In this week’s episode of the Future of Cyber Risk podcast, David speaks with Joshua Brown, VP and Global CISO at H&R Block, who explains the importance of not being alarmist when raising risk concerns and avoiding leading a conversation with ”no.”  Joshua also discusses why storytelling is such a huge part of his role and shares some advice for cybersecurity professionals, including a reminder that technology is the enforcement mechanism for our solutions, not the solution itself. Topics discussed: How Joshua started in philosophy and ended up at a tech desk, then building a security team. Signs that it’s time to discard the old way of doing things for something better. How Joshua knows he’s getting his ideas across during his meetings with board members and how that affects their desire to take risks. How being a good storyteller can help a CISO communicate with their team and the company. The importance of listening, building relationships, and understanding motivations within your team. Advice for cybersecurity professionals on communication, planning, and maintaining transparency. Key Takeaways:  Craft compelling cybersecurity narratives that resonate with stakeholders, illustrating the risks and solutions in a context that matters to them, not just from a technical perspective. Engage with your team regularly to understand their needs. Effective leadership in cybersecurity involves continuous learning and adaptation. Watch for signs that something isn’t working and see if you can try something new. Listen to the questions you’re being asked: they can tell you about how well you’re being understood.