Smart money says in the debate between information security as a cost center or a business enabler, it's an enabler. Pull the infosec thread and a lot of organizational factors can line up. Not just infosec policies and practices but business strategy, department goals, organizational culture, and customer and supplier relationships.

But the "department of no" infosec conversations won't get you there, so how do you change the conversation?

My guest this week, Rick Dudek, knows the technical, people and business aspects of information security. Most importantly, he knows how to change the conversation to get people on the same page - even on new pages. Here are some of my favorite moments from our conversation:

2:20 - Rick's definition of getting on the same page

10:49 - The use of infosec metrics to support behavior change

16:13, 21:26 - Talking to internal customers about information security in business, not technical terms 

27:00 - The importance of delivering information in context to create behavior change

31:57 - Digital everything damages human interaction and communication, at a cost to the organization

36:40 - Venn Diagrams and recontextualizing information

43:26 - "I read the policy. But what does it mean?"

50:31 - Information security as part of the value equation of business currency