What Your CISO Can Learn From Logan Paul vs Floyd Mayweather

Logan Paul and his brother Jake Paul are what you could call social media celebrities. They amassed over 20 million followers across YouTube, Vine, Instagram, and others over the years through different types of content, sketches, and pranks. 

To anyone over the age of 35, they probably are considered a fad, forgettable, a representation of all that is wrong with the “youth” these days – if they know of them at all. 

So, how is it that the older brother, Logan, who has had only one “professional” boxing match under his belt against fellow YouTuber KSI, was able to get into the ring with one of this generation’s greatest boxers, Floyd Mayweather who has never lost professionally in 50 fights? Not only was Logan able to get into the ring against Floyd, but he made $20m for the exhibition bout.

A fact that was not lost on UFC’s heavyweight champion Francis Ngannou who was probably just as confused as the rest of us. 

It’s crazy to think that Logan Paul (0-1) just made $20M on a boxing exhibition. WHAT ARE WE DOING WRONG? – Francis Ngannou

It’s not difficult to empathize with Francis. He’s spent his life dedicated to perfecting his art, sacrificing much along the way to become the heavyweight champion, yet probably doesn’t make $20m in a year, let alone in one fight. 

Bring your own audience

The fact of the matter is that boxing skill had nothing to do with the payout. Logan Paul spent years building up an audience. A fanbase that was willing to follow him wherever he went – even if it was to something as far away from where he started as boxing. 

If you break it down, you can say, Logan Paul got paid around $1 for every fan he got to tune into the event. 

At the end of the day, the fight game is a business, you could be the best fighter in the world, but if no-one cares about you, and you can’t bring people to see the event, you won’t be particularly successful financially compared to someone less skilled, but able to draw a crowd. 

Who cares about the CISO?

I feel that within this, is a crucial message on building a relationship with your audience. In the case of Logan Paul, this is his fanbase, and there’s a relationship of entertainment. Not many of Logan Paul’s fans will jump in to say he is the best boxer in the world, but many will agree that he is entertaining. And that’s the relationship that has been built. 

Now contrast this with a CISO, or a security department within an organisation. The ‘audience’ in this case would be all the employees / colleagues within the organisation. What kind of relationship has that CISO formed with their audience? 

Is the security team perceived as the Department of No? Or is it a team with whom the rest of the organisation feels they have a good relationship with?

Security teams need to understand that empathy is critical to building relationships. So, content, not just security awareness related, but also policies, and other documentation needs to resonate with people. It needs to engage them, and more importantly, feel relevant. 

In the past year or so, we’ve seen many examples of simulated phishing attacks go wrong and anger employees. Maybe the phishing template was the wrong one to use – but I believe, more importantly, the relationship between the security team and the organisation wasn’t built. Had there been a good relationship, then those very same simulated phishes would have been received very differently. 


As a thought experiment, let’s look at things like this. If the security team, the CISO, (you, if you work in security) asked your employees for something, or wanted support for an initiative – without forcing them, how many would follow? 

It doesn’t matter that you don’t have an audience of 25m like the Paul brothers, whether it’s only 250 people in your organisation, or 25,000, the question remains the same. If you don’t have a relationship with them built on trust, empathy, and understanding, then you too could be sitting there like the UFC heavyweight champ wondering how despite all your technical expertise and skill have been overshadowed by a social media celebrity.

*** This is a Security Bloggers Network syndicated blog from Javvad Malik authored by j4vv4d. Read the original post at:

Secure Coding Practices