News

How cyber security pros transition to board level decision makers

Tips for getting on a board of directors as the cybersecurity expert.


CSO | August 30, 2016



The CSO article, “How cyber security pros transition to board level decision makers,” quoted Russell Reynolds Associates' Matt Comyns about the skills boards look for when recruiting cybersecurity experts. The article is excerpted below.​

Many cybersecurity pros, sensing a hot trend, think they’re board material, but “not many of them are qualified,” says Matt Comyns, co-global cybersecurity practice leader at executive search firm Russell Reynolds Associates. The firm has identified four common backgrounds for cybersecurity board members, based on the board selections that publicly traded companies have already made.

Many successful candidates were CISOs or CSOs with a cyber or IT background and a deep understanding of cybersecurity issues from a more technical point of view, he says. Another popular candidate pool came out of government where they held cyber positions in the military or intelligence community.

Candidates from the consulting or legal world who focused on cybersecurity were also successful in getting board positions, Comyns says. CEOs of cybersecurity companies who have moved on from those roles after acquisitions or IPOs have also become very interesting to boards, he adds.

“These candidates also shared a strong business acumen that adds value to the board beyond the cyber topic. That’s always the tricky part,” Comyns says. “Finding a true, deep cyber-level expert and somebody who is a broad business leader and can communicate at that level with the board on other topics beside cybersecurity – that would always be first choice.”

...

Know who’s looking

Those who still think they’ve got what it takes to be on the board need to look at industries with the greatest need, Comyns says. “The experience needed really depends on the makeup of the existing board – where they need to add complimentary skills and backgrounds.”

Energy companies and those industries deemed critical infrastructure have been highly focused on cybersecurity, and some have been adding cyber experts to their boards. “The industry has not had well-established or mature information security programs – so that in-house expertise is lacking,” Comyns says. “They have tended to lean toward more technical or CISO-type backgrounds” for board experts.

Other industries that are behind the cyber curve, like industrial manufacturing and some healthcare segments, may opt for a deeper, cyber and technical expertise to really help vet whether they have the proper solutions and if they’re benchmarking appropriately, he adds.

Early movers into cybersecurity, such as financial services, technology and telecom industries, may already have deeper expertise in cybersecurity in-house – so rather than a technical expert on the board, they might need a consulting, legal or government background that will expand on their in-house expertise.

...

Round out your resume

If your resume looks a tad light on business skills and capabilities – would an executive MBA improve your chances? “Probably,” Comyns says, “not that an MBA alone would qualify you – but that helps make your resume stand out.”

...

Cyber pros could also look to cybersecurity startups to gain board experience, Comyns says. “It might be a little easier to get on to than a Fortune 500 board,” he says. “That would give you board experience and make you look like you’re on the cutting edge of new developments and new technologies.”

CISOs should also emphasize their experience with their own company’s board. Articulate on your resume and in interviews how often you talk to your board or an audit committee, how many times a year, and what you cover, he adds.

To read the full article, click here.