CISO Series Podcast I Just Can’t Communicate With the Business. I’ve Tried Condescension AND Derision.
Aug 19, 2025
Gary Chan, CISO at SSM Health and a master of security mentalism, dives into the intricate world of cybersecurity communication. He discusses the challenges CISOs face when transitioning from tech to business dialogue. Gary emphasizes that storytelling is key to articulating cybersecurity's business impact. He also highlights the importance of influence over authority and shares insights on navigating decision-making with incomplete information. Personal anecdotes reveal how effective communication can trump technical skills in leadership.
AI Snips
Chapters
Books
Transcript
Episode notes
Prefer Decisive 70% Plans
- Commit to a 70% plan and execute decisively rather than waiting for perfection.
- Accept pivots when new information arrives but avoid second-guessing past decisions.
Quantify Uncertainty With Probability Trees
- Use probability trees to convert uncertainty into a defensible decision.
- Writing outcomes and probabilities makes you more confident to act under ambiguity.
Announce Contingencies And Signals
- Admit possible failure modes and define clear signals to know when to change course.
- Tell your team what would make you realize a decision was wrong and how you'll respond.
