The new SEC Cyber Rules requiring public companies to disclose the cybersecurity expertise of members of the board of directors open up new opportunities for CISOs interested in corporate board director roles.
In this piece we're highlighting findings from our CISOs as Board Directors, CISO Board Readiness Analysis.
The underlying report, fielded together with Artico Search and The CAP Group provides key insights and actionable guidance for both companies and aspiring board ready CISOs.
The Value of CISO Board Directorships
Board directorships are an excellent way for CISOs to use their experience to serve companies in a governance capacity, as well as an opportunity to broaden their network and build professional prestige.
We break down the process for CISOs pursuing board positions into three steps:
- Assessing board readiness by considering possession of hard board traits and soft skills.
- Filling in potential experience and skill gaps to stand out as a board candidate.
- Building a personal brand to get noticed in a business and governance context.
How to Assess CISO Board Readiness
As a CISO, it is important to understand how your skills and background align with the requirements for board directorships, which fall into two broad categories: The first looks at background and experiences that make up “board traits” and
the second looks at soft skills.
1. Reviewing background and experiences: Our research found five overarching attributes, or board traits, that make CISOs appealing board candidates—infosec tenure, noncyber experience, scale, higher education and diversity. CISOs possessing four
or more of these traits will rank highly as board candidates. However, only 14% of R1000 CISOs fall in this group of ideal candidates. Following this group are those owning 3 board traits, which represents 33% of R1000 CISOs. Figure 1 describes the
underlying traits and metrics that CISOs can use to assess their profiles.
2. Evaluating soft skills: While board traits serve as the hard criteria for shortlisting cyber expert board candidates, soft skills are equally important and assessed in competency-based candidate interviews.
As board directors, CISOs must be capable of providing governance guidance; standing their ground alongside business executives; and demonstrating proficiency in influence, persuasion, empathy, relationship management, active listening and clarity of
messaging.
One way for CISOs to gauge their soft skills is by evaluating their relationships with their company’s executives and board of directors. CISOs who actively participate in C-suite and board meetings and who have developed a deep understanding of
individuals’ agendas generally exhibit strong soft skills. However, most CISOs do not fall in that category.
How to Fill in CISO Board Readiness Gaps
For CISOs who need to up-level their board traits and/or soft skills, we recommend a three-tiered improvement plan based on which type of candidate CISOs profile as—emerging, strong or ideal:
- Emerging candidates should focus on experience diversification: These CISOs possess fewer than three board traits. Their options to up-level include diversifying their experiences in terms of the industry or global companies, seeking noncyber experiences
such as in a strategic or consultative role or by investing in an advanced education like an MBA.
- Strong candidates should polish their soft skills: This group possesses three out of five board traits. By investing in their soft skills, financial literacy and executive presence, they will better prepare themselves for new leadership opportunities
including board directorships.
- Ideal candidates should consider getting board certified: These CISOs possess four or all five board traits. To stand out even more, we recommend they seek out trusted certification programs available to executives interested to join boards such
as from National Association of Corporate of Directors and major universities. These programs provide not only valuable credentials, but also help provide valuable knowledge required for board directors that are often not commonly encountered by executives.
Building a CISO Personal Brand
CISOs, though part of a tight-knit community, may not be widely recognized outside of cyber circles. To expand their visibility and exposure, CISOs should focus on:
- Keeping an updated LinkedIn profile: CISOs should ensure their LinkedIn profile is complete, up to date and visible to the public. A comprehensive profile that highlights your education, certifications and career experiences can help stand out
and attract attention.
- Crafting a compelling career story: In addition to a standard resume or LinkedIn profile, CISOs should develop a career story that focuses on the key decisions, successes, failures and pivotal moments that shaped their professional journey. It
should emphasize the influential people they encountered, including mentors and influencers.
- Cultivating a diversified network: Actively seeking relationships with noncyber executives allows CISOs to gain fresh perspectives, expand their reach and build a well-rounded professional network.
By focusing on these areas, CISOs can enhance their personal brand, increase their visibility beyond the cyber community and have a greater impact in their field.
“Be honest and self-aware when assessing your readiness to serve. Solicit coaching from experienced board directors when defining your game plan. The transition to the board is significant, so plan methodically for the long haul.”
- Brian Walker, Founder, CEO, The Cap Group
Find additional research-backed findings and recommendations on the preferred traits of candidates for companies and aspiring board-ready CISOs to be prepared for the new SEC Cyber rules. Download the CISOs as Board Directors, CISO Board Readiness Analysis.
Get in touch to learn more about IANS professional development options for you or for members of your team.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.