1. Before signing on to join any Advisory Board or Council it is best practice to seek legal advice in particular regarding any agreement in place.  This may be done with your company’s internal legal counsel or external counsel.  Seeking a professional’s guidance about obligations, conflicts of interest, or potential risks is always the right way to go.

2. Be sure to document your commitments; in particular regarding any direct customer interaction including references, speaking engagements, customer calls, or demos.

3. Be sure to document all of your advice: Often within the scope of an advisory board you may be asked to assist in a decision that impacts the organization you are advising.  This may be in the form of a recommendation or simply just advice on what you have done in the past.  While this is a lower risk, it is always a best practice to be diligent with your recordkeeping regarding any advice you offer in the capacity of an advisor.

4. Before entering into any engagement, be aware of potential conflicts of interest and take all appropriate steps to avoid them.  There is precedent around technology executives being under a microscope on this point.  It is important for CISOs to carefully consider risks and take steps to mitigate them.  As a CISO you are a significant and influential consumer and buyer of products and services.  Understand that there can be no conflicts of interest between your practitioner role and your advisory role. 

Remain curious – ensure that you are asking the right questions around the level of commitment, and be sure to clarify any expectation (even if minor) around customer engagement.

As a CISO considering an advisor role be aware of your risks and find ways of eliminating them. 

Be curious about the commitment: ensure that you are asking the right questions around the level of commitment, clarify time expectations (even if minor), and truly understand ‘the ask’ around customer engagement.

Make informed choices: be aware that your role as a CISO has become a highly influential executive-level leadership position.  As a result, you will likely be asked to participate as an advisor.  This is a good thing for your brand and career trajectory however use caution as you will be publicly attached to that organization.  While we cannot possibly know what may occur, it is a good practice to be diligent.  Don’t just accept anything that comes your way.  Be critical.  Ensure that you are approaching every advisory position with strong diligence, back channels, etc.  Your credibility is on the line.

Know the potential risk to your personal brand: in choosing to participate in an advisory role be careful not to dilute your brand.  You cannot control how your audience reacts to your decisions.  Participating in multiple advisory roles is likely to feel like a career-advancing opportunity but to some viewers of your profile, it may seem like an unintentional dilution of your operational brand.  The effects may not be impactful today but may directly or indirectly affect your reputational brand the next time you are seeking a new CISO role.