Paul Bergman

Category: Certs & Awards

Certifications and awards

  • Certificate in Private Company Governance

    Certificate in Private Company Governance

    Hello all,

    Today I completed my training and passed the exam for my Certificate in Private Company Governance from the Private Directors Association. PDA is a membership association for board members of private organizations. They offer both job postings and training to their membership. I’ve been a member since January of 2021 and am a member of their cybersecurity committee. As a member of that committee, I’ve led the development and management of four very successful webinars in the last year.

    As a board member I’ve always been committed to developing a and understanding my role at a private company. This may seem like an easy task, but many private companies are owned by a very small number of people. Sometimes when those people are directly on the board, it’s difficult to know exactly where you fit in. Take, for instance, a board I was on where there was just one owner and he was CEO of the company. It is difficult to ‘represent the best interests of the shareholders’ when they are already sitting at the table! Where do you fit in?

    The fact is, you need to walk a fine line in those cases. They clearly have their own interests in mind but aren’t always experts in everything (although some think so). You do bring a different skillset to the table and certainly a different point of view. Remember, you are there for a reason.

    Fortunately, not all company boards are so skewed. Most companies that are large enough to start considering creation of a board of directors have a large ownership base as well. One family-owned business that I worked with had only a few family members running the company. In those cases, it’s much more clear that you represent the interests of those that aren’t there.

    Keep in mind also that shareholder interest isn’t always the only interest you need to keep in mind. Courts are starting to expand that to include all stakeholders such as employees. Not to mention with new privacy laws doing into effect around the world, the interests of customers should certainly be a discussion in the boardroom to address risks that could be extremely costly to a company.

  • Certified Chief Information Security Officer

    Certified Chief Information Security Officer

    The cybersecurity world is full of certifications.

    The fact is, it’s an easy way to validate a skill set without doing a deep-dive interview with a candidate. Most certifications require classroom and fairly lengthy exams covering a large body of knowledge. In my case, the CCISO certification is my most recent validation of my skillset.

    The CCISO exam is offered by EC Counsil, the folks that did the highly popular CEH certification. Similar in scope to CISSP certification, the CCISO covers 5 domains of knowledge:

    1. Governance, Risk, and Compliance
    2. Information Security Controls and Audit Management
    3. Security Program Management and Operations
    4. Information Security Core Competencies
    5. Strategic Planning, Finance, Procurement, and Third-Party Management

    As you can see, this is a management level program. There isn’t a focus on certain tactics or procedures because those don’t belong at the management level in the same way the next CEO of Amazon need not have experience as a delivery driver.

    I’ll admit that the exam itself was difficult, and some questions are arguably awkward, but does a good job testing against the body of knowledge. It is a great indicator of awareness and understanding of corporate risk and security. Particularly when paired with other certifications, I feel that these certifications go a long way toward validating education and awareness of issues. That is the challenge that corporations need at the C-level and boardroom.

  • What is a QTE Certification?

    What is a QTE Certification?

    What is a QTE and why should I care?

    QTE is a Qualified Technology Expert and is Boardroom Readiness Training For Tech Executives offered by the Digital Directors Network.

    Ok, what does that mean?

    The answer to that is fairly simple. Boards need to pay attention to cybersecurity. That doesn’t just mean that everyone changes their passwords from “Password1”. It means that the company takes systematic risk (including cybersecurity) seriously enough to have enlist expertise at the board level.

    But having technical skills does not mean you can work well with a board. The corporate world is full of stories about highly technical people that just rub staff the wrong way. Board meetings are quick and to the point, there is no time for explaining why security is important and most board members have no interest in understanding “anything with a plug.” I used to spend half my time at board meetings explaining to board members how to get board packets on their iPads. These were smart people but just had no time to learn about technology.

    Why does it matter?

    Us technical people love technology and don’t realize others have no interest in it. It may make sense why boards really aren’t that interested in getting technical people on the board.

    To make a place in the boardroom, there is a middle ground that technology experts need to find. We need to move away from explaining the details and put things in terms of business issues and risk. Professor Bob Zukis (USC Marshall School of Business) is an expert at training tech executives to fit in and add real value in the board room. His DiRECTORTM and RISCXTM frameworks in digital and cybersecurity systemic risk oversight provide a great foundation to the program and give structure to the approaches he teaches.

    I highly recommend this program for technology executives looking to move into the boardroom.