Andy Brown, a Zscaler board director since October 2015, sits on the audit and compensation committees and previously served as group chief technology officer at UBS Securities; head of strategy, architecture and optimization, at Bank of America Merrill Lynch; and chief technology officer of infrastructure at Credit Suisse Securities. He holds several other board positions with technology companies. Connect with him here.

What are some developing issues your business thinks board directors should be prepared for?

●      Attack Surface Management: Boards need assessments based on the National Institute of Standards and Technology (NIST) to understand security vulnerabilities in their environment and visibility into specific investments aimed to reduce the risk of attackers breaching defenses. Do directors have confirmation that security funding levels are appropriate and gaps are properly mitigated?

●      Board–CISO Communication: Chief information security officers should update the board at every meeting, with scorecards used to track NIST maturity improvements. Importantly, the board needs to know it will be notified of any incidents before they are called by reporters.

●      AI Initiative Risks: Establish an artificial intelligence governance board with clear terms of reference to manage C-suite pressure for rushed implementations. Proper entitlement controls are required between users, large language models, and sensitive data sources to maintain privacy and data security.

What are a couple of tips for directors to ensure they are well-prepared for tomorrow’s challenges?

●      Leverage Ready Resources: I wrote a book with Helmuth Ludwig, former Siemens chief information officer, called <a href="https://info.zscaler.com/resources-ebooks-seven-steps-for-boards-of-directors"> Seven Steps for Board Directors <\a>, that gives very practical cyber risk management advice.

●      Establish AI Governance: Ensure your company has an AI governance board with clear terms of reference, followed by a comprehensive AI policy that can evolve over time as the organization’s AI maturity increases.

What’s your favorite business-related podcast?

My favorite business podcast is All-In. I appreciate getting the venture capitalist presenters’ perspective on market trends, tech, and broader issues. Definitely worth a listen.

What’s something that’s been keeping you busy lately?

It’s more a case of someone than something! I’m loving spending time with my grandson, who is two and a half.

What’s your favorite AI tool?

I’ve recently joined the advisory board of a company called meetsynthia.ai Inc.—it’s an AI tool that helps create prompts to exploit AI effectively based on a user’s role and workflow to give more job-specific answers. I’m also a big user of Grok.