C.J. May's article addresses the multifaceted role of a Chief Information Security Officer (CISO), emphasizing the importance of balancing technical security measures with business objectives. A CISO is not only responsible for advocating good security practices but also for understanding the broader domains of cybersecurity, such as governance, risk assessment, and user education, among others. The article highlights the necessity for CISOs to communicate effectively with business leaders to align security priorities with business goals, considering the potential impact on productivity and profit. It stresses the importance of cultivating a security-minded culture within the organization, where employee awareness and engagement play crucial roles in mitigating risks. Furthermore, the article advises using cybersecurity frameworks to advance an organization's technical maturity while cautioning against a box-ticking approach and emphasizing the need for periodic reassessment of cybersecurity priorities. Ultimately, the piece underscores that successful information security relies on a unified effort across the business, advocating for both technical and cultural initiatives to protect data and support business success.