The New CISO Podcast

Episode 3: What It Means to Be an Honest Broker

As a former CISO in Hanover Insurance Group, Brian Haugli shares what it means to be an honest broker in the context of security leadership, which might be better described as an agent of trust and transparency for a business. Brian and Steve Moore talk about strategies for delivering the right message to executives and the Board, the learning opportunities that come with candor and the honest truth about managing the inherent stress of the position.

Is there a core of bad leadership in information security?

Not everyone is born to be a leader. It’s something that you’re born with that type of capability. If you look back at like type A/type B personalities, a lot of security folks are the type B, and there’s nothing wrong with that, but there’s a different level of getting leadership out of that, that isn’t as natural for them as somebody who is a type A, an outgoing type of a person.

Listen as Steve and Brian discuss whether there are truly ‘bad leader in InfoSec’, as well as:

  • Transitioning from a small to a large team
  • Starting your own cybersecurity business
  • Where is the biggest skills or knowledge gap in running a cybersecurity program
  • How would an honest broker deliver their message to executive leadership?
  • Is executive leadership really interested in the truth about cybersecurity?
  • The worst archetype of a CISO
  • Doing more with less

Check out the full episode here, and if you like the show, remember to review, rate us and subscribe to get new episodes when they drop.

Listen and Subscribe

iTunes Button (via NiftyButtons.com) Listen on Google Play Music Listen on Spotify RSS Feed


More About Brian Haugli

Brian Haugli is a partner at Side Channel Security, a consulting firm in the Boston area. Previously VP and chief security officer for The Hanover Insurance Group, he’s a seasoned security leader who’s held numerous roles within the federal government responsible for strategic initiatives involving cybersecurity and information risk management.