Bringing more women infosec experts into boardrooms has become an imperative as cybersecurity risks grow by the day. But statistics show only about a quarter of U.S. board positions are held by women.
Synack teamed up with cosponsor Nasdaq to host a panel discussion in San Francisco during RSA featuring five women leaders in cybersecurity who hold nearly two dozen board roles at publicly traded companies, private enterprises and nonprofit organizations.
Each year during the RSA conference, Synack holds a breakfast event to promote women’s engagement with the cybersecurity field. Infosec leaders can help break down barriers to entry for other women by sharing what their roles entail and any obstacles they had to overcome. The goal of this year’s gathering was to tackle an urgent question: How can we get more women into the boardroom?
“Bringing women together like this for conversations about how to navigate these possibilities that aren’t on our daily radar – I think it’s very meaningful,” said Suzanne Kelly, CEO of The Cipher Brief, who moderated the panel.
Joining Suzanne onstage at the Fogo de Chão restaurant steps away from RSA were:
Bethany Mayer, Chairman of the Board of Box, Former President and CEO of Ixia
Jeanne Tisinger, Former CIO of the CIA, Board of Directors at C5 Acquisitions Group, Senior Advisor for Mastercard, Board Director
Ann Johnson, Corporate Vice President, Microsoft Security Business Development, Board Member
Shailaja K. Shankar, SVP of Engineering, Cisco, Board Member
“What board members do is help affect strategy, maybe co-create it, open up markets, provide in areas where you have deep expertise, provide mentorship and coaching, and when crises happen, provide a calm and steady hand as a partner with the companies,” said Tisinger.
She described her own path to the boardroom as a “tale of two seasons” – first, with a distinguished career in the U.S. intelligence community, and next, in building a portfolio of board service.
As for Mayer, who led computer networking company Ixia to a successful sale to Keysight Technologies Inc. in 2017, joining a board came down to finding something “that would help me do my job more efficiently and better, and also bring a wider perspective.”
That drove home a recurring theme during the panel: Joining a board is a two-way street. Finding the right fit for both parties is important.
“My whole career has been very enterprise-focused; I knew nothing about the [small and midsize business] space,” said Johnson, who now sits on the board of software company N-Able in addition to holding a number of other private and nonprofit board roles. “Joining boards was a real learning experience: I look for things I can learn outside of Microsoft.”
The panelists acknowledged that sitting on a board can amount to a fulltime job – particularly for those who hold chair positions or lead committees. But that effort can still be worth it.
“I was so busy with my current job, I was thinking, ‘I don’t have the time to do this,’” Shankar said, recalling her own path to landing her first board seat for a publicly-traded company. “Most of us are more ready than we think… You have a lot of experience and expertise; taking that to a board is worth considering.”
Women need not hold a CEO title to qualify for board service.
“Boards have expanded in terms of the ways they think about who should be on a board, which is where you all come in,” Mayer said, gesturing to the audience. She cited a strong demand for varied skills needed to run a company successfully, including HR, sales, go-to-market, technology, and leading with diversity and inclusivity in mind.
“And finally, most importantly for this room: cybersecurity,” Mayer added. “We live and breathe this, but a lot of companies don’t, and then they get attacked. They have a ransomware attack, a big breach, lose all their IP or personal information, and that’s a big wakeup call for them.”
Mayer pointed to an anticipated Securities and Exchange Commission ruling requiring disclosure of board members’ cybersecurity skills. The upcoming regulations could force many publicly traded companies to play catchup.
The need for diversity in the boardroom runs deeper than drawing in more women to the highest levels of corporate strategy. Several panelists spoke to the importance of mentoring people from diverse nationalities, ethnicities and abilities when looking ahead to the next generation of cybersecurity leaders.
Tisinger said she is very intentional about who she chooses to work with as a mentor. “And I’m unapologetic for spending more time mentoring people from underrepresented populations.”
There’s also an important distinction between mentorship and sponsorship, with the latter coming from people who can directly offer the next big career break, whether that be a new job or even a board role.
“There’s an expression that women are over-mentored and under-sponsored,” Johnson said. She encouraged audience members looking to advance in cybersecurity to resist the urge to downplay their accomplishments in the name of humility. “Make sure people know you’re really good at your job, and then you’ll earn that sponsorship.”
For more information about how Synack is taking on the talent gap in cybersecurity, click here.