It's one thing to agree to add some new tools, methods to your existing paradigm. It's the whole other story to adopt externally acquired set of believes.
Here is an example when such case can be successful: a new guy fresh out of training school just got placed in a trench on the frontlines to hold a firing position. and not just any position somewhere: he is in the middle of a fierce firefight with bullets whistling near by, blasts of incoming mortar fire and enemy artillery shells. How fast do you think the new guy will absorb everything from the guy next to him, who's been surviving on this position for a month? I bet the knowledge transfer will start instantly and those skills and decision making criteria will be engrained in the rookie's brain forever.
We are not that demanding as we are not in the trenches, nevertheless cybersecurity situation is much closer to warfare than to IT Ops. Many, if not all of us, have come into cybersecurity from IT Ops and Networking: the world fully controlled by its wizards "in white robes back in the days", service availability and response times. In cybersecurity domain you are dealing with a hostile external actor whom you can't control. There are only two things you can control: your position and your readiness to engage (not psychological, but all encompassing readiness: skills, equipment, authorizations to engage). You can anticipate actions of your adversary with high degree of certainty based on how they engaged in the past, what your position looks like and tailor your preparations, however, it's not written in stone and your adversary might get unexpected re-enforcements.
Anything which might come across as too radical or too demanding in BRSE is there for a reason. Think about those items, read up on them; the author of BRSE tries his best to provide rationale and context for the core concepts through his blog. You have to be able to stand firmly behind these principles and you should be able to explain and defend them as your own. One of the challenges you will face, surprisingly, is internal as you will be told: " but such and such standard or guidance does not say this or says something opposite". You have to have your own rationale and defend your position with conviction and clarity.
If you face resource constrains on your transition journey which prohibit you from implementing some BRSE practices, be transparent about that, calculate the consequences, escalate. Don't just come up with the shortcut and forget about it. BRSE was designed to overcome existing industry challenges, it's a functional hands-on system. If something is not implemented, it means that your cybersecurity is deficient in that area. Lack of resources is at least a valid excuse, lack of research is not.
Good Luck!
Keep reading and researching resources of BRSE, the relationship between them until they become fundamental to your decision making.
The list is too long thus we have a separate page dedicated to them.
Develop a new cybersecurity program for which only use new terms which make decision making rational and coherent.
Pick an IT Estate for the new team and draft up a new BRSE-compliant team: roles, hiring process. Get it on paper.
Adopt BRSE-type breach response concept on paper for the new team only. New team should be coming in and acting the plan out. No legacy.