Episode Details

⬥EPISODE NOTES⬥

What happens when a cybersecurity professional knows exactly what's wrong but can't get anyone to act on it? It's a problem that affects security teams across every industry, and it's the central question driving Josh Mason's new book, Speaks Security with a Business Accent. In this conversation, Josh Mason joins Sean Martin to unpack why technical accuracy alone doesn't move the needle and what it takes to communicate security in terms the business actually understands.

Josh Mason brings a perspective shaped by years as an Air Force pilot and cyber warfare officer, where mission-first thinking wasn't optional, it was survival. As a safety officer, he studied aircraft mishaps, analyzed black box recordings, and learned that risk awareness doesn't mean risk paralysis. The same philosophy, he argues, applies to cybersecurity: teams can acknowledge risk without letting fear of failure prevent them from supporting the mission. Drawing from books like Dale Carnegie's How to Win Friends and Influence People, The Phoenix Project, and The Goal, Josh Mason structured his own book as a narrative, telling the story of a CIO who transforms a disconnected security team into one that communicates effectively with colleagues, leadership, the board, and eventually beyond the organization.

A recurring theme in this conversation is the danger of perfection as the enemy of progress. Josh Mason uses the Iron Man analogy of building an imperfect prototype, flying it, learning from the failure, and iterating, to argue that security teams need to embrace a similar mindset. DevOps teams have already adopted this approach, and security can learn from it. Inaction for perfection's sake, he warns, isn't going to get anyone anywhere.

The conversation also examines whether the cybersecurity industry does enough to learn from its own incidents. Unlike aviation, where the FAA and NTSB mandate rigorous post-incident analysis, cybersecurity lacks a centralized authority enforcing that same discipline. Organizations like MITRE, Verizon, and Mandiant publish valuable trend reports, and the data is there for those willing to use it, but it ultimately comes down to individual responsibility and leadership within each organization.

For anyone who has ever felt technically right but strategically sidelined, this conversation offers a practical lens on bridging the gap between what security teams know and what the business needs to hear.

⬥GUEST⬥

Josh Mason, Author of Speaks Security with a Business Accent | Air Force Veteran, Cybersecurity Professional, and Founder of Noob Village | Website: https://www.mason-sc.com | On LinkedIn: https://www.linkedin.com/in/joshuacmason/

⬥HOST⬥

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

⬥RESOURCES⬥

Speaks Security with a Business Accent by Josh Mason | https://www.mason-sc.com
The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/
More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast
Redefining CyberSecurity Podcast on YouTube |

Listen Now