CISO turnover rates are legendary, so let’s say you’re one of the many job-hunting CISOs, and you have two or three targets on your short list. Or maybe you’re being recruited by a prospective employer to be their next CISO. Or you’re a security exec looking to move up to the CISO level. Or you’re just trying to benchmark how your board stacks up when it comes to security. One of the first things to consider is the security mindset of the company’s board of directors.
While the board doesn’t manage day-to-day security activities, it does set the culture, it signs off on financial and policy decisions related to cybersecurity, and it is ultimately responsible if there’s a breach.
So, how do you tell if a board is cybersecurity savvy? What are the traits to look for?
1. Does the board have at least one security expert?
Some companies have chosen to put a designated security guru on their boards, but William Guenther, head of the non-profit Advanced Cyber Security Center, says that’s merely a first step on the road to having a security savvy board. One key indicator of a board that’s really cyber-savvy is whether there is more than one board member with a security/technical background.
For example, the board of directors of General Motors includes the former VP of IS at Lockheed Martin, the co-founder and co-CEO of Workday, and the former CEO of Lucent Technologies, now current chairwoman at HPE.