In King’s view, CISOs shouldn’t be on boards. Their role is to create and oversee all security policies and strategies. The best board members with cyber expertise are on the “offensive revenue-generating side,” he says, and those executives include general managers, COOs and CEOs who understand how cyber impacts the overall business — not the CISOs who set security strategy. “There’s a difference between speaking technically and speaking business,” King says. “That doesn’t mean CISOs don’t speak business, per se, but they don’t have a P&L to run.”

Keep reading