A former Homeland Security chief is advising security professionals to avoid overwhelming organizations’ directors with excessive detail if they want to make strong, compelling cases for improving cybersecurity.