Careers, Leadership

Achieving Security Buy-in: Change Approach, Not Culture – David Nolan – CSP #30

We need the organization to support the cybersecurity initiatives and thus we try to influence the organization to support these goals for the protection of the organizational assets. If we are failing, is it that the organization did not ‘get it’ or was it our approach? Join this podcast to learn how to achieve that buy-in.

To view the article from the CISO COMPASS Book that sparked this interview, please visit:

Nolan, D. 2019. Achieving Security Buy-In: Change the Approach, Not the Culture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 470. Fitzgerald, T. CRC Press, Boca Raton, Fl.

This segment is sponsored by Cybereason. Visit to learn more about them!

Sponsored By

Full episode and show notes


David Nolan
David Nolan
Vice President, Information Security at Aaron's

As the Vice President, Information Security at Aaron’s; David is accountable for information security and risk leadership, strategy, budget, and operational excellence. He is a servant-leader and mentor to a high-performing team of information security professionals and leaders covering Application Security, Incident Response, Governance Risk and Compliance, Emerging Technology Security, Endpoint protection and Information Protection.

David has over 20 years in the information technology industry in various roles. He has previously served as a Manager of the Threat, Attack and Penetration testing services team, Application Security Architect, deployment manager, and various lead developer roles for Caterpillar Inc. He has additionally held positions at companies including State Farm Insurance and the Central Intelligence Agency.


Todd Fitzgerald
Todd Fitzgerald
Vice President, Cybersecurity Strategy at Cybersecurity Collaborative
prestitial ad