When I think of the need for directors to become informed on a complicated topic like cybersecurity, it makes me think of a little band you may have heard of: The Rolling Stones.
You see, the Stones released their 26th studio album in Oct. 2023, a 12-song set called Hackney Diamonds. The album features all of the traits that one would expect if they have given the Stones' classics, like Exile on Main Street, Let It Bleed or Sticky Fingers, a spin. There's the stuttering lead and rhythm guitar interplay provided by guitarists Keith Richards and Ronnie Wood. There's the driving, air-tight, locked-in drums provided by the late Charlie Watts on two tracks and by new touring drummer Steve Jordan on the remainder. There's the remarkably pristine, chameleonic growl of Mick Jagger, one that seems as if it has been preserved in a hyperbaric chamber since the band's early 1970s peak. There's even the obligatory track sung by Richards, whose voice is not as well-preserved as Jagger's, but of course it always seemed like it had been run through a meat grinder just before the red light of the microphone booth was switched on.
So the story here is that the Stones stuck to what has always worked, and the outcome was successful. Not so fast, though. For this album, the band changes things up to remain timely. On the gospel-tinged track “Sweet Sounds of Heaven,” they enlist an excited fan named Lady Gaga to provide backing vocals. They entrusted the production to a gentleman named Andrew Watt, whose credits aren't exactly a Who's Who of the British Invasion; instead, he is a more modern hitmaker for artists such as Post Malone, Justin Bieber and Miley Cyrus. The band even went outside the “Core Three Plus Studio Musicians” formula to enlist other attention-getting collaborators, such as Elton John, Stevie Wonder and, of all people, Paul McCartney, whose thunderous, distorted bassline on album highlight “Bite My Head Off” could probably be used as a pulse reviver if there were no defibrillator available in case of emergency.
Here's the connection between British rock royalty and the boardroom: We have a band who could have coasted on their reputations (and surely hefty bank accounts) but instead chose to try some new things to maintain their value and relevancy in a crowded marketplace.
. . .
It's unclear whether James Mitchell Jr. is a fan of the Rolling Stones. For all I know, he could listen to the entirety of Goats Head Soup to get jazzed up for his day or he might think Tattoo You is just something that certain businesses are happy to do when you have too much to drink after a night on the Las Vegas Strip. What I do know is that Mitchell, board chair and technology committee chair of Fora Financial, audit committee and cybersecurity subcommittee chair of Aegion Corporation, and director of Choice Financial Holdings Inc., was not always an expert in cybersecurity. As a director, he had to choose whether to let his relevancy slip by remaining a novice in the area or dive into the subject to ensure that he was seen as a valuable resource on an emerging topic. He chose the latter route, beginning with a cyber executive masterclass based on the Certified Chief Information Security Officer credential. The course, led by recognized expert Keyaan Williams, focused on management of cybersecurity and privacy risk.
“I was confident in his capability to deliver key learnings to boost my cybersecurity knowledge base,” Mitchell says. “The masterclass had a deep focus on cybersecurity and data privacy from a board perspective based on [Williams'] corporate governance service as a board director and advisor to public, private and nonprofit companies.”
To further bolster his cybersecurity expertise, Mitchell attends conferences and webinars on the subject and vacuums up articles not only in cyber industry publications, but also in two other magazines I won't mention because it could be perceived as a shameless plug.
Getting to know people in the field is also a factor. “I learn through networking with colleagues and speaking at conferences on the subject matter,” says Mitchell, a former senior executive at General Electric. “I also developed relationships in major auditing firms who have subject matter experts that provide me a great perspective.”
Mitchell's quest for knowledge on the subject has paid off to the point that he has been of tremendous value to his companies during real-life cybersecurity issues.
“As a director, I have lived through a few cyber and data privacy breaches. I have gained hands-on experience in threat exposure to management, developing an ability to understand the enterprise risk, how to improve organizational readiness and strategy development to build sustainable balanced cybersecurity programs.”
Here's the thing: If your board is lucky enough to have a CIO or CISO, that is excellent. And if you are a CIO or CISO looking to attain a board seat, I certainly wish you luck and think you will be of tremendous value to any board. But not every board can have a dedicated cybersecurity expert among their number. There are not enough slots for every emerging issue, and too many board members can result in complicated, slowed-down decision-making. Therefore, every board member must bolster their cybersecurity knowledge to provide informed guidance on the topic without a dedicated expert in the boardroom.
So whether you are taking your lead from James Mitchell Jr. or a ubiquitous band that got their name from a Muddy Waters song, the missive is clear: Don't let wild horses drag you away toward irrelevancy. As a fiduciary, step up your knowledge of cybersecurity so you can provide value to your board, your company and your stakeholders.