Why Corporate Boards Are Picking Women to Fill Cybersecurity Posts

The National Cybersecurity and Communications Integration Center in Arlington, Virginia.

The National Cybersecurity and Communications Integration Center in Arlington, Virginia.

Photographer: Saul Loeb/AFP via Getty Images
  • While men built tanks, women crunched data, now seen as vital
  • Two thirds of major cybersecurity board spots go to women

Earlier this year, American International Group Inc. added Linda Mills to its board, attracted partly by her expertise in cybersecurity. In February, Wells Fargo & Co. selected Suzanne Vautrinot for its board for similar reasons. Before that, Walgreens Boots Alliance Inc. picked Janice Babiak.

All directors, all focused on cybersecurity, all women.

Over the last five years, as data theft has risen to the top of corporate concerns, 16 of the largest U.S. companies have appointed one or more directors with cybersecurity credentials, 10 of them women, a Bloomberg analysis shows. Given the paucity of women in boardrooms -- fewer than one in five in the Standard & Poor’s 500 Index -- the surge has stunned all involved.

"All of a sudden we’re valued," said Jan Hamby, chancellor at the National Defense University’s iCollege. "Instead of just being the pain that’s causing people to have 12-character passwords that they change every hour."

The sudden prominence of women like Hamby can be traced back to the 1980s and 90s when they began working on software development and big data because those career paths were new and unclaimed. Linda Hudson, former chief executive officer of defense contractor BAE Systems Plc’s U.S. subsidiary, said many women went through technology while the men in that industry focused on the higher-profile tasks of building tanks and missiles.

Linda Hudson
Linda Hudson
Source: The Cardea Group

Leveled Playing Field

“It was a new area where opportunities opened themselves up pretty much to the best qualified,” said Hudson, a cybersecurity-savvy director at Bank of America Corp., Ingersoll-Rand Plc and Southern Co. “That leveled the playing field immensely.”

There was a similar story in the military. Until the early 90s women were barred from certain combat units so they often took back-office jobs in IT and telecommunications. When Hamby entered the Navy in 1980, she was assigned to its Regional Data Automation Center in Washington where most of her co-workers were women.

“You see so many senior women with this kind of specialization in the services,” she said. “Part of it is just an artifact of our history of limiting women’s opportunities.”

Meanwhile, corporate boards today are seeking to broaden membership beyond white men. As Hamby put it, "We are at a time in history where boards are recognizing diversity so they’re trying to kill two birds with one stone."

Identity Theft

The sudden need for cybersecurity, however, is the more important factor. In 2010, fewer than 10 percent of businesses in the S&P 100 identified cyber as a risk in annual reports. Today, more than three quarters do, according to data compiled by Bloomberg.

The touchstone was the 2013 breach at Target Corp., where 40 million credit card numbers were stolen in a heist that led to the ouster of CEO Gregg Steinhafel, said Peter Metzger, vice chairman of DHR International Inc., an executive recruiting firm.

The exposure of embarrassing personal emails sent by Sony Pictures Entertainment employees, theft of 56 million credit card numbers at Home Depot Inc. and breach into JPMorgan Chase & Co.’s records of 76 million customers and 7 million small businesses have added to the urgency, he said.

As a result, women like Mills, with their deep experience, became prime candidates for directorships. She is a former Northrop Grumman Corp. executive who ran the defense contractor’s information systems group. Vautrinot is a former major general of the U.S. Air Force where she oversaw cybersecurity, and Babiak, an Ernst & Young LLP alumna who co-founded the firm’s technology security and risk services practice in 1996.

Amusement Park Management

Chief information officer jobs are also being filled with more women than other executive roles. About 17 percent of CIOs at companies in the S&P 500 Index are women, compared with 13 percent for chief financial officers, data compiled by Bloomberg show. Less than 5 percent of CEOs in the index are women.

Sheila Jordan
Sheila Jordan
Source: Symantec

Sheila Jordan, CIO at Symantec Corp., a software security provider, began her career in technology helping to build Walt Disney Co.’s first customer relationship management system for its amusement parks in the mid-1990s. She said she’s received half a dozen requests this year alone to join boards.

Matt Aiello, who leads the cybersecurity practice at Heidrick & Struggles, an executive recruiting firm in Washington, has also seen an uptick in interest. He points to Linda Jojo, CIO at United Continental Holdings Inc., who joined the board of Exelon Corp. in September and Deutsche Bank AG’s global co-head of technology and operations Kim Hammonds who’s been a director at Red Hat Inc. since August.

While all of this appears to be a good-news version of a tale of unintended consequences, it is not entirely so. It turns out that the prestige of cyber and technology means that men are now joining the ranks in much greater percentages while the number of women in those entry-level jobs has plummeted, according to Caroline Simard, senior director of research at the Clayman Institude for Gender Research at Stanford University.

Rise and Fall

Teri Takai, the former CIO of the U.S. Department of Defense and Ford Motor Co. executive, has noticed the same thing, saying that during her three decades in IT at the automaker the number of women in entry-level technology jobs rose to about half and later dropped off sharply.

Melissa Woo, vice provost for information services at the University of Oregon, said it has become difficult to attract all young people into careers in cybersecurity, and women are harder to court than men, partly due to the perception that these jobs require advanced programming skills.

“Part of the lack of attraction is that it’s seen as seriously geeky -- you imagine people crouching in dark rooms with screens,” said Woo. “But the real basis of good cybersecurity is the policy, the training and dealing with people.”

That said, those who are hoping to bring more women into technology careers say that at least the success of women like Jordan and Takai should play a crucial role by offering models for young women to follow.

“You can’t be what you can’t see,” Simard of Stanford said. “Having these women in leadership for these companies not only changes the image of who can be successful in this field, but also who should go work inside these companies.”