Defense in Depth How Should CISOs Talk to the Business
4 snips
Dec 18, 2025 In this conversation with Peter Gregory, a renowned cybersecurity author, the discussion dives into effective communication tactics for CISOs. Topics include translating technical risks into tangible business impacts and using storytelling to engage executives. Gregory emphasizes the importance of trust and timing in leadership interactions. The panelists highlight the need to frame security in terms of outcomes, revenue preservation, and strategic priorities to earn buy-in. They also tackle the concept of accepting business risks consciously.
AI Snips
Chapters
Transcript
Episode notes
Frame Security As Business Outcomes
- Frame security work as business outcomes, not technical tasks.
- Explain how controls enable revenue goals like entering new markets.
Be Where The Conversation Already Is
- Arrive prepared because security is often the last voice at the table.
- Link risks to what leadership already discusses, like revenue preservation.
Borrow Messaging Skills From Marketing
- Work with marketing to learn audience framing and messaging.
- Use marketing techniques to craft security stories that resonate with leaders.