A compass for CISOs

Build cyber resilience with exclusive interviews, insights, and inspiration from the global Black Hat MEA community. 

This week we’re focused on…

Communication. 

Because this week on the blog, two very different leaders offered a shared message: for CISOs in the future, communication will be the difference between resilience and failure. 

From fables to frameworks, here’s how Matthias Muhlert (Cyber Chef at Dr. August Oetker KG - Die Oetker-Gruppe) and Bernard Assaf (CISO at Airbus) are rewriting what it means to lead in security.

The power of metaphor 

“Metaphor isn’t decoration; it’s the elevator that still works when the stairs are on fire.” 

We asked Muhlert to talk about communication in cybersecurity, and he took it to another level – he came up with five fables about how communication really works. 

In the first fable, he warned against jargon that alienates non-technical stakeholders. A child’s dragon drawing did more to win boardroom attention than a 400-page risk register.

His point is that language shapes urgency. Metaphor moves people. And a brief, high-impact story can build bridges where alert dashboards can’t. 

Read all five fables from Muhlert over on the blog. 

Trust as strategy 

“The most valuable advice I can offer is this: strive to be someone people genuinely want to work with.” 

For Assaf, what makes a CISO effective is patience, empathy, and unwavering integrity. Whether you’re embedding secure-by-design into dev pipelines or inspiring cultural change, leadership starts with trust.

And that trust has to be earned. Make the people around you feel important; show them that their ideas matter; and be willing to admit when you don’t know something. 

Read the full interview to see how Assaf measures real cultural change. 

Building culture through stories 

Muhlert and Assaf both emphasised that strong communication isn’t just a nice thing to have on top of technical skills; it’s absolutely central to driving behavioural change and building cyber resilience. 

Muhlert said “clarity is subtraction, not translation.” 

And Assaf urged us to recognise that storytelling is a tool “to make the threats more relatable, the risks more realistic, and the message more memorable.”

Together, they encourage CISOs to lead with narratives, not frameworks – because it’s the stories that will create real, lasting change. 

We bring cybersecurity’s best communicators to Black Hat MEA 

Want to learn directly from an international lineup of CISOs who know exactly how to make their story count? 

Join Matthias Muhlert and Bernard Assaf at Black Hat MEA 2025. We can’t wait to see you there.