The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.
CSO’s Movers & Shakers is where you can keep up with new senior level security executive appointments and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.
February 12, 2018: Equifax names Jamil Farshchi as new CISO
Farshchi, who previously served as CISO at The Home Depot, will assume company-wide leadership of work already underway to transform the company's information security program and collaborate with the industry to share best practices on information security. He will be based in Atlanta, Georgia, and report directly to the CEO.
"We are pleased to welcome Jamil to our team and confident that he possesses the talent and skillset needed to continue our journey toward developing industry-leading security practices and, ultimately, to help us regain trust with consumers and customers," said Paulino do Rego Barros, Jr., interim CEO at Equifax, in a press release. "Jamil has a reputation for helping enterprises rebuild and fortify information security programs. His expertise in risk intelligence and cybersecurity combined with his intimate knowledge of industry best practices will allow us to design and deploy a best-in-class, global security strategy to re-establish ourselves as a trusted leader."
Prior to his role at The Home Depot, Farshchi was the first global CISO at Time Warner, where he brought to bear risk-management techniques from the financial and government sectors to develop a model security program for the media and entertainment industry. Before that, Farshchi was the vice president of global information security at Visa, where he developed and implemented the firm's first global information security strategy; led efforts in mobile security, identity, and big data; and transformed its security program into a recognized global leader.
"Equifax is a company with tremendous potential, and I am confident that we will transform our security program into one of the most advanced and recognized globally," said Farshchi in a press release. "I am grateful for this new challenge and am looking forward to enabling the business with new insights, a fresh perspective, and a multi-dimensional way of thinking about global data stewardship and information security.“
February 12, 2018: ThreatModeler Software hires David Nester as CSO
Nester joins ThreatModeler Software, Inc., a provider of an automated threat modeling platform, after serving as the global director of Fortify on Demand at Hewlett Packard Enterprise. “I was truly impressed with the ThreatModeler Platform,” said Nester in a press release. “When the ThreatModeler team demonstrated their automated platform and how it accurately identifies 99% of the potential static and dynamic application vulnerabilities before a single line of code is even written, I knew instantly this was the solution many organizations need.”
Nester is an accomplished information security leader with 20 years of experience and success in fulfilling mission-critical security objectives and goals, and directing global technology teams. At Hewlett Packard, he managed the global team of application security experts. Nester offers advanced capabilities in application security and risk management combined with a deep understanding of the intersection between technology, business, and operational needs.
February 9, 2018: Thesys CAT LLC appoints Vas Rajan as CISO for consolidated audit trail
Rajan will be responsible for ensuring security compliance of the CAT System and evolving and executing cybersecurity programs as the CAT platform advances from build to live along with its continuous development and optimization. He will also be responsible for partnering with the CISOs from the self-regulatory organizations (SROs) to ensure the highest standards of security across the CAT System.
Mike Beller, CEO, Thesys Technologies, said in a press release, "Security has been at the forefront of our design and strategy for the CAT system from the beginning, and one important key to success is ensuring there is a well-rounded leader to oversee all the security aspects of the CAT, both before it goes live, and once it is operational. We are pleased that, together with the SROs, we have found an exceptionally talented candidate like Vas, who is highly capable of securing the system and working with the multiple stakeholders within CAT to deliver best in class security practices."
Rajan joins Thesys CAT with over 20 years of IT experience within the financial services industry. Most recently he served as CISO and business continuity officer of CLS Bank, the member owned FX market utility, where he was responsible for the security strategy of the company in accordance with all requirements of a financial market utility, designated as systemically important by the U.S. government. Prior to CLS, Rajan was head of security and privacy officer of ING Direct USA, a major retail bank and brokerage.
February 6, 2018: Armored Things adds Elizabeth Carter as CSO
A specialist in threat and risk assessment, crisis management and response, and emergency program management, Carter will work with Armored Things customers to bridge the gap between cyber- and physical security. The company develops software that protects large public and private facilities and venues against risks and threats.
Prior to joining Armored Things, Carter led crisis management for the Americas at Apple, Inc., where she was responsible for responding to incidents and protecting the company’s operations, personnel, and facilities throughout North and South America. Her experience also includes senior director with The Chertoff Group in Washington, DC, where she worked with public and private sector clients on issues related to counterterrorism, cyber security, crisis management, health preparedness, and infrastructure protection.
“Elizabeth has been a friend and trusted colleague for years, and our team couldn’t be more thrilled to have her aboard,” said Armored Things CEO Charles Curran in a press release. “Given her experience that bridges the gap between physical and cybersecurity, she is uniquely qualified to help our clients leverage technology to reduce risks and respond more quickly and effectively to emergencies.”
February 6, 2018: Mario Duarte joins Snowflake Computing executive team as VP of security
Duarte has extensive experience deploying product and company-wide security programs and will continue to advance the industry- and country-specific customer security requirements for Snowflake, a cloud-based enterprise data warehouse provider.
“Mario’s industry leadership will be crucial to accelerating product innovation, enhancing our go-to-market strategy and advancing our enterprise-grade security for customers to help enterprises uncover maximum value from their data,” Snowflake CEO Bob Muglia said in a press release.
Duarte has worked in the retail, health care, and financial sectors for two decades. He has built and managed security teams, developed and implemented security programs and has managed PCI and HIPAA compliance initiatives for medium and large organizations.
“Security has been a pillar of Snowflake’s architecture and culture since day one and it’s what drives us to embrace strong security safeguards in all facets of our business,” Duarte said in a press release. “This strong security ethos empowers us to protect our customers valuable data assets against existing and emerging security threats. Snowflake’s cloud-built data warehouse-as-a-service is uniquely designed to meet rigorous compliance requirements such as FedRAMP, which in turn help to accelerate our customers’ compliance initiatives.”
January 19, 2018: MedSec names Stephanie Domas as VP of research
Domas will responsible for the introduction of MedScan, which allows hospitals to assess the cybersecurity status of the medical devices on their networks. She is widely recognized as one of the leading experts in healthcare cybersecurity, having contributed toward national security guidance and standards for medical devices, authored dozens of industry articles, and presented at major conferences.
“Stephanie has done a tremendous job bridging the gap between hospital executives and medical device makers so that both audiences have a better understanding of the challenges and complexities they each face,” said Justine Bone, CEO of cybersecurity software provider MedSec, in a press release. “For a long time, these groups have been working in relative isolation despite having common ground – both want the medical equipment to operate effectively without the risk of cyber intrusions – to the benefit of patients.”
Domas was previously the director of product security at Battelle. At MedSec, she will facilitate collaboration between manufacturers and hospitals, and help them work through pain points on both sides. “I’ll be leading a MedSec team that will help hospitals assess the state of the devices on their networks and facilitate with the medical device manufacturing community to determine the most effective and efficient solutions,” said Domas in a press release.
Domas is an active member of the UL2900, UL5500, AAMI TIR-57, and AAMI TIR-97 standards committees, shaping industry best practices and security standards for medical devices. She is a registered Professional Engineer (PE) in the state of Ohio, and a Certified Ethical Hacker (CEH). She was recently named a 2017 Influential Women “One To Watch” by the Executive Women's Forum, the largest member organization serving emerging leaders as well as the most prominent and influential female executives in the Information Security, Risk Management and Privacy industries.
January 19, 2018: Paytm Payments Bank appoints Nitin Chauhan as CISO
Chauhan will set up and enhance Paytm’s enterprise security strategies, infrastructure, and network design. He will also secure links with partner banks and financial services, and he will oversee regulatory compliance with an emphasis on building a security framework for all Paytm Payments Bank customers.
Chauhan has two decades of infosec experience. Before joining Paytm, he served as the CISO at RBL Bank for more than six years. Prior to that, Chauhan worked with Kotak Bank and other financial institutions. He graduated in Commerce from Delhi University and holds an MBA degree in IT and International Business. He is a CISA professional and is a certified Lead Auditor from BSI for BS 25999 and Lead Implementer for ISO27001 security standard.
January 18, 2018: Susan M. Viveiros named VP, information security officer at BankNewport
Viveiros will be responsible for the development and implementation of BankNewport’s information security, vendor management, and business continuity programs. She comes to BankNewport from HarborOne Bank in Brockton, Massachusetts, where she served as vice president, information security officer.
Viveiros is a Certified Information Security Manager (CISM) and Certified Information System Auditor (CISA). She is also Global Information Assurance Security Essentials certified. Viveiros completed the Bryant University Executive Development Center Business Continuity Program and is currently pursuing certification as a chief information security officer from the International Council of E-Commerce Consultants.
January 16, 2018: HaystackID hires Lee Neubecker as CISO
Neubecker will join the executive team at HaystackID LLC, an international end-to-end litigation support, forensics and managed services provider. With both a Certified Information Systems Security Professional (CISSP) and master of business administration (MBA), he boasts a range of technical acumen and experience.
From 2000 to 2016, Neubecker served as president and CEO of Forensicon, Inc., which he founded. He led a team of experts and helped establish his firm as the premier computer forensics firm in the midwest, handling complex investigative and litigation matters including white collar crime, trade secret misappropriation, data breach incident response and various employment litigation matters.
In addition to providing eDiscovery, forensics, litigation support, and data recovery consultation to a wide variety of entities, Neubecker acted as an expert witness and renowned digital sleuth. “Lee’s exceptional understanding of computer forensics, systems and management has made him one of the premier leaders in this industry,” said Haystack president and CEO Kevin D. Glass in a press release.
January 14, 2018: DataBank appoints Mark Houpt CISO
Houpt will drive DataBank's information security and compliance initiatives to ensure that the company's solutions meet rigorous and changing compliance and cybersecurity standards. He is responsible for developing and maintaining the company's security program roadmap and datacenter compliance programs.
Houpt brings more than 25 years of extensive information security and information technology experience in a wide range of industries and institutions. He holds an MS-ISA (Masters Information Security and Assurance), numerous security and technical certifications (CISSP, CEH, CHFI, Security +, Network+), and he is qualified for DoD IAT Level III, IAM Level III, IASAE Level II, CND Analyst, CND Infrastructure Support, CND Incident Responder, and CND Auditor positions and responsibilities. Houpt is an expert in understanding and the interpretation of FedRAMP, HIPAA and PCI-DSS compliance requirements. Mark is an active member of ISC2, ASIS International, COMPTIA, IAPP, and ISACA, among other leading national and international security organizations.
January 4, 2018: Centra Tech hires Enrique Perez as CISO
Perez spent the last 15 years with VISA, mostly recently as the senior information security and compliance officer for Global Service Operations. Centra Tech, which sells cryptocurrency products, expects Perez to apply his payment card expertise to enhance the security if its Centra Wallet and Card platforms.
Perez previously held the titles of director of external penetration test team and director of information security for VISA Latin American Region. He has been responsible for managing operational and security risk for more than 100 Global Customer Support Services contact centers through identification of risk exposures and examination of controls effectiveness to calculate residual risk. He was also responsible for ensuring adherence to VISA internal policies, PCI—DSS standards, domestic and international regulations (including GDPR, Security Shield and PIPEDA).
December 21, 2017: Jenner Holden promoted to CISO at Axon
Holden assumes his new role in January and will support strategic business initiatives for Axon, a provider of connected law enforcement technologies. Previously senior vice president of information security, Holden will continue to oversee the information security program that protects Axon's systems and products, including the Evidence.com platform. Since joining Axon in 2013, Holden has been instrumental in building a company-wide culture of security. He has more than 12 years' experience evaluating and managing enterprise-level information security programs.
"We're thrilled to have Jenner join the leadership team given his dedication to making the Axon network strong and secure for our customers,” says Rick Smith, Axon CEO and founder, in a press release.
December 15, 2017: Mark Lohman promoted to CISO at Grainger
Since he joined Grainger in 2014 as senior director of information security and business continuity, Lohman has played an important role in establishing and maintaining the company's cybersecurity vision and collaborating with customers, Grainger leadership, and the board of directors on security-related matters. Lohman also serves as the HIPAA Security Officer at Grainger, a supplier of maintenance, repair, and operating (MRO) products serving businesses and institutions.
"Mark has decades of experience in information security, and we are excited to announce his new role as Chief Information Security Officer," said Greg Harman, Grainger vice president and CIO, in a press release. "Cyber threats are constantly evolving at the same time our company information must become more accessible and mobile for our customers, suppliers and team members. This means companies need to prioritize vigilance and awareness to realize information security. Strengthening our commitment to cybersecurity demonstrates to all of our partners that Grainger plays an active role in securing sensitive data and our systems, and enables Grainger to be a reliable and trusted partner."
Prior to joining Grainger, Lohman spent more than 20 years leading and training security teams, managing incident response issues, and delivering security solutions to large global companies across several industries, including aerospace and defense, energy, financial services and healthcare.
December 13, 2017: Trapp Technology hires Jim Mapes as CISO
Mapes is expected to grow and build on the existing security services suite at this Phoenix-based provider of IT, voice, and cloud hosting solutions, with an increased focus on providing cybersecurity assessments and security managed services for mid-market to enterprise-level businesses.
“I’ve been impressed with Trapp Technology’s success in the managed services market, and I firmly believe that the company is well-poised to lead the cybersecurity services mid-market with smart, business-driven solutions,” said Mapes in a press release.
In his 25-year career in IT, Mapes has 19 years in information security and 14 years in senior leadership roles, of which eight were as CISO. He has acquired a unique matrix of experience in cybersecurity thought leadership including designing Information security programs and operations, advising executive teams and boards, as well as deep technical experience performing forensic investigations, intrusion testing, and incident response. Mapes has worked extensively with healthcare companies and providers to secure patient medical records and meet HIPAA compliance.
December 12, 2017: Anthony Dupree named to joint CIO/CISO role at CareerBuilder
In his dual role, Dupree oversees infrastructure, development opportunities, cloud, and security to ensure that CareerBuilder clients and users are protected in a safe ecosystem. He is responsible for directing CareerBuilder's global IT and information security vision, policies and programs to execute a state-of-the-art defense.
"Employers need to be hyper-vigiliant in today's environment where there is a large and growing number of cyber threats," said Irina Novoselsky, president and COO of CareerBuilder in a press release. "A key focus for CareerBuilder is providing the most comprehensive security in the industry, and having Anthony on board underscores our commitment to anticipating and proactively addressing future vulnerabilities. Anthony is an established thought leader with deep expertise in building watertight security and technology, and his unique role will set new standards for the industry."
"One of the reasons why I was drawn to CareerBuilder is that security is not just a priority for the organization, it is ingrained in the company culture," Dupree said in a press release. "At the core of CareerBuilder's structure is an in-depth, multi-layered defense model that combines the power of people, technology and operations to ensure the company and its partners are protected. This model puts us in the best position to safeguard against outside threats, and I look forward to building upon it in exciting new ways."
Before joining CareerBuilder, Dupree served as the CIO and CISO of Novitex. He also held senior roles at McGraw-Hill Education, Elizabeth Arden, and Toys R Us, managing global enterprise IT security, network infrastructure and risk and compliance programs. Dupree is also a decorated Army Reserve Officer who served for 28 years before retiring as a Lieutenant Colonel.
December 11, 2017: John Ramsey named CISO at National Student Clearinghouse
In this newly created role, Ramsey is responsible for the overall organizational security strategy, security program oversight, and security architecture development, including all data and information security policies, standards, evaluations, roles, and organizational awareness for the Clearinghouse.
Ramsey was formerly the CISO for the U.S. House of Representatives and members of Congress, which has 950 sites across the entire United States and associated territories. In March 2017, he was selected as one of the top 100 CISOs globally, only one of two government CISOs selected.
He has worked in the IT security field for more than 25 years, including security operations for the Department of the Army and Department of State, and as the CISO for the Federal Retirement Thrift Investment Board, which oversees the world's largest defined contribution retirement plan at $480 billion for 4.8 million people.
While in the U.S. Army for 11 years, Mr. Ramsey was an intelligence and security analyst with concentrations on Russia, Eurasia, Iraq, and Iran, and served as a senior enlisted security advisor for the NATO military commander at Supreme High Allied Powers in Europe. Mr. Ramsey holds a bachelor’s degree in information systems management from the University of Maryland and a master’s degree in management information systems from the University of Central Florida.
November 21, 2017: Protegrity names former IBM director Hira Advani as VP and CSO
As Protegrity’s VP and CSO, Alliances and Services, Advani will evangelize the importance of security to influence customers and partners. He was most recently an IBM director and software chief security compliance officer. In that role, Advani consulted and collaborated with C-suite executives and board members at global brands to help them build a culture of cyber risk awareness and preparedness. He is a graduate of the Indian Institute of Technology (BS) and the Georgia Institute of Technology (MS). Advani is also a member of IEEE and FIRST Forum for Incident Response for Security Teams.
“As Tina Fey put it, ‘Being a good boss means hiring talented people and then getting out of their way,’ and I am delighted to have him lead the initiatives of the Protegrity’s Professional Services and Alliances teams, both of which are fueling our company’s current and projected growth,” said Suni Munshani, Protegrity CEO, in a blog post on the company website.
November 14, 2017: New LookingGlass CSO Jeremy Haas and CRO Michael Taxay appointed to executive leadership team
LookingGlass Cyber Solutions, a provider of threat intelligence-driven security, has hired two cybersecurity professionals to join its executive leadership team: Michael Taxay as chief risk officer (CRO) and general counsel, and Jeremy Haas as CSO. They join the company to help prevent cyber attacks by operationalizing threat intelligence and delivering unified threat protection solutions to government organizations and corporate enterprises.
“I am enthusiastic about the impact that Mike and Jeremy will have on the company,” said LookingGlass CEO Chris Coleman in a press release. “LookingGlass is dedicated to leading and innovating the threat intelligence solutions market, and their additions will undoubtedly have a positive effect on the evolution of our portfolio and the organization at large.”
Taxay joins LookingGlass after a distinguished career in both the public and private sectors. He recently retired from the FBI Cyber Division as a member of the senior leadership team responsible for the Bureau’s counter-cyber intrusion program. Taxay previously served at the Department of Justice as acting director for Cyber Counterterrorism and Financial Enforcement, and as deputy chief of the Counterterrorism Section. At LookingGlass, Taxay will be responsible for the governance of significant risks impacting the company including strategic, reputational, and operational. He will also be the company’s primary legal advisor and serve as an industry thought leader.
Haas has spent the past 24 years at the Central Intelligence Agency (CIA) and U.S. Air Force (USAF) supporting intelligence activities. Haas is a recognized cybersecurity expert, having served at the CIA’s Center for Cyber Intelligence within the Directorate of Digital Innovation. There he led and participated in cyber operations, engineering and analysis activities in support of intelligence, counter intelligence, and covert activities. Haas will lead the company’s internal cybersecurity strategy and aid in the development of advanced threat detection and mitigation products.
November 14, 2017: Dave Parsons named CISO at Abacus Group
By joining this IT solutions provider for alternative investment firms, Parsons brings over 25 years of experience in the IT and security fields. He has worked for some of the largest financial services firms in the world, including Barclays, Deutsche Bank, Citibank, and Macquarie Bank.
“Cybersecurity is and will continue to be the most vital aspect of IT. Having someone of Dave’s caliber join our executive management team is a sign of our continued commitment to being a leader in our industry,” said Chris Grandi, CEO of Abacus Group in a press release.
Parsons will be responsible for the overall strategy and direction for security services at Abacus Group. “I am excited to join such an innovative company with a stellar reputation for service and look forward to working with the team on further enhancing their already extensive cybersecurity offering,” said Parsons in a press release.
Parsons has a master’s degree in information technology from Harvard University and is a Certified Information Systems Security Professional (CISSP). He has extensive knowledge and expertise in developing and managing information security programs and policies against compliance and regulatory requirements.
November 13, 2017: Allan Alford joins Forcepoint as CISO
Alford will lead the global cyber security firm’s corporate security and governance program, including the implementation of the company’s internal user and data protection program for 2,700 employees worldwide. As Forcepoint’s CISO, he will play a key role in leading the compliance and certification efforts for the company’s security offerings and partners with engineering teams to drive best practices and real-world learnings into security product development. Alford reports to Meerah Rajavel, Forcepoint, chief information officer, and is based in the Austin, Texas headquarters.
“The security industry is at an inflection point, where customers and vendors must partner to build solutions that can bring visibility to risky behavior or abnormal data usage as the means to stop headline-grabbing data breaches,” said Meerah Rajavel, CIO at Forcepoint in a press release. “Allan understands that a new paradigm must be applied to people, process and technology to adequately address these emerging security threats.”
With more than 25 years of IT and security experience, Alford joined Forcepoint from Pearson, where he was product and business information security officer. Prior to that, Alford held various IT and security positions at Polycom, where he built and managed the product security program and served most recently as CISO.
“The human point is an exciting frontier that presents both potential for business value and risk for an enterprise or government agency,” said Alford in a press release. “By combining human-centric security with a modern view on IT, HR and compliance programs, companies like Forcepoint can help employees and partners understand the critical role they play in defending against cyberattacks and protecting sensitive information assets. Instead of operating in silos of business units, IT and corporate functions, we have to look at cybersecurity through the lens of ‘everyone to the defense’.”
October 19, 2017: Egnyte co-founder Kris Lahiri takes on new data protection officer role
As data protection officer (DPO) at the cloud provider of smart content collaboration and governance, Lahiri will be responsible for continuously monitoring Egnyte's regulatory compliance with the new General Data Protection Regulation (GDPR). He will act as the main point of contact for the EU Commission during any audits or reviews.
"With so much more at stake under GDPR, we believe that all organizations should make the necessary moves to ensure complete compliance with the new rules and regulations, including appointing a DPO," said Lahiri in a press release. "My team and I take tremendous pride in implementing proper procedures and protocols to ensure Egnyte's compliance with all regulations, not just the GDPR, and we will continue to make sure all of the data we handle is properly managed and secured."
Prior to Lahiri's appointment, he served as Egnyte's CISO, responsible for creating and implementing global information security strategies that protect all customers' content and users. Prior to Egnyte Lahiri spent many years leading the design and deployment of large-scale infrastructures for Fortune 100 customers Valdero and KPMG Consulting.
October 18, 2017: Gene Fredriksen moves from CISO to chief information security strategist at PSCU
Fredriksen’s new role is part of an effort at the largest credit union service organization (CUSO) in the U.S. to further strengthen its information security and compliance (IS&C) teams. In this newly created role, Fredriksen will report on several strategic functions primarily focused on relating PSCU’s perspective and stance on cybersecurity to existing clients, prospective clients, consultants in the credit union space and the industry as a whole.
Fredriksen has over 25 years of information technology experience, with the past 20 focused in information security. He joined PSCU in 2013. Since then, he has grown the IS&C teams and service offerings, implemented advanced tools and processes, and advanced PSCU’s relationship with numerous partners. His previous roles include global CISO for Tyco International, VP of technology risk management and CSO for Raymond James Financial, and adviser on various cybersecurity steering committees for the administrations of George W. Bush and Bill Clinton. Fredriksen has served on the R&D committee for the Financial Services Sector Steering Committee of the Department of Homeland Security and was recently appointed to represent credit unions in the Global Forum to Advance Cyber Resilience.
“PSCU’s Information Security & Compliance teams have evolved into a world-class operation, and this is in large part thanks to Gene’s leadership,” said David Bryant, PSCU’s newly appointed CISO, in a press release. “I look forward to working closely with Gene and the rest of the IS&C teams to ensure the highest level of service and security for our Member-Owners and their members alike.”
October 17, 2017: Ely Pinto joins Leumi as CISO
In this role, Pinto is responsible for leading and executing the bank’s information and cybersecurity programs, and will also be tasked with redeploying an end-to-end information security program. Pinto reports directly to Martin Droney, Leumi’s chief operations and technology officer. The two will work together on developing and expanding the bank’s established information and data security culture with a risk-based approach.
“Cybersecurity is a critical area of focus at Leumi, and we are pleased to have Ely on board as we continue to build our bank-wide information security infrastructure,” said Droney in a press release. “Ely’s extensive experience in financial services and technology will bolster Leumi’s information security efforts at a time when banks need to be hypervigilant in the face of heightened cyber activity.”
Pinto brings more than 20 years of leadership experience in providing security solutions at large financial and corporate institutions. Most recently, he spent 12 years as an information security specialist at Sumitomo Mitsui Banking Corporation, where he had also previously served as a solutions architect. In these roles, he was responsible for developing the strategic direction of the bank's cybersecurity program and the overall security of bank systems, data and networks. Pinto also led the design and implementation of new security technologies and spearheaded security integration and risk mitigation efforts across all technology platforms and business applications, including cloud-based technologies.
October 9, 2017: John O’Driscoll named first CISO of Australia’s Victoria state
The appointment of a CISO is part of a shift in Victoria’s cyber security strategy from an agency-by agency approach to a whole-of-government approach, to better protect public services and information. As CISO, O’Driscoll will focus on leading collaboration across Victoria’s departments and agencies helping with ongoing work to assess, monitor and respond to cyber security risks, as well as engaging with Commonwealth and private sector experts to deliver a resilient and cohesive cyber security environment.
Other key actions from the Cyber Security Strategy that will be led by the CISO include:
- Develop cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services
- Strengthening partnerships across all levels of government and the private sector to share best practice, intelligence and insights
- Rationalizing and better coordinating the procurement of proven cyber security services
- Developing a workforce plan to attract, develop and retain skilled cyber security public sector workers
- Presenting a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and Resilience Committee, so government is better informed of cyber security issues and assessments.
“John O’Driscoll’s extensive experience working across information technology and cyber security make him ideally suited to be Victoria’s first Chief Information Security Officer, as we seek to secure government services,” said Special Minister of State Gavin Jennings in a press release.
October 3, 2017: Former Salesforce CSO Brendan O’Connor named ServiceNow security CTO.
O’Connor will lead ServiceNow’s efforts to help enterprises rethink security operations and reduce business risk. ServiceNow Security Operations enables customers to connect security and IT teams, respond faster and more efficiently to threats, and get a definitive view of their security posture. O’Connor will help ServiceNow introduce automation to the security response workflow, elevate the role of security teams, and better orchestrate threat response.
Before joining ServiceNow, O’Connor spent 10 years at Salesforce where he led Salesforce's global information security organization as CSO. Prior to his role as CSO, O’Connor was vice president of product security at Salesforce. He has also worked in the financial services and communications sectors as a vulnerability researcher, security engineer, and privacy advocate.
“I joined ServiceNow because I want to help enterprises rethink security operations and how they manage risk in the age of cloud computing,” said O’Connor in a blog post. “We can provision infrastructure with the press of a button and deploy workloads to the cloud in minutes. Our security operations need to keep up. As a former CSO, I am acutely aware of how important it is to respond quickly to new threats and scale security to meet the needs of the business.”
September 28, 2017: Societe General appoints French air force general Antoine Creux as CSO
Creux joins Societe Generale in the newly created role to help improve bank’s defenses against cyber attacks and to mitigate other risks. Prior to Societe Generale, Creux spent 38 years with the French Defence Ministry, and he was named Chief Inspector of the Armed Services in 2015. Creux will also serve as a member of the bank’s management committee. "In a time of increasing challenges in terms of safety for assets, individuals and information systems, his mission will be to ensure that Societe Generale continues to adopt the most appropriate strategic and operational answers to protect the Group's assets," the bank said in a press release.
September 27, 2017: Phillip Mazzocco joins Peraton executive team as CSO
Mazzocco is expected to lead Peraton’s compliance programs and ensure the safety of its employees, data, and assets. “Phil brings to Peraton more than 20 years of experience providing industrial security for Fortune 500 companies,” said Stu Shea, Peraton CEO, in a press release. “He understands full-spectrum security – the complex interplay among such aspects as risk management, crisis management, program security, international operations, training and insider threat.”
Mazzocco comes to Peraton from Leidos, where he served as vice president, Sector Security, leading security operations across a multi-customer $4 billion portfolio of national security programs. Most recently, he managed the security team fundamental to the multi-billion-dollar modernization of the Defense Healthcare Management Systems for the Department of Defense. He also served on the Board of Directors for the Industrial Security Working Group.
Mazzocco earned his Bachelor of Arts degree in history from the John Carroll University and completed Master of Arts coursework in Central Eurasian studies at Indiana University.
September 21, 2017: McDonald’s names Timothy Youngblood CISO
Youngblood will lead global food service retailer McDonald Corp.’s global information security organization. Reporting to the executive VP of operations, digital and technology, he will work closely with the McDonald's senior leadership team and board of directors to drive information security strategy and operations. Youngblood oversees risk management and brand protection on a global scale for the company.
He has 30 years of industry experience ranging from cyber security strategy and operations, product security, IT audit, disaster recovery, risk assessment, and management consulting. Youngblood has served in multiple industries across his career including financial services, healthcare, oil/gas, retail, and manufacturing.
Prior to McDonald's, Youngblood was the CISO for Kimberly Clark Corp., and was also the CISO for Dell, Inc. Timothy has held leadership roles at KPMG LLP, EDS, and Siemens Medical Services. He serves on the top security boards in the industry and has been recognized as a top ten CISO leader and 100 top global CISO’s in the industry.
“McDonald’s is rapidly transforming into the next wave of customer experience and digital platforms,” says Youngblood. “The leadership recognizes the importance of maintaining customer loyalty and trust with cyber security and information risk management being critical foundational elements. I’m proud to lead the organization that supports this for one of the leading brands globally.”
September 21, 2017: James Donnelly appointed CISO of fscom
As CISO at fscom, which provides regulatory advisory services to UK financial institutions, Donnelly will be responsible for helping clients understand and meet their obligations to protect and uphold the data rights and freedoms of their customers and employees. With the introduction of a second Payment Service Directive (PSD2) in the new year and applications for re-authorization opening in October, Donnelly will also work directly with firms to identify what sensitive payment data they are holding and the sufficiency of their information and technology security.
With 13 years' experience as an IT and information security manager, Donnelly is an expert in guiding companies through the process of developing strategic, appropriate, and compliant IT information security management systems. He has had responsibility for both delivering an IT infrastructure and developing and implementing the strategic governance of the technology and information systems in a non-departmental public body.
Prior to joining fscom, Donnelly was the IT manager for the Consumer Council, where he successfully led the project to implement ITIL best practices to align the IT services with the needs of the organization. He is also a Certified ISO 27001 lead implementer, certified GDPR practitioner and Prince2 project management practitioner.
“James brings a wealth of expertise to fscom, that we believe will add huge value to our clients in the coming months and years. With GDPR around the corner, James can provide compliance officers with clarity and practical advice to ensure they meet their regulatory and legal obligations,” said CEO Jamie Cooke in a press release.
September 18, 2017: GE Digital promotes Nasrin Rezai to VP and global chief information and product cyber security officer
Rezai has held the position of GE chief information security officer since 2016. Previously, Rezai was the global chief information security officer for GE Capital and GE Corporate before moving to her current position. Prior to GE, Rezai worked for twenty years in Technology Risk, Strategy and Operations and senior management roles at State Street Bank, Cisco Systems, and Hewlett Packard Company.
Rezai holds a master’s degree in business administration and a bachelor’s degree in information technology and computer science. She also holds an executive certification from Harvard and Cambridge.
September 18, 2017: Rob Hopps named OWNZONES Media Network’s first CSO
In the newly created role of CSO and senior VP, platform operations, Hopps will oversee all information security, infrastructure and technology operations at OWNZONES, an OTT EntTech company that provides technology and media solutions for the motion picture, television, and digital content creation industries. He is based at the company’s headquarters in Beverly Hills, CA.
“We are excited to have Rob as our first chief security officer,” said Dan Goman, CEO, in a press release. “Rob’s newly created role underscores our commitment to protect our clients. OWNZONES will now have stronger oversight over the secure technology used across all of its OTT platforms and ensure the best and most up-to-date security is employed at all times. Rob has extensive experience and knowledge in handling cyber security threats and creating security roadmaps with exceptional organizational leadership and technology management skills.”
“I joined OWNZONES to help an incredible dynamic and talented team of software and design experts to execute as well as drive new security initiatives necessary to expand the company’s technology offerings,” said Hopps in a press release. “In my new role, I look forward to driving operations and strategies that align with Dan’s vision and that support and protect OWNZONES’ customers and employees as it continues to grow on the leading edge of content and OTT solutions.”
Hopps is a technology veteran with over 20 years leading technology operations and strategic initiatives. Most recently, Hopps served as vice president, CISO at the Federal Home Loan Bank of San Francisco. Prior to this, Hopps held information technology positions at Liberty Mutual Group, Safeco Corporation and Pemco Insurance. A graduate of the University of Washington with a B.A. in Business Administration, Hopps is also a Certified Information Systems Security Professional (CISSP).
September 14, 2017: Duck Creek Technologies hires John Germain as CISO
As the company’s first CISO, Germain is responsible for the overall strategy, direction, and management of Duck Creek’s security programs and cyber-protection initiatives. This includes the security oversight of Duck Creek’s On-Demand, mobile, and cloud-enabled services for property and casualty (P&C) insurance companies.
“John’s expertise combines technical skill with strategic vision – a combination that we need to safely and efficiently take our growing user base into the future,” said Michael Jackowski, CEO of Duck Creek, in a press release. “John will oversee all of our IT security programs, including the navigation of cyber security threats.”
With more than 25 years in IT, including 15 years as a security professional, Germain brings the experience necessary to effectively thwart cyber risks and protect the integrity and availability of Duck Creek’s intellectual property by anticipating and preventing potential security threats.
“This is a pivotal time for Duck Creek as the company grows and expands across global markets,” said Germain in a press release. “I look forward to being part of the company’s continued evolution, and implementing security programs that allow us to provide customers and partners with the safest, highest-quality P&C solutions possible.”
Prior to joining Duck Creek, Germain served as VP and CISO of IT Infrastructure at Xylem, Inc., an American water technology provider, for nearly 20 years and created critical infrastructure to defend the company from potential security threats. Germain also has been named a Top 100 CISO and a Top 25 Breakaway CISO Leader.
September 7, 2017: Jason Albuquerque is Carousel Industries’ first CISO
Albuquerque, who had been the company’s director of business systems and operations, will focus on establishing a comprehensive security office as a center of excellence for Carousel Industries, a provider of communication and network technologies, professional and managed services, and cloud solutions. He will also partner with the company’s pre-sales engineering team to identify and develop new client engagements in cyber-attack prevention. As CISO, he will lead the assessment, evaluation, prioritization and mitigation of the internal and external security threat to Carousel’s services, network infrastructure and business information systems.
“Jason Albuquerque’s appointment to the CISO position at Carousel underscores the growing global importance of this strategic role to enterprises in all industries,” said Bill Thompson, Carousel’s executive vice president of operations in a press release. “In his new role, Jason is already leading the charge to build an informed organizational culture of cyber security, further positioning Carousel as the vanguard for our customers and creating an unbreakable relationship forged by credibility and trust.”
“Globally, cyber-attacks of all types are escalating as more sophisticated tactics are being deployed to elude traditional security controls,” said Albuquerque in a press release. “Manufacturers, suppliers, partners and service providers are all under greater scrutiny than ever from their clients and from one another to apply increased governance, improved processes and enabling technologies to reduce and mitigate threats. This dynamic presents interesting challenges as well as significant business opportunities and I look forward to guiding our clients’ cyber security initiatives and further expanding our security practice.”
September 7, 2017: Former Santander Bank CISO Geoff Hauge joins Edgile as Eastern Regional Partner
At Edgile, a cyber risk and regulatory compliance partner to Fortune 500 companies, Hauge will work with highly regulated organizations to solve both on-premises and cloud challenges, including security, identity and access management (IAM) and industry-specific governance, risk, and compliance (GRC).
“As a world-class CISO who has led organization-wide security and compliance transformation for global institutions, Geoff’s client-focused perspective makes him a solid addition to our executive team,” said Edgile CEO Don Elledge in a press release. “His experience assessing and managing complex cybersecurity threats and regulatory landscape challenges—while communicating effective solutions up through the board-level—adds tremendous value for our customers.”
Hauge joins Edgile from Santander Bank, where he served as both U.S. CISO and U.S. chief information risk officer. He led major transformational cybersecurity and data protection initiatives, and established governance, oversight, and assurance programs in accordance with customer data requirements under the Gramm–Leach–Bliley Act (GLBA).
“Working directly in financial services over the past six years, I’ve gained firsthand appreciation for the challenges highly-regulated clients face in defining, communicating, and delivering successful security and GRC programs,” said Hauge in a press release. “I am deeply proud to join the industry-leaders at Edgile, and to partner with clients in advancing their security, transformation, and growth.”
August 31, 2017: eCurrency appoints Mitch Cohen as CSO
eCurrency Mint Limited (“eCurrency”), the pioneer of the innovative technology that enables central banks to issue a digital fiat currency, today announced two appointments to its executive suite: Stefan Carlsson as Chief Financial Officer (CFO) and Mitch Cohen as Chief Security Officer (CSO).
Cohen has been a longtime advisor to eCurrency, a pioneer of technology that enables central banks to issue a digital fiat currency, and started working closely with the management team earlier this year. Mitch brings 30 years’ information technology leadership experience to eCurrency with the last 10 years dedicated to building information security programs.
Cohen has expertise in cyber risk management and security requirements for U.S. federal information systems and healthcare information systems. Prior to joining eCurrency, he provided cyber security program management services to NASA, where he oversaw multiple information security teams including security operations, penetration testing, security assessments, incident response, public key infrastructure and compliance while also serving on the agency’s authentication architecture working group.
August 11, 2017: Glenn Johnson promoted to executive VP and CIO/CISO at North State
North State, a technology company focused on inspiring the Internet-driven lifestyle through high-touch experiences, expects Johnson to provide leadership to the company’s information systems and related technologies. He will also oversee governance, policy and strategic direction at North State for all companywide and business unit IT and IT security functions.
Johnson previously served as chief technology officer and CISO Stalwart Systems, a company acquired by North State in 2015. Earlier in his career, Johnson held senior-level technical positions in security, networking and Unix administration for two Fortune 100 companies and served in a lead capacity for a NASA enterprise rollout.
“We are excited to have Glenn as our CIO/CISO and as part of our executive leadership team,” North State CEO Royster Tucker III said in a press release. “Glenn’s new role underscores North State’s focus on strategically using secure technology to deliver great experiences and outcomes for our customers. We welcome his experience and vision as we continue to build on our strong technology base.”
“I am excited to become CIO/CISO during this exciting time of growth and change,” Johnson said in a press release. “Not only is the company providing vital technology IT solutions to customers, but it is also committed to enhancing and leveraging its own IT systems. I look forward to working with the executive team and the outstanding group of IT professionals to help shape the IT strategy for North State.”
August 9, 2017: Steve White joins ForgeRock as CSO
White brings his 20 years of cyber security experience to digital identity management solution provider ForgeRock. He is expected to transform the company’s security and compliance programs into a dynamic cyber defense strategy. A business-savvy technologist with over 17 years of security experience across multiple disciplines, White has a rich history of successfully leading security-focused change for agile product engineering/operations/development organizations.
“Steve White has the ideal mix of ingenuity, skills and expertise to lead ForgeRock’s information security strategy and operations as we enter the next phase of our growth,” said CEO Mike Ellis in a press release. “The fastest growing segments of our business involve managing digital identities in the cloud, and customer identity and access management implementations for global brands. These types of business cases pose unique security challenges that require thorough, precise approaches through all stages from development to ongoing operations. All of us at ForgeRock are excited to have Steve leading our security efforts.”
White comes to ForgeRock from Sonos, where he oversaw the security strategy and programs for the company. He previously held senior information security positions at CenturyLink Cloud and Amazon, and also was a key leader driving the launch and growth of a cybersecurity consulting practice for Microsoft Services. Steve began his career in cybersecurity as an officer in the U.S. Air Force, holding multiple engineering and leadership roles in various Air Force cyber units.
“Digital identity is the key enabling technology powering many of the fastest-moving and challenging trends in business today, from digital transformation and the internet of things, to Open Banking, PSD2, GDPR and more,” said White in a press release. “Having worked in government, retail and consumer IoT, I’ve had firsthand experience in numerous projects and deployments where digital identity technology was required to secure personal data, devices, and things. ForgeRock’s impact on the value and transformation for enterprises, to enable trusted human and IOT relationships across their ecosystem of customers and routes to market, through the amazing innovations that ForgeRock is driving in the digital identity space makes this an incredible opportunity. I’m thrilled to be joining the ForgeRock team.”
August 8, 2017: Bay Dynamics names former U.S. CISO Gregory J. Touhill to its board of directors
Cyber risk analytics software provider Bay Dynamics added retired Brigadier General Touhill to its board to help the company’s efforts to enable enterprises and government agencies to adopt a risk based approach to cyber security. “Bay Dynamics and I share a vision of enabling public and private organizations to approach cyber security as a risk management problem,” said General Touhill in a press release. “I am looking forward to adding my expertise to a company that is at the forefront of risk based security.”
Over his career, General Touhill has developed cyber security policies and strategies that executives can understand, adopt and lead across their entire organizations to overcome relentless cyber challenges. He served as the United States’ first federal CISO in addition to holding senior level information technology positions at more than a dozen private and public-sector organizations, including his current position as president of Cyxtera Technologies’ new Cyxtera Federal Group.
“Cyber security cannot be approached as an occasional project or a reaction to a breach. It is now one of many risks enterprises and agencies must manage on a day to day basis,” said Feris Rifai, co-founder and CEO at Bay Dynamics in a press release. “Through his thought leadership and actions, it is clear General Touhill shares this philosophy, which is why having him join our board is the meeting of kindred spirits. Bay Dynamics is already at the forefront of risk oriented cyber security and we are looking forward to incorporating General Touhill’s ideas and perspective as we evolve even further to accomplish our mission.”
August 7, 2017: Episerver hires Sue Bergamo as both CIO and CISO
Bergamo will drive the long-term IT strategy, as well as the security and risk strategies for Episerver, which provides a cloud-based platform to manage digital content, commerce and marketing. In her role, she is expected to collaborate across departments in support of the company’s risk and security assessment program.
A veteran of Microsoft, Bergamo brings to the newly expanded role more than two decades of leadership experience in strategic planning, product management, IT operations and infrastructure, cybersecurity, data management, application development and process redesign at Fortune 500 companies including Cigna, CVS Pharmacy, Liberty Mutual and Staples.
“With the necessary global focus on data privacy and security laws in the wake of many very public cyber attacks, we recognize the vital role security and IT infrastructure plays in delivering secure business applications in the cloud in a way that complies with rapidly evolving legislation,” said Mark Duffell, president and CEO of Episerver, in a press release. “Ongoing investment in our products as well as compliancy initiatives like Privacy Shield, ISO27001, and the European Union (EU) general data protection regulation (GDPR) is paramount to our continued growth and success, and Sue brings the right mix of vision and leadership to help us achieve our goals on behalf of our customers around the world.”
Before joining Episerver, Bergamo was a global technology strategist at Microsoft for over three years. Earlier, she served in a number of CIO positions including facilities management and food services conglomerate Aramark. She also headed up enterprise data management at global office supply retailer Staples and oversaw enterprise application development for drugstore giant CVS Pharmacy.
“It is a privilege to join a company like Episerver that has a true vision and commitment to driving innovation and digital transformation for all companies on a global scale,” said Bergamo in a press release. “In my new role as CIO and CISO, I look forward to driving operations and strategies that align with that vision and that support and protect Episerver’s customers and employees as it continues to grow on the leading edge of content and commerce solutions.”
August 4, 2017: Lyft hires Mike Johnson as its first CISO
Fast-growing ride-hailing company Lyft, Inc., has named Johnson as its director of engineering and chief information security officer. He joins Lyft from Salesforce.com, where he held several security roles.
"I joined Lyft to help a fantastic team execute as well as drive new security and privacy initiatives necessary to maintain our incredible growth, especially as Lyft pushes into new areas such as self-driving cars,” says Johnson. “I'm concentrating on growing the team through the hiring of world class security professionals and ensuring we have the right technology in place to keep up with the growth of the company."
August 2, 2017: Scott Caschette promoted to CISO at managed IT service provider Vology
Caschette moves up form a senior technology strategist role to lead Vology’s managed security practice, with the mission to protect the company’s customers and employees against accelerating cybersecurity threats. “In less than a year, Scott has become an integral part of the Vology team, offering distinctive insight as a former CIO for one of our customers,” said Barry Shevlin, CEO of Vology in a press release. “With his pragmatic approach to problem solving and his security background, he was the ideal choice to take the CISO role and build out our managed security practice.”
“By combining our world-class network operations centers, partner relationships, nationwide network and extensive skill sets in enterprise security, Vology is uniquely positioned to deliver managed security offerings to its customers,” said Caschette in a press release. “In the ever-changing environment of cyber threats, organizations are faced with challenges from policy creation to threat mitigation and remediation.”
Caschette has more than 25 years of experience in providing leadership in the design and implementation of enterprise technology. Prior to joining Vology in November 2016, Caschette served as CIO at Albertelli Law for more than four years. There, he developed and executed a complete technology transformation, successfully modernizing, securing, and ensuring compliance in infrastructure, data management, disaster recovery, vendor management, delivery, and sustainability. Caschette holds a Bachelor of Arts in Management of Information Systems from Front Range College.
Caschette is actively involved in multiple organizations with strong commitments to advancing the local tech community. In addition to his role on the CIO Executive Council, Caschette is an advocate for the Tampa Bay Technology Forum. He currently serves on the events committee, and he was one of four judges for the group’s Annual Industry Achievement Awards in 2014 and 2015. Caschette is also an advisory board member to several companies and start-ups.
August 2. 2017: Mark Nunnelly picked to run newly formed Massachusetts technology and security agency
Massachusetts Governor Charlie Baker’s administration has announced the formation of a new executive branch agency, the Executive Office of Technology Service and Security (EOTSS) to provide secure and quality digital information, services and tools to constituents and service providers. Nunnelly, currently the executive director of MassIT, has been named as secretary of EOTSS and CIO for the Commonwealth.
Through EOTSS, Nunnelly will have oversight on all IT activities of state agencies. EOTSS will focus on centralizing IT infrastructure services across the executive department and review and update policies and procedures governing state cybersecurity, digital platforms and data management.
“Establishing the Executive Office of Technology Service and Security will allow state government to streamline state services, improve cybersecurity and better serve our constituents,” said Governor Baker in a press release. “We look forward to developing this secretariat to support the Commonwealth’s focus on providing modern, secure and stable technologies.”
“The rate and pace of change have forced all large organizations to rethink their digital service approach from a security, service and structure perspective,” said Nunnelly in a press release. “This reorganization will help equip the many talented IT professionals across the State with the right structure, tools, and platform to secure our information and provide better service to our constituents. We look forward to working with leaders from across the executive branch in making progress against these imperatives.”
August 1, 2017: Diane E. McCracken promoted to executive VP and chief security officer at Customers Bank
McCracken will have executive oversight of all security operations, including cyber, information, application and physical security as well as business continuity and disaster recovery at Customers Bank, a community-based, full-service bank with assets of approximately $10.9 billion
“Security is a top priority for Customers Bank, and managing risks effectively and proactively requires executive-level commitment and attention,” said COO Richard Ehst in a press release. “By elevating the CSO to an executive role, we are able to take a more strategic approach to our security operations that includes unprecedented visibility across all areas of the bank, with results that will benefit each and every one of our customers. Diane’s knowledge of Customers Bank and her vast successes in information technology and security make her an ideal fit for this role.”
McCracken has more than 18 years of experience as a technologist with a specialty in information technology. She began her career in information security in 2004 as an analyst with Sovereign Bank. She joined Customers Bank in 2011 as the Information Security Leader and has held various roles since then, including launching the Bank’s first mobile app in 2012, leading the vendor management practice, and building the bank’s cybersecurity programs. She was promoted to Chief Security Officer in September 2015.
“Customers Bank’s approach to security has always been innovative, which is evident not only in the size of its security team but also in the ongoing assessment and evolution of its security practices,” said McCracken in a press release. “It has been a privilege to be part of such a dedicated team, and I look forward to taking it to the next level as Executive Vice President.”
July 31, 2017: The NTSC appoints Discover Financial Services CISO James McJunkin and MoneyGram International CISO Betty Elliott to its board of directors
McJunkin brings knowledge from the financial services industry and will help influence the strategic direction of the NTSC, which provides a platform for CISOs to advocate for beneficial legislative and regulatory policies. He joins CISOs who represent a broad cross-section of enterprise companies and have a vested interest in protecting the security of their customers and employees through policies that improve national cybersecurity standards and awareness.
“As someone who spent nearly 30 years in state and federal government as a law enforcement professional and held significant leadership positions at the FBI within their Counterterrorism Division, I understand the need for sound cybersecurity policy that helps both business and government,” said McJunkin in a press release. “The NTSC gives CISOs an important platform to help influence legislation and policy around critical issues such as data breach notification, public-private information sharing, and encryption.”
At Discover Financial Services, Mr. McJunkin is responsible for second line risk management of information security. That includes governance of the enterprise-wide information security program, internal and external investigations; third-party vendor compliance for information security, business continuity, and executive protection; and physical security for the entire corporate enterprise.
Representing the financial services industry, Elliott will help influence the strategic direction of the NTSC. “After serving as a CISO in a variety of industries and leading security teams at Fortune 500 companies, I’ve seen the effects that national cybersecurity legislation and policies can have on business,” said Elliott in a press release. “As a member of the NTSC board, I look forward to working with CISOs from a variety of backgrounds to offer my insights and engage in dialogue with policymakers on Capitol Hill.”
Elliott joined MoneyGram in April 2015 as its VP, CISO. She leads the MoneyGram Information Security team whose responsibilities include managing security risk, security governance, forensics, security awareness, identity and access management, vulnerability management, security operations, security engineering, security architecture, internal fraud, and agent victim fraud.
July 31, 2017: Bob Thibodeaux is the new CISO at DefenseStorm
DefenseStorm, a provider of co-managed cybersecurity operations for financial has hired Thibodeaux as chief information security officer (CISO) as part of an effort to accommodate the company’s rapid growth.
With more than 20 years of information security experience, Thibodeaux is an expert in managing IT, security and network operations. In his new role, Thibodeaux is responsible for overseeing incident response processes, risk management and penetration testing for community banks and credit unions across the U.S. He is also tasked with maintaining a current understanding of the threat landscape for the financial industry and translating that knowledge to identify risks and develop actionable plans to protect DefenseStorm and its customers.
Before joining DefenseStorm, Thibodeaux worked at F5 Networks as a senior security engineer, where he directed the development and management of the company’s security operations. Prior to that, he served as senior manager of IT infrastructure at The Seattle Times and as senior network engineer for InterNAP Network Services. Additionally, Thibodeaux is a Certified Information Systems Security Professional (CISSP) and Global Information Assurance Certified (GIAC) Penetration Tester.
“At DefenseStorm, we rely heavily on our sharp and talented employees. Cybersecurity is an ongoing initiative that cannot be solved indefinitely and our customers are targeted with new cyber threats constantly,” said Sean Feeney, CEO of DefenseStorm in a press release. “Having a skilled, experienced staff like Bob is vital to helping our customers address their security issues and is ultimately key to DefenseStorm’s success as a company.”
July 27, 2017: Matt Sorensen joins Secuvant as CISO, VP of risk management
Sorensen’s focus at the independent cyber security risk management and managed detection and response firm will be on bringing value to businesses through Secuvant’s Cyber-7 risk management methodology. He will lead the Secuvant cyberRPM practice. Sorensen brings 17 years of security experience, over 17 professional certifications in cyber security and 6 years as an attorney to Secuvant.
“Having someone as skilled and well respected as Matt join the Secuvant management team is nothing short of incredible,” said Ryan Layton, CEO and co-founder of Secuvant in a press release. “Matt has a very unique combination that is rare to find in cyber security, that being business, legal and technical. He has proven to many businesses and their executives that he is the go-to guy when it comes to cyber risk advisory, and now he can add the Secuvant Cyber-7 methodology that just puts client benefits over the top.”
Prior to joining Secuvant Matt was an attorney with Holland and Hart in Salt Lake City, focused on managing data breach events, overseeing incident response and investigation teams for clients and helping commercial data breach victims prepare civil claims against negligent data custodians and processors.
“Secuvant starts by helping executives understand that security is a business risk and not just a technical one,” said Sorensen in a press release. “I am excited to deliver value to our clients using the Cyber-7 process which is like nothing I’ve seen before. That is what attracted me to Secuvant. The way they help businesses address growing security threats while enabling revenue and lowering risks and costs, is unique in the marketplace.”
July 27, 2017: MCNC promotes Chris Beal to CISO, expands cybersecurity team
By appointing Beal to the CISO role and adding two new positions to its security team, MCNC expects to further develop and implement innovative cybersecurity solutions for its customers. The non-profit MCNC operates the North Carolina Research and Education Network (NCREN), which connected institutions of the University of North Carolina System, Duke University, and Wake Forest University to each other, and through advanced research networks such as Internet2 and National Lambda Rail, to the world.
Beal will also assess and monitor network vulnerabilities and risk posture, advisory services so organizations can best manage security risks and threats, and training and education opportunities to help NCREN users stay informed.
“Chris continuously demonstrates a wealth of knowledge and expertise on the latest cybersecurity issues and solutions,” said MCNCpresident and CEO Jean Davis in a press release. “His promotion as well as the addition of two team members will allow MCNC to advance upon the foundational elements we've implemented over the past two years to benefit not just our customers but all of North Carolina.”
Beal joined MCNC in 2013 as Chief Security Architect. His responsibilities have included working with customers to build MCNC's internal security and risk management programs to ensure security policies, services, and strategies meet the needs of MCNC and the NCREN user community.
“Increased reliance on digital resources means that our customers depend on us to help protect these resources,” said Beal in a press release. “At MCNC, we want to leverage our knowledge and expertise to help our customers identify and address their pressing cybersecurity challenges. We will work with our constituents to carefully research and deploy solutions that keep our collective digital environments better protected against threats and vulnerabilities.”
July 26, 2017: Capsule8 appoints former RSA chairman Art Coviello to its board of directors
Capsule8 has announced that Coviello will bring his 35-plus years of operating and management experience to the company. This coincides with Capsule8’s announcement of its beta release of its flagship product, Capsule8 Protect, a threat prevention and response platform purpose-built for cloud-native environments.
“We’re on the verge of a huge market shift as companies migrate from monolithic architectures to modern cloud-native infrastructures. And while they want to embrace new and open technologies – like containers and microservices – the security risks associated with Linux need to be addressed,” said Coviello in a press release. “Capsule8 is one of the most exciting security companies I’ve come across in recent years and I’m eager to help them achieve their full market potential.”
In 2015, Art Coviello retired as Executive Chairman of RSA, the security division of EMC. During Coviello’s two-decade career at RSA, the company evolved from its roots in authentication and encryption to being a leader in the most important emerging areas of information security, including security analytics, identity, and governance, risk and compliance (GRC).
“As we bring our product to market, it’s great to have Art – who was behind one of the greatest successes in the enterprise security market – on our team,” said John Viega, Capsule8 CEO, in a press release. “There are few people in the industry with Art’s experience, network and know how. We are thrilled that he has agreed to bring his time and talent to Capsule8.”
July 21, 2017: Phil Lea named head of security and compliance at Advanced
With the hiring of Lea, British software and services company Advanced hopes to further strengthen its leadership team to deliver technology solutions with security in mind. He will focus on customer security, security technologies and governance. This will include enhancing the tools that Advanced uses to secure its products, customers and internal IT as well as developing managed security service offerings for its hosted and IT outsourced customers.
Lea will also be responsible for coordinating security governance across Advanced and ensure the entire business is ready for future regulatory requirements including the General Data Protection Regulation (GDPR).
“Advanced has undergone what is arguably the largest transformation of any UK company at this current time,” said Lea in a press release. “Its ambition represents a unique opportunity for any senior leader, and I am thrilled to be joining the organization as it focuses on accelerating its growth. Key to this growth, as with any company, is a solid security strategy and I look forward to supporting Advanced through its next transformative phase as well as helping customers securely reimagine their own businesses.”
Lea has over 20 years’ IT and security experience at companies such as Fujitsu, Gartner and the Department for Work and Pensions. At Fujitsu, he spent over eight years as Managing Security Consultant before taking up the role of Security Practice Manager where he led the Chief Information Security Officer (CISO) and Consultancy Practices in the technology giant’s security operations team
July 19, 2017: Managed security provider MKACyber names Mark G. Hall as director, operational risk and compliance
Hall joins MKACyber, a managed security services provider (MSSP) and security consulting firm, to help its customers align their cyber defenses against identified threats and risks to their business operations and high value data and systems. He brings over 30 years of experience in information assurance and cybersecurity working for both the public and private sector.
Prior to joining MKACyber, Hall worked as an independent consultant and senior partner with the Cyber Security Consulting Group. He also served as vice president, cyber security engineering at Decisive Analytics Corporation. Hall also spent nearly 25 years in the intelligence community and later the Department of Defense (Office of the Secretary of Defense)
“Mark is a seasoned cybersecurity professional. He brings unique insights to our customers’ cyber defense requirements. His previous work on a variety of IA initiatives and programs, as well as the enforcement and compliance with policy and security protocols that he supported, made him perfect for this position,” said MKACyber found and CEO Mischel Kwon in a press release.
July 19, 2017: Proofpoint adds Capital One CISO Michael Johnson to its board of directors
Cybersecurity company Proofpoint, Inc., named Johnson as an independent director for the company effective July 18. He is currently senior vice president and chief information security officer (CISO) of Capital One Financial Corporation. Prior to this role, he served as the chief information officer for the U.S. Department of Energy overseeing cybersecurity, cyber enterprise integration, enterprise information resources management, cyber supply chain risk management and headquarters information technology operations.
“We are pleased to welcome Michael to Proofpoint’s Board of Directors,” said Eric Hahn, Proofpoint founder and chairman of the board in a press release. “He brings exceptional information security and risk management knowledge to the position that will further enhance our ability to maintain our momentum and grow market share as we protect more than fifty percent of the Fortune 100 from advanced threats and compliance risks.”
July 18, 2017: Randy James to lead ICF’s cybersecurity and resilience business
Global consulting and technology services provider ICF named James senior vice president and division lead for the company’s enterprise cybersecurity and resilience (ECR) practice. The company expects James to leverage his extensive experience in cyber consulting, engineering and operations to accelerate ICF’s current strategy of helping to protect organizations against rising cyber threats without disrupting innovation and growth.
James has over 30 years of experience in information technology, critical infrastructure protection and professional services. He most recently served as vice president of cyber at SAIC and also served as CISO at CSC Government Solutions.
“Randy is one of the nation’s most respected cybersecurity and resilience leaders and is an incredible addition to the ICF team,” said Ellen Glover, executive vice president of transformation and resilience solutions at ICF in a press release. “I look forward to working with Randy to keep our clients ahead of the curve with the best technologies, strategies and tools to address the increasing sophistication and frequency of cyber attacks.”
“I am honored to join a team that is leading the next generation of cyber defense,” said James in a press release. “I am eager to build upon the company’s extensive experience and solid foundation in solving complex cybersecurity challenges.”
July 11, 2017: Former federal CISO Gregory Touhill heads new Cyxtera division
In 2016, President Barack Obama appointed Brigadier General Gregory J. Touhill as the nation’s first federal chief information security officer (CISO). Now he brings his considerable cybersecurity experience to secure infrastructure provider Cyxtera Technologies as president of the newly formed Cyxtera Federal Group (CFG). CFG will offer Cyxtera’s data center services and cybersecurity capabilities to federal agencies and departments.
As the federal CISO, Touhill he was responsible for ensuring that the proper set of digital security policies, strategies and practices were adopted across all government agencies. “We are excited to announce the further expansion of Cyxtera’s business with the launch of Cyxtera Federal Group, and we could not have found a finer leader than Greg Touhill to head this endeavor,” said Manuel D. Medina, CEO of Cyxtera. “There is truly no one better to lead this business than Greg, who is one of our country’s premier cybersecurity experts. His experience as the first federal CISO of the United States will be invaluable to our company and our government customers.”
Touhill is expected to help CFG will support agencies across the federal government with a portfolio of secure infrastructure solutions delivered from a global footprint of data centers, including six in the Washington, D.C. metropolitan area where the division will be based.
“Cyxtera’s technology and capabilities are among the most innovative and effective in the marketplace, and it is an honor to join their world-class team,” said Touhill in a press release. “I have spent my entire professional career defending our country, and I’m looking forward to joining the private sector to help create efficient, effective and secure solutions to protect the federal government’s critical information systems, on which our citizens and institutions rely. With cyberattacks on the rise in frequency and severity, it is more important now than ever that we effectively secure our systems, networks and data.”
Touhill is a retired U.S. Air Force officer and combat veteran who served in several commands around the world including U.S. Transportation, Central, and Strategic Commands. He also led the creation of the Air Force’s cyberspace operations training programs. He is a sought-after speaker and author within the information technology industry, where he is best-known for his “Cybersecurity for Executives: A Practical Guide,” which is used widely at colleges and universities across the country.
July 11, 2017: Databricks hires David Cook as CISO to lead cloud and data security efforts
Citing rapid growth of its Unified Analytics Platform as a factor, Databricks, brought Cook on board as chief information security officer (CISO) to “evolve Databricks’ already significant investment and leadership in cloud and data security,” according to a press release.
Prior to joining Databricks, Cook served as the chief security officer (CSO) for Jive Software, where he was responsible for Jive's physical and logical security of personnel, physical assets and information assets, including IT, product, and cloud, leading Jive's corporate security strategy and programs. In addition to being Jive’s CSO, Cook ran Technical Operations for Jive’s Cloud platform. Before Jive, Cook held a director of security roles at Blue Coat Systems and Jasper Wireless where he ran the organization’s corporate and product security programs.
“The opportunity to join Databricks, already a leader in cloud and data security, and to be a part of an innovative and talented team was a no brainer,” said Cook in a press release. “It’s not only an incredible opportunity, but now my responsibility to build a security platform that will be the gold standard for enterprise cloud security.”
June 29, 2017: Yassir Abousselham named CSO for identity solution provider Okta
A former Google executive, Abousselham brings nearly 20 years of experience leading security teams to Okta. Most recently, he was the CISO for SoFi, where he built the company's information security and privacy program. Abousselham will report directly to Okta's CEO, Todd McKinnon.
Abousselham will be responsible for setting and meeting security standards for both Okta and its products. “Security is increasingly top of mind for organizations around the globe. We’ve always been committed to achieving the highest level of security standards for both our business and our customers,” said McKinnon in a press release. “We needed an experienced security executive with a successful track record of building security teams, driving secure product development, managing technology risk and achieving regulatory compliance to lead that initiative. Yassir fits that bill exactly.”
“Businesses are under attack like never before and such attacks will only continue to intensify in sophistication and regularity. As organizations everywhere continue to move to the cloud and adopt best-of-breed technologies, traditional security tools aren't able to address the mounting security challenges that they demand. The Okta Identity Cloud not only enables customers to seamlessly access technology, but solve their toughest security and access challenges,” said Abousselham in a press release.
June 26, 2017: Shipbuilder HII hires Ron A. Davis as its first CISO
Huntington Ingalls Industries (HII), the largest military shipbuilder in the U.S., has tasked Davis with responsibility for ensuring the early identification of threats and risks and the implementation of controls and other processes and methods to protect information systems for the entire HII enterprise.
“Cybersecurity is a top priority for HII,” said Chris Kastner, executive vice president, business management, and chief financial officer, in a press release. “Our information systems must remain secure to not only protect our business, but to protect information vital to our nation’s defense. We look forward to Ron joining our team and putting his extensive cyber experience to work in this very important role.”
Davis joins HII after serving as CISO for Vencore since 2015. He has also held several positions at BAE Systems, including director of global cybersecurity program integration and director of global cybersecurity operations. In a contracting capacity, Davis served as senior lead information systems security engineer at the Defense Logistics Agency headquarters and the Department of Homeland Security. He has an extensive background in cybersecurity policy and procedure development, security architecture, security risk management, cyber threat management, and incident response.
June 26, 2017: Prevalent appoints healthcare security expert Dr. Kevin Charest to board of directors
Ensuring security across all the connected digital players in the healthcare ecosystem p resents enormous challenges. To help meet those challenges, third-party risk management solution provider Prevalent, Inc., has added Dr. Charest to its board of directors. He brings 25 years of healthcare cybersecurity expertise, including managing global defense and IT security at the nation's largest private and public healthcare organizations.
"We're very pleased to have Kevin join our board and share his experience and insights with the Prevalent team," said Jonathan Dambrot, CEO, Prevalent, in a press release. "Kevin possesses a unique understanding of both the business and technical issues driving third-party risk management across the diverse healthcare ecosystem. His leadership in global security and his vision and passion for protecting personal data will be invaluable to Prevalent and our customers as we move towards the next stage of managing third and fourth party risk."
"The healthcare ecosystem comprises more than 480,000 interconnected entities of all sizes and maturity, but they all share the same significant challenge of managing Nth party risk. Prevalent's broad capabilities and experience in this space gives them a unique opportunity to address this problem. I look forward to sharing my perspective and expertise to help Prevalent advance their delivery for the healthcare market and beyond," said Dr. Charest in a press release.
Dr. Charest has held roles in both the public and private healthcare sector, including leading global cyber defense operations for UnitedHealth Group. He also served as the CISO for the Department of Health and Services (HHS). Dr. Charest is currently the board secretary for (ISC)², an international nonprofit cybersecurity membership association best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification.
June 26, 2017: Idaho Independent Bank hires Wade Griffith in dual operations/CISO role
The bank hired Griffith as senior vice president of operations, but he will also serve as its CISO, according to a press release. Griffith has nearly 39 years of experience in bank operations, technology and risk management. He will lead IIB’s operations, project and applications management. Griffith graduated with a bachelor’s degree in Business Administration from the College of Idaho and is a graduate of the Northwest Intermediate Banking School and School of Bank Marketing.
June 20, 2017: SaaS analytics platform provider Looker appoints Ryan Gurney as CSO
Gurney is expected to lead Looker Data Sciences' security and compliance initiatives around its data platform solution. He will develop and execute a security and compliance roadmap for current and future products, as well as implement company-wide governance policies and procedures.
“Security has always been a priority at Looker,” said Frank Bien, CEO of Looker, in a press release. “Now with our regional expansion and growing presence in the enterprise we need to ensure our security programs scale appropriately. We are thrilled to have Ryan bring his years of experience to Looker and lead the advancement of our security initiatives.”
Prior to Looker, Ryan managed security and compliance functions as vice president of security at Zendesk and director of IT for Engine Yard. Previously, he managed a security engineering team at eBay.
“Looker provides a feature rich platform empowering our customers to understand their data,” said Gurney in a press release. “In providing a hosted cloud environment, I recognize that building and maintaining customer trust is paramount. I am excited to join Looker to ensure that we exceed our customer’s security needs, and to find innovative ways to utilize the Looker application to augment our own internal security capabilities.”
June 16, 2017: Ex-VMware exec Sandra Crosswell becomes SonicWall's first CSO
Data breach detection and prevention solution provider SonicWall hired Crosswell as its first chief security officer (CSO). Prior to SonicWall, Crosswell was a senior manager at VMware, leading the InfoSec red team. Shel has more than 25 years of experience in program management for Fortune 500 companies. Her portfolio includes large M&A IT and application migrations, data center builds and consolidations, as well as leading security teams and compliance programs for the technology sector. Crosswell won an MVP award for her work at HP and was a SANS “Ones to Watch in Cybersecurity” winner in 2016.
June 5, 2017: Dr. Malcolm Shore joins Huawei Technologies (Australia) as its cyber security officer
Dr. Shore has had a long career in information systems and security. After retiring as the Assistant Director Information Systems in Defence Headquarters for the Royal New Zealand Air Force, he joined the Government Communications Security Bureau taking responsibility for New Zealand's national information systems security.
He has also held two Head of Security roles in the telecommunications sector, at Telecom New Zealand and the Australian National Broadband Network (NBN) company. Across these roles he managed all aspects of physical security, information security, and privacy and delivered Sarbanes Oxley and Protective Security Policy Framework compliance.
"Dr. Shore is well respected in the information security sector and has a strong understanding of our products and people," said John Lord AM, chairman of Huawei Australia, in a press release. "We are delighted to have him lead on cyber security in Australia."