The CISO’s Guide to Securing a Board Seat is a keynote presentation and strategic framework delivered by George Kurtz, CEO and co-founder of CrowdStrike, during his RSAC 2025 keynote address.
The presentation provides a roadmap for Chief Information Security Officers (CISOs) seeking to transition from technical roles to strategic boardroom positions, reflecting the growing recognition of cybersecurity as a critical governance issue.
As cyber risks, regulatory pressures, and the demand for cybersecurity expertise in corporate governance intensify, Kurtz underscores the pivotal role CISOs can play in shaping boardroom decisions.
Business Acumen
Kurtz emphasizes the need for CISOs to elevate their business skills to secure a board seat. This involves developing financial and business acumen, such as understanding financial reporting, board committee responsibilities, and proxy statements.
Boards are increasingly prioritizing cybersecurity expertise, as demonstrated by examples like CrowdStrike’s own board skills matrix, which highlights the value of such knowledge in governance. By mastering these skills, CISOs can position themselves as strategic leaders capable of addressing the complex challenges facing modern organizations.
Another critical aspect of Kurtz’s guide is the ability to communicate effectively in the boardroom. CISOs must learn to speak the board’s language, framing cybersecurity issues in terms of time, money, and legal risk—priorities that resonate with board members—rather than focusing on technical details like patch cycles.
This shift in communication style allows CISOs to align their expertise with the strategic and financial concerns that dominate board discussions, making their contributions both relevant and impactful.
Personal Brand
Building a personal brand is also essential for CISOs aspiring to board roles. Kurtz advises that securing a board seat requires years of preparation, including cultivating financial fluency, engaging with existing board members, and establishing a reputation as a strategic thinker.
He cites real-world examples, such as Adam Zoller, CrowdStrike’s CISO, who joined AdventHealth’s board, and Phil Venables, former Goldman Sachs CISO, who leveraged his expertise in risk management and compliance to secure board positions. These cases illustrate how CISOs can demonstrate value beyond their technical roots.
Kurtz contextualizes the urgency of this transition by drawing parallels with historical shifts in board composition. He notes that corporate scandals, such as those involving Enron and WorldCom, led to heightened requirements for financial expertise on boards, a trend now mirrored in the growing demand for cybersecurity knowledge.
Kurtz predicts that within the next decade, every public company will either have a CISO on its board or regret the absence of one, as cybersecurity becomes a core governance mandate. To gain a foothold, he suggests CISOs target board committee openings, such as risk or audit committees, that align with their skillsets.
George Kurtz, with over 30 years of cybersecurity experience, is uniquely positioned to offer this guidance. As CrowdStrike’s co-founder and a former McAfee Worldwide CTO, he has driven innovation in cloud-native, AI-powered cybersecurity solutions, including the Falcon platform. His earlier ventures, such as founding Foundstone and authoring the bestselling Hacking Exposed: Network Security Secrets & Solutions, further cement his authority in the field. Through this guide, Kurtz leverages his expertise to empower CISOs to navigate the path to boardroom influence.
