Foreword for The Security Leader's Communication Playbook by Jeffrey W. Brown The CISO role has evolved so rapidly in Fortune-class organizations -- from a siloed technologist to now a C-Suite leader who advises on the confluence of infosec, risk and business initiatives. Jeff Brown is among a small cohort of security leaders who have been at the forefront of this evolution. Jeff has led security teams in Fortune 500 financial services firms and now as the first CISO for the State of Connecticut. He's brought that experience to this book and mixed it with his humanities training - he was a journalism major before he went into infosec - to offer an invaluable perspective on how CISOs must communicate to be effective. Communication isn't a CISO 'nice-to-have' -- it's now an essential skill. One meeting, they need to help a sales regional head understand and own risk around customer data collection processes. The next meeting, they're briefing the board on the risk associated with a new acquisition and presenting a mitigation roadmap.
CISOs must be influencers across levels of the business. Communications skills drive influential interactions. In this book, Jeff taps into his experience and skillset to provide clear, actionable guidance on the communication skills CISOs need to connect with the business. This hands-on guide doesn't talk abstractly about how to communicate, but instead speaks directly to CISOs' needs and is an essential part of any CISO's library. "I remember having a conversation with a friend about my desire to become a security architect. He told me, "Be wary; the security realm is politically charged and full of less competent people. Everywhere he had worked had derogatory opinions on the security departments and architects." As I read this book, I couldn't help but wish that all security practitioners had access to this informative guide.
Having worked in various security organizations, I have witnessed the success and failure of the security function. The common factor that distinguishes these scenarios is how well the security leadership and teams comprehend and align their work with the business objectives. This book is a valuable manual for every security practitioner who seeks to bring value to their organization. Personally, I will hold this book close to my heart as I progress in my career." -- John Kuforiji PMP.