How do you effectively communicate cyber risks to executives and boards of directors? Not with TLAs (three letter acronyms), spreading FUD (fear, uncertainty, and doubt), or talking about the current buzzwords. Most people would agree that security needs to enable the business and identify security risks but what does that mean in real life and how can security practitioners bridge the gap between security risks and business risks? This talk will give tips on how to discuss security risks with executives and boards of directors, with the goal of enabling the business to make informed decisions on security risks.