We all spend a lot of time in meetings. Leading productive meetings is an executive skill that is unfortunately in short supply. Over the past couple of years I have written several posts about meetings. These have included subjects such as leading productive meetings, meetings with direct reports, and
The thing that will get a board's attention more quickly than anything is the threat of a shareholder lawsuit.Security breaches are a fertile ground for these.
I agree with your assessment of the CIO/CISO role here. This is one of those situations where good communication and influencing skills are critical for the CIO. He/she needs to be able to be very clear with the board about the risk/benefits of various approaches and must help them understand the resources required to minimize the risk.
I agree. Employees and contractors pose the greatest risk. At Target the hackers gained access through a HVAC contractor as I recall. Companies have to invest in educating employees and developing, enforcing and auditing security policies.
These assignments, if they are to be learning experiences, should be challenging so, yes, many will be “trial by fire.” One should never confuse difficult with impossible. The latter situation is a setup for failure which I would never recommend.
One of my assignments early in my career contained a then unknown political landmine that neither my boss nor I could have foreseen. It worked out OK and I learned a lot but it sure turned out to be a different experience than I expected when I agreed to take it. More like being thrown into the fire!