If I could share one lesson from my own journey, it would be this: always bring cybersecurity back to patient care and safety. When we do that, conversations shift. What once felt like an IT budget request becomes a mission-driven discussion about protecting the people we serve.  

Too often, cybersecurity is seen as technical, complicated, or just another compliance requirement. But behind every risk is a patient who depends on us. I’ve learned that leadership listens differently when we explain how a ransomware attack could delay surgery, or how a simple access gap could erode the trust of families who count on us.  

The truth is, executives are motivated by the mission, not the malware. When we show how cyber resilience enables caregivers to focus on patients without fear of disruption, support grows naturally.  

Speak the language of the mission, patient care, not just compliance. Frame every recommendation in terms of people, not just policy. Instead of saying “we need MFA for HIPAA,” try “without MFA, a stolen password could put patient records at risk and, even worse, delay critical patient care.” Multi-factor authentication is like checking a patient’s wristband before treatment—it’s a simple step that prevents serious mistakes. It’s not about fear—it’s about protecting what matters most.