Suzanne Vautrinot’s impressive cybersecurity experience has been in high demand since she retired from the U.S. Air Force in October 2013. As a major general and commander, she helped create the Department of Defense's U.S. Cyber Command and led the Air Force's IT and online battle group.
In the past year alone, she has fielded “more than a handful” of phone calls from company executives and recruiters who hope to attract her to their board of directors, but she doesn’t jump at every opportunity. She has turned down board positions “more than once” because she perceived that the company wasn’t committed to cybersecurity initiatives or that she wouldn’t be active in any board matters beyond security.
“You want to do your due diligence and ask is this a company I can be proud to be associated with?” says Vautrinot, who is also president of Kilovolt Consulting in San Antonio.
Today she sits on the boards of five carefully chosen, diverse companies, including Wells Fargo, Parsons Corp., Ecolab, Symantec and Battelle Memorial Institute. When it comes to choosing what board position to accept, “you want to know that there’s a seriousness about all the areas where you will be contributing,” she says.
Many board-worthy cybersecurity professionals share the same concerns – just as demand for their talents gains momentum.
“There’s a significant increase in inquiries we’re getting [for board positions] in the IT and cybersecurity space,” says Tom Daniels, lead director of the board services practice at executive recruitment firm Spencer Stuart. Companies in every sector now experience cybersecurity issues, and as boards think about refreshing the skill sets they need, cybersecurity, which wasn’t even on their radar five years ago, is suddenly at top of mind, he says.
What’s more, boards are looking for hard-to-find cyber superstars. “There’s a finite number of people that have the requisite skill set, the gravitas, the seasoning and the interpersonal skills, that know how to navigate not only at a day-to-day executive level but then be able to style-flex into a board room,” Daniels says.
So it’s no surprise that “board candidates are getting quite picky,” says Mike Dickstein, a consultant in the technology practice at Spencer Stuart. They don’t want to be the security scapegoat, and they don’t want their expertise to fall on deaf ears with the board, he adds.
“They know that joining a board as ‘the cybersecurity expert’ puts them in a unique position at least for reputational risk if something were to happen at that company from a cybersecurity standpoint,” Dickstein says. “They want to make sure that they’re not being set up as the fall guy, that the company has a true commitment by the board and the management team toward managing security, that leadership has a clear and consistent understanding of the risk relative to that business, and that cybersecurity is going to be appropriately funded and resourced. If they don’t see those things in place,” they may not want to risk their reputation on the company, he says.
Sign up for CIO Asia eNewsletters.