Building a Risk Narrative: Gary Hayslip’s Cybersecurity Playbook for Executives

In this episode of CyberOXtales, host Neatsun Ziv, CEO of OX Security, sits down with Gary Hayslip, CISO at SoftBank Investment Advisors, to explore how CISOs can build risk narratives that influence business decisions. Gary shares lessons from his experience in five CISO roles and emphasizes why cybersecurity leaders must act as business executives first. He outlines how to align strategy with operations, engage with boards through compelling storytelling, and maintain peer-driven situational awareness in a fast-moving threat landscape.

About Our Guest:

Gary Hayslip is the Chief Information Security Officer at SoftBank Investment Advisors (the Vision Fund). With a career spanning more than two decades, including roles in both government and private sectors, Gary has led security teams at Webroot, the City of San Diego, and more. He’s a systems thinker with a strong operational background rooted in his military service and is known for his strategic approach to cybersecurity leadership.

Connect with Gary: LinkedIn

Key Takeaways:

• CISOs are Business Executives First – Gary emphasizes that cybersecurity leadership today is about managing risk, enabling operations, and supporting business goals.
• Build a Tailored Risk Narrative – A one-size-fits-all story doesn’t work. Risk narratives must reflect the unique needs, operations, and regulatory context of the business.
• Storytelling Drives Strategy – Gary uses risk/threat matrices, control frameworks like NIST CSF, and ongoing assessments to communicate a clear story to executive teams.
• Peer Networks are Essential – Active engagement with fellow CISOs helps benchmark strategy and adds credibility in boardroom discussions.
• Balance Ops and Strategy – Mornings are for operational awareness; the rest of the day is for strategic collaboration, reporting, and forward-looking planning.