How to secure budget for some key initiatives; a sales pitch to the C-Suite - Build a presentation on the increase in cyber risk to the company - Goal is to convince the C-Suite that ownership of risk needs to be at their level. You need to build a culture of security awareness throughout the organization The CISO must hone their skills as a salesperson or public relations master. Security must be sold as a crucial part of the business culture of the organization. Concise points with little to no technical information is crucial if you want to keep the level of attention of the key decision makers. Rehearse your sales pitch and keep it short. Graphs and charts with red/orange/green representing current status seem to be examples of good approaches. The absolute last thing you want to present is the number of attacks, or, for that matter, the number of anything! Talk risk, likelihood, and potential impact to the business. Speak in “businessese”.