Target Taps an Outsider to Revamp IT Security After Massive Hack

Target went looking for a fix to its data-security debacle outside the Greater Minneapolis area and on Tuesday named Bob DeRodes as chief information officer. He will be tasked with helping the retailer rebound from its massive credit-card breach in the middle of the holiday shopping rush in December.

DeRodes will head up Target’s technology operations, including efforts to improve data security, and will plan longer-term digital strategy, the company said in a statement. His experience at a wide range of companies in retail, airlines, and finance contrasts with that of his predecessor, Beth Jacob, who rose through the ranks of Target’s famously insular culture and homegrown executive pipeline.

DeRodes held the CIO job at Home Depot from 2002 to 2008—useful experience when joining a second big-box retailer—before jumping to First Data, a payment processer that supports transactions for merchants and financial institutions. The experience leading First Data’s global operations and technology should be even more useful as Target tries to navigate the increasingly crime-ridden landscape of credit, online, and mobile payments. DeRodes has also worked in Citibank’s credit-card group and once led the technology subsidiary of Delta Air Lines.

His most recent job, running his own consulting firm, gives you a sense of how DeRodes probably pitched himself to Target: “DeRodes is a recognized leader in information technology,” his bio on the firm’s website reads, “with an established track record of transformational change, innovation, and execution inside large corporations.”

Contrast his broad experience with the long-running Target insider status of Beth Jacob, who resigned in March. She first worked at the retailer as an assistant buyer in the 1980s and received her undergraduate and MBA degrees at the nearby University of Minnesota. Jacob returned to Target in 2002, according to an official bio, and became CIO in 2008.

Target’s executive roster shows the homegrown nature of its talent pool. Gregg Steinhafel had been with the company for two decades when he was named chairman and chief executive officer in 1999. Target Chief Financial Officer John Mulligan, who had the unenviable task of doing the talking at several congressional hearings after the hack, joined as a financial analyst in 1996. Timothy Baer, general counsel, joined the retailer in 1994. Tina Schiel, executive vice president in charge of stores, dates back to 1987. Kathryn Tesija, in charge of supply chain and merchandising, has worked there since 1986. You get the picture.

The appointment of DeRodes doesn’t fill the gaps in Target’s security roster; searches continue for a chief information security officer and a chief compliance officer. The company did not have a CISO in place last year, when it suffered a credit-card breach that exposed the data of tens of millions of customers. Time will tell if Target continues to look outside its staff for fresh perspectives and more effective leadership on data security.

    Before it's here, it's on the Bloomberg Terminal.