Sign up to save your podcasts
Or
Share A CISO’s Playbook for Security Comms (with Jeffrey Brown)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
A CISO’s Playbook for Security Comms (with Jeffrey Brown)
Episode #7
Security leaders don’t need more slides - they need messages that move budgets, influence behavior, and reduce risk.
In this episode, host Eliot Baker sits down with CISO and author Jeffrey Brown to unpack a practical security communications playbook: metrics with a job, and how to build a report-button culture without blame.
What you’ll learn in this episode:
How to use Bottom Line Up-Front (BLUF) to get faster decisions from executives and the board - and when not to.
Turning “security talk” into business outcomes: mapping risk to revenue, resilience, and cost.
Metrics that matter: designing KPIs that show behavior change, not just completion rates.
Building a non-judgmental reporting culture (and why “Report > Don’t Click” works).
Instant feedback loops: faster reinforcement without punishment in phishing drills.
Story-first, stat-supported narratives that land across technical and non-technical audiences.
Practical cadences and mediums: what to send to execs, managers, and the whole org and how often.
Using analogies (brakes & airbags) to make layered defense memorable and actionable.
Timestamps:
- (00:00) Introduction and Guest Introduction
- (01:25) Jeffrey Brown's Background and Career Path
- (03:22) The Importance of Communication in Cybersecurity
- (06:10) Effective Cyber Awareness Strategies
- (09:12) Challenges and Solutions in Cybersecurity Training
- (25:48) The New Mandate for Security Leaders
- (26:47) Effective Communication Strategies
- (30:14) Building Influence and Relationships
- (34:11) Crisis Communication and Incident Response
- (39:34) Engaging with the Board and Continuous Improvement
Resources:
- Our guide to to deepfakes: https://hoxhunt.com/blog/deepfake-attacks
- Hoxhunt guide to managing repeat clickers: https://hoxhunt.com/blog/repeat-offenders-phishing
- How to change the narrative around security: https://hoxhunt.com/blog/changing-the-security-narrative
Host links:
- Eliot Baker: https://www.linkedin.com/in/eliotebaker/
- Jeffrey Brown: https://www.linkedin.com/in/jeffreywbrown
****
All Things Human Risk Management is a Hoxhunt Original Podcast.
Hoxhunt is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.
Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.
Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.
View all episodes
By HoxhuntEpisode #7
Security leaders don’t need more slides - they need messages that move budgets, influence behavior, and reduce risk.
In this episode, host Eliot Baker sits down with CISO and author Jeffrey Brown to unpack a practical security communications playbook: metrics with a job, and how to build a report-button culture without blame.
What you’ll learn in this episode:
How to use Bottom Line Up-Front (BLUF) to get faster decisions from executives and the board - and when not to.
Turning “security talk” into business outcomes: mapping risk to revenue, resilience, and cost.
Metrics that matter: designing KPIs that show behavior change, not just completion rates.
Building a non-judgmental reporting culture (and why “Report > Don’t Click” works).
Instant feedback loops: faster reinforcement without punishment in phishing drills.
Story-first, stat-supported narratives that land across technical and non-technical audiences.
Practical cadences and mediums: what to send to execs, managers, and the whole org and how often.
Using analogies (brakes & airbags) to make layered defense memorable and actionable.
Timestamps:
- (00:00) Introduction and Guest Introduction
- (01:25) Jeffrey Brown's Background and Career Path
- (03:22) The Importance of Communication in Cybersecurity
- (06:10) Effective Cyber Awareness Strategies
- (09:12) Challenges and Solutions in Cybersecurity Training
- (25:48) The New Mandate for Security Leaders
- (26:47) Effective Communication Strategies
- (30:14) Building Influence and Relationships
- (34:11) Crisis Communication and Incident Response
- (39:34) Engaging with the Board and Continuous Improvement
Resources:
- Our guide to to deepfakes: https://hoxhunt.com/blog/deepfake-attacks
- Hoxhunt guide to managing repeat clickers: https://hoxhunt.com/blog/repeat-offenders-phishing
- How to change the narrative around security: https://hoxhunt.com/blog/changing-the-security-narrative
Host links:
- Eliot Baker: https://www.linkedin.com/in/eliotebaker/
- Jeffrey Brown: https://www.linkedin.com/in/jeffreywbrown
****
All Things Human Risk Management is a Hoxhunt Original Podcast.
Hoxhunt is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.
Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.
Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.