When a CISO reports to their Board on security metrics, there is no industry standard or template to leverage. Our research has shown that most CISOs have been in their role for less than 12 month while Boards are becoming more security-aware. This requires reporting to be relevant and actionable. This talk will reveal results of a study of CISOs reporting behaviors and what Boards really want.