I like his no-nonsense approach. The focus on the business financial impacts is so well emphasized. So is the intangible effect of security: if it can't be seen, business people don't get it. You have to translate security in terms of financial impact; you have to talk business people talk. We tend to forget how the business exists to make money, not make IT geeks (like me) happy.