In their perpetual battle against external cyber threats, understanding and addressing evolving regulations and gathering resources to meet escalating security demands, Chief Information Security Officers (CISOs) are a busy, if not overburdened, bunch these days. And while focusing on their pressing jobs demands their full-time attention during the too-few hours of the day, there is one outside activity that does garner their precious attention: engaging with other CISOs. Indeed, CISOs are finding their best ally in meeting high demands is each other – to learn about new and emerging threats and best practices proven to defeat them.
In turn, the ideal forum to facilitate such engagements are Customer Advisory Boards, or “CABs.” CABs bring together executives – particularly CISOs – from top customer firms into an active and lively forum to review industry trends and solutions, and offer unvarnished guidance and insights to the sponsoring company.
When done correctly, CABs are an ideal method for collecting feedback on a company’s corporate strategies, gathering input to its product roadmaps and deepening relationships with its best customers. However, the core value proposition for a customer-driven advisory program is mutually beneficial collaboration that results in reciprocal value for both the host company and the participating members.
In the course of advising security companies such as Dell SecureWorks, McAfee, Arbor Networks, Symantec and many others in managing their CAB programs, we have identified numerous benefits that CISOs can obtain from participating in such initiatives.
Top 10 CISO Benefits of Participating on Customer Advisory Boards:
1. Learn About New and Evolving Security Threats
First and foremost, customer advisory boards provide CISOs a unique and all-too-rare opportunity to learn about cybercrime and evolving threats, and see to what extent such security trends are having on other like companies – or even completely different industries. Gathering this knowledge allows CISOs to benchmark such trends against their own organizations – i.e. get “ahead of the curve” for their own planning and investment purposes. Such data points may emanate from the host company, member CISO peers, or even third-party guest speakers, analysts or industry thought leaders invited to participate in the meeting.
2. Acquire Proven Security Best Practices from Peers
When managed correctly, advisory board meetings are dedicated to the mutual challenges faced by member CISOs. As such, common outputs are the often-innovative tactics deployed to solve shared security issues, generate executive support and manage remote employees. As members often confront such related challenges, learning from and benchmarking against other CISOs is a key benefit of participating on a customer advisory board. These interactions often result in actionable insights that CISOs can take directly from their advisory board participation, and implement immediately upon returning to their own organizations.
3. Influence their Security Vendors’ Product Roadmap
By participating on security vendors’ advisory boards, CISOs gain first-hand insight into the company’s product and services roadmap and planned enhancements. As such, CISOs are provided the rare ability to learn about upcoming products ahead of the market. They can provide feedback directly to the product management leadership and communicate desired opportunities for improvement and development of additional capabilities that would directly help their own companies. Such improvements, if implemented, can lead to numerous efficiencies and benefits for CISOs in their own operations.
4. Obtain Insight Into Security Vendors’ Strategic Initiatives
In addition to the product roadmap, CISO advisory board members can gain significant, forward-looking insight into their vendor’s strategic corporate initiatives, and provide a voice to these plans. Such initiatives can include “big bets” on technology development direction or investment, strategic partnerships, or even merger and acquisition targets. Such insight allows CISOs to align their own technology development decisions to what is happening in the marketplace, and consider the best vendors and service providers to meet their evolving security needs.
5. Opportunity to Beta Test New Security Products
Often, security companies qualify and select beta users from their customer advisory board membership. As such, participating CISOs have the ability to “test drive” the latest products and services, and provide direct feedback – often for their own direct benefit. In addition, vendors will sometimes offer financial incentives to garner valued beta feedback, such as a discount on the released product itself.
6. Interact with Security Vendor Executive Management
The CISOs we work with who participate on customer advisory boards always highly rate their ability to interact with their security vendors’ executive management team. CISO members see firsthand these leaders provide honest insight into their strategies, as well as rationale behind trade-offs and business decisions. Since the customer advisory board setting offers additional interaction over meals or other interactive activities, CISOs become better acquainted with these executives on a personal level and can gather more insight into their backgrounds and experience.
7. Improve Security Vendor Customer Service and Support
In addition to product direction input, CISOs often provide feedback that drives service and support. As such input often comes from specific incidents, the customer advisory board may tap that experience as a real-world case study and craft direct improvements that could significantly benefit operations for participating CISO members – turning an initial negative into a positive that benefits all.
8. Help Solve a Security Issue Impacting Everyone on the Board
Programs can be initiated to do more than simply communicate and gather product feedback, but rather offer an ideal opportunity to bring a group of experts together to solve a security challenge or leverage on a business opportunity shared by all participants. As such, participating CISOs are afforded the opportunity to collaborate together to come up with solutions, processes or technologies that will help themselves, the host company and others within their fields or industries.
9. Opportunity for Security Thought Leadership
Across myriad programs from various industries, innovative host companies turn the outstanding collaborations and solutions uncovered by their customer advisory board programs into original thought leadership. White papers, case studies or articles can be used to communicate the findings uncovered by a board and used for marketing and publicity pieces for all parties. Such pieces not only reflect the positive outcome of the initiative, but, more importantly, shine a positive light on the participant CISOs, bolstering their image and reputations in their industries.
10. Network for Potential Personal and Professional Growth
Customer advisory boards enable CISOs to interact with their peers and executives to not only benefit their own companies, but network for myriad potential personal and professional growth opportunities. It’s not unusual to see outspoken or outstanding CAB members join host companies or other member organizations. In interacting with security professionals over the years, with CAB membership as a “feather in their career caps,” members steadily move through the ranks within their own organizations or move on to manage security organizations for larger companies.
A customer advisory board is successful only when all participants derive value. And while advisory boards can sharpen and accelerate a host company’s focus and go-to-market plans, just as much benefit can be gained by the participating members as well. Assembling a peer group of CISO leaders as strategic advisors to a company that also influences the industry in which they operate is the promise and potential of customer advisory boards. As a participating CISO, that is a promise you can bring back to your own company.
