are different, but we must ask ourselves if we have the skills for a leadership role. Leaders have to find a voice that this book will help them hone. As the "employee," you must want to follow that leader. The second component that resonated with me is the concept of becoming the leader people to follow. So the first part is to ask yourself, should you be a leader? Am I ready to be a leader? The second part is combining the book and becoming a leader worth following.
 
Finally, we come to something new for me in this work—the six leadership styles. The six leadership styles based on Daniel Goleman's model are autocratic, visionary, affiliative, democratic, pacesetting, and coaching. It advises readers to adapt their style to the situation and the needs of their team. The concepts of each leadership style and applying the "right" style at the "right" time are valuable. First, as a team concept, knowing what style the leader is in at that time helps you navigate your day-to-day role. But as a leader, knowing what your style is natively allows you to move into the style your team needs. To borrow from an adage, when you are up to your neck alligators, it is not the time to question your leader.
 
All in all, I highly recommend the book Leading the Digital Workforce. It has helped me refine my views of leaders and leadership and better understand how I impact as a leader and how the leaders I work for impact me!

 

- Scott Andersen