Language of the Board as CISO-Board Time Falls Short and CISOs Struggle with Risk – Ben Wilcox – BSW #439
Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable?
Ben Wilcox, CTO & CISO at ProArch, joins Business Security Weekly to help us speak the language of the board. Ben will cover how to develop measurable, strategic, and AI-ready security metrics.
In the leadership and communications segment, Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short, When the Team Gets the Recognition, Your Leadership Is Working, The communication lesson that changed my career, and more!
Ben Wilcox is the Chief Information Security Officer and Chief Technology Officer at ProArch, where he leads enterprise cybersecurity strategy, cloud security architecture, and AI governance initiatives. He works with organizations navigating hybrid and multi-cloud environments, helping them reduce risk, strengthen resilience, and securely enable AI adoption.
With experience spanning security operations, infrastructure modernization, and executive risk leadership, Ben brings a practitioner’s perspective to today’s evolving threat landscape. He focuses on translating board-level risk conversations into practical security controls that balance innovation with protection.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Matt Alderman
- Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short
According to a new report from IANS, Artico Search, and The CAP Group, CISO-board interactions remain short (typically 30 minutes per quarter), lack depth around threats, particularly those posed by AI and other emerging technologies, and are more about “listening” than active participation.
- Survey: CISOs Continue to Struggle to Strike Right Risk Balance
A survey of 422 CISOs finds that while well over half (61%) believe their organizations are highly competent when it comes to cybersecurity and cyber resilience, less than half (45%) said their organization’s risk appetite is effectively aligned with cybersecurity risk management even though 57% claimed their communications channels with the line of business units are effective.
- When Liability Turns the CISO Into the Fall Guy
The era of the technical specialist is fading. In its place stands a legally exposed executive whose concern is no longer just a system breach but potential personal indictment. Twenty years ago, the cybersecurity remit was defined by network integrity and resilience. Today, it is increasingly defined by the fine print of directors and officers, or D&O, insurance policies and the exact wording of board minutes.
- Who in the C-Suite Should Own AI?
The question of who controls AI is the critical org-chart issue at the dawn of the AI era, and it will influence a company’s strategy, investment levels, and the distribution of power and influence among leaders. How can organizations decide? Sociologist Andrew Abbott developed one of the most insightful frameworks for understanding this problem in his landmark 1988 book, The System of Professions. Abbott showed that professional groups are locked in a perpetual contest over who controls which domains of work, and that major technological or social disruptions are the moments when those boundaries get redrawn. Applied to the C-suite, his theory reveals why the current scramble over AI will become heated, and it points to a practical way for leaders to move past the turf war and toward an organizational structure that actually works.
- When the Team Gets the Recognition, Your Leadership Is Working
One of the most meaningful lessons I’ve learned in leadership is simple. Your recognition as a leader is not measured by how often your name is mentioned, but by how often your team’s names are.
- The psychology behind AI resistance: What CIOs need to know
AI is reshaping the way the world does business at breakneck speed, yet many CIOs are facing adoption resistance because of how it plays into our most primal fears.
- The communication lesson that changed my career
I grew up believing that being direct was a virtue. Mean what you say. In product teams, clarity felt like competence. So when people added context, hesitated, or avoided saying things explicitly, I read it as lack of ownership. That belief worked well, until I started working across teams, functions, and countries. And that’s where it broke.
