Cybersecurity leaders often have complex relationships with their boards. Many boards lack cyber expertise, and CISOs can encounter roadblocks as a result when it comes to earning board approval. Other security leaders may not have a direct line to their board, or they may be viewed as too technical to win the support needed.One way some CISOs are working to improve that relationship is by becoming board members themselves to better understand what is important and how to communicate to board members. Others may seek board positions to elevate their profile, help shape the tools of the future, or contribute to expanding the community’s knowledge.The latter is the case for Jamie Norton, vice chair of the ISACA board. “As a long-term member, I had reached a stage in my career where I had more flexibility in managing my time and wanted to contribute back to the industry. To be able to accomplish this on a global scale with ISACA was a perfect fit,” Norton tells CSO.For Mitra Minai, global cyber health leader at Accenture, it was about being a part of the solution rather than engaging with a board only during high-pressure moments.“I saw firsthand how board comprehension of cyber and digital risk directly influences organizational outcomes, particularly in healthcare where cyber incidents can affect patient safety and continuity of care,” says Minai, who is a board member with the Austrialian Information Security Association (AISA), industry advisory member with the Australian Cyber Security Centre, and digital governance committee member at Uniting AgeWell.“Becoming involved at a governance level allows me to contribute earlier and more strategically, helping boards shape risk appetite, investment priorities, and resilience before crises occur,” she adds. “It also provides an opportunity to help boards navigate the growing intersection between technology, trust, regulation, and organizational purpose.”As in health, cyber incidents can have a catastrophic impact in other critical infrastructure services. For CISOs looking to make a difference, vendor advisory boards are another option.Nathan Morelli, head of cybersecurity and IT resilience at SA Power Networks, says his motivation to join vendor advisory boards was a conscious move to influence the global product roadmaps that protect essential services.“In critical infrastructure, the impact [of cyber incidents] is significant, and I wanted to ensure that the tools we use are actually fit for purpose. By joining these boards I gain a seat at the table where I can shape the technology of tomorrow, rather than just reacting to it. It’s about moving beyond the perimeter of one organization to influence the resilience of the entire sector,” says Morelli, who is a member of advisory boards with Cyera, CrowdStrike, Proofpoint, and SailPoint.Getting a board role isn’t a straightforward pathCISOs must be aware, however, that board roles can be difficult to land. Despite being involved in the Canberra Chapter of ISACA for many years, Norton went through several attempts before earning his board role. He applied once and was unsuccessful; the following year he tried again to no avail. It can be hard to not take such rejections personally, he says, adding that he received great feedback and was encouraged to apply again.“There was a lot of reflection on the process, and whether the result was challenges with expertise, experience, or simply the skills the board needed that was driving the outcome,” he says. “The required skills did come around to match my expertise soon after and I was successful. It has been a great journey since.”It is also a significant commitment, Norton adds, “with many hours per week spent on board-related work and meetings, many of which run early morning between 12am to 2am Australian time.”Advisory and committee positions don’t require any specific certifications, but governance capability and credibility are essential to be effective at board level, says Minai, who plans to complete formal Australian Institute of Company Directors (AICD) governance education within the next 12 to 18 months as part of an intentional progression toward broader non‑executive director roles.Tips for CISOs aiming for a board roleFor CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector.For non-industry or public boards, CISOs must be comfortable contributing to discussions on P&L statements, ESG reports, or Modern Slavery statements. You are there to provide oversight for the entire organization’s strategy and sustainability.Here are other top tips from Minai, Morelli, and Norton:Start with governance, not titles. Committees, not‑for‑profit boards, and industry associations provide real governance experience.Separate governance from execution/management. Board effectiveness requires oversight and judgment, not operational problem‑solving.Learn the language of boards. Boards focus on risk appetite, trade‑offs, outcomes, and value creation, not just controls and tools.Invest in formal governance education. Even experienced executives benefit from structured governance training when moving into board roles.Choose wisely. Zero in on boards where your expertise genuinely matters and companies that are aligned to your values.Consider volunteering. Targeting a not-for-profit or charity for your first board position can help you earn valuable first-board experience.Leverage your network. Board opportunities often arise from existing relationships. Get certified. Consider investing in a NACD Directorship Certification or similar credentials.Like your CISO role, branding and narrative are important. Research and develop a board bio that highlights key skills and experiences such as financial, legal, governance, risk, crisis management, regulatory navigation, and strategic governance.The benefits of experiencing the board from the other sideCISOs will reap many benefits from being a board member. Chief among these, Norton says, is a greater appreciation of the director mindset.“Understanding what represents a material concern, the right level of detail that board members want in reporting, and contributions to risk appetite and corporate strategy” have been invaluable, he says. “As a CISO in my day-job, this significantly assists in balancing board messaging and understanding how to frame discussions in the right way.”Minai’s experience has shaped how she thinks and leads as well. Some of the benefits she experienced include developing a long‑term, enterprise‑wide perspective beyond functional optimization; a deeper understanding of how boards balance risk, investment, culture, and stakeholder expectations; exposure to decision‑making under uncertainty with incomplete information; and strengthening the ability to translate technical and cyber risk into strategic and financial implications.“These roles have also broadened my exposure across aged care, academia, government, and not‑for‑profit sectors, which has strengthened my judgment and impact as a senior executive,” Minai says.For Morelli, it is about being able to see where the industry is heading in 18 to 24 months.“There is also a significant compounding effect of the network. Sitting in a room with the world’s top CISOs and business leaders provides a level of strategic intelligence that no briefing note can replicate. It forces you to grow as a leader because you are constantly challenged by peers operating at a global scale,” he says.Even with cybersecurity leaders being increasingly invited into the boardroom, the invitation alone does not guarantee effectiveness. The CISOs who succeed in governance roles are those who can reframe cybersecurity as a matter of trust, resilience, and organizational stewardship, not just technical defence, Minai says.“Boards are not looking for another security operator; they are looking for clear thinking, calm judgement, and strategic insight under complexity,” she says. “That is where experienced CISOs can make a unique and lasting contribution.”