By this point, most tech practitioners -- and nearly all security practitioners -- know about WannaCry. In fact, you might be sick of people analyzing it, rehashing it, sharing "lessons learned" about it, and otherwise laying out suggestions -- in some cases, contradictory -- about what you might do differently in the future. The level of unsolicited advice can border on the annoying. That said, there is one avenue that seems to be underexplored: namely, the opportunity for frank and productive discussions with executives about security goals.