Hello, my name is Brad Lindemann, CEO of Ambassador Solutions and Founder of the CISOnation. Today, I want to talk about why every CISO in America should be on the board of at least one company other than their employer.
If you’re not aware of pending U.S. Senate Bill S.536, the Cybersecurity Disclosure Act of 2017, you should be. It effectively mandates that each of our 4,000 plus publicly-held U.S. corporations has a CISO on its board of directors. Whether it becomes law or not, we don’t have to look further than the recent Equifax fiasco to see the wisdom of such a mandate. After all, every CISO I’ve ever spoken with believes that our nation’s greatest threats are coming at us via cyberspace.
When a CISO assumes an outside board seat, both their employer and board benefit from the additional knowledge gained and transferred. Such a move will also be a career catalyst for the CISO, never mind the nice boost in income. The median pay for an independent board member of an S&P 500 company is over $255,000 per year, according to a 2016 Fortune study of data from MyLogIQ and regulatory filings (Fortune 2/24/16).
Here’s what I believe companies should be looking for in a CISO board member:
- current employment at a public company, if the company is public,
- someone with an employer in a non-competing business of similar or larger size and scope,
- a person who hasn’t been referred by any company executive or board member, because his or her seat must be the most independent of all,
- someone who has been battle-tested by having lived through a significant breach,
- excellent communications skills,
- a person who is business savvy,
- board room experience with their current employer, and
- a spotless background-check.
This is why we’ve added CISO board members to our executive search offerings, and why we welcome every member of the CISOnation as a potential candidate. Also, don’t limit your thinking to public companies. Private companies will also begin to see the wisdom of CISO board membership.