Feature

Locked Out: Security Leaders Lose Influence (and Sometimes Jobs)

Just when we need CISOs the most, many find their resources and authority-and sometimes the CISO position itself-reduced to zero.

CSO |

What a stark paradox: Just when information security risks are hitting critical levels, some of the profession's best and brightest CISOs are being pushed to the sidelines.

Consider these events reported this past March and April:

  • Hackers stole thousands of customer credit card numbers from BJ's Wholesale Club.
  • Online "phishing" scams separately targeted Wells Fargo and the IRS.
  • GMAC Insurance alerted 200,000 customers to credit data stolen in January.
  • The University of Kansas, the University of Texas, Georgia Tech and Stanford University suffered major information security breaches.
  • Microsoft published security bulletin MS04-011 (which addressed the vulnerability that the Sasser worm exploited a month later).

Now contrast those news items with what was happening in Atlanta, for example, during that same time period:

  • Bob Wynn, former CISO for the state of Georgia, was searching for an executive-level security jop.
  • Bill Spernow and John Hurd, two other former state agency CISOs, were also out of work; Spernow was losing his patience with "CISO" openings that amounted to firewall maintenance.
  • Former state CSO Steve Akridge was doing independent consulting work; he expresses a high level of frustration with some clients' lax attitudes toward information security.
    • Related:
    1 2 Page 1
    Page 1 of 2
    Microsoft's very bad year for security: A timeline