Twitter’s infosec chief makes the case for cybersecurity expertise in boardrooms
Rinki Sethi worked at Walmart, IBM, eBay, Intuit, and Palo Alto Networks before joining Twitter as its chief information security officer in September 2020. This past August, Sethi was named to the board of directors of the security technology company ForgeRock.
Joining a board had been a goal of hers since around 10 years ago, when a large company reached out to interview her for a board position.
“I was far from ready at that time,” Sethi told Fortune. “But since then it kind of whet my appetite for it.”
Ten years ago, the makeup of boards was far more standardized. Since that time, the need for technical expertise at the highest levels has become more apparent. Recent research from the National Association of Corporate Directors and Heidrick & Struggles has pointed out a rise in new board members with technical backgrounds. Sethi set herself up for the appointment by pursuing greater leadership roles at work and also getting more involved in the cybersecurity startup community.
“A lot has changed, especially in the security space,” Sethi explained. “Cybersecurity is talked about in the boardroom all the time; it's one of the highest risk areas for companies,” whether they’re in the tech industry or not. “It’s one of those existential risks to a company.”
As a longtime technology leader with a lengthy background in cybersecurity, Sethi joined Twitter at a uniquely high-profile moment for the company’s information security efforts, with the mission of revamping its security culture in the wake of a massive data breach.
“When I joined, [Twitter] had just formed a risk committee as a part of the board,” Sethi shared. “I presented them quarterly on key projects. I talked to them about the key risks in the company, showed them how we're driving risk down, talked about some key incidents and where we might need support from the board as well.”
She plans on bringing the learnings from those experiences to her board role at ForgeRock, a company that recently went public and whose customers include CISOs.
“Being in the infosec space and actually being more on the representative side of the customer of a company like ForgeRock is to help bring questions around the product, questions around how they're tackling security, why they're thinking about product in a certain way, which only somebody that's a practitioner can bring to the table.”
One matter that is challenging to navigate, for Sethi and others in her situation, is that because board members typically have more finance or CEO backgrounds, “security still doesn't speak a common language to the board,” Sethi said. “I hope that I can, from a product standpoint, influence the road map from a customer perspective.”
She also sees opportunity for ForgeRock and other companies to build a competitive advantage through excellence in cybersecurity.
“If you're building features where you're thinking from a customer perspective, what might they expect or want from a security or privacy perspective, getting those built-in early on can lead to some very interesting innovation.”
The other cybersecurity challenges companies are facing revolve around talent. The cybersecurity talent market was very hot for years before the pandemic, and that has only heightened since.
Sethi notes the competitiveness of the market but adds that remote work and increasingly diverse pathways for entry into the field are helping. She contributes to some of these initiatives herself, including the development of a cybersecurity badge for Girl Scouts.
“I think your teams need to represent your customers,” Sethi said. “If your customers are a diverse set of individuals around the globe…your team needs to be representative of that, so you can then build for those folks as well. I think from a security perspective, that is as much the case as any other team.”
As a woman of color, Sethi does not have many peers as a CISO and that is even more the case for her new role as the board member of a publicly traded company. She acknowledged the efforts of multiple states and Nasdaq to address this issue, but she is encouraged by the rising influence and presence of diverse viewpoints in corporate leadership.
“I know that there's not a lot of women of color,” she said. “I hope that I can serve as a role model to those that are pursuing that. Because I know there wasn't a lot of that as I was growing my career.”
This story was originally featured on Fortune.com
Gloss