How Cyber Plays in Boardrooms of the Future

We know that corporate boards can no longer afford to leave cyber to the IT team. In the future, (which is now) they need to be actively engaged in cybersecurity and they need to know how to do it from a strategic level. Particularly in a time when many companies are looking to either acquire or build a cyber component, board members need to collectively focus on understanding cybersecurity in private equity and M&A.


The Cipher Brief recently turned to Rick Ledgett, to share his perspective on these issues in a virtual gathering of experts from across the national security space for this member’s only briefing.


Ledgett served as deputy director of the National Security Agency from January 2014 until his retirement in April of 2017, culminating a nearly 40-year career in cryptology at NSA and in the U.S. Army.  He was the first national intelligence manager for cyber at the Office of the Director of National Intelligence and directed NSA’s 24/7 Cyber Threat Operation Center.


The print version of this briefing has been edited for length and clarity.


The Cipher Brief: Can you tell us a little bit about what you’ve been learning since working with private-sector boards? What are the trend lines and new requirements for serving well? 


Ledgett:  This is a really important topic for me.  When I talk to boards of directors and officers of corporations, it’s top of mind for them.  I’m on the board of M&T Bank as an independent non-executive director and a trustee on the Institute for Defense Analyses. And in my roles with both of those boards, I have spent a lot of time talking about these things. One of the questions that we used to get a lot was why should boards care about cyber? You used to just give it to the IT team, and they’d take care of it.  The reason that you need to care is because it’s your fiduciary responsibility for the corporation and you’re also potentially liable.

Tom Bossert's Plan to Hijack the Hack

Tom Bossert spends a lot of time thinking about hacking.  The former Homeland Security Advisor to President Trump who also served as the country’s Chief Risk Officer and Senior Advisor on cyber, left his White House position in 2018.


It happened just after Bossert spoke at The Cipher Brief’s Annual Threat Conference.  He returned to Washington to find that under then-incoming National Security Advisor John Bolton, Bossert’s services were no longer needed.  So, he went private.


Over the past year plus, Bossert collaborated with other cyber experts, many of them with government experience who had also entered the private sector.  They wondered whether cyber experts focus primarily on end points alone as security targets, made sense.  They speculated about how it would change the cyber threat landscape if they could focus on a relatively small number of capable hackers as well.  How much of a difference would it make if they could disrupt the efforts of those hackers? 


The Cipher Brief’s Cyber Initiatives Group recently caught up with Bossert to talk about lessons learned from both his time in government and in the private sector and about his new plan to hijack the hack. 


Our conversation, which includes questions posed by Cyber Initiatives Group members has been slightly edited for length and clarity.


The Cipher Brief:  Welcome, Mr. Bossert.


Bossert:  Thank you. Since my last time talking to you formally was my last official public speaking opportunity while I was in my White House job, I am glad that my first public speaking opportunity now in my new startup is with you so, thank you for having me back.


The Cipher Brief:  We are very excited to have you. Let’s talk about lessons learned both from your time in government and in the private sector. Since leaving government, what are some of the most developments in cyber that concern you the most?


Bossert:  In the cyber security realm, I am struck by something in the existing cyber security strategy that came out shortly after I left, and that is a very small but very powerful sentence that suggests we still need to do work to determine the various roles and responsibilities – not only among and between different federal agencies – but among and between private actors, private sector and public sector, if you will.


I’d like to welcome everyone to The Cyber Initiatives Group’s Members-Only Cyber Briefing today with Mr. Tom Bossert. Tom is the former Homeland Security Advisor to the President and is currently the Chief Strategy Officer with Trinity Cyber. 


For a little background on Tom, though I believe many of you are already familiar with his impressive background, Tom was the homeland security advisor for two U.S. presidents and in that role, he served as the U.S. chief risk officer and senior advisor on cybersecurity issues, homeland security issues, counterterrorism, and global health security policy.  


Tom will be sharing the lessons he learned from his time both in government and in the private sector, and then a little later, we’ll find out what he knows about the ways that cyber adversaries are targeting businesses today. 


I’ll welcome Tom officially in just a moment, but first, some logistics: 

You can submit a question for Tom using the link on the webinar page if you’re joining us via your computer. There is a box on the right-hand side of your screen that includes a question option.   

CIG members can request a link to access this briefing by sending an email to  
Cybersecurity for Small and Mid-Size Firms
August 6, 2019
Joel Brenner 
Sr. Research Fellow, MIT Center for International Studies 

The CIG is a newly-launched, cyber-focused series of high-level and expert briefings on cyber issues that matter to you. Our briefings are both web-based and in-person, and our bench of principal briefers include General Michael Hayden, General Keith Alexander, and a host of others that you can find at cyber initiatives


The CIG boasts an impressive roster of experts covering all aspects of cyber from the public and private perspectives, and we’re proud to say that today’s briefer, former senior counsel at the NSA, Mr. Joel Brenner, is one of our expert members.  


Our topic for today’s briefing is cybersecurity for small- and mid-sized businesses.


Here’s how this works: Joel is going to provide us with his overview briefing on cybersecurity issues for business for the first 15-20 minutes.  At any time during his briefing, you can submit a question for Joel using the link on the webinar page if you’re joining us via your computer – there is a box on the right-hand side of your screen that includes a question option.   


And now, I’d like to officially welcome cyber expert Joel Brenner to today’s briefing. Joel is a lawyer, a writer, and a teacher specializing in cybersecurity policy, intelligence law, and the regulation of sensitive cross-border transactions.  He is also a senior research fellow at the Massachusetts Institute of Technology, where his recent work focuses on international conflict in the gray zone between war and peace, and the protection of electronic networks that control critical infrastructure, such as energy, finance, and telecommunications.