A CISO’s Playbook for Security Comms (with Jeffrey Brown)

A CISO’s Playbook for Security Comms (with Jeffrey Brown)

From All Things Human Risk Management by Hoxhunt

October 14, 2025 · 53 min · Season 1 · Episode 7

About this episode

In this episode, Eliot Baker and Jeffrey Brown discuss a practical security communications playbook for security leaders.

Episode #7 Security leaders don’t need more slides - they need messages that move budgets, influence behavior, and reduce risk. In this episode, host Eliot Baker sits down with CISO and author ⁠Jeffrey Brown⁠ to unpack a practical security communications playbook: metrics with a job, and how to build a report-button culture without blame. What you’ll learn in this episode: How to use Bottom Line Up-Front (BLUF) to get faster decisions from executives and the board - and when not to. Turning “security talk” into business outcomes: mapping risk to revenue, resilience, and cost. Metrics that matter: designing KPIs that show behavior change, not just completion rates. Building a non-judgmental reporting culture (and why “Report > Don’t Click” works). Instant feedback loops: faster reinforcement without punishment in phishing drills. Story-first, stat-supported narratives that land across technical and non-technical audiences. Practical cadences and mediums: what to send to execs, managers, and the whole org and how often. Using analogies (brakes & airbags) to make layered defense memorable and actionable. Timestamps: (00:00) Introduction and Guest Introduction (01:25) Jeffrey…

People in this episode

Host: Eliot Baker

Guest: Jeffrey Brown

Topics covered

  • security communications
  • risk management
  • CISO
  • business outcomes
  • metrics

Keywords

  • Bottom Line Up-Front
  • KPI
  • report-button culture
  • phishing drills
  • story-first narratives

More episodes of All Things Human Risk Management

Explore listener stats, chart rankings, contacts and more on the All Things Human Risk Management podcast page.