24 Jun 14 Percent Of Fortune 500 Chief Information Security Officers Are Women
Roll call of CISOs at the largest U.S. companies
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Jun. 24, 2020
Women hold 20 percent of all cybersecurity positions globally, but they are underrepresented in CISO (chief information security officer) roles at large enterprises.
Cybersecurity Ventures tallied the female CISOs at Fortune 500 companies – and the number is 70, or 14 percent.
In 2018, Forrester Research ventured an estimate that women would hold 20 percent of the Fortune 500 jobs by 2020, up from what they figured was 17 percent in 2017. The rationale was sound but of course not all predictions come true.
There is not one woman in the CISO role at the 10 largest U.S. companies, and only one in the top 15 — Lori Havlovitz, senior vice president and CISO at Dublin, Ohio based Cardinal Health, a global, integrated healthcare services and products company. Havlovitz joined Cardinal Health more than 23 years ago, and she’s been in the CISO role since last October.
Cybercrime Radio: Deneen DeFiore, VP & CISO at United Airlines
How one of the top CISOs earned her wings
In terms of higher education, 48 percent of female Fortune 500 CISOs earned a bachelor’s degree or comparable in computer science, compared to 36 percent of males. 43 percent of female Fortune 500 CISOs earned a master’s degree, compared to 37 percent of males.
The Cybersecurity Ventures research consisted of listing every company on the latest edition of the Fortune 500, and then compiling the CISO (or equivalent title) for each. We verified almost all CISOs based on their LinkedIn profiles. Another biographical source was used when a CISO could not be identified on LinkedIn.
There is a minimal but acknowledged margin of error in our study based on variables such as CISO departures and new hires since compiling the data, inaccurate LinkedIn profiles or other biographical sources, a percentage of equivalent titles when “CISO” was not present in a title, and companies where a CISO could not be identified and instead we listed a backup contact with duties consistent with a CISO.