Information Security Officers (ISO) and support staff are acutely aware of the wide variety of technical risks that come from configuration and management of systems, integrations, monitoring, vulnerability management, and more. Coupled with the ever-increasing and sophisticated threat landscape, security professionals are pushed to do more, often with less resources. Therefore, it is critically important to be able to translate cybersecurity risks into business terms and impacts for executives that make investment decisions, and who ultimately must determine what is an acceptable level of business risk. This session focuses on the ways cybersecurity staff can effectively communicate with non-technical executives in such a way that the potential business risks and impacts are clear and understood, and that support decision-making for investments in cyber programs.