Fortune 500 CISOs. PHOTO: Cybercrime Magazine.

Women Hold 17 Percent of Fortune 500 CISO Positions In 2021

Female representation up 3 percent over last year

– Amanda Glassner

Northport, N.Y. – May 17, 2021

Only 85 Fortune 500 companies have a female CISO (chief information security officer), according to new research from Cybersecurity Ventures.

Representation of women in CISO positions at America’s largest businesses lags behind the rest of the cybersecurity workforce — where women hold a quarter of the jobs globally.

In the top 10 U.S. companies, there is only one female CISO — Chandra McMahon, senior vice president and CISO at CVS Health. McMahon’s been in this role since last April, but her experience as a Fortune 500 CISO dates back to 2015 when she worked for Verizon.

She’s not the only CISO to move between Fortune 500s. So did United Airlines’ Deneen Difore, State Street’s Elizabeth Joyce, and Verizon’s Nasrin Rezai — who formerly worked with GE Aviation, HP, and GE, respectively.

“Success as a female CISO takes curiosity and thinking differently,” Rezai told Cybercrime Magazine last year. “The most successful CISOs are the people who really get integrated in the practices of their companies, and are equally passionate about technology and business strategy.”



As for higher education, 51 percent of female Fortune 500 CISOs have a degree in computer science or a related field. Of them, 25 percent are employed among the 100 highest-ranking U.S. companies.

Cyber success doesn’t only come to those with a background in technology. Over 20 percent of female Fortune 500 CISOs got their start in business, including Lori Havlovitz, senior vice president and CISO at Cardinal Health, and Marene Allison, CISO at Johnson & Johnson.

“Security has strategy, operations, and infrastructure, which really interested me,” Havlovitz said in an appearance on our CISO 500 podcast series. Fortunately, the field’s male-dominated environment didn’t deter her from “deciding to double down and pursue a career.”

Now, Havlovitz is one of just three women in the CISO role at the top 25 U.S. companies. The takeaway? There’s room for women in cyber.

Female representation in the industry is already on the rise. In 2020, women accounted for 14 percent of Fortune 500 CISOs — today, that number is 17 percent, and even higher is the tally of women who occupy all cyber roles globally at 25 percent, up from 20 percent in 2019, and around 10 percent in 2013.

That’s progress, but there’s still a long way to go. With the help of organizations like WiCyS (Women in Cybersecurity), we can crush the field’s gender gap once and for all. 


Cybercrime Radio: Lori Havlovitz, SVP & CISO at Cardinal Health

Lessons in securing healthcare


“The inclusive culture of the cybersecurity workforce is absolutely critical to support the efforts of recruiting, retaining and advancing women in the field. We are honored to connect and partner with so many Fortune 500 CISOs to collectively tackle the cybersecurity workforce shortage and create opportunities for all,” declared Lynn Dohm, executive director of WiCyS.

The Cybersecurity Ventures research consisted of listing every company on the 2020 edition of the Fortune 500, and then compiling the CISO (or equivalent title) for each. We verified almost all CISOs based on their LinkedIn profiles. Another biographical source was used when a CISO could not be identified on LinkedIn.

There is a minimal but acknowledged margin of error in our study based on variables such as CISO departures and new hires since compiling the data, inaccurate LinkedIn profiles or other biographical sources, a percentage of equivalent titles when “CISO” was not present in a title, and companies where a CISO could not be identified and instead we listed a backup contact with duties consistent with a CISO.

To see the entire CISO 500 List, visit CISO500.com.

Amanda Glassner is a staff writer and reporter at Cybercrime Magazine.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.