Dr. Dennis E. Leber is a dynamic cybersecurity executive whose journey spans military service, academia, and leadership across healthcare and education sectors. His people-centric, strategically aligned approach to cybersecurity—championed through initiatives like Security Preparedness and Response (SPAR)—exemplifies modern leadership in the space.
Recently, we had a brief chat with him to learn more about his perspective on cybersecurity. He feels the practice has seen little evolution over the last 20 years, with teams struggling to communicate and CISOs often being trapped in limited roles.
In addition to his blog, The Cybersecurity Doctor Is In, he is a frequent guest on industry podcasts and media.
As a guest author on Innovate, he shares insights on cybersecurity, career trajectory, board engagement, and aligning security with business goals.
Cybersecurity’s Stalled Evolution
Over the last 20 years, cybersecurity hasn’t evolved nearly as much as it should have. We’re still relying on the same playbook, talking about pen testing, risk registers, and CVE scores.
The problem? That language doesn’t mean anything to the rest of the business.
CISOs may have “Chief” in their title, but too often the role still sits under IT or another department. Without speaking in business terms, we’ll never be recognized as true business leaders.
Why Language Matters
Executives don’t think in CVEs or vulnerabilities. They think in dollars, productivity, and outcomes.
As CISOs, our challenge is translation. Instead of:
- “We have a zero-day vulnerability with a CVE score of 9.0.”
We should be saying:
- “If this system goes down, our timekeeping platform fails, and we lose $3.3M a day in unbilled work.”
That shift changes everything.
Case Study: Beretta
I saw this firsthand while consulting with Beretta.
A cyberattack shut down their Tennessee plant. Because we’d prepared, they were able to respond quickly and strategically:
- They knew to call me immediately.
- We’d already conducted business impact analysis, tabletop exercises, and disaster recovery training.
- Most importantly, they had run the numbers: every minute of downtime cost $3 million.
That simple business metric reframed the conversation. Suddenly, cybersecurity wasn’t just a technical issue—it was about protecting millions of dollars in revenue every single minute.
Cybersecurity Is Industry-Agnostic
Over the years, I’ve led cybersecurity across healthcare, finance, manufacturing, higher education, and government. One truth stands out:
Cybersecurity fundamentals don’t change.
What changes is the language of the business.
Each industry has unique processes, risks, and priorities but they all share the need for leaders who can translate security into terms that decision-makers understand.
Engaging with the Board
So how do CISOs start building stronger communication with boards?
- Start early. Don’t wait for quarterly meetings. Request one-on-one conversations.
- Ask questions. What do they care about? How do they prefer to receive information? What hasn’t worked before?
- Adapt. Some leaders want numbers, others want narratives. Meet them where they are.
- Show ownership. Position cybersecurity as integral to business success, not a separate agenda.
Think of yourself as a translator—converting risk into business language that drives decisions.
Why I Write About This
The inspiration for publishing education, speaking, and behind my newsletter, The Cybersecurity Doctor Is In, is simple: I want to pass on the lessons I’ve learned so the next generation of cybersecurity leaders can move our industry forward.
Universities, MBA programs, and law schools still dedicate little time to cybersecurity, even though it can shut a business down overnight. That has to change. Until then, it’s on us to educate, advocate, and lead.
A Call to Action for CISOs
We don’t earn our seat at the table by demanding it. We earn it by speaking the same language as the business and proving that cybersecurity is a growth enabler, not just a cost center.
The next time you brief your board, ask yourself: Am I talking about vulnerabilities and scores—or about dollars, customers, and outcomes?
That answer makes all the difference.
About the Author
Recognized as a Global Top 100 CISO, Dr. Dennis E. Leber is a transformational cybersecurity executive, driving innovation across healthcare and government sectors, with over two decades of industry expertise. He is passionate about mentoring future professionals and advancing the field through collaboration, education, and innovation.