It\u2019s not uncommon for CIOs, CISOs, and sometimes their direct reports to be called on to participate in board meetings or to present IT strategies and plans to their boards of directors. If you don\u2019t join board meetings often, preparation is paramount, starting with learning about the directors\u2019 backgrounds and reviewing minutes from previous meetings. And if you\u2019re presenting, it\u2019s best to study older board packages and consult with colleagues about how the directors discuss, debate, and finalize key decisions.\n\nBest practices for board meetings abound. When presenting, you\u2019ll need to win over board members by doing your homework, communicating in business language, and practicing the presentation. When presenting significant innovations and digital transformation investments, preview the presentation to the executive committee, illustrate where customer feedback experiments are needed, and expect detractors seeking perfect roadmaps. Be prepared to answer common board questions about cyber readiness, technology roadmaps, and plans to hire and retain a diverse team.\n\nBut when I think about my own board presentations and meetings, it\u2019s the simple mistakes I remember most. So too is the case for many IT leaders I speak with. With that in mind, here are five common mistakes IT leaders make when participating in board meetings. \n\nThey assume their board lacks technical expertise\n\nIn 2019, MIT reported that only 24% of US boards of companies with over $1 billion in revenue were digitally savvy. A more recent review reports that only 51% of Fortune 100 companies and 9% of Fortune 200 through 500 organizations have a director with relevant cybersecurity experience.\n\nWhile these numbers suggest a significant technical and security gap on the boards of large enterprises, it would be a mistake for a CIO or CISO to assume their board lacks digital, data, security, or other technical acumen.\n\n\u201cThe structure of the boards have changed over the last few years with many being augmented with technology folks, including ex-CIOs in many cases,\u201d says Manoj Tiwary, CIO of Subaru Canada. \u201cSo identify one of the board members as your champion. Make sure you work with this champion outside of the board setting to ensure alignment and adoption of your technology strategy.\u201d\n\nThey favor technical jargon and convoluted answers\n\nIn Digital Trailblazer, I tell the story of the early internet days when a director asked me, \u201cWhat\u2019s a cookie?\u201d My first instinct was to provide a technical answer, but then I quickly realized that if I answered the question that way to the board of directors, I\u2019d be shown the virtual elevator down to the CTO morgue.\n\n\u201cCIOs can\u2019t answer questions about key or current IT issues through unintentional, or perhaps intentional, obfuscation,\u201d says Joe Puglisi, a former CIO and now an investor, advisor, and board member. \u201cNothing baffles the board more than a long string of techno-babble mumbo-jumbo.\u201d\n\nIt\u2019s important to avoid speaking technical jargon, but sometimes you\u2019re asked to define a technical term or explain a technology. One approach both Puglisi and I recommend is to answer technical questions with analogies from your industry. We both worked in the construction industry, so, for example, we might help these executives understand Scrum in software development by comparing it to design-build and agile construction project methodologies.\n\nThey resort to scare tactics or security risks\n\nWe all know the saying \u201cNever waste a crisis\u201d as a tool to bring attention to the big investments no one wants to make.\n\nSometimes you need a spark to create a sense of urgency, but don\u2019t take this approach too far. I once heard a CISO say, \u201cIf you can\u2019t convince the board, then scare them,\u201d which might get a CISO a yes to an investment, but lose credibility over time. \n\nCISOs who are natural presenters and storytellers can connect with the board using these skills, but only if given sufficient time to use this approach.\n\nIf presenting isn\u2019t your best skill, or you only have a few minutes to present, storytelling may confuse directors, says Tony Pietrocola, president and co-founder of AgileBlue. \u201cThe problem with boards truly understanding if the enterprise is protected against cyber threats is they\u2019re generally not technical, so the CIO or CISO might answer the question in a confusing narrative,\u201d he says.\n\nJay Ferro, EVP and chief information, technology, and product officer at Clario, and Allata board member, shares examples of how not to answer the board\u2019s questions about security risks. \u201cDon\u2019t say, \u2018We\u2019re trying our best and hope we\u2019re protected,\u2019\u201d he says. \u201cNo one can guarantee total security, right? So, it\u2019s hard to say if we\u2019re safe from all threats. Also, don\u2019t overstate your security readiness by saying, \u2018Our security posture is robust, and the countermeasures we\u2019ve implemented completely protect our organization from any and all threats.\u2019\u201d\n\nSo what should CISOs do to ensure the board understands the security risks without storytelling or using scare tactics?\n\nPietrocola recommends using security benchmarks to help directors understand the risks, saying, \u201cScoring algorithms can put a grade on the most critical facets of cybersecurity and the critical operations of the enterprise.\u201d Ferro, meanwhile, recommends discussing the business impacts of high-risk areas and reviewing their remediation plans.\n\nThey answer vaguely or lack anticipation\n\nCIOs and CISOs need to understand what information is important to share at the board level. Presenting too many slides is problematic because directors will lose interest. Summarizing with too few slides may leave out key details on the problem statement, growth opportunities, market trends, and other details that connect business and customer needs with technology strategy.\n\n\u201cThe last thing we should be doing is present a technology strategy built in isolation at a board meeting, which is out of alignment with the business objectives or not meeting the board\u2019s expectation,\u201d says Tiwary.\n\nAccoeding to Ferro, here are other examples of questions directors ask about digital transformation initiatives and what an awful response sounds like.\n\nThe key for CIOs and CISOs is to be incredibly informed about the active initiatives, business opportunities, and emerging technologies impacting their business and industry. Even if a topic is not on the agenda, it\u2019s fair game for a director to ask about it.\n\nThey throw colleagues under the bus\n\nMy last recommendation comes from a #CIOChat Live event, where I asked the panel on CIO and board relationships a provocative question. \u201cIf you\u2019re not getting support from the CEO on a critical security or operational investment, should you raise this at the board meeting?\u201d The panelists gave me a harsh stare and answered with a resounding \u201cNo.\u201d \n\nYou don\u2019t want to air disagreements at the board meetings or surprise your colleagues by raising an issue that\u2019s not on the agenda. It\u2019s a career-limiting move.\n\nEven the most seasoned CIOs and CISOs have limited board exposure, so presenting at meetings is always a learning experience. Learn best practices, consult with colleagues, and avoid easy mistakes.