Cybersecurity and privacy issues currently dominate tech public policy debate. Lobbyists, politicians, and academia are shaping the legal frameworks and regulatory requirements with which CISOs must eventually comply; this means security leaders should be playing a larger role in the earliest stages of public policy development. This report identifies the five major public policy issues that security and risk leaders need to understand and provides concrete ways to influence the legislative agenda.