3. Bring in the security team
Companies should plan to put the CISO and anyone else who is responsible for implementing cybersecurity plans and processes in front of the candidate for a conversation, Vautrinot says.
“If the company is moving in this direction and has hired expertise within the company, those conversations light up your day,” she says. “Even if there are things that aren’t quite right, instead of seeing the problems, people that are passionate about making things better see the opportunities.”
4. Are your directors curious?
Are your board members the type that are lifelong learners? Most directors on high-performing boards are, Vautrinot says, and that’s a big selling point for cybersecurity experts. “As long as they’re comfortable with technologies in different areas, or with complex connect-the-dot kinds of problems,” it will be a good fit, she says. “They need to understand cyber risk and ask good questions.”
5. Think outside the box
Today the demand for high-level cybersecurity experts far exceeds the supply. As a result, “everyone goes after the same people for their boards,” Daniels says. “It’s very challenging for a sitting executive to sit on more than one outside board.” Even retired professionals don’t have the bandwidth to participate on more than two or three boards, he adds. When searching for board candidates with cybersecurity expertise, think beyond the obvious candidates and look at public sector superstars, as well as those in the private sector, he says.
Moskites recommends communicating with colleagues about your search and to ask for recommendations. She has personally referred seven cybersecurity pros to boards in the last 18 months. “There are people with incredibly strong technical backgrounds, and they can be tech wizards and billionaires, but that doesn’t necessarily mean that they’re a cybersecurity expert,” she says. “That’s becoming very apparent to us.”
Sign up for CIO Asia eNewsletters.