Run security like a business function the board can sponsor.
The CISO interview is fundamentally a leadership interview with cyber as the domain. Boards want to know how you'd quantify and reduce loss exposure, how you'd run an incident under regulatory scrutiny, and how you'd budget — not whether you can configure a SIEM.
Tools in scope
Public-company board interview
Expect deep questions on material-cyber-incident disclosure (SEC) and how you'd brief audit committee.
Private equity portfolio
Heavy on cost discipline, M&A integration, and rapid posture improvement.
// Sample question
The board asks: 'Are we secure enough?' How do you answer in 90 seconds?
Reframe to loss exposure. State current annualised loss exposure (from the FAIR model), the top three contributors, the planned reduction from this year's roadmap, and the residual risk you're asking the board to accept. Close with what would change your answer (a material incident, a new regulation, an M&A event).
AI-graded, role-specific, feedback on every answer. Free to start.