Nikki - I wanted to start with the major explosion of ransomware and ransomware-as-a-service across all industries. This seems like a good starting point for why cybersecurity advisors belong in the boardroom. Do you think the sophistication and ease of purchase with ransomware should be part of the conversation to bring more cyber experts in? 

 Nikki - You made a post recently about the vast cybersecurity risk that API's pose to organizations. API security has been top of mind given how prevalent they are and how useful they are to both administrators and developers. Do you think API security will become a more prevalent topic in the coming year? 

Chris - It seems logical that boards should have cybersecurity expertise in the mix given how critical technology is to most modern businesses. Why do you think it has taken us this long?

Chris - What are some of the largest coming changes you think will drive this paradigm shift? I know groups like the SEC are pushing for organizations to disclose to what extent they have cyber expertise among the board. 

Nikki - What do you think organizations can do that may not have the budget or contacts in place to add cybersecurity expertise to their boards - is there somewhere they can start?

Chris - I know you recently have spoken about the incident reporting timeline changes from the SEC and the need to provide insight into the "materiality" of a breach. For those unfamiliar with the term, what does it mean and is the CISO even in a position to know this? If not, who is?

Chris - To flip it a bit from the boards perspective, for practitioners aspiring to fill this emerging need for cyber expertise in or among the board, where should folks begin? How do they position themselves as desirable candidates for these board opportunities?