Boards receive quarterly cybersecurity briefings, approve IT budgets, and then react with shock when breaches erode customer trust and erase shareholder value. Mike Coogan has spent more than two decades in technology leadership, from Allstate to Waste Management, and now as VP of IT Services and CISO at Brinks Home, watching boards repeatedly treat security as a technical function when in reality it is a business risk they are accountable for overseeing.
A single incident can damage brand trust, disrupt customer retention, and materially impact market valuation. Yet most boards lack executives with the depth of experience to fully understand risk exposure, regulatory implications, and reputational fallout, let alone prioritize threats, navigate ambiguity, and lead decisively when crises emerge. After years of presenting threat intelligence that reshaped strategic priorities and leading global teams through real-world incidents, Coogan’s view is clear. Effective security leadership means translating technical complexity into business strategy, aligning security investments with measurable outcomes, and leading through crises with discipline.
Translate Technical Complexity Into Business Strategy
Security is no longer just an IT or facilities issue. It is a business issue. Boards today are increasingly accountable for overseeing risk to technology, risk to people, and risk to the enterprise itself. “A technology executive with a security background brings a deep understanding of risk exposure, regulatory implications, and reputational impact,” Coogan explains. “More importantly, they know how to prioritize, communicate, and navigate ambiguity around risk.”
Most boards receive reports filled with discussions of firewalls, malware, and vulnerabilities. This technical language fails to answer the question directors actually need addressed. What business impact are we exposed to, and what decisions should we make now? Security leaders bridge that gap. They translate complexity into strategy by focusing on protecting customer trust, maintaining operational resilience, and aligning security priorities with broader business objectives. “I’ve presented to boards where real-time threat data directly shifted strategic priorities,” Coogan notes. “That level of visibility is exactly what boards need to make informed, timely decisions.” Real-time threat intelligence changes the conversation. Instead of approving IT budgets based on abstract risk scenarios, boards are empowered to make strategic choices grounded in actual exposure and tangible business impact.
Align Security With Measurable Business Outcomes
Security investments framed solely around preventing hypothetical breaches often feel like insurance. Necessary, but not value-creating. Boards approve minimum budgets and then question the return. Effective security leaders reframe the discussion around outcomes boards already measure and care about. “At Waste Management, I led an initiative that strengthened our security posture while also creating long-term cost efficiencies by modernizing systems and reducing downtime,” Coogan explains. “That kind of alignment is what boardrooms need more of. Real dollars, real results.”
Modernization reduces operational downtime that drains revenue, lowers maintenance costs, and enables new capabilities that improve performance across the organization. When security is tied to financial and operational metrics, boards can evaluate investments using familiar measures rather than abstract risk reduction they struggle to quantify.
This shift fundamentally changes how boards view security. Not as a cost center seeking approval, but as a strategic capability that protects and creates enterprise value.
Lead Through Crises With Discipline
“I’ve led global teams through real-world incidents where staying calm, communicating clearly, and executing with precision made all the difference,” Coogan emphasizes. “That kind of leadership builds trust with internal stakeholders and external regulators alike.” Crises reveal who can lead when playbooks fall short, stakeholders demand answers that do not yet exist, and decisions must be made under pressure with incomplete information.
Security leaders bring exactly the crisis-management experience boards need. They have coordinated responses across IT, legal, communications, and executive leadership. They have managed regulatory scrutiny where every statement matters. They have navigated media attention where the organization’s response determines whether an incident becomes a brief headline or a long-term reputational wound. “Forward-thinking boards recognize this,” Coogan notes. “They stack the deck with people who have walked the walk.”
The Expertise at the Table Must Evolve
After more than two decades delivering measurable outcomes that reduce risk and drive value, Coogan’s conviction is direct. “Security leaders bring more than technical expertise,” he concludes. “We bring risk discipline, strategic judgment, and an unwavering focus on resilience and enterprise value. As boardrooms evolve, the expertise at the table has to evolve with them.”
Boards that treat security as an IT issue delegate oversight and assume risks are under control until a breach proves otherwise. Boards that treat security as a business risk ensure experienced security leaders are at the table, translating threats into business impact, aligning investments with outcomes, and leading decisively when discipline matters most.
If you are building a stronger, more resilient future for your organization, ensure your board includes seasoned security leadership.
Connect with Mike Coogan on LinkedIn for insights on how security experience adds value to boards.
