This episode of Life of a CISO is all about communication. If you went to a doctor and he said, “you’re fine, keep doing what you’re doing,” that’s good news...but only if that’s true. A doctor is supposed to give you guidance on how to stay healthy, and to be honest with you about where you are falling short. In the same way, a CISO’s job is not to pat executives on the back and say everything is fine, but also not to scare them. A CISO must communicate what the top threats are, how to deal with them, and what are the costs and risks. A CISO’s job is not to try to fix every single problem, because that would take an infinite budget and cripple functionality; it’s up to the CISO to explain that the top threats are, and what other threats exist, but aren’t a top priority. That way, the executives are aware that cybersecurity is never “fixed,” but the CISO is on top of things, fixing the top issues and being aware of other threats.