How CISOs Should Talk to Corporate Boards | Interview with Michelle Drolet
In this Secure and Simple Podcast episode, host Dejan Kosutic (Advisera) interviews Michelle Drolet, CEO and founder of Towerwall, about communicating cybersecurity to corporate boards. Drolet says boards often don’t know what questions to ask, so CISOs should drive the agenda by focusing on incident impact, business risk, and alignment to strategic initiatives rather than vulnerabilities or technical tools. She recommends concise, ROI- and compliance-oriented metrics tied to dollars-and-cents outcomes, limiting “blast radius,” and protecting critical data, while avoiding overly detailed dashboards. She emphasizes having a cybersecurity advocate on the board, running interactive tabletop exercises, addressing cyber as a business enabler affecting sales, insurance, and vendor risk, and using frameworks and regulations as measurable KPIs. The discussion also covers AI adoption with guardrails, CISO reporting lines, and future pressures like quantum planning.
Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining
- (00:00) - Interview with Michelle Drolet
- (00:55) - Driving The Board Agenda
- (02:31) - Build Program Around Strategy
- (05:06) - Tabletop Exercises For Engagement
- (08:01) - Finding A Board Advocate
- (09:34) - Cyber As Business Enabler
- (13:36) - Security Reporting and Metrics
- (19:39) - Answering Are We Secure
- (26:01) - Frameworks And Compliance As KPIs
- (34:18) - Future CISO Quantum Planning
- (36:10) - vCISO Lessons And Board Comms
- (40:26) - Resources for Security Professionals
Creators and Guests
