Board Development and Management

Stop going to the hardware store for bread. What I mean by that is: You have to know who is on your Personal Board of Directors. And what roles they play. Your parents? Are likely not interested in your “unsafe & inconsistent” entrepreneurial pursuits. So it’s not wise to go to them for validation of your success. Instead, what you need is a Personal Board of Directors. A carefully curated group that understands the language of your big audacious goals. Here's how to construct your own supportive council: 1. A mentor or coach Seek out a seasoned mentor or coach who has navigated the entrepreneurial terrain. This advisor can share insights, provide guidance & help you steer clear of potential pitfalls. Look for someone who's been in the trenches, overcome challenges & is willing to share their hard-earned wisdom. 2. The cheerleader Everyone needs a cheerleader who's not just excited about your victories but understands the ups and downs. This person fuels your motivation, celebrates your wins & uplifts you during setbacks. 3. The real talker Include someone who won't sugarcoat the truth & isn't afraid to challenge your ideas. This brutally honest confidant could also be a coach, but is someone who will keep you grounded, offer constructive criticism and valuable feedback. Their insights may be tough to swallow, but they're essential for growth. 4. The connector Building relationships is key. Identify a “connector” who knows how to link people, opportunities & resources. This person can introduce you to potential collaborators, clients, or investors. Their expansive network becomes an extension of your own, opening doors you might not have discovered alone. 5. The innovator Surround yourself w/ creativity. An innovator brings fresh perspectives, inspiring you to think outside the box. This individual may not be from your industry but has a knack for innovation. Their unconventional ideas can spark your creativity and help you approach challenges with a different mindset. 6. The accountability holder Progress requires accountability. Choose someone who keeps you on track w/ your goals. This person will challenge you when you falter, ensuring you stay committed to your vision. Regular check-ins and honest assessments make them an indispensable asset on your board. 7. The self-compassion steward Make sure you have someone on your board who reminds you to be kind to yourself. Inner Critic can get vocal, especially when you are doing something new or scary. Having a confidant who helps you remember what is true & reminds you to treat yourself with compassion is essential for sustaining your purpose. Your Personal Board of Directors doesn't have to be overly expansive or large. Quality > quantity. Work to carefully curate individuals who align with your vision, challenge your thinking, and uplift your spirit. They will be the pillars of support that will help you navigate your journey with resilience and success.

In an article last year for Foreign Affairs Magazine (https://lnkd.in/ggFTEU3z) on how to catalyze a sustainable approach to cybersecurity, Eric Goldstein & I emphasized that in every business the responsibility for cybersecurity must be elevated from the IT department to the CEO and the Board. As we noted, the trend is moving in the right direction: In a survey conducted by NACD (National Association of Corporate Directors), 79% of public company directors indicated that their Board’s understanding of cyber risk had significantly improved over the past two years. The same study, however, found that only 64% believed their Board’s understanding of cyber risk was strong enough that they could provide effective oversight. To improve those numbers, CEOs & Boards must take ownership of cyber risk as a matter of good governance. This is largely a cultural change: where cybersecurity is considered a niche IT issue, accountability will inevitably fall on the CISO; when cybersecurity is considered a core business risk, it will be owned by the CEO and Board. Recognizing that Board members in particular have special power to drive a culture of "Corporate Cyber Responsibility," I asked my Advisory Committee to make recommendations on how to advance such a culture. The effort, led by Dave DeWalt, highlighted several key points: Board members should be continuously educated on cyber risk, with cybersecurity considerations appropriately prioritized in every business and technology decision, and decisions to accept cyber risk scrutinized and revisited often. Boards should also ensure that the thresholds for reporting potential malicious activity to senior management are not set too high; “near misses” should be reported along with successful intrusion attempts, as much can be learned from them. In addition, Boards should ensure that adequate long-term security investments are available to address the safety consequences of antiquated technology with new investments focused on technology that is #SecureByDesign. Finally, Board members should ensure that CISO's have the influence & resources necessary to make essential decisions on cybersecurity, with decisions to prioritize profits over security made both rarely and transparently. The Committee also recommended developing a Cybersecurity Academy for Board Directors & set about establishing a pilot program, which was held yesterday at the U.S. Secret Service Training Center (https://lnkd.in/eVSzP_sx). Huge thanks to my teammate Kimberly C. for her partnership, as well as the awesome Ron Green for driving this effort with Dave & Katherine Hennessey Gronberg, and the great NACD team, led by Peter Gleason. Am super grateful to the Board Directors who participated in this inaugural effort and look forward to their feedback so we can further scale the program.

There's lots of talk these days about building your Personal Board of Directors - that group of people who can provide you with guidance, support, and advice in your career growth & personal life. This is something I first learned about in 2016 when I applied & was accepted into a women's leadership incubator in the Silicon Valley through The CLUB - An Incubator of Women Leaders. The personal BOD is a strategy I doubled down on & diligently built a trustworthy group around me consisting of mentors, peers, friends, coaches & colleagues...who've advised me on everything: 👉 entrepreneurship 👉 writing (content, posts, TEDx script,...) 👉 legal (redlining contracts, job offers,...) 👉 marketing 👉 branding 👉 selling into technical stakeholders 👉 and yes....dating, travel, wine tasting, surfing, crypto, parenting,.... The practice of building my Personal Board of Directors has given me the strength to be vulnerable & authentic, and it's helped me trust my leadership instincts. More importantly, it's enabled me to move away from those who never truly had my back. Do you have a PBOD? If not, here's what you need to do: ✅ get out a pad of paper ✅ make a list of the people you admire &/or trust the most (known or not**) ✅ identify areas where you could use support ✅ match them ✅ find any gaps & gravitate to peeps who can help I have PBOD members who know they have this role, some don't - I just go to them for guidance & they're always open. I have PBOD members I've known for a lifetime & some I reached out to in recent years, because I respected their expertise & it became a trusting relationship. I have some I hired to coach me & it's evolved. So much gratitude for community & PBOD. ❤️ (**Okay, maybe not Taylor Swift)

It's interesting to read board chairs now spend 40% more time on strategic decisions than they did five years ago. Recent Korn Ferry research confirms what I've witnessed and represents the most significant governance evolution in decades. The days of passive governance are over. #AI disruption, geopolitical volatility, and activist shareholders demand boards that pivot in real time. The traditional quarterly oversight model is dying fast. Today's most effective chairs are strategic partners and real-time decision makers. With 85% of 2024 CEOs being first-time leaders and 75% of directors citing urgent needs for innovation, the transformation is accelerating. This aligns with NACD (National Association of Corporate Directors)'s 2024 Blue Ribbon Commission calling for boards to "strengthen oversight, deepen insight and develop foresight." As I share experiences with peers, chairs and boards seem to be increasingly orchestrating "creative friction" by deliberately challenging groupthink through constructive tension. They're building "T-shaped" expertise with directors who have deep specialization while maintaining strategic perspective across the entire business. Most importantly, these chairs create cultures where directors feel safe to speak up with contrarian views. As one recently told me, "This is a full-on, real-time job." What's the biggest strategic challenge you tackled this quarter? https://lnkd.in/eRMkgA-F #BoardGovernance #Leadership #CEO #Strategy #CorporateGovernance

🧵 How to build a *personal* board of advisors: My personal board of advisors is one of my greatest assets in life. Unlike mentors, my personal board of advisors is deeply invested in my career. If I were starting over, here’s how I’d do it… Step 1: Dream big 💭 Mentors are 2 steps ahead + loosely involved in your success. Advisers are 200 steps ahead + deeply committed to your success. Identify individuals who have extensive experience in your field. Age isn’t as critical as expertise and willingness to teach. Step 2: Identify pathways 🛣️ In the first five years of your career, identify 3 directions you can see your career going. For me, it was: 💰 Finance - go to business school 📈 Marketing - learn SEO and search 👩🏼💻 Tech - learn how to code I naturally gravitated towards tech. Step 3: Connect 🤝 Reach out online. Be concise but personal. Explain who you are, why you value their insight, and what you hope to achieve via the relationship. Suggest a lightweight commitment (15 mins/qtr) to respect their time. Be really specific about the commitment. Step 4: Be hyper-specific 🎯 Schedule an initial meeting to discuss the relationship's objectives, expectations, and structure. Share an agenda outlining the critical discussion points, updates on your progress, and specific challenges you're facing. Act on feedback. Step 5: Evolve Your Board 🦄 As your career evolves, so too will your advisory needs. Review the composition of your board annually. Transition some advisors out and others in to align with your career stage and goals. I re-evaluate my board every 2 years. Step 5: Reciprocate 🌱 Engage in a two-way relationship with your advisors, As you advance in your career, advise other emerging professionals. I advise a handful of women every year. Contribute to a culture of supportive professional development. Building a personal board of advisors is an intentional effort that has 10x’ed my career. ❤️ You can do it too, by following these 6 steps: 1. Dream big 💭 2. Identify pathways 🛣️ 3. Connect 🤝 4. Be hyper-specific 🎯 5. Evolve Your Board 🦄 6. Reciprocate 🌱

As I progress through my board certificate program, the 2024 NACD Governance Outlook report provides invaluable guidance for navigating the challenges board members face this year. Here are the top trends that will significantly impact boardroom discussions and decision-making:   1. Economic Uncertainty: While a potential "soft landing" is anticipated by over 50% of directors, the threat of recession remains a significant concern. Boards need to be prepared for various economic scenarios and ensure their companies are financially resilient. 2. Regulatory Tightrope Walk: The expanding regulatory landscape, particularly around climate risk and cybersecurity, is a growing concern for boards. Staying informed and proactively addressing these evolving regulations is crucial for effective compliance and risk management. 3. Balancing Innovation and Security: The rapid pace of technological change presents both exciting opportunities and substantial risks. Boards need to navigate the potential of AI and other emerging technologies while mitigating cybersecurity threats to protect sensitive data and infrastructure. 4. Continuous Strategy: The New Normal: Traditional long-term planning cycles are giving way to a more agile and continuous approach to strategy. Boards need to adapt their oversight practices to ensure effective decision-making in this dynamic environment, focusing on both strategy development and execution. 5. Geopolitical Volatility: A Constant Threat: Ongoing conflicts and national elections pose significant risks, impacting over 30% of directors. Boards need to be prepared for potential disruptions and adapt their strategies accordingly, ensuring business continuity and resilience. 6. Climate Change: A Pressing Issue: The impact of climate change on supply chains is becoming increasingly evident, with over 20% of directors anticipating disruptions. Boards must not only address these immediate concerns but also prepare for the growing pressure around climate-related disclosures, demonstrating environmental responsibility and stakeholder engagement.   By understanding these top challenges, boards can proactively address them, make informed decisions, and ensure the long-term success of their organizations in 2024. Read the full article here: https://lnkd.in/ecDgCvhM #boardtrends #businessinsights #leadership #board

The Death of "Nose In, Fingers Out" 💀 **28% of management teams go defensive when boards engage.** That's not governance—that's a competitive liability. My reflections on NACD (National Association of Corporate Directors)’s BRC Report "Culture as the Foundation: Building a High-Performance Board"* After years in C-suite and boardrooms overseeing technology, cybersecurity and culture transformations, I've learned this: **The old "nose in, fingers out" model isn't just outdated—it's dangerous.** ## The New Reality ⚡ Today's challenges don't wait for quarterly meetings: - AI disrupting entire industries overnight - Supply chains collapsing in real-time - Talent wars determining market winners **Management teams focused on execution often miss these strategic inflection points. **Boards that stay passive watch competitors pull ahead. ## What Winning Boards Do Differently 🎯 **Create #psychological #safety.** When management shares bad news early, boards can act. When they hide it, companies die. **Ask the hard tech questions:** - Are we building moats or just buying software? - What happens when our core technology becomes commoditized? - How do we balance AI innovation with existential risk? **Treat #culture as #strategy.** The best talent chooses companies where boards think beyond compliance theater. ## My Approach 🚀 I don't wait for problems to surface in board books. I build relationships across the organization. I ask uncomfortable questions. I challenge assumptions—including my own. **The NACD's BRC Report on high-performance boards makes it clear:** The boards winning the long game aren't playing defense. They're shaping the #future. --- **Question for fellow directors:** What's the most valuable strategic insight you've gained by going beyond traditional board boundaries? #KSgems #KhwajasTake #CIO #CTO #CISO #CFO #BoardLeadership #TechnologyGovernance #CEO #StrategicOversight #NACD #NACDBRCReport #CultureFoundation #CompetitiveAdvantage JUST Capital CECP Business Roundtable

I respect the work of TechRepublic and I agree with many points Megan Crouse highlighted in the article linked below. Nevertheless, I disagree with the idea that CISOs have a new personal and professional risk landscape to navigate. I think the ideas I've outlined below are worthwhile for companies who are using the SolarWinds case to plan a strategy for cybersecurity in 2024 and beyond. While I have no knowledge whatsoever about the innerworkings of SolarWinds, sound security program management practices should be adopted by all organizations. ❗IMPORTANT❗ The board and executive leadership must actively engage in governance and oversight related to security program management to ensure visibility about efficiency, effectiveness, and results at appropriate levels of the organization. The CISO should never be individual solely responsible for security of the entire organization. The NIST Risk Management Framework described in SP 800-37 (and supported by the organizational hierarchy in NIST SP 800-39) has proven to be one of the best approaches to ensure everyone in the company is engaged in the security of the organization, its assets, and data. ⭐The board is responsible for defining acceptable risk for the organization. ⭐Executive management is responsible for enforcing the rules for their respective business functions. ⭐A group of people, including the CISO, work together to ensure systems, services, and applications implement the practices and controls that achieve the requirements set by the board. Organizations that invest in the people, processes, and controls required for the RMF to operate as intended will be prepared to understand and respond to the risk they face while also complying the new SEC reporting rules (the RMF addresses incident response). References: NIST SP 800-37 NIST SP 800-39 https://lnkd.in/gGzpuFHY

The board rooms we advise (both public and private, both mid-market and large cap) are facing challenges like never before.  NACD (National Association of Corporate Directors)’s summit this year summed it up nicely on some of these challenges: * Uncertainty in the geopolitical and economic environments * Emergence of mass adoption of artificial intelligence * Increased cybersecurity risks * Continual changes in the workforce  * Israel/Gaza conflict, Russia/Ukraine war, tensions with China (especially over Taiwan) Recommendations on navigating these dhallenges: 1. Understand the Risks Facing Your Company  “You need to prioritize your filter. You need to not focus on the extraneous, you need to understand which of those geopolitical tensions actually have meaningful impact for you…. In terms of ongoing monitoring, laser focus on which are the pieces that are going to affect your company, your sector, your country exposures, your regulatory environment.” 2. Technology and Cyber Watch and consider the impacts of artificial intelligence, autonomous technologies, the Internet of Things, the metaverse, quantum computing, blockchain and digital currencies, synthetic biology, and cognitive infrastructure. 3. Company Reputation Trust can also be a target, just like information systems, and there are entities out there that want you to diminish trust in our institutions. Face the risks head on, and don’t ignore them. 4. Continuous Innovation “To be effective today, directors need the courage to embrace change—fully. This means learning and building new skills continually. It means staying on top of trends and new innovations.” “You are going to make very difficult decisions that impact all the stakeholders. The more open and transparent you are about where you are taking the company and why, it just goes a very long way in these types of transformations.” Not only should boards be innovative with their company’s vision and operations, but they should also be innovative regarding how the board itself operates. There has been a shift away from “show and tell” slide decks from management to the board toward “ask sessions,” where the board engages more—and more deeply—on certain strategic issues. To guide innovation, board members—especially those with subject-matter expertise—may wish or need to interact with employees below the C-suite. 5. Improving Company and Board Culture Lessons of improving corporate culture can also be applied to boards. At the board level, directors also need to build their culture to better govern in this age of permacrisis. “We ask our management for all of that—succession planning, hiring, performance review, DEI, inclusion, employee surveys, all that. But do we do that for ourselves?” Be well. Winston & Strawn LLP

New SEC Guidelines Enhance Cybersecurity Responsibility in the Boardroom Recent proposed SEC requirements emphasize an increased role for U.S. organizations in managing cybersecurity risks, resulting in a growing demand for cybersecurity expertise within boardrooms. However, the best choice for this role isn't always a technical expert with numerous certifications. The primary goal should be to enhance the Board's security intelligence quotient. An effective security expert on the Board focuses on facilitating productive discussions and asking pivotal questions. These revolve around the suitability of implemented controls, the organization's capability to defend against significant threats, and the fulfillment of compliance requirements. Understanding and responding to threats are crucial elements of security. The Board's role extends beyond offering advice on specific issues; it involves guiding the organization through a broad range of security challenges. Core to this task is comprehending the threat landscape, which leads to informed decision-making during breaches and other significant security matters. Key questions that Board members should discuss with their CISO and other security leaders include: - Strategies for managing vulnerabilities and exposures. - Methods for monitoring security issues related to our technologies. - Adherence to sound security fundamentals. - Utilization of threat intelligence to identify major threats. - Proactive implementation of security practices. - Evaluation of defense in depth and identification of pressured control layers. - The role of new technologies or cloud architectures in our defense. - The state of network monitoring at the operating system layer. It's important to view security as a complex, integrated organizational function, similar to traditional functions such as sales or engineering. Poor security practices can severely impact an otherwise thriving business, especially given the mounting pressure on organizations to meet compliance and other requirements. Cybersecurity presents challenges even for the most security-mature organizations. In addressing these challenges, it can be beneficial to engage external cybersecurity partners who can help mitigate the threats posed by zero-day vulnerabilities and translate frontline intelligence into actionable information. To effectively manage this challenge, Boards should consistently apply three principles for effective risk oversight: education, engagement, and information. This approach, coupled with a strong relationship with the CISO and engagement with technology, business, and compliance stakeholders, will foster improved transparency and collaboration between Boards and company leaders. #cybersecurity #regulation