Kevin Pouche (COO, K logix) sits down with Rob Sherman (CISO, American Tower) and discusses the do's and don'ts of presenting to the board.
(01:03)- Can you give some background on your journey at American Tower and how you have evolved into your current role as CISO?
(02:23)- How do you prepare for these board presentations and is it important to understand the personality of the board members?
(03:43) - How often should CISOs be presenting and interacting with their boards?
(04:24)- Are there other committees that you present to and that other CISOs should present to?
(4:59)- When you're meeting with the board, how do you show incremental progress on your security initiatives? How do you illustrate that?
(6:20)- Are you using visuals like heat maps, stop light charts, etc.?
(6:54)- When you're presenting this information, are there common questions that the board tends to ask? Do they ask how you compare to peers?
(8:35)- Do you give them information in advance to digest or do you present to them on the fly?
(10:18)- What are some of the challenges you have now or challenges you came across when you first started presenting to the board? What is your biggest piece of advice to other CISOs?
(12:10)- Should CISOs use this time to build a case for more funding or for more people, or is this something you stay away from?
(13:13)- How important is it for you or any CISO to have the opportunity to have the cadence with the board? Is it a deal breaker for you in accepting a CISO position where the CISO doesn't report to the board?
(15:01)- Has the frequency of presenting to the board increased over the last 5 years?
(15:43) - Should people have already briefed their board about the upcoming 2023 regulatory changes?
(17:35) - How do you think relationships between CISOs and the board will change over the next few years?