The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.
CSO’s Movers & Shakers is where you can keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.
October 12, 2018: Anil Varghese joins Exeter Finance as senior VP and CISO
Varghese has over two decades of global experience in the information security arena, including stints at American Express and Sony. He most recently served as the CISO for Service King. Varghese will be a member of the IT leadership team reporting to CIO Michele Rodgers.
Varghese has had direct responsibility for setting strategic direction on IT risk, security, compliance, and privacy issues. He has been engaged to support sensitive M&A due diligence initiatives and fostered key relationships. Varghese has also served as a thought leader and security evangelist for PayPal and other companies.
A sitting board member of Digital Accelerator at SMU, Varghese is an active member of the information security/assurance community, including roles as a presenter/speaker to ISSA, CISO Roundtable, InfraGard, ISACA and the FBI.
October 12, 2018: ICF names Crystal Jones as first global data protection officer
Jones, who also serves as assistant general counsel and director, oversees ICF’s Global Data Protection and ePrivacy program. As data protection officer (DPO), Jones ensures that ICF follows data protection best practices and maintains compliance with regulatory frameworks across the globe, from the European Union’s General Data Protection Regulation (GDPR) to California’s recent landmark privacy legislation.
As both a controller and processor handling large amounts of client, employee and individual personal data across the world, ICF has adapted in design and practice to meet the requirements of these shifting frameworks. Jones has worked to align the company’s internal practices and procedures with globally recognized data protection laws and regulations.
Jones’s data protection team, which resides within ICF’s Office of General Counsel, guides the company’s mandatory all-employee data protection training. Training for best data protection practices enables employees to comply with notice and lawful basis requirements, employ privacy by design and default principles, use privacy-enhancing technologies, such as multi-factor authentication and encryption, demonstrate accountability in all processing activities, and follow risk mitigation protocols.
October 11, 2018: Delaware Department of Technology announces Solomon Adote as state CSO
Adote will be responsible for enhancing and improving the state’s cyber security strategy, including the design and execution of the Delaware Information Security Program and the Continuity of Government and Disaster Recovery Program.
“Cyber security is more important now than ever and we are excited to welcome Solomon back to lead our efforts,” said CIO James Collins in a press release. “He brings a great blend of organizational and tactical information security experience that will be invaluable as our enterprise digital government strategy evolves.”
Adote brings experience designing comprehensive information security programs and deploying some of the industry’s leading technologies. He has also developed hybrid-managed and in-house security operations centers (SOCs) and led the architecture and implementation of secure computing environments for both public and private clouds.
Most recently, he led FMC, Inc.’s, global IT cyber security team for six years. There, Adote was responsible for the security of a complex, 90-site international manufacturing and corporate network. His team covered all aspects of cyber security —from network security, application security, incident response, identity and access lifecycle management, to internet and remote access. Adote has also worked as an IT security technical lead at QVC, Inc., the third largest e-commerce company in North America, where he secured a dynamic Payment Card Industry (PCI) compliant credit card processing environment with a web presence in multiple countries.
October 11, 2018: TLDR hires FBI veteran Jon Fisher as director of security
At TLDR, a global advisory firm for tokenization projects, Fisher joins a team of seasoned security experts, military officials, and FBI cyber agents in delivering enterprise-level security techniques to leading institutions, exchanges, and projects. His years of physical and cyber security experience will further drive TLDR’s overall mission to protect investors and businesses within the blockchain industry against hackers and token theft.
Andre McGregor, partner and global head of security at TLDR, said in a press release, “As investment continues to flood into the emerging blockchain industry, hackers have put a bullseye on blockchain companies who haven’t paid adequate attention to security. We are excited to have Jon join us in our mission to meet this industry-wide challenge. … Jon’s more than 15 years of experience will be an invaluable resource for our clients.”
Fisher boasts extensive experience at the highest level of security management from prior positions at the Metropolitan Police Department in Washington, DC, and three branches of the U.S. military. As a supervisory special agent in the FBI Cyber Division and an FBI Cyber Division liaison to the National Security Agency, Fisher led efforts on a variety of investigations including state-sponsored computer intrusions and transnational organized crime rings.
“The excitement surrounding the blockchain industry right now is palpable thanks to the unprecedented pace of innovation, but with this race to innovate comes a heightened need for security,” said Fisher in a press release. “TLDR is not only tackling the cybersecurity problems of today but looking to the future to anticipate preventative security and custody solutions for clients. I’m confident that my expertise will bolster TLDR in its mission to help educate and empower organizations to remain vigilant against security threats.”
October 10, 2018: Justin Dolly named COO and CSO at SecureAuth
Dolly is a former SecureAuth board member and has extensive experience in advanced information, infrastructure, web, application, and product security, as well as in risk management, network engineering, and design. Dolly comes to SecureAuth from Malwarebytes where he served as CSO and CIO.
October 2, 2018: AutoGrid announces Omprakesh Moolchandani as its first CISO
Moolchandani joined the AutoGrid executive team on October 1 and will play an important role on leadership team at AutoGrid, a provider of security solutions to the energy sector. “Our customers care deeply about the safety and security of their data,” said Dr. Amit Narayan, CEO, in a press release. “We take cybersecurity very seriously, and Om’s appointment and this new position intensify that focus.”
Cybersecurity ranks as the utility industry’s most pressing concern, with more than 80 percent of respondents in Utility Dive’s 2018 State of the Electric Utility Survey listing it as important or very important.
Moolchandani comes to AutoGrid from General Electric’s industrial internet of things unit, Predix, where he served as senior director for cybersecurity. Before GE, Om headed cybersecurity for cloud security company CipherCloud and for several Australian financial and industrial companies.
Moolchandani holds master’s and bachelor’s degrees in computer applications from University of Technology of Madhya Pradesh, a certificate in business strategy from Harvard Business School, and a certificate in IoT business from the MIT Sloan School of Management. Om is a lifetime member of ISACA, the worldwide information systems association
October 1, 2018: County of San Bernardino hires Robert Pittman as CISO
Pittman previously served as CISO for the County of Los Angeles. Prior to that, he was as their Chief Information Security Officer (CISO). Prior to that, he was the county’s first assistant CISO for six years. There, Pittman built and grew an enterprise information security program from the bottom up, established a security culture, and designed a sustainable security foundation.
As CISO for the largest geographical county in the nation at the County of San Bernardino, Pittman plans to use his experiences and insight gained to better secure the county’s 44 departments or business units and 22,000 employees.
Pittman was given the 2016 Local Government Cybersecurity Leadership and Innovation award by the Center for Digital Government for advancements to the County’s information security program, the 2014 Cyber Security Leadership in Local Government award by the State of California and the Office of the Attorney General, and 2012 CISO of the Year award by the Info Security Products Guide.
September 11, 2018. Richard Bejtlich joins Corelight as principal security strategist
Bejtlich, an early proponent of the open source Bro Network Security Monitor that is at the heart of the Corelight Sensor network visibility tool, will work with the company's executive team to help align product development with enterprise needs. He will also communicate the value of Bro data and network security monitoring for countering adversaries.
“Richard has inspired a generation of defenders through his books, blog posts, presentations, and personal example. Corelight is the network visibility company and Richard is the network visibility guru - so this feels like a perfect match,” said Greg Bell, CEO of Corelight, in a press release. “We are thrilled to have him join the Corelight team.”
Bejtlich has spent years championing the importance of network security monitoring and the critical role real-time data plays in assessment, detection, and response processes. His first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection (Addison-Wesley Professional, 2004), includes a chapter devoted to Bro and he has also frequently blogged about the technology.
“After years of protecting networks with Bro, joining the Corelight team feels like the natural next step,” said Bejtlich in a press release. “Other tools offer glimpses of network visibility, but Bro is like the Hubble telescope. I look forward to working with my new team - many of whom I consider security mentors - to help all organizations harness the power of Bro and Corelight to defend their networks.”
Bejtlich was previously Mandiant's CSO when FireEye acquired Mandiant in 2013. Prior to Mandiant, Bejtlich worked as director of incident response at General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT).
September 27, 2018: Adnan Dakhwe joins security startup Vera as head of security and compliance
For more than a decade, Dakhwe has built and maintained security, compliance, risk and privacy programs. With a passion for security, technology, innovation and entrepreneurship, he has deep experience in security strategy, risk management, cybersecurity, architecture, product security, governance, business continuity and disaster recovery across cloud, hybrid and on-premise environments.
Prior to Vera, Dakhwe served as a manager for MuleSoft's Global Information and Compliance group. Adnan has served is various leadership roles at a Fortune 100 retailer, one of the largest global consulting organization and a marquee healthcare organization.
For the last six years, Dakhwe has served on the board of directors of ISACA (San Francisco and then Silicon Valley). He is an active advisor of SecureWorld and a researcher for the Cloud Security Alliance.
September 24, 2018: Santander UK appoints Emma Leith as CISO
In the newly created role, Leith will be responsible for the delivery of security and privacy services across Santander UK, in line with the continued commitment to protect Santander’s systems, information and customers from the growing cyber risk.
Leith joins from Barclays International, where she was director of cyber strategy and programme. Prior to this, she was CISO for the Corporate Functions and Commodity Trading Division at BP Oil International and has over 13 years’ experience in leading cybersecurity and privacy agendas across a variety of industry sectors including financial services, oil and gas, telecoms and government.
Leith will report to Santander UK COO Michael Harte. “I'm delighted to appoint Emma as Chief Information Security Officer as we continue to build a team delivering innovative products and solutions for our customers and communities that we serve, whilst ensuring information security remains a top priority,” said Harte in a press release. “Emma brings extensive knowledge and experience to the team which will prove invaluable in helping us drive forward our security and privacy agendas across Santander UK to ensure our customers' prosper.”
“I am delighted to be joining Santander UK. It is well known in the market for creating customer value through innovative solutions and delivering an excellent service,” said Leith in a press release. “I look forward to working with the teams both in the UK and across Santander Group to further build on the existing work and ensure we are well placed for the challenges ahead.”
September 18, 2018: Chris Betz is CenturyLink’s new CSO
Betz will lead the telecommunication company's corporate security, information security and security product development teams. "Customers rely on CenturyLink to help them protect their homes, their businesses and global critical infrastructure," said Aamir Hussain, executive vice president and chief technology officer for CenturyLink. "Chris brings a wealth of knowledge informed by the right mix of experience, from his service in the United States Air Force to overseeing product security for one of the world's foremost brands."
Previously, Betz led security for Apple products and has held leadership roles in information security, security operations and response and security intelligence at Microsoft, CBS Corporation and the National Security Agency (NSA).
September 12, 2018: Michael Montoya named CISO at Digital Realty
Montoya is responsible for overseeing information security technology and programs and managing risks related to confidentiality, integrity and availability of systems and data at Digital Realty, a provider of data center, colocation and interconnection solutions. He reports to Executive Vice President, Operations Erich Sanchack.
"Michael brings a unique combination of operational and strategic expertise to his new role at Digital Realty and we're excited to welcome him to the team," said Sanchack in a press release. "Michael has extensive experience overseeing global, full-spectrum cybersecurity programs, including managing the demanding and complex requirements of hyperscale cloud providers. This experience will prove invaluable as he helps us to ensure our security resources are aligned to drive the success of our customers. "
Montoya has held a number of executive leadership roles in the technology and cloud industries. He most recently served as chief cybersecurity officer at Microsoft, where he led security initiatives and operations for the development and delivery of Microsoft cloud security products and services. Prior to Microsoft, Montoya served as vice president of cloud and managed services at FireEye, where he led cloud-security operations and redesigned the company's global data center infrastructure to improve performance and security. He has also held leadership positions at EMC Corporation, Avanade and INC.
September 5, 2018: Jeffrey Miller joins Kansas City Chiefs as VP of security
Miller will report directly to club President Mark Donovan and will be responsible for developing and managing all safety and security plans and programs for all facets of club operations, including facility security, event day safety, vendor-operated security and traffic procedures, as well as team security. He will also serve as the primary liaison between the club and the National Football League office with regards to all security matters.
“We are excited to add Jeff to our executive team in this new role, and we welcome his family to Chiefs Kingdom,” Chiefs President Mark Donovan said in a press release. “Enhancing the fan experience is a constant focus for us and safety and venue security play an important part. Jeff’s wealth of experience at the league level combined with international experience on the front lines of law enforcement will undoubtedly help shape safety and security for all fans and all events at Arrowhead Stadium.”
“It is a privilege to join one of the most prestigious and storied franchises in the history of the National Football League,” Miller said in a press release. “I am honored to become part of the executive leadership team assembled by Mr. Hunt and team President Mark Donovan. I look forward to working with everyone at the Chiefs as well as the tremendous fans that provide such great support to the club. My family and I are excited to become part of the community.”
Miller joins the Chiefs with decades of experience in both private security roles and public law enforcement service. In total, Miller spent eight years at the National Football League office in New York, serving first as director of strategic security programs and later as senior vice president and CSO. As CSO at the NFL, Miller led and supervised all aspects of security for the league.
Prior to joining the National Football League, Miller enjoyed a 24-year career in public service with the Pennsylvania State Police Department (1984-2008) across multiple bureaus, sections and divisions.
August 27, 2018: Gary Gagnon returns to MITRE as VP of cyber strategy and CSO
As vice president of cyber strategy, Gagnon is accountable for developing and leading cyber strategy and guiding its execution across MITRE’s work program. As CSO, Gagnon is responsible for MITRE's cybersecurity and physical security.
"As the challenges and opportunities in cybersecurity grow in complexity, MITRE’s leadership becomes more important to our nation, and I am pleased to welcome Gary back to The MITRE Corporation to direct our efforts," said MITRE President and CEO Jason Providakes in a press release. "Gary’s deep mission expertise and leadership working with industry, academia, and government are essential skills to deliver on MITRE’s mission to solve problems for a safer world."
Gagnon rejoins MITRE after most recently serving as vice president and CISO at Amazon. Before that he was at Inmarsat as senior vice president of global security and CISO. Gagnon worked at MITRE for 30 years in many leadership roles including CSO, vice president of the National Cybersecurity Federally Funded Research and Development Center, and senior vice president of intelligence programs.
August 21, 2018: Blink Health adds Kurt Sauer as CISO and member of its executive team
Sauer, who most recently served as vice president of trust and information security at Salesforce, brings 25 years of experience in information security to Blink, which offers a pharmacy app to make prescription drugs more affordable. That experience includes having served as the CSO of Skype from 2003 to 2008.
Sauer’s hiring rounds out Blink Health’s leadership team. The company recently appointed several other renowned executives with decades of combined leadership experience in the pharmaceutical and consumer e-commerce categories. These hirings were made as the company continues to invest in its technology platform and service expansion.
August 17, 2018: Matt Olsen named chief trust and security officer at Uber
In a company-wide email sent to employees, Uber Chief Legal Officer Tony West announced that Olsen would join the company as chief trust and security officer starting in mid-September. Olsen had already been working with Uber as an advisor to help assess the organizational structure and strategy of Uber’s security teams.
“Matt has an incredible background and is deeply respected across industries, having co-founded a cybersecurity firm and served as the director of the National Counterterrorism Center, the general counsel of the National Security Agency, and in leadership positions at the Department of Justice and the FBI,” said West in the email.
West noted the importance of adding the word “trust” to Olsen’s title. “As I’ve said before, earning and maintaining trust is an essential ingredient to our brand proposition, and it’s everybody’s job. That’s particularly true when it comes to handling our riders’ and customers’ data, and our success in that task is core to our Security team’s mission. Given Matt’s experience in and passion for strengthening the nexus between trust and security, I know he’ll make great contributions to our becoming one of our industry’s most trusted brands,” he said.
August 17, 2018: Hilltop Cybersecurity hires Pete Herzog as CISO
Herzog, a well-known white-hat hacker, is respected worldwide for his work with IBM’s Ethical Hacking team, in creating the Open Source Security Testing Methodology Manual (OSSTMM), and for creating Hacker Highschool, the world’s most popular cybersecurity and cyber-safety textbooks for teenagers. Hilltop Cybersecurity has long supported the latter two projects and has integrated OSSTMM research into its products with the help of Herzog.
A featured speaker at RSA annually, Herzog has won numerous awards for his contributions to the cybersecurity space both public and private. “We are privileged to both work with Pete and learn from his insight and experience,” said Hilltop CEO Corby Marshall in a press release. “The leadership of the company is thrilled that he believes enough in the technology and direction of the company’s products to join us in a more substantive full-time role.”
August 16, 2018: Twilio names Nils Puhlmann as chief trust and security officer
Puhlmann will become part of cloud communications platform providerTwilio's executive management team and will oversee the company's global trust and security programs.
"At Twilio, trust is the number one thing we sell, so being a leader in security, data protection, and compliance is paramount for the millions of developers who use Twilio to power mission critical business applications," said Jeff Lawson, Twilio co-founder and CEO, in a press release. "Nils is a 20-year security veteran with significant experience in diverse business environments with tremendous passion for building trust amongst our developer community, while keeping their data secure. We are thrilled to welcome him to the team."
The Twilio security framework is based on the ISO 27001 Information Security Standard. In addition to ISO 27001 certification, Twilio has also achieved SOC 2 attestation for Authy, and Twilio is self-certified to the EU-US Privacy Shield as well as the Swiss-US Privacy Shield Frameworks.
"At Twilio, we're committed to upholding the high standards of security and data protection, which are reflected in the investments we've made in these two mission-critical areas. After serving as an advisor for many years, I'm joining Twilio because security is a priority for the company," said Puhlmann in a press release. "I'm excited to continue to build our teams and capabilities to support our vision of becoming a leader in trusted communications."
Puhlmann has served as an advisor to Twilio since 2014. Previously, he served as the CTO of Endgame, and has held CSO positions at Zynga, Qualys, and Electronic Arts. He also co-founded the Cloud Security Alliance nonprofit organization, which promotes the use of best practices for security assurance within cloud computing.
August 9, 2018: Srikant Manda joins Blockchain company AlphaPoint as CISO
With a specialty in financial services, Manda brings 15 years of cybersecurity governance, architecture and operations experience. He has previously worked in cybersecurity operations with Citigroup and TD Bank. More recently, he led security architecture and engineering teams at Juniper Networks and Fortinet. Manda has a strong background in security strategy, governance, architecture, automation, machine learning, and product security.
“One of the reasons I am especially excited to join AlphaPoint is that it’s clear that the company already prioritizes security — internally as a company as well as for its customers. For example, their partnership with Intel offers a trusted security-focused solution backed by Intel's Software Guard Extensions (SGXs),” said Manda in a press release.
“There is a lot of scrutiny around hacks and lost funds on cryptocurrency exchanges, and we do not take this challenge lightly. We work every day to protect our clients and ensure the safety and security of our products and customers through multilayer cybersecurity, physical security, and operational best practices. Sri coming on board doubles down on our commitment to be a security first company,” said AlphaPoint co-founder and CTO Joe Ventura in a press release.
August 8, 2018: Cloud Computing Concepts welcomes Michael Scheidell as CISO
In addition to managing Cloud Computing Concept’s (C3’s) internal security and compliance activities, Scheidell will assist in the continued development of technology and communications services provider’s rapidly expanding portfolio of security products and services. New services immediately available to clients include on-site security consulting, managed network security, penetration testing, vulnerability assessments and security awareness training.
Respected throughout the security community, Scheidell is a Certified CISO, president of the South Florida Chapter of the Cloud Security Alliance, member of the FBI’s InfraGard, member of the US Secret Service Miami Electronic Crimes Task Force, and a senior member of the IEEE. His expertise in Security, Corporate Information Risk Management, and Privacy has been relied upon by multinational corporations, government agencies, critical infrastructure providers, and healthcare organizations.
“The security and privacy of our customers have always been a top priority for us,” said Rick Mancinelli, CEO of C3, in a press release. “It is an honor to have someone of Mr. Scheidell’s expertise and experience on board to lead our efforts in this area.”
“It is a pleasure to be working with C3, their partners and their clients,” said Scheidell in a press release. “With a threat landscape that continues to grow in both sophistication and frequency of attack, effective security practices are more important than ever.”
August 7, 2018: NERC promotes Bill Lawrence to VP and CSO
Lawrence will lead all of NERC’s security programs executed through the Electricity Information Sharing and Analysis Center (E-ISAC) operations, directing security risk assessments and mitigation initiatives to protect critical electricity infrastructure across North America. He will also lead coordination efforts with government agencies and stakeholders on cyber and physical security matters, including analysis, response and sharing of critical sector information.
“I am excited to have Bill in this role leading NERC’s security programs,” said NERC President and CEO Jim Robb in a press release. “Bill’s dedication to the security mission of the E-ISAC and his commitment to stakeholders factored heavily in our decision to name him as our top officer for the E-ISAC.”
Lawrence joined NERC in July 2012 and has held a variety of positions with the E-ISAC, including overseeing the development of NERC’s grid security exercise and grid security conference — GridEx and GridSecCon, respectively. Currently, Lawrence serves as senior director of the E-ISAC, leading the division in its mission to identify and mitigate cyber and physical security risks to the grid in North America.
“I am humbled to have this opportunity to make positive strides toward the security and resilience of the grid. Security across North America is a vital piece of our mission. The threats are real, dynamic and extremely significant,” Lawrence said in a press release. “The E-ISAC Long-Term Strategic Plan provides the framework to increasing the EISAC capability required to help stakeholders protect the grid. I look forward to leading that charge and working with our industry and government stakeholders toward that end.”
Prior to joining NERC, Lawrence was a pilot of F-14 Tomcats and F/A-18F Super Hornets for the U.S. Navy. He also served as the deputy director in the Character Development and Training Division at the U.S. Naval Academy, where he taught courses in Ethics and Cyber Security.
August 1, 2018: Ankura Names Gina Ciavarro CISO
Based in Washington D.C. and specializing in information security and governance, Ciavarro brings insights developed from a decade of counseling clients to her new role with this business advisory and expert services firm.
Previously, Ciavarro led Ankura's information security program development and compliance initiatives for one of the firm's largest clients. In that role, she developed tailored solutions that fortified and modernized the client's security systems to fulfill regulatory requirements. Ciavarro's adaptive approach to information security challenges enables her to seamlessly and collaboratively integrate across business functions to solve complex data protection issues.
"As a recognized expert in IT security, Gina is a perfect fit for the role of chief information security officer. She brings real-world security management experience and a consulting mindset to the role, which will allow her to approach issues from numerous perspectives and deliver valuable business and technology outcomes for Ankura and our clients," said Kevin Cheung, Ankura's CIO, in a press release.
Prior to joining Ankura, Ciavarro served as a principal consultant for Symantec, a leader in the data loss prevention and security services industry. During her career advising large, multi-national enterprises, Ciavarro has developed security strategies focusing on technology implementation and integration, business process, program design, and data governance.
"I am excited to work with Kevin and the Ankura leadership team to meet the challenges of my new role and build upon the efforts already underway to continuously evolve and maintain the firm's IT security infrastructure," said Ciavarro in a press release. "Security is clearly top of mind for all clients and as a trusted partner to them, we remain steadfast in our commitment to being a leader in information security and protection."
August 1, 2018: Arctic Wolf Networks hires Marty Sanders as chief security services officer
In this new role, Sanders will lead all aspects of the delivery of Arctic Wolf’s AWN CyberSOC, which provides a security operations center as a service. He will manage the security engineering teams’ customer interface and back-end analysis.
With more than 29 years of industry experience, Sanders has held positions ranging from chief technology officer for North America at Kaminario to technology and services team lead at Dell/Compellent.
“With his proven track record for developing and building service organizations known for their amazing customer experience, welcoming Marty to the team means providing the best for our current and future customers,” said Brian NeSmith, CEO and co-founder of Arctic Wolf Networks, in a press release. “We’re strategically building our team, capabilities and infrastructure to ensure we are providing the level of engagement our customers deserve, and the addition of a dedicated CSSO exemplifies this commitment.”
“As enterprises struggle with the troubling dichotomy between an increasing volume of cyber threats and the cybersecurity skills shortage, there is a critical need for outsourced cybersecurity services to support internal teams’ efforts,” Sanders said in a press release. “I’m excited to be a part of developing such a viable market solution, centered around customer service and affordability, to help enterprises of all sizes get the talent and security they need.”
July 19, 2018: Raj Badhwar named CISO at Voya Financial
Badhwar will be responsible for advancing the Voya information security strategy as well as defining associated policies and standards for achieving the strategy. He will lead a team accountable for developing, managing and maintaining the information security and protection policies and standards for all company computing, privacy and collection activities.
Badhwar and the team will expand Voya’s efforts to continually progress enterprise-wide information security capability to secure the privacy of proprietary, intellectual property, personal, privileged or otherwise sensitive company information. He will report directly to CIO Santhosh Keshavan.
"Raj brings to the role vast technical knowledge and deep leadership experience to help Voya advance our security vision and strategy in alignment with our business growth plans," said Keshavan in a press release. "His broad experience will be instrumental as we continue to safeguard the confidentiality, integrity, and availability of information assets and resources under the care of Voya."
Badhwar has more than 20 years of experience in cyber security engineering and operations. Most recently, he was global head of information security for AIG, where he led a security strategy centered on the protection and preservation of information assets.
"Voya understands the critical nature of information security in today’s business environment and has demonstrated a strong discipline for protecting customer and company data," noted Badhwar in a press release. "What's especially exciting to me is how Voya is strategically advancing its technology capabilities in sync with emerging technologies to uphold its commitment to their customers and shareholders."
July 18, 2018: Marc Rogers joins Okta as executive director of cybersecurity strategy
Formerly CSO at ScaleFT, which Okta recently acquired, Rogers has nearly 20 years of experience heading up security for Defcon Communications, one of the world’s largest hacker conferences. He brings his "eat, sleep and breathe security" ethos to his new role at Okta.
Prior to ScaleFT, Rogers was head of infosec for Cloudflare, CSO for AIAM in South Korea, and oversaw Threat Intelligence for Vodafone UK. His core expertise is as a whitehat hacker, investigating and uncovering security issues before communicating them to consumers and industry in a responsible way, such as with his hack of Apple’s TouchID, Google Glass or, most recently, his automotive hacks such as the Tesla Model S.
Among his more notable contributions to the security industry is his work in television. This includes helping to create and produce the award winning BBC series "The Real Hustle," and most recently as one of the technical advisors designing hacks for the USA Network TV show, “Mr. Robot.” Rogers is also head of security for DEF CON, the world’s largest hacker’s conference where he tries to stop 20,000 hackers from destroying a hotel.
July 18, 2018: DMDII appoints Koushik Subramanian as director for the National Center for Cybersecurity in Manufacturing
The Digital Manufacturing and Design Innovation Institute (DMDII) announced that Subramanian has been named director of the National Center for Cybersecurity in Manufacturing. DMDII launched the center in March with $750,000 in seed funding from the U.S. Department of Defense. In addition to Subramanian’s role as director of manufacturing cybersecurity for DMDII, he also will serve as CISO for UI Labs, DMDII’s parent organization, which is driving the digital future of manufacturing and cities.
As manufacturing begins to retrofit or build assembly lines with such software and sensors, the attack surface only expands. Thirty-five percent of all cyber-espionage attacks in the US are addressed at the manufacturing sector, the largest amount of any single sector, according to the 2017 Verizon data breach investigation report.
“The security of the American manufacturing supply chain is dependent on the practices of its individual manufacturers, the vast majority of which are smaller enterprises,” said Tracy Frost, director of Department of Defense Manufacturing Technologies, Office of the Secretary of Defense, Manufacturing and Industrial Base Policy. “The Center will lower the educational and cost barriers that the sector faces to increase readiness for cyber-attacks.”
Prior to DMDII, Subramanian, 33, was director of risk and compliance at Uptake Technologies. He led data privacy, risk, and information security initiatives in addition to helping secure newly procured technology.
“We are thrilled to welcome Koushik to the team to guide the National Center for Cybersecurity in Manufacturing as we ramp up our cybersecurity activities,” said Caralynn Collens, CEO of UI Labs, in a press release. “His experience in the industrial IoT space will be invaluable as we continue to address the unique security needs of the connected factory for defense manufacturers and other corporate partners.”
July 16, 2018: CVP names Andrew Onello Joins CVP as director of cybersecurity services
Onello brings years of experience in cybersecurity, having served as the CISO and the Deputy CISO of the Department of Homeland Security (DHS) U.S. Citizenship and Immigration Services (USCIS), and as the security assessment and penetration testing lead at the DHS Immigration and Customs Enforcement (ICE).
“Cybersecurity continues to be an increasingly critical element in client programs, and CVP has expanded its efforts to meet client needs with cutting-edge solutions,” said Anirudh Kulkarni, CVP CEO, in a press release. “Bringing in an executive with the expertise and experience of Andy Onello demonstrates our commitment to being the best in cybersecurity.”
“I’m excited and honored to join CVP,” said Onello in a press release. “The company has a great executive team, highly talented technologists, impressive growth, and a commitment to continue their leadership in the cybersecurity market.”
July 11, 2018: F5 names Mary Gardner as CISO
Gardner is responsible for F5 Network’s corporate-wide information security management efforts, along with strategic planning, governance and controls. This includes identifying, evaluating, and reporting on F5’s overall security performance and posture in alignment with regulatory requirements and evolving industry best practices.
Gardner will also provide strategic input to product development and other teams with respect to F5’s current security offerings and technology roadmap, as well as the company’s broader cybersecurity and threat research efforts.
“Security is top of mind for any organization, and having a sharp, adaptable leader in place is essential,” said Tony Bozzuti, CIO and SVP of information technology at F5, in a press release. “Mary’s impressive career to date and knowledge of application security are a testament to the skills, aptitude, and authority she brings to the table. Her perspective will be a valuable asset as F5 expands its security and technology efforts to better support today’s multi-cloud environments and modern enterprises’ digital transformation efforts.”
Gardner joins F5 from Seattle Children’s, where she served as CISO. She has also held security leadership positions at Fred Hutchinson Cancer Research Center, Port of Seattle, JPMorgan Chase, and Washington Mutual. Gardner holds a B.S. from Trinity University. She is also a Certified Information Systems Security Professional (CISSP) and member of the Executive Women’s Forum.
July 9, 2018: Intel hires Window Snyder as chief software security officer
As chief software security officer, vice president and general manager of the Intel Platform Security Division, Snyder will be responsible for Intel’s security product roadmap across all segments. She will work with business group within the company to ensure their objectives are met.
Snyder will engage with the security industry drive partnerships with the operating system and security ecosystem to better understand the growing complexity of attacks, gain insight as to how Intel might differentiate its security capabilities, and take a more customer-centric route to market.
Snyder was most recently CSO for Fastly. Before that, she spent more than five years at Apple working on security and privacy strategy. She was also a founding member at Matasano and a senior security strategist at Microsoft.
“I am looking forward to Window leveraging her experience in the community and bringing further valuable industry insight into Intel’s hardware-enabled security solutions,” said Doug Fisher, senior vice president and general manager of the Software and Services Group for Intel Corporation, in a blog post.
June 21, 2018: Sovos promotes John Strasser to CSO
Strasser had led Sovos’s security practice for more than five years at the global tax software company. As CSO he is responsible for information security, compliance, data privacy and global networking. Strasser’s promotion was one of several management appointments that were part of an initiative to advance Sovos’ cloud platform, S1, which the company announced earlier this month. The S1 platform was built to help businesses deploy tax solutions anywhere they need them and with any infrastructure strategy through a single, API-enabled platform.
“Tax software used to be something you bought, installed and almost forgot about, but that’s not the case anymore. In our customers’ business models, they now need modern, connected technology backed by proactive support from people that know how to make the most of it,’” said Laura Handler, head of customer success, in a press release. “Our customer success team was built to take tax software to the next level so our customers are prepared not just for today, but for what comes next.”
June 20, 2018: Alan Daines is FactSet’s new CISO
Daines will oversee the security organization at FactSet, and analytics, content, and services company. "We are excited to have Alan join FactSet and bring his extensive leadership and expertise to further enhance our cybersecurity program," said Cindy Finkelman, CIO at FactSet, in a press release. "FactSet has been a trusted partner to our clients worldwide for nearly 40 years, and the addition of Alan to our team exemplifies our commitment to building on that strength."
Daines joins FactSet from Dell Technologies, where he was the CISO and responsible for leading Dell's global cybersecurity organization. During that time, his team helped secure Dell products, protect the enterprise environment, manage cyber risk, and maintain compliance. Most recently, he was responsible for bringing together Dell and EMC's security organizations as part of the largest technology acquisition in history. Daines has more than 20 years of experience in information technology security and infrastructure roles.
June 11, 2018: Matt Stamper named CISO and executive advisor at Evotek
Stamper will guide digital enablement solutions provider Evotek's clients as they develop and mature their cybersecurity programs to address digital risks. Prior to joining Evotek, Stamper was a research director in Gartner's Security and Risk Management practice where he covered security program design, security incident response, security governance, privacy, breach and attack simulation, and security standards and frameworks. Earlier, Stamper was the CISO for U.S. operations and vice president of services at KIO Networks (formerly redIT), an international managed services provider.
"Cybersecurity has become a top priority for organizations around the globe," said Jeff Klenner, president of Evotek, in a press release. "With Matt's practical experience as a security leader and his time with Gartner as a research director, he has the perfect combination of practice and knowledge to address the most critical security threats our customers face."
Stamper is co-author of the CISO Desk Reference Guide (Volumes 1 and 2) and serves on the board of a number of high-profile organizations including the San Diego chapter of ISACA, the communications sector for the San Diego chapter of InfraGard, and the San Diego Cyber Center of Excellence (CCOE). He is also a member of the San Diego CISO Round Table.
June 6, 2018: BitGo hires Tom Pageler as CSO
Pageler will lead the security team at BitGo, which builds security systems for digital currencies. He will be responsible for security governance and risk management, information security and operations, compliance, and physical security.
“We serve an institutional market that requires stringent security policies and best practices, and we are taking our security posture to an even higher level. To lead this effort, we are excited to announce that Tom Pageler has joined as the Chief Security Officer (CSO) at BitGo,” said BitGo CEO Mike Belshe in a blog post.
Prior to BitGo, Pageler was CSO and chief risk officer (CRO) at Neustart. He has also served as CISO and CRO at DocuSign. Pageler has also had security roles at JPMorgan Chase and Visa.
June 6, 2018: CNA names Garrett Williams as senior vice president and chief compliance officer
Williams is responsible for the overall strategic leadership and direction of CNA's Enterprise Compliance Group. He reports to Scott Weber, executive vice president and general counsel. Williams joined CNA from State Farm, where most recently he served as leader of State Farm's Enterprise Compliance and Ethics department, AML/OFAC officer, and chief privacy officer. There, he was responsible for partnering with State Farm's CISO to establish comprehensive information security and privacy governance.
"Garrett's industry experience, compliance expertise, and strong ethical perspective will strengthen CNA's compliance programs and ensure that CNA maintains a proactive and comprehensive approach to compliance," Weber said in a press release.
June 5, 2018: Red Clay hires Michael Pearson as CISO
Pearson will oversee Red Clay’s new suite of security solutions - SecureGrid, SecureH2O and SecureGas – to assist electric, water and gas utilities in assessing critical vulnerabilities within their advanced metering infrastructure systems.
Williams has over 25 years of experience in internet technology companies, including roles in product management, business development, marketing and executive leadership. He has extensive experience in multiple information security engineering disciplines including corporate information security leadership and management, measuring and improving organizational productivity, risk assessment, process re-engineering, application and platform controls, cryptography, and network and physical protection. Williams holds patents for the first intrusion prevention service and is a Certified Information Systems Security Professional and a Certified Ethical Hacker.
“We’re thrilled to have Mr. Pearson at the helm of this important new offering,” said Michael Cocroft, Red Clay’s chief strategy officer, in a press release. “Ensuring the security of critical infrastructure requires a proactive, informed approach. We believe Michael Pearson is just the right person to help utilities achieve the level of information security that is now an absolute necessity.”
May 25, 2018: Oakland County, Michigan, names Bridget Kravchenko as its first woman CISO
Bridget has impressive qualifications,” Oakland County Executive L. Brooks Patterson said in a press release. “We’re looking forward to utilizing her expertise to boost Oakland County’s information security.”
Previously, Kravchenko was the CISO at Federal-Mogul Motorparts, where she led the team responsible for strategic security planning, policy, and procedure. Prior to that, she was the CISO at Meridian Health Plan. She is the chairperson of Michigan InfraGard, a public-private partnership with the FBI dedicated to the protection of the United States and its citizens, critical infrastructure and key resources. She also attended FBI CISO Academy in Quantico, Virginia.
“I’m inspired to serve in the public sector under the leadership of County Executive Patterson and CIO Phil Bertolini,” Kravchenko said in a press release. “Oakland County has a national reputation as a technology leader which is what attracted me to this role.”
“Information security is one of our highest priorities in the county and we have worked hard to protect the assets with which we are entrusted,” Bertolini said in a press release. “Bridget is highly respected and brings a wealth of industry experience which will help Oakland County continue to be a leader in this area.”
May 18, 2018: BioConnect hires Courtney Gibson as CTO/CISO
Gibson, the former CISO at OANDA Corporation joins the executive team at this developer of biometric solutions. He will report to CEO and Chairman Rob Douglas. “Courtney is joining our executive team at the right time. We are experiencing significant demand and scale for the BioConnect platform,” said Douglas in a press release. “His expertise in cybersecurity, highly regulated environments, building out large-scale financial systems and his deep technical leadership make him a strong fit. Under Courtney’s leadership, we will be able to significantly expand our engineering team while staying true to our commitment to data privacy, strong biometric authentication and delivering on large-scale activations for our customers and partners.”
“I have long believed that, as an industry, we need to be doing much more to help people secure their everyday lives,” said Gibson in a press release. “BioConnect has the technology, people and vision to transform how we manage identity and the risks of fraud and theft. I am very excited to join the BioConnect team, and to help contribute to that journey.”
At OANDA, Gibson helped grow the team from a 15-person startup to a 300-person global company processing up to $10 billion a day in global currency transactions. Courtney was also responsible for for the development of both API and web-based products for OANDA’s data and analytics business (B2B, SaaS).
May 15, 2018: Andy Sobotta joins Bridgestone Americas as CISO
Sobotta will be based in Nashville and will report to CIO Stefano Mezzabotta with dotted-line reporting to Chris Karbowiak, chief administrative officer, chief risk officer and executive vice President, Bridgestone Americas. He will oversee the protection of the company's IT assets, ensuring robust IT security architecture, operations and compliance throughout the Americas.
"In today's globally connected society, cybersecurity is more critical than ever," said Mezzabotta in a press release. "We are thrilled to have Andy join Bridgestone to lead our information security team in the Americas. His expertise and leadership will help ensure we have the right cybersecurity strategy and the right standards in place that are necessary to prevent and mitigate risks."
Sobotta has more than 20 years of experience as an information security executive, including nearly 10 years in the automotive industry. He most recently served as CISO at Sensata Technologies, Inc., after four years as associate executive director of global information security with Procter & Gamble. Sobotta also served as CISO for Elavon/US Bank and for Volkswagen of America.
May 15, 2018: Nicole Fellouris names CISO at 360Civic
Fellouris joins 360Civic, a provider of web development and technology services to public sector entities, on a retainer basis from Elite Development Group, where she was CEO. “Nicole has more than two decades of cybersecurity experience in both the public and private sector. We are delighted to welcome her to 360Civic,” said 360Civic COO Elizabeth Zayas in a press release.
Fellouris founded Elite Development Group, which was directly responsible for remediation of more than 100 cybersecurity incidents and breaches. Her accomplishments and contributions to the cybersecurity community were recognized by both federal law enforcement and intelligence agencies, resulting in a board member appointment to the Los Angeles division of Infragard, inclusion in the Secret Service’s Electronic Crimes Task Force, think tank participation specific to IT security-centric compliance frameworks, and appointment as a subject matter expert in cybersecurity and cyber warfare.
In addition to achieving PhDc status in clinical neuroscience, Nicole is a graduate of both the FBI and ATF Citizen’s Academies and the FBI’s Infrastructure Liaison Officer (ILO) program, specializing in cyber counter intelligence operations and asymmetric warfare.
May 10, 2018: WeWork hires former White House CISO Cory Louie
Louie becomes the first CSO for fast-growing global workspace provider WeWork. He will focus on both the safety of WeWork’s physical spaces as well as the security and privacy of our members' and employees' information.
"At WeWork, we have always taken security very seriously. However, as we grow and begin serving an increasing number of enterprise members, our trust, safety and security mission becomes more complex," said Shiva Rajaraman, WeWork CTO, in a statement. "We are fully committed to meeting and exceeding the expectations of all our members. We already have a strong security foundation that we have built over the past eight years. Now, under Cory’s leadership, we will be enhancing our overall security maturity and building a world-class security team that positions us at the forefront of security innovation."
Cory has over 17 years of experience protecting information and building security organizations across government, non-profit, technology and law enforcement. His distinguished career includes time at the The White House, Planned Parenthood, Dropbox, Google, and the U.S. Secret Service where he oversaw everything from cyber to physical security.
May 10, 2018: Nicko van Someren joins nanopay’s executive team as CSO
Formerly a member of the advisory board for this real-time payment platform provider van Someren is expected to ensure nanopay’s products and services are secure in their design, implementation and operation. He will also work with the product and marketing teams of nanopay to carry the message of the company’s security to a wide variety of audiences including customers, users, partners, investors and regulators.
“I am excited to be joining nanopay and to help it transform the way that payments are processed,” said van Someren in a press release. “Cryptographic security has always been at the core of what nanopay does, and as CSO, I shall be working to ensure that key principles of security and trust lie at the heart of everything we do going forward.”
Van Someren joins the team with more than 25 years of experience in technology leadership roles. Most recently, he worked with the Linux Foundation, a non-profit dedicated to supporting major open source software projects, as the CTO and executive director of the Core Infrastructure Initiative, a program to systematically improve the security of open source projects in general and with a particular focus on those foundational projects on which the modern IT world is built.
Prior to the Linux Foundation, van Someren served as the founder and CTO of the world's leading cryptographic hardware security module company, nCipher Plc, until its acquisition by Thales eSecurity in 2008; the CTO of mobile security company Good Technology Inc., which was acquired by Blackberry in 2015; the chief security architect of the global networking company Juniper Network; and the founder and CTO of embedded networking company ANT Plc.
“Nicko’s been advising us since the beginning of nanopay. His proven track record and strategic vision on security are a perfect fit for the company and align well with the direction of nanopay,” said Laurence Cooke, founder and CEO of nanopay, in a press release. “With the addition of Nicko to our team, our products will set a new standard for secure, frictionless payments.”
May 1, 2018: Atrion’s new CISO is Richard Moore III
Moore is expected to expand upon Atrion’s service offerings with concepts like vCISO the virtual chief information security officer (vCISO). He brings over 25 years of experience in designing, leading, and maintaining the implementation and assurance frameworks for organizational information to this full-service information security and technology consulting firm. He has 15 years of military service with the U.S. Marine Corps intelligence community, concluding his military service as regimental intelligence chief.
In the private sector, Moore ascended to security leadership roles within KPMG and the Royal Bank of Scotland – Citizens Bank, leading the regulatory and data protection programs. Prior to joining Atrion, Richard Moore served as CISO at New York Life Insurance Company and managing director at Alvarez & Marsal.
April 30, 2018: Tracy Reinhold named CSO at Everbridge
Reinhold will be responsible for advancing enterprise-level security strategy at Everbridge, which provides event management and enterprise safety software applications. He will also work closely with customers and partners to optimize their organizational approach to managing and responding to critical events. This newly created role will report to CEO Jaime Ellertson.
Previously, Reinhold has served in executive leadership roles in security and incident management for some of the world’s largest brands. As CSO at Fannie Mae, he was responsible for designing and managing the company’s enterprise resilience strategy. He established a robust enterprise response model that enabled senior leaders to respond to security and business disruptions in an efficient and consistent manner. Prior to Fannie Mae, Reinhold served as vice president of global investigations at Walmart, and before his commercial roles in security, Reinhold served as a special agent with the Federal Bureau of Investigation for 22 years.
“The role of CSO continues to evolve in complexity as well as in terms of its importance to the creation of business value,” said Ellertson in a press release. “Tracy has demonstrated an impressive track record in helping Fortune 500 businesses bridge the gap between security and risk to maximize the operational response to critical events. We are excited to add Tracy’s deep insight and expertise in helping customers address today’s wide-ranging security challenges.”
“Everbridge is the gold standard for how enterprises deliver organizational resilience on an unprecedented scale,” said Reinhold in a press release. “I look forward to working alongside Everbridge’s talented leadership team in helping to expand the reach and impact of the company’s global Critical Event Management platform and solutions.”
April 25, 2018: CISO Guy Flechter adds data protection officer title to his role at AppsFlyer
By taking on the DPO role along with his CISO duties, Flechter will help AppsFlyer, a provider of mobile attribution and marketing analytics, meet its commitment to high standards of data security and privacy. He will lead an expanded data security team that will enforce data protection laws and practices for ongoing diligent compliance with the requirements of European Union (EU) General Data Protection Regulation (GDPR), and relevant data protection laws and regulations across AppsFlyer’s solutions and teams.
Flechter has more than 15 years of experience in information security and data privacy. Previously, he served as information security team lead at LivePerson, where he kept the organization aligned with the most up-to-date and relevant industry standards, as well as spearheaded the security operations team.
“We put clients’ needs at the center of everything we do, and, as a data processor under the new GDPR guidelines, we will assist them in every way possible to become compliant by the time enforcement begins,” said Oren Kaniel, CEO and co-founder of AppsFlyer, in a press release. “Guy will continue to lead our information security efforts and assist our clients with understanding the role we play as data processor, help implement best practices under the new GDPR guidelines, as well as lead AppsFlyer’s GDPR compliance moving forward.”
“I have been protecting data and privacy, which I view as a fundamental human right, for over 15 years,” said Flechter in a press release. “As both an information security officer, and as an end user who values privacy protection, I expect GDPR to benefit both businesses and consumers, providing more transparency and enhancing trust across our industry.”
April 24, 2018: Charles Wilson promoted to CSO at Rock Family of Companies and Bedrock
Wilson will oversee all aspects of security operations throughout the entire enterprise, ensuring a safe and secure working environment for the more than 30,000 Rock Family team members in Detroit, Cleveland and across the country. He will also lead the relationship and partnership development with local law enforcement, allowing a real-time contribution of data and services in the communities where the companies are located.
"We took a very deliberate approach to finding the right leader for security operations, conducting a nationwide search," said Jay Farner, Quicken Loans CEO, in a press release. "No matter who we spoke with, or where we looked, Charles' name and skill set always stood out, and he was already leading the security apparatus at Greektown Casino-Hotel, which will make his transition seamless. His strong background and experience makes him the perfect match for this dynamic and important position, and the fact that he is a native Detroiter is another tremendous plus."
In addition to most recently serving as the vice president of support services at Greektown Casino-Hotel for the last four years, Wilson served 20 years in the Detroit Police Department (DPD). There, he was a direct liaison to the business community, fostering a positive working relationship between DPD and local businesses.
"I am inspired by the new challenge before me and look forward to working alongside all of the talented men and women of the security team and the entire Rock Family of Companies," Wilson said in a press release. "I have dedicated my career to Detroit, and it is an honor and privilege to be part of an organization so actively involved in the community. The Rock Family of Companies has hired thousands of Detroiters, breathed new life into historic buildings and committed its significant resources to both the rebirth of downtown and Detroit's neighborhoods. I am proud to be leading the organization's focus on safety as a key pillar of its overall mission."
April 19, 2018: Popular promotes Betina Castellví to CSO
Castellvi will lead the newly created Corporate Security Group, led by Betina Castellví as the Chief Security Officer at Popular, a bank that serves Puerto Rico, the Caribbean, and Latin America. This new group will consolidate all corporate efforts related to cyber security and enterprise fraud. Castellví will be a member of the senior management team and will report directly to Ignacio Alvarez, president and CEO of Popular.
“Security is a top priority for Popular. We continue to invest considerable resources to ensure that we protect our customers’ information and our corporation in this rapidly-changing environment. We are confident that the creation of this group will further increase awareness of this important matter and facilitate collaboration across the organization,” said Alvarez in a press release.
Castellví’s career at Popular, which spans over 20 years, includes leadership roles in several areas, such as financial, operational and market risk, and most recently, the position of general auditor, which she assumed in 2012. Castellví, a Certified Public Accountant and lawyer, earned a Bachelor's Degree in accounting from the Wharton School of the University of Pennsylvania and a law degree from the University of Puerto Rico.
April 13, 2018: BYU names Tracy Flinders as CISO
Flinders will establish and oversee a cybersecurity program for the university that covers communications, applications and infrastructure.
“Our campus systems and information are constantly being attacked and must be protected, but we must also accomplish our university mission and get our work done,” said Kelly Flanagan, BYU's vice president of IT and CIO, in a press release. “The proper balance of these two efforts is critical, and Tracy is just the right person to provide it. Tracy is an experienced leader and manager who doesn’t panic or overreact during difficult moments. He will provide leadership that will put BYU on a firm IT security foundation, but will also safely guide the campus community through inevitable security incidents.”
Flinders is a seasoned executive leader with 28 years in the IT industry. He most recently worked as a managing director of BYU OIT’s Business Support organization.
April 18, 2018: Dr. Sam Small named CSO at ZeroFOX
Dr. Small will work with social media security provider ZeroFOX’s enterprise customer portfolio to develop, execute and maintain strategies that address the security threats intertwined with social media platforms. As one of the country’s foremost experts on intellectual property (IP), Dr. Small will continue to invest, build upon and protect ZeroFOX’s proprietary platform and continued growth.
“The social media landscape has never been more vulnerable, and ZeroFOX is leading the global charge to ensure security is top of mind when it comes to interacting with these platforms,” said James C. Foster, CEO of ZeroFOX, in a press release. “As we enter our next phase of growth, Sam will help us drive security both internally at ZeroFOX and for our customers.”
At ZeroFOX, Dr. Small will drive ZeroFOX’s security vision both internally and externally for customers. He will work directly with customers at the CXO level to deliver the company's services and technology as well as infusing the ZeroFOX Platform with his expertise. Finally, Dr. Small will help oversee all ZeroFOX’s IP and internal security operations.
“ZeroFOX’s team is committed to delivering the people, technology and processes that will keep our customers secure on social media,” said Dr. Small in a press release. “They’ve architected a scalable platform to solve enterprise social media and digital security challenges both now and in the future, and I look forward to being part of this forward-thinking team.”
Prior to being named CSO, Dr. Small served on ZeroFOX’s board of advisors. He was also the CEO and founder of Fast Orientation, an enterprise security software startup. Additionally, after earning his doctorate in computer science from Johns Hopkins University, he led an academic security research lab and launched two security startups.
April 16, 2018: Myrna Soto leaves CISO role to join ForgePoint Capital as a partner
Soto will be a member of the investment team at ForgePoint (formerly Trident Capital Cybersecurity), a venture capital firm focused on the cybersecurity industry. The ForgePoint investment team and will help identify investment opportunities; advise portfolio companies; participate in due diligence activities; organize the CISO, CIO, and CTO community; and refine the firm’s investment strategy.
“I have had the honor to serve as an advisory board member to a number of startups, growth-stage companies and large technology solution providers. My work identifying core technologies for security innovation and being a design partner in that regard has always been very gratifying,” Soto tells CSO. “Now I will have the opportunity to do this at a much deeper scale.”
“Myrna is a tremendous addition to our team given her demonstrated success managing global cybersecurity and technology risk programs at leading Fortune 500 companies,” said J. Alberto Yepez, Co-founder and managing director at TCC, in a press release. “Her broad industry insights, business acumen and experience serving in public company boards will bring invaluable perspective to our investment activities and to the growth of our portfolio companies. Myrna is a champion of diversity and has been recognized multiple times as one of the most powerful women in cybersecurity and most powerful Latinas in business.”
As a former CISO, Soto expects to apply her operational and strategic experience to help startups develop go-to-market strategies, position product, provide implementation guidance, and advise on how best to have their product or service embraced by security leaders. “Identifying innovated technologies and products that will lead us to the next generation of core security technologies is all the enticement I need [to join ForgePoint],” says Soto. “I am thrilled to be named a partner in the firm and to be the first female partner in the firm’s history.”
Soto was previously senior VP and global CISO of Comcast Corp., which she joined in 2009. “When I started at Comcast, we were extremely federated in our approach to security. Rationalizing security investments, maturing operational processes, and maturing a very strong and effective security program across the enterprise is something I am very proud of,” says Soto. “I am also very proud of the teams and leadership we developed and who will lead the company into the next stage of continuous improvement.”
Leaving that team of practitioners and business people is one regret that Soto has leaving the CISO role. “I will also miss the diverse set of businesses Comcast represents. Comcast was an extremely exciting place to be at. However, I am certain I am replacing it with another incredible vertical that will foster and develop the next generation of innovative security solutions,” says Soto.
She has a total of 25 years of information security and technology leadership experience at American Express, Royal Caribbean Cruise Lines, Kemper Insurance and MGM Resorts. Soto was also recently named to Fortune magazine’s “50 Most Powerful Latinas in Business“ for the second consecutive year and has been recognized by SC Magazine among the “Top 10 Power Players for Women in Security” and among the Top 100 Technology Executives by the Hispanic IT Executive Council.
April 16, 2018: Unisys hires Mathew Newfield as CISO
Newfield will lead the Unisys corporate information security team, which is responsible for the design, development and implementation of the company's corporate information security and risk program across all regions and functions. That includes the company's two go-to-market organizations, Enterprise Solutions and Unisys Federal. He reports to Eric Hutto, senior vice president and president, Enterprise Solutions, Unisys.
Prior to joining Unisys, Newfield served as director of global managed security services (MSS) for IBM as well as the business information security officer within IBM's security organization. In that role, he was responsible for the delivery of services in 133 countries and managing a staff of 1,500 security professionals. Newfield also has previously held security leadership roles with Cybertrust, RSA and DDC Advocacy.
Newfield has published books on security and has been an instructor with the SANS Institute, a security research and education organization. He has been a frequent presenter around the world on cyber topics and worked closely with many global organizations to improve their security.
"Matt's experience working as a global leader at some of the world's most prominent security and technology companies will help Unisys to continue our momentum as a company focused on leading-edge security," said Hutto in a press release. "He brings an enormous array of skills and knowledge in both internal and client-facing roles. Unisys will leverage this experience in protecting both client information assets and our own."
April 16, 2018: Former DEFCON security head Marc Rogers Joins ScaleFT as CSO
Rogers brings over 20 years of security industry expertise to zero-trust security company ScaleFT. He has held the role of head of security for DEFCON, the world’s longest-running hacker conference, since 1999. Most recently, Rogers served as head of information security at CloudFlare, Inc., responsible for the global security of the compliance, product security, infrastructure security, and threat intelligence teams. He brings deep technical expertise to the ScaleFT mission of helping companies achieve their own BeyondCorp-inspired zero-trust security architectures.
“Marc has been incredibly valuable as an advisor and community advocate, and we are extremely excited to welcome him to ScaleFT,” said Jason Luce, CEO and co-founder of ScaleFT, in a press release. “We share the same vision for security as a significant business enabler, with zero trust as the right model, and we look forward to his contributions to our fast-growing company.”
Rogers has been a prominent figure in the information security field for decades, where he is best known for his whitehat hacking including Google Glass, Apple’s TouchID and most recently The Tesla Model S sports car. He has served on industry steering groups that include the Microsoft CISO council and the GSMA Security Group. He has also advised several TV networks including BBC, where he appeared on and advised the series, “The Real Hustle”, and most recently USA Network’s MR Robot where he designed hacks such as the Femtocell used for the finale in Season 2.
“I have been incredibly impressed with how ScaleFT has brought the core principles of BeyondCorp to the market in such a positive and meaningful manner,” said Rogers in a press release. “It’s my strong belief that security should be seen as a business enabler, never a blocker, and ScaleFT is the company to bring that confidence to organizations of all size through its Zero Trust platform.”
April 12, 2018: Justin Calmus appointed CSO at OneLogin
With deep experience across enterprise information security in CIO and CSO roles, Calmus will architect and lead unified access management provider OneLogin’s risk management, security and compliance efforts. He will drive security and compliance requirements for some of the most demanding computing environments for companies such as AAA, Airbus, Citizen, and Tesco.
Before joining OneLogin, Calmus served as VP of hacker success at HackerOne, the leading bug bounty platform, where he was responsible for representing and cultivating HackerOne’s community of more than 100,000 hackers. Prior to his tenure there, he served as CIO and CSO at Zenefits, was director of enterprise security at Salesforce, and manager of security engineering at LinkedIn.
“Security is paramount as digital transformation empowers businesses with enhanced efficiency and business agility,” said OneLogin CEO Brad Brooks in a press release. “Justin has a unique blend of experience and expertise, and I am delighted to have him leading our efforts.”
“OneLogin is at an exciting stage of its growth from both a business and a technology perspective as it pioneers the new unified access management category,” said Calmus in a press release. “I’m thrilled to be joining the executive team to lead security and compliance efforts as the company moves its vision forward.”
April 10, 2018: Michael Ngo joins ORock Technologies’ executive team as CSO
Ngo is responsible for ensuring the security and compliance of ORock’s infrastructure as a service (IaaS) and cloud service offerings. He recently completed his 28-year military career as a colonel with the US Army, where he directed worldwide network operations and cyber defense for large-scale organizations of over 7 million systems, on 15,000 separate networks, across various security domains.
Prior to joining ORock, Ngo served as COO, Joint Force Headquarters Department of Defense Information Networks (JFHQ-DODIN). He was responsible for command and control of defensive cyberspace activities focusing on unity of command and unity of effort within the DoD to secure, operate, and defend DoD Networks.
“Mike’s deep experience overseeing and protecting critical DoD networks made him the ideal candidate to ensure the security and compliance of ORock solutions,” said Gregory Hrncir, co-founder and CEO of ORock. “We’re excited about the addition of another distinguished military leader to our team of senior executives and advisors.”
Ngo holds a Master of Science in Information Technology Management from the Naval Postgraduate School and graduated as a ROTC Distinguished Military Graduate with a degree in computer science from Millersville University.
April 5, 2018: Matt Palmer leaves CISO role to direct new risk tool at Willis Towers Watson
Palmer oversee the Cyber Risk Profile Diagnostic (CRPD) tool and its development for global advisory, broking, and solutions company Willis Towers Watson. Previously the company’s CISO, he now becomes its
Anthony Dagostino, global head of cyber risk for Willis Towers Watson, said in a press release: “Matt’s excellent track record as CISO and deep knowledge of cyber risk, technology and regulation will be invaluable in supporting our global clients with their own information security programs and leading our innovative new CRDP tool.”
“The benefits of deploying the CRPD tool are numerous and go beyond the structured approach to risk evaluation and control planning,” said Palmer in a press release. “Ensuring that resources are allocated efficiently for any risk mitigation activities allows companies to improve stakeholder confidence while minimizing the brand and reputational impact in the occurrence of a breach, and also help companies to solve the complex issues around cyber resiliency”.
April 4, 2018: Marzena Fuller named CSO at SignalFx
Fuller joina SignalFx to support the company’s rapidly expanding customer base, strong revenue growth, new partnerships, integrations, and geographic expansion. “We’re at an inflection point as more enterprises are embracing digital transformation and turning to SignalFx as their strategic partner for monitoring their cloud environments in real-time. We’re thrilled to welcome Marzena ... to the team that will take SignalFx to the next level,” said Karthik Rau, co-founder and CEO of SignalFx, in a press release.
Fuller will lead SignalFx’s security operations, helping the company maintain the highest level of security standards for SignalFx and its enterprise customers. She has extensive experience building security, risk, and compliance programs at big data and machine learning companies, and bringing a customer-oriented approach to information security. Fuller was previously senior director security at Databricks where she was responsible for developing and implementing the company’s security and compliance strategy. Prior to Databricks, she worked as director, security sompliance at Sumo Logic, overseeing the organization’s security, compliance, privacy, risk and data protection programs.
“SignalFx understands that enterprises need to be able to trust their providers with confidential data and assets, so the company takes its stewardship of client data very seriously,” said Fuller in a press release. “I’m excited to help our customers and the SignalFx team standardize and scale best-in-class security practices.”
April 2, 2018: Jesus “Laz” Montano becomes head of enterprise information risk management and CISO for MassMutual
A long-time information technology executive, Montano– Underscoring the importance it places on comprehensive, robust information security and risk management capabilities, Massachusetts Mutual Life Insurance Company (MassMutual) today named long-time information technology executive Jesus “Laz” Montano as Head of Enterprise Information Risk Management (EIRM) and Chief Information Security Officer. Montano reports to Mark Roellig, MassMutual’s Chief Technology and Administration Officer.
Montano will work closely with the executive leadership team at Massachusetts Mutual Life Insurance Company’s (MassMutual). He will direct a holistic risk management approach across the company, including managing operational and cyber security risks, ensuring all regulatory and compliance requirements are met, and overseeing the safeguarding of MassMutual’s information assets. Montano reports to Mark Roellig, MassMutual’s chief technology and administration officer.
“Laz brings to MassMutual both demonstrated expertise and a deep business insight, built on nearly 30 years of technology and cyber security experience, and we look forward to his contributions as part of our unwavering commitment to best-in-class EIRM practices,” said Roellig in a press release. “Importantly, Laz is also a tremendous advocate of fostering diversity and inclusion, a basic tenet of our organization.”
“Joining MassMutual is a great honor, and I am very excited to be part of an organization that feeds the very passion that has been at the center of most of my career – which is safeguarding customer’s information and empowering those around me to do the same,” said Montano in a press release.
Montano joins MassMutual from Voya Financial, where he served as CISO for the past four years, responsible for providing leadership, management and strategy for all aspects of the company’s technology risk and information security. Montano has also held technology security leadership roles at OpenSky, MetLife, The Travelers Companies and Lucent Technologies.
March 29, 2018: Marcura hires Richard Bell as its external data protection officer
In anticipation of the EU’s General Data Protection Regulations, which go into effect in May, The Marcura Group, a Dubai-based group of companies focused on providing innovative business solutions to the maritime industry, appointed TenIntelligence Limited's Richard Bell as its external data protection officer (DPO).
Bell will serve as an independent consultant for the entire Group on matters related to GDPR compliance. He currently heads the TenIntelligence Security & Privacy practice, advising companies located in Europe, Middle East, and US on physical and cyber security matters. He served as the CISO and head of cyber security operations & investigations for Transport for London (TfL). He works regularly with the National Cyber Security Centre (NCSC), National Crime Agency (NCA) and the Information Commissioner's Office (ICO). He is a Fellow of The Security Institute and a Member of the Association of Security Consultants.
"Marcura has always endeavored to hold itself up to the highest standards of compliance for the benefit of its customers, and this is no different when it comes to meeting its obligations under the GDPR. The GDPR is considered to be the most stringent data protection law in the world, and with its upcoming implementation, the Group has now taken the necessary steps and initiated various measures to comply with it,” said Felix J. Antero, general counsel and chief compliance officer of the Group in a press release.
March 26, 2018: Troels Oerting will lead World Economic Forum’s new Global Centre for Cybersecurity
Oerting is joining the Forum from Barclays where he was Group CSO and Group CISO. Before that, he was at Europol where he held several roles including head of Europol’s Counter Terrorist and Financial Intelligence Centre and notably, head of the European Cybercrime Centre. He began his career in law enforcement and held multiple senior roles within the Danish National Police including Director, Serious Organized Crime Agency and Director of Operations, Danish Security Intelligence Service.
“The Global Centre for Cybersecurity is the first global platform to tackle today’s cyber risks across industries, sectors and in close collaboration with the public sector. I’m glad that we have found a proven leader in the field who is keen and capable to help us address this dark side of the Fourth Industrial Revolution,” said Klaus Schwab, founder and executive chairman of the World Economic Forum, in a press release.
The Forum’s Global Centre for Cybersecurity offers the first platform for governments, companies, and international organizations to diminish the impact of malicious activities on web. It will focus on the following aims:
- Consolidate existing cybersecurity initiatives of the World Economic Forum
- Establish an independent library of cyber best practices
- Help partners to enhance knowledge on cybersecurity
- Work toward an appropriate and agile regulatory framework on cybersecurity
- Serve as a laboratory and early-warning think tank for future cybersecurity scenarios
March 22, 2018: Sean Valcamp named VP, CISO at MGIC
Valcamp comes to Mortgage Guaranty Insurance Corporation (MGIC) from Avnet, Inc., where he held successive positions of increasing responsibility in the IT department. He served for more than 11 years as Avnet's global security leader and was named the company's first CISO in 2015. Valcomp has 28 years of experience in the technology industry and holds a Bachelor's of Science degree in Computer Information Systems from the University of Phoenix.
"Sean will be a great fit in his role at MGIC," said Greg Chi, senior vice president information services and CIO, in a press release. "His leadership credentials and wealth of experience in Information Risk Management and governance practices make him a valuable addition to our team as we support MGIC's ongoing growth. I am delighted to welcome Sean to the company."
March 27, 2018: Doug Yokoyama is the new CIO and CISO at Clarify Health Solutions
Yokoyama will lead data operations at this provider of machine-learning-enabled care optimization, leveraging best-in-class protocols and advanced technologies from a variety of industries to bring the highest levels of fidelity and security to healthcare analytics, risk stratification and care guidance.
With nearly 30 years of experience, Yokoyama has a proven track record for building scalable technology solutions that deliver operational effectiveness and impact for customers. Prior to joining Clarify Health, he was the senior vice president and CIO of Advent Software, a leader in automated portfolio accounting for investment management firms. As the CIO, he led the product development, IT, and data services teams
“With Doug on board, we have a leader with the experience and expertise to deliver the financial services and military-grade security that all healthcare companies should deploy,” said Jean Drouin, MD, CEO and co-founder of Clarify Health, in a press release. “Doug has deep knowledge and experience spearheading data governance process and harnessing both people and technology to advance organizational security measures. We welcome his expertise and contributions as we continue to empower healthcare organizations to succeed in a value-based world, both lowering costs and improving patient outcomes.”
“I’m inspired and impressed by the work the Clarify development and security teams have done to create a safe and scalable framework for processing and storing sensitive data,” said Yokoyama in a press release. “My goal is to continue building on this foundation to enable the company to serve our customers in new ways, including providing patients with more seamless and secure access to their own data.”
March 14, 2018: LenderLive promotes Ian Morgan to CISO
Morgan will be responsible for the confidentiality, integrity, and availability of this mortgage services provider’s information assets. He will partner with LenderLive’s business lines to strengthen existing security controls, setting the strategic direction of information security at LenderLive and adhering to regulatory requirements. He will report to CIO Lorie Helms.
Morgan joined LenderLive in September 2010. Throughout his career with LenderLive, he has held positions of increasing management responsibility within the organization. Most recently, Morgan served as vice president, Technology Solutions, where he guided the build-out of the company’s workflow system, strengthened the company’s eSign, eMortgage, and document imaging platforms, and strove to secure business systems by meeting comprehensive audit requirements. Prior to LenderLive, Morgan held IT management positions with Alameda Mortgage Corporation, Assurity Financial Services, LLC, Information Management Research and Optimus Corporation.
“Information security has become a critical and essential priority for our clients. By creating a dedicated executive level position, we are demonstrating our commitment to protecting client and customer information entrusted to LenderLive,” said Rob Clements, chairman and CEO of LenderLive, in a press release. “Ian is a perfect fit for this position. He’s a seasoned financial services veteran with deep industry knowledge in information technology and security. During his tenure at LenderLive, he has demonstrated proven success in building strong teams to achieve a streamlined and cohesive operation. I am confident that Ian will continue to be a critical contributor as we grow and evolve.”
March 12, 2018: OATI appoints Khalil Houri as CISO and Jerrod Montoya as deputy CISO
Houri and Montoya will lead a new security and risk management team at OATI, a provider of products and services for the energy industy. This team will be responsible for the overall governance of OATI security and risk management, which includes cybersecurity, physical security, vendor management, and security awareness and training. They will report directly to Sasan Mokhtari, president and CEO of the company.
The team will ensure applicable OATI security policies and procedures are in place, enforced, and coordinated across all OATI departments. Houri and Montoya will also interact with customers, regulator and industry groups, law enforcement, and other applicable security groups as needed.
“With the implementation of this dedicated team, OATI can further enhance security measures for customers in this constantly changing security paradigm,” said Mokhtari in a press release.
March 6, 2018: Eddie Saunier named CSO at Burr & Forman
Saunier will lead legal services firm Burr & Forman’s overall information security program and will assume responsibility for managing the firm’s technology and information management compliance and risk.
“Eddie’s devotion to managing and securing Burr & Forman’s systems and networking infrastructure with the utmost level of scrutiny furthers our confidence in his ability to meet all the information security needs of the firm and our client information,” said Burr & Forman CEO Ed Christian in a press release. “Eddie will ensure we are at the forefront of best practices to provide a consistent level of data security.”
Since joining the firm in 2002, Saunier has been responsible for managing the core servers and networking infrastructure as senior systems engineer. Saunier earned his undergraduate degree in materials engineering at the University of Alabama at Birmingham.
March 5, 2018: Florida Agency Network names Matthew Froning as CISO
Froning will drive title agency Florida Agency Network’s (FAN's) existing information security program and collaborate with the industry to implement best practices on information security.
"We are pleased to welcome Matthew to our team. His reputation, expertise and intimate knowledge of industry best practices will allow us to design and deploy a best-in-class, global security strategy," said Aaron M. Davis, CEO of FAN.
The former CIO of a leading information security consulting company, Froning has led the charge for improving security processes and procedures for organizations while tightening controls to protect from cyber attacks. A security industry veteran, he developed information security assessment processes which included guidelines and reports aligned with regulatory and ALTA Best Practices. Froning is an Air Force veteran and former federal agent who has investigated, managed and directed computer-related criminal, counterintelligence, counterespionage, fraud and undercover matters for both the federal government and the military.
"Florida Agency Network has been an industry leader in the approach to secure their systems, processes, and the consumer information they are charged with protecting. As part of the team, I look forward to helping FAN continue to enhance their security program and provide the best service and level of security possible for their clients," said Froning in a press release.
February 28, 2018: Richard Roberts takes on dual COO/CISO role at Stratus Interoperable
As a member of Stratus Interoperable’s executive management team, Roberts’ operations and cybersecurity experience will help drive product delivery and development with a focus on enhanced security at this provider of data integration and business intelligence services in the healthcare industry.
Before joining Stratus Interoperable, Roberts built a healthcare advisory company and spent 10 years at the nation’s largest private healthcare ITO/BPO organization. There he served as chief technology officer with responsibility for IT strategy, planning and cybersecurity for both corporate and customer initiatives. He oversaw enterprise-wide infrastructure architecture and standardization, integration, business transformation, and the development of enterprise application solutions.
“I’m very excited to join the SI Team. It’s my goal to leverage this opportunity to positively influence the quality of patient-centered healthcare, while helping drive Stratus Interoperable and the StratusLink platform to prominence in the healthcare technology industry,” said Roberts in a press release.
February 22, 2018: Lewis Brisbois hires Frank Gillman as CISO
Gillman will work closely with law firm Lewis Brisbois's Data Privacy & Cybersecurity practice to provide a suite of client services. He has more than 30 years of technology experience in the legal field, including 20 years in the CIO/CTO role for three notable AmLaw 200 firms, including Lewis Brisbois. He has led and implemented first-to-market initiatives for legal technology solutions during his various tenures in the infrastructure, telecommunications, mobility, and data security fields.
“We are very fortunate to have the opportunity to work with Frank in providing client services. With his operational experience and expertise, we are adding tremendous value to a variety of client engagements to better secure their networks and better prepare them to respond to data security incidents,” said Data Privacy & Cybersecurity Chair Sean Hoar in a press release.
As a part of the data privacy and cybersecurity team, Gillman provides clients with security control assessments mapped to information security frameworks, incident response planning, tabletop exercises, executive training in network security awareness, and information security policy and procedure development.
“I'm excited about the opportunity to evolve the traditional CISO role within a law firm to this expanded scope,” Gillman said in a press release. “What makes it doubly so is to be able to do it alongside some of the most talented lawyers in the data privacy and cybersecurity fields.”
February 12, 2018: Equifax names Jamil Farshchi as new CISO
Farshchi, who previously served as CISO at The Home Depot, will assume company-wide leadership of work already underway to transform the company's information security program and collaborate with the industry to share best practices on information security. He will be based in Atlanta, Georgia, and report directly to the CEO.
"We are pleased to welcome Jamil to our team and confident that he possesses the talent and skillset needed to continue our journey toward developing industry-leading security practices and, ultimately, to help us regain trust with consumers and customers," said Paulino do Rego Barros, Jr., interim CEO at Equifax, in a press release. "Jamil has a reputation for helping enterprises rebuild and fortify information security programs. His expertise in risk intelligence and cybersecurity combined with his intimate knowledge of industry best practices will allow us to design and deploy a best-in-class, global security strategy to re-establish ourselves as a trusted leader."
Prior to his role at The Home Depot, Farshchi was the first global CISO at Time Warner, where he brought to bear risk-management techniques from the financial and government sectors to develop a model security program for the media and entertainment industry. Before that, Farshchi was the vice president of global information security at Visa, where he developed and implemented the firm's first global information security strategy; led efforts in mobile security, identity, and big data; and transformed its security program into a recognized global leader.
"Equifax is a company with tremendous potential, and I am confident that we will transform our security program into one of the most advanced and recognized globally," said Farshchi in a press release. "I am grateful for this new challenge and am looking forward to enabling the business with new insights, a fresh perspective, and a multi-dimensional way of thinking about global data stewardship and information security.“
February 12, 2018: ThreatModeler Software hires David Nester as CSO
Nester joins ThreatModeler Software, Inc., a provider of an automated threat modeling platform, after serving as the global director of Fortify on Demand at Hewlett Packard Enterprise. “I was truly impressed with the ThreatModeler Platform,” said Nester in a press release. “When the ThreatModeler team demonstrated their automated platform and how it accurately identifies 99% of the potential static and dynamic application vulnerabilities before a single line of code is even written, I knew instantly this was the solution many organizations need.”
Nester is an accomplished information security leader with 20 years of experience and success in fulfilling mission-critical security objectives and goals, and directing global technology teams. At Hewlett Packard, he managed the global team of application security experts. Nester offers advanced capabilities in application security and risk management combined with a deep understanding of the intersection between technology, business, and operational needs.
February 9, 2018: Thesys CAT LLC appoints Vas Rajan as CISO for consolidated audit trail
Rajan will be responsible for ensuring security compliance of the CAT System and evolving and executing cybersecurity programs as the CAT platform advances from build to live along with its continuous development and optimization. He will also be responsible for partnering with the CISOs from the self-regulatory organizations (SROs) to ensure the highest standards of security across the CAT System.
Mike Beller, CEO, Thesys Technologies, said in a press release, "Security has been at the forefront of our design and strategy for the CAT system from the beginning, and one important key to success is ensuring there is a well-rounded leader to oversee all the security aspects of the CAT, both before it goes live, and once it is operational. We are pleased that, together with the SROs, we have found an exceptionally talented candidate like Vas, who is highly capable of securing the system and working with the multiple stakeholders within CAT to deliver best in class security practices."
Rajan joins Thesys CAT with over 20 years of IT experience within the financial services industry. Most recently he served as CISO and business continuity officer of CLS Bank, the member owned FX market utility, where he was responsible for the security strategy of the company in accordance with all requirements of a financial market utility, designated as systemically important by the U.S. government. Prior to CLS, Rajan was head of security and privacy officer of ING Direct USA, a major retail bank and brokerage.
February 6, 2018: Armored Things adds Elizabeth Carter as CSO
A specialist in threat and risk assessment, crisis management and response, and emergency program management, Carter will work with Armored Things customers to bridge the gap between cyber- and physical security. The company develops software that protects large public and private facilities and venues against risks and threats.
Prior to joining Armored Things, Carter led crisis management for the Americas at Apple, Inc., where she was responsible for responding to incidents and protecting the company’s operations, personnel, and facilities throughout North and South America. Her experience also includes senior director with The Chertoff Group in Washington, DC, where she worked with public and private sector clients on issues related to counterterrorism, cyber security, crisis management, health preparedness, and infrastructure protection.
“Elizabeth has been a friend and trusted colleague for years, and our team couldn’t be more thrilled to have her aboard,” said Armored Things CEO Charles Curran in a press release. “Given her experience that bridges the gap between physical and cybersecurity, she is uniquely qualified to help our clients leverage technology to reduce risks and respond more quickly and effectively to emergencies.”
February 6, 2018: Mario Duarte joins Snowflake Computing executive team as VP of security
Duarte has extensive experience deploying product and company-wide security programs and will continue to advance the industry- and country-specific customer security requirements for Snowflake, a cloud-based enterprise data warehouse provider.
“Mario’s industry leadership will be crucial to accelerating product innovation, enhancing our go-to-market strategy and advancing our enterprise-grade security for customers to help enterprises uncover maximum value from their data,” Snowflake CEO Bob Muglia said in a press release.
Duarte has worked in the retail, health care, and financial sectors for two decades. He has built and managed security teams, developed and implemented security programs and has managed PCI and HIPAA compliance initiatives for medium and large organizations.
“Security has been a pillar of Snowflake’s architecture and culture since day one and it’s what drives us to embrace strong security safeguards in all facets of our business,” Duarte said in a press release. “This strong security ethos empowers us to protect our customers valuable data assets against existing and emerging security threats. Snowflake’s cloud-built data warehouse-as-a-service is uniquely designed to meet rigorous compliance requirements such as FedRAMP, which in turn help to accelerate our customers’ compliance initiatives.”
January 19, 2018: MedSec names Stephanie Domas as VP of research
Domas will responsible for the introduction of MedScan, which allows hospitals to assess the cybersecurity status of the medical devices on their networks. She is widely recognized as one of the leading experts in healthcare cybersecurity, having contributed toward national security guidance and standards for medical devices, authored dozens of industry articles, and presented at major conferences.
“Stephanie has done a tremendous job bridging the gap between hospital executives and medical device makers so that both audiences have a better understanding of the challenges and complexities they each face,” said Justine Bone, CEO of cybersecurity software provider MedSec, in a press release. “For a long time, these groups have been working in relative isolation despite having common ground – both want the medical equipment to operate effectively without the risk of cyber intrusions – to the benefit of patients.”
Domas was previously the director of product security at Battelle. At MedSec, she will facilitate collaboration between manufacturers and hospitals, and help them work through pain points on both sides. “I’ll be leading a MedSec team that will help hospitals assess the state of the devices on their networks and facilitate with the medical device manufacturing community to determine the most effective and efficient solutions,” said Domas in a press release.
Domas is an active member of the UL2900, UL5500, AAMI TIR-57, and AAMI TIR-97 standards committees, shaping industry best practices and security standards for medical devices. She is a registered Professional Engineer (PE) in the state of Ohio, and a Certified Ethical Hacker (CEH). She was recently named a 2017 Influential Women “One To Watch” by the Executive Women's Forum, the largest member organization serving emerging leaders as well as the most prominent and influential female executives in the Information Security, Risk Management and Privacy industries.
January 19, 2018: Paytm Payments Bank appoints Nitin Chauhan as CISO
Chauhan will set up and enhance Paytm’s enterprise security strategies, infrastructure, and network design. He will also secure links with partner banks and financial services, and he will oversee regulatory compliance with an emphasis on building a security framework for all Paytm Payments Bank customers.
Chauhan has two decades of infosec experience. Before joining Paytm, he served as the CISO at RBL Bank for more than six years. Prior to that, Chauhan worked with Kotak Bank and other financial institutions. He graduated in Commerce from Delhi University and holds an MBA degree in IT and International Business. He is a CISA professional and is a certified Lead Auditor from BSI for BS 25999 and Lead Implementer for ISO27001 security standard.
January 18, 2018: Susan M. Viveiros named VP, information security officer at BankNewport
Viveiros will be responsible for the development and implementation of BankNewport’s information security, vendor management, and business continuity programs. She comes to BankNewport from HarborOne Bank in Brockton, Massachusetts, where she served as vice president, information security officer.
Viveiros is a Certified Information Security Manager (CISM) and Certified Information System Auditor (CISA). She is also Global Information Assurance Security Essentials certified. Viveiros completed the Bryant University Executive Development Center Business Continuity Program and is currently pursuing certification as a chief information security officer from the International Council of E-Commerce Consultants.
January 16, 2018: HaystackID hires Lee Neubecker as CISO
Neubecker will join the executive team at HaystackID LLC, an international end-to-end litigation support, forensics and managed services provider. With both a Certified Information Systems Security Professional (CISSP) and master of business administration (MBA), he boasts a range of technical acumen and experience.
From 2000 to 2016, Neubecker served as president and CEO of Forensicon, Inc., which he founded. He led a team of experts and helped establish his firm as the premier computer forensics firm in the midwest, handling complex investigative and litigation matters including white collar crime, trade secret misappropriation, data breach incident response and various employment litigation matters.
In addition to providing eDiscovery, forensics, litigation support, and data recovery consultation to a wide variety of entities, Neubecker acted as an expert witness and renowned digital sleuth. “Lee’s exceptional understanding of computer forensics, systems and management has made him one of the premier leaders in this industry,” said Haystack president and CEO Kevin D. Glass in a press release.
January 14, 2018: DataBank appoints Mark Houpt CISO
Houpt will drive DataBank's information security and compliance initiatives to ensure that the company's solutions meet rigorous and changing compliance and cybersecurity standards. He is responsible for developing and maintaining the company's security program roadmap and datacenter compliance programs.
Houpt brings more than 25 years of extensive information security and information technology experience in a wide range of industries and institutions. He holds an MS-ISA (Masters Information Security and Assurance), numerous security and technical certifications (CISSP, CEH, CHFI, Security +, Network+), and he is qualified for DoD IAT Level III, IAM Level III, IASAE Level II, CND Analyst, CND Infrastructure Support, CND Incident Responder, and CND Auditor positions and responsibilities. Houpt is an expert in understanding and the interpretation of FedRAMP, HIPAA and PCI-DSS compliance requirements. Mark is an active member of ISC2, ASIS International, COMPTIA, IAPP, and ISACA, among other leading national and international security organizations.
January 4, 2018: Centra Tech hires Enrique Perez as CISO
Perez spent the last 15 years with VISA, mostly recently as the senior information security and compliance officer for Global Service Operations. Centra Tech, which sells cryptocurrency products, expects Perez to apply his payment card expertise to enhance the security if its Centra Wallet and Card platforms.
Perez previously held the titles of director of external penetration test team and director of information security for VISA Latin American Region. He has been responsible for managing operational and security risk for more than 100 Global Customer Support Services contact centers through identification of risk exposures and examination of controls effectiveness to calculate residual risk. He was also responsible for ensuring adherence to VISA internal policies, PCI—DSS standards, domestic and international regulations (including GDPR, Security Shield and PIPEDA).
December 21, 2017: Jenner Holden promoted to CISO at Axon
Holden assumes his new role in January and will support strategic business initiatives for Axon, a provider of connected law enforcement technologies. Previously senior vice president of information security, Holden will continue to oversee the information security program that protects Axon's systems and products, including the Evidence.com platform. Since joining Axon in 2013, Holden has been instrumental in building a company-wide culture of security. He has more than 12 years' experience evaluating and managing enterprise-level information security programs.
"We're thrilled to have Jenner join the leadership team given his dedication to making the Axon network strong and secure for our customers,” says Rick Smith, Axon CEO and founder, in a press release.
December 15, 2017: Mark Lohman promoted to CISO at Grainger
Since he joined Grainger in 2014 as senior director of information security and business continuity, Lohman has played an important role in establishing and maintaining the company's cybersecurity vision and collaborating with customers, Grainger leadership, and the board of directors on security-related matters. Lohman also serves as the HIPAA Security Officer at Grainger, a supplier of maintenance, repair, and operating (MRO) products serving businesses and institutions.
"Mark has decades of experience in information security, and we are excited to announce his new role as Chief Information Security Officer," said Greg Harman, Grainger vice president and CIO, in a press release. "Cyber threats are constantly evolving at the same time our company information must become more accessible and mobile for our customers, suppliers and team members. This means companies need to prioritize vigilance and awareness to realize information security. Strengthening our commitment to cybersecurity demonstrates to all of our partners that Grainger plays an active role in securing sensitive data and our systems, and enables Grainger to be a reliable and trusted partner."
Prior to joining Grainger, Lohman spent more than 20 years leading and training security teams, managing incident response issues, and delivering security solutions to large global companies across several industries, including aerospace and defense, energy, financial services and healthcare.
December 13, 2017: Trapp Technology hires Jim Mapes as CISO
Mapes is expected to grow and build on the existing security services suite at this Phoenix-based provider of IT, voice, and cloud hosting solutions, with an increased focus on providing cybersecurity assessments and security managed services for mid-market to enterprise-level businesses.
“I’ve been impressed with Trapp Technology’s success in the managed services market, and I firmly believe that the company is well-poised to lead the cybersecurity services mid-market with smart, business-driven solutions,” said Mapes in a press release.
In his 25-year career in IT, Mapes has 19 years in information security and 14 years in senior leadership roles, of which eight were as CISO. He has acquired a unique matrix of experience in cybersecurity thought leadership including designing Information security programs and operations, advising executive teams and boards, as well as deep technical experience performing forensic investigations, intrusion testing, and incident response. Mapes has worked extensively with healthcare companies and providers to secure patient medical records and meet HIPAA compliance.
December 12, 2017: Anthony Dupree named to joint CIO/CISO role at CareerBuilder
In his dual role, Dupree oversees infrastructure, development opportunities, cloud, and security to ensure that CareerBuilder clients and users are protected in a safe ecosystem. He is responsible for directing CareerBuilder's global IT and information security vision, policies and programs to execute a state-of-the-art defense.
"Employers need to be hyper-vigiliant in today's environment where there is a large and growing number of cyber threats," said Irina Novoselsky, president and COO of CareerBuilder in a press release. "A key focus for CareerBuilder is providing the most comprehensive security in the industry, and having Anthony on board underscores our commitment to anticipating and proactively addressing future vulnerabilities. Anthony is an established thought leader with deep expertise in building watertight security and technology, and his unique role will set new standards for the industry."
"One of the reasons why I was drawn to CareerBuilder is that security is not just a priority for the organization, it is ingrained in the company culture," Dupree said in a press release. "At the core of CareerBuilder's structure is an in-depth, multi-layered defense model that combines the power of people, technology and operations to ensure the company and its partners are protected. This model puts us in the best position to safeguard against outside threats, and I look forward to building upon it in exciting new ways."
Before joining CareerBuilder, Dupree served as the CIO and CISO of Novitex. He also held senior roles at McGraw-Hill Education, Elizabeth Arden, and Toys R Us, managing global enterprise IT security, network infrastructure and risk and compliance programs. Dupree is also a decorated Army Reserve Officer who served for 28 years before retiring as a Lieutenant Colonel.
December 11, 2017: John Ramsey named CISO at National Student Clearinghouse
In this newly created role, Ramsey is responsible for the overall organizational security strategy, security program oversight, and security architecture development, including all data and information security policies, standards, evaluations, roles, and organizational awareness for the Clearinghouse.
Ramsey was formerly the CISO for the U.S. House of Representatives and members of Congress, which has 950 sites across the entire United States and associated territories. In March 2017, he was selected as one of the top 100 CISOs globally, only one of two government CISOs selected.
He has worked in the IT security field for more than 25 years, including security operations for the Department of the Army and Department of State, and as the CISO for the Federal Retirement Thrift Investment Board, which oversees the world's largest defined contribution retirement plan at $480 billion for 4.8 million people.
While in the U.S. Army for 11 years, Mr. Ramsey was an intelligence and security analyst with concentrations on Russia, Eurasia, Iraq, and Iran, and served as a senior enlisted security advisor for the NATO military commander at Supreme High Allied Powers in Europe. Mr. Ramsey holds a bachelor’s degree in information systems management from the University of Maryland and a master’s degree in management information systems from the University of Central Florida.
November 21, 2017: Protegrity names former IBM director Hira Advani as VP and CSO
As Protegrity’s VP and CSO, Alliances and Services, Advani will evangelize the importance of security to influence customers and partners. He was most recently an IBM director and software chief security compliance officer. In that role, Advani consulted and collaborated with C-suite executives and board members at global brands to help them build a culture of cyber risk awareness and preparedness. He is a graduate of the Indian Institute of Technology (BS) and the Georgia Institute of Technology (MS). Advani is also a member of IEEE and FIRST Forum for Incident Response for Security Teams.
“As Tina Fey put it, ‘Being a good boss means hiring talented people and then getting out of their way,’ and I am delighted to have him lead the initiatives of the Protegrity’s Professional Services and Alliances teams, both of which are fueling our company’s current and projected growth,” said Suni Munshani, Protegrity CEO, in a blog post on the company website.
November 14, 2017: New LookingGlass CSO Jeremy Haas and CRO Michael Taxay appointed to executive leadership team
LookingGlass Cyber Solutions, a provider of threat intelligence-driven security, has hired two cybersecurity professionals to join its executive leadership team: Michael Taxay as chief risk officer (CRO) and general counsel, and Jeremy Haas as CSO. They join the company to help prevent cyber attacks by operationalizing threat intelligence and delivering unified threat protection solutions to government organizations and corporate enterprises.
“I am enthusiastic about the impact that Mike and Jeremy will have on the company,” said LookingGlass CEO Chris Coleman in a press release. “LookingGlass is dedicated to leading and innovating the threat intelligence solutions market, and their additions will undoubtedly have a positive effect on the evolution of our portfolio and the organization at large.”
Taxay joins LookingGlass after a distinguished career in both the public and private sectors. He recently retired from the FBI Cyber Division as a member of the senior leadership team responsible for the Bureau’s counter-cyber intrusion program. Taxay previously served at the Department of Justice as acting director for Cyber Counterterrorism and Financial Enforcement, and as deputy chief of the Counterterrorism Section. At LookingGlass, Taxay will be responsible for the governance of significant risks impacting the company including strategic, reputational, and operational. He will also be the company’s primary legal advisor and serve as an industry thought leader.
Haas has spent the past 24 years at the Central Intelligence Agency (CIA) and U.S. Air Force (USAF) supporting intelligence activities. Haas is a recognized cybersecurity expert, having served at the CIA’s Center for Cyber Intelligence within the Directorate of Digital Innovation. There he led and participated in cyber operations, engineering and analysis activities in support of intelligence, counter intelligence, and covert activities. Haas will lead the company’s internal cybersecurity strategy and aid in the development of advanced threat detection and mitigation products.
November 14, 2017: Dave Parsons named CISO at Abacus Group
By joining this IT solutions provider for alternative investment firms, Parsons brings over 25 years of experience in the IT and security fields. He has worked for some of the largest financial services firms in the world, including Barclays, Deutsche Bank, Citibank, and Macquarie Bank.
“Cybersecurity is and will continue to be the most vital aspect of IT. Having someone of Dave’s caliber join our executive management team is a sign of our continued commitment to being a leader in our industry,” said Chris Grandi, CEO of Abacus Group in a press release.
Parsons will be responsible for the overall strategy and direction for security services at Abacus Group. “I am excited to join such an innovative company with a stellar reputation for service and look forward to working with the team on further enhancing their already extensive cybersecurity offering,” said Parsons in a press release.
Parsons has a master’s degree in information technology from Harvard University and is a Certified Information Systems Security Professional (CISSP). He has extensive knowledge and expertise in developing and managing information security programs and policies against compliance and regulatory requirements.
November 13, 2017: Allan Alford joins Forcepoint as CISO
Alford will lead the global cyber security firm’s corporate security and governance program, including the implementation of the company’s internal user and data protection program for 2,700 employees worldwide. As Forcepoint’s CISO, he will play a key role in leading the compliance and certification efforts for the company’s security offerings and partners with engineering teams to drive best practices and real-world learnings into security product development. Alford reports to Meerah Rajavel, Forcepoint, chief information officer, and is based in the Austin, Texas headquarters.
“The security industry is at an inflection point, where customers and vendors must partner to build solutions that can bring visibility to risky behavior or abnormal data usage as the means to stop headline-grabbing data breaches,” said Meerah Rajavel, CIO at Forcepoint in a press release. “Allan understands that a new paradigm must be applied to people, process and technology to adequately address these emerging security threats.”
With more than 25 years of IT and security experience, Alford joined Forcepoint from Pearson, where he was product and business information security officer. Prior to that, Alford held various IT and security positions at Polycom, where he built and managed the product security program and served most recently as CISO.
“The human point is an exciting frontier that presents both potential for business value and risk for an enterprise or government agency,” said Alford in a press release. “By combining human-centric security with a modern view on IT, HR and compliance programs, companies like Forcepoint can help employees and partners understand the critical role they play in defending against cyberattacks and protecting sensitive information assets. Instead of operating in silos of business units, IT and corporate functions, we have to look at cybersecurity through the lens of ‘everyone to the defense’.”
October 19, 2017: Egnyte co-founder Kris Lahiri takes on new data protection officer role
As data protection officer (DPO) at the cloud provider of smart content collaboration and governance, Lahiri will be responsible for continuously monitoring Egnyte's regulatory compliance with the new General Data Protection Regulation (GDPR). He will act as the main point of contact for the EU Commission during any audits or reviews.
"With so much more at stake under GDPR, we believe that all organizations should make the necessary moves to ensure complete compliance with the new rules and regulations, including appointing a DPO," said Lahiri in a press release. "My team and I take tremendous pride in implementing proper procedures and protocols to ensure Egnyte's compliance with all regulations, not just the GDPR, and we will continue to make sure all of the data we handle is properly managed and secured."
Prior to Lahiri's appointment, he served as Egnyte's CISO, responsible for creating and implementing global information security strategies that protect all customers' content and users. Prior to Egnyte Lahiri spent many years leading the design and deployment of large-scale infrastructures for Fortune 100 customers Valdero and KPMG Consulting.
October 18, 2017: Gene Fredriksen moves from CISO to chief information security strategist at PSCU
Fredriksen’s new role is part of an effort at the largest credit union service organization (CUSO) in the U.S. to further strengthen its information security and compliance (IS&C) teams. In this newly created role, Fredriksen will report on several strategic functions primarily focused on relating PSCU’s perspective and stance on cybersecurity to existing clients, prospective clients, consultants in the credit union space and the industry as a whole.
Fredriksen has over 25 years of information technology experience, with the past 20 focused in information security. He joined PSCU in 2013. Since then, he has grown the IS&C teams and service offerings, implemented advanced tools and processes, and advanced PSCU’s relationship with numerous partners. His previous roles include global CISO for Tyco International, VP of technology risk management and CSO for Raymond James Financial, and adviser on various cybersecurity steering committees for the administrations of George W. Bush and Bill Clinton. Fredriksen has served on the R&D committee for the Financial Services Sector Steering Committee of the Department of Homeland Security and was recently appointed to represent credit unions in the Global Forum to Advance Cyber Resilience.
“PSCU’s Information Security & Compliance teams have evolved into a world-class operation, and this is in large part thanks to Gene’s leadership,” said David Bryant, PSCU’s newly appointed CISO, in a press release. “I look forward to working closely with Gene and the rest of the IS&C teams to ensure the highest level of service and security for our Member-Owners and their members alike.”
October 17, 2017: Ely Pinto joins Leumi as CISO
In this role, Pinto is responsible for leading and executing the bank’s information and cybersecurity programs, and will also be tasked with redeploying an end-to-end information security program. Pinto reports directly to Martin Droney, Leumi’s chief operations and technology officer. The two will work together on developing and expanding the bank’s established information and data security culture with a risk-based approach.
“Cybersecurity is a critical area of focus at Leumi, and we are pleased to have Ely on board as we continue to build our bank-wide information security infrastructure,” said Droney in a press release. “Ely’s extensive experience in financial services and technology will bolster Leumi’s information security efforts at a time when banks need to be hypervigilant in the face of heightened cyber activity.”
Pinto brings more than 20 years of leadership experience in providing security solutions at large financial and corporate institutions. Most recently, he spent 12 years as an information security specialist at Sumitomo Mitsui Banking Corporation, where he had also previously served as a solutions architect. In these roles, he was responsible for developing the strategic direction of the bank's cybersecurity program and the overall security of bank systems, data and networks. Pinto also led the design and implementation of new security technologies and spearheaded security integration and risk mitigation efforts across all technology platforms and business applications, including cloud-based technologies.
October 9, 2017: John O’Driscoll named first CISO of Australia’s Victoria state
The appointment of a CISO is part of a shift in Victoria’s cyber security strategy from an agency-by agency approach to a whole-of-government approach, to better protect public services and information. As CISO, O’Driscoll will focus on leading collaboration across Victoria’s departments and agencies helping with ongoing work to assess, monitor and respond to cyber security risks, as well as engaging with Commonwealth and private sector experts to deliver a resilient and cohesive cyber security environment.
Other key actions from the Cyber Security Strategy that will be led by the CISO include:
- Develop cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services
- Strengthening partnerships across all levels of government and the private sector to share best practice, intelligence and insights
- Rationalizing and better coordinating the procurement of proven cyber security services
- Developing a workforce plan to attract, develop and retain skilled cyber security public sector workers
- Presenting a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and Resilience Committee, so government is better informed of cyber security issues and assessments.
“John O’Driscoll’s extensive experience working across information technology and cyber security make him ideally suited to be Victoria’s first Chief Information Security Officer, as we seek to secure government services,” said Special Minister of State Gavin Jennings in a press release.
October 3, 2017: Former Salesforce CSO Brendan O’Connor named ServiceNow security CTO.
O’Connor will lead ServiceNow’s efforts to help enterprises rethink security operations and reduce business risk. ServiceNow Security Operations enables customers to connect security and IT teams, respond faster and more efficiently to threats, and get a definitive view of their security posture. O’Connor will help ServiceNow introduce automation to the security response workflow, elevate the role of security teams, and better orchestrate threat response.
Before joining ServiceNow, O’Connor spent 10 years at Salesforce where he led Salesforce's global information security organization as CSO. Prior to his role as CSO, O’Connor was vice president of product security at Salesforce. He has also worked in the financial services and communications sectors as a vulnerability researcher, security engineer, and privacy advocate.
“I joined ServiceNow because I want to help enterprises rethink security operations and how they manage risk in the age of cloud computing,” said O’Connor in a blog post. “We can provision infrastructure with the press of a button and deploy workloads to the cloud in minutes. Our security operations need to keep up. As a former CSO, I am acutely aware of how important it is to respond quickly to new threats and scale security to meet the needs of the business.”
September 28, 2017: Societe General appoints French air force general Antoine Creux as CSO
Creux joins Societe Generale in the newly created role to help improve bank’s defenses against cyber attacks and to mitigate other risks. Prior to Societe Generale, Creux spent 38 years with the French Defence Ministry, and he was named Chief Inspector of the Armed Services in 2015. Creux will also serve as a member of the bank’s management committee. "In a time of increasing challenges in terms of safety for assets, individuals and information systems, his mission will be to ensure that Societe Generale continues to adopt the most appropriate strategic and operational answers to protect the Group's assets," the bank said in a press release.
September 27, 2017: Phillip Mazzocco joins Peraton executive team as CSO
Mazzocco is expected to lead Peraton’s compliance programs and ensure the safety of its employees, data, and assets. “Phil brings to Peraton more than 20 years of experience providing industrial security for Fortune 500 companies,” said Stu Shea, Peraton CEO, in a press release. “He understands full-spectrum security – the complex interplay among such aspects as risk management, crisis management, program security, international operations, training and insider threat.”
Mazzocco comes to Peraton from Leidos, where he served as vice president, Sector Security, leading security operations across a multi-customer $4 billion portfolio of national security programs. Most recently, he managed the security team fundamental to the multi-billion-dollar modernization of the Defense Healthcare Management Systems for the Department of Defense. He also served on the Board of Directors for the Industrial Security Working Group.
Mazzocco earned his Bachelor of Arts degree in history from the John Carroll University and completed Master of Arts coursework in Central Eurasian studies at Indiana University.
September 21, 2017: McDonald’s names Timothy Youngblood CISO
Youngblood will lead global food service retailer McDonald Corp.’s global information security organization. Reporting to the executive VP of operations, digital and technology, he will work closely with the McDonald's senior leadership team and board of directors to drive information security strategy and operations. Youngblood oversees risk management and brand protection on a global scale for the company.
He has 30 years of industry experience ranging from cyber security strategy and operations, product security, IT audit, disaster recovery, risk assessment, and management consulting. Youngblood has served in multiple industries across his career including financial services, healthcare, oil/gas, retail, and manufacturing.
Prior to McDonald's, Youngblood was the CISO for Kimberly Clark Corp., and was also the CISO for Dell, Inc. Timothy has held leadership roles at KPMG LLP, EDS, and Siemens Medical Services. He serves on the top security boards in the industry and has been recognized as a top ten CISO leader and 100 top global CISO’s in the industry.
“McDonald’s is rapidly transforming into the next wave of customer experience and digital platforms,” says Youngblood. “The leadership recognizes the importance of maintaining customer loyalty and trust with cyber security and information risk management being critical foundational elements. I’m proud to lead the organization that supports this for one of the leading brands globally.”
September 21, 2017: James Donnelly appointed CISO of fscom
As CISO at fscom, which provides regulatory advisory services to UK financial institutions, Donnelly will be responsible for helping clients understand and meet their obligations to protect and uphold the data rights and freedoms of their customers and employees. With the introduction of a second Payment Service Directive (PSD2) in the new year and applications for re-authorization opening in October, Donnelly will also work directly with firms to identify what sensitive payment data they are holding and the sufficiency of their information and technology security.
With 13 years' experience as an IT and information security manager, Donnelly is an expert in guiding companies through the process of developing strategic, appropriate, and compliant IT information security management systems. He has had responsibility for both delivering an IT infrastructure and developing and implementing the strategic governance of the technology and information systems in a non-departmental public body.
Prior to joining fscom, Donnelly was the IT manager for the Consumer Council, where he successfully led the project to implement ITIL best practices to align the IT services with the needs of the organization. He is also a Certified ISO 27001 lead implementer, certified GDPR practitioner and Prince2 project management practitioner.
“James brings a wealth of expertise to fscom, that we believe will add huge value to our clients in the coming months and years. With GDPR around the corner, James can provide compliance officers with clarity and practical advice to ensure they meet their regulatory and legal obligations,” said CEO Jamie Cooke in a press release.
September 18, 2017: GE Digital promotes Nasrin Rezai to VP and global chief information and product cyber security officer
Rezai has held the position of GE chief information security officer since 2016. Previously, Rezai was the global chief information security officer for GE Capital and GE Corporate before moving to her current position. Prior to GE, Rezai worked for twenty years in Technology Risk, Strategy and Operations and senior management roles at State Street Bank, Cisco Systems, and Hewlett Packard Company.
Rezai holds a master’s degree in business administration and a bachelor’s degree in information technology and computer science. She also holds an executive certification from Harvard and Cambridge.
September 18, 2017: Rob Hopps named OWNZONES Media Network’s first CSO
In the newly created role of CSO and senior VP, platform operations, Hopps will oversee all information security, infrastructure and technology operations at OWNZONES, an OTT EntTech company that provides technology and media solutions for the motion picture, television, and digital content creation industries. He is based at the company’s headquarters in Beverly Hills, CA.
“We are excited to have Rob as our first chief security officer,” said Dan Goman, CEO, in a press release. “Rob’s newly created role underscores our commitment to protect our clients. OWNZONES will now have stronger oversight over the secure technology used across all of its OTT platforms and ensure the best and most up-to-date security is employed at all times. Rob has extensive experience and knowledge in handling cyber security threats and creating security roadmaps with exceptional organizational leadership and technology management skills.”
“I joined OWNZONES to help an incredible dynamic and talented team of software and design experts to execute as well as drive new security initiatives necessary to expand the company’s technology offerings,” said Hopps in a press release. “In my new role, I look forward to driving operations and strategies that align with Dan’s vision and that support and protect OWNZONES’ customers and employees as it continues to grow on the leading edge of content and OTT solutions.”
Hopps is a technology veteran with over 20 years leading technology operations and strategic initiatives. Most recently, Hopps served as vice president, CISO at the Federal Home Loan Bank of San Francisco. Prior to this, Hopps held information technology positions at Liberty Mutual Group, Safeco Corporation and Pemco Insurance. A graduate of the University of Washington with a B.A. in Business Administration, Hopps is also a Certified Information Systems Security Professional (CISSP).
September 14, 2017: Duck Creek Technologies hires John Germain as CISO
As the company’s first CISO, Germain is responsible for the overall strategy, direction, and management of Duck Creek’s security programs and cyber-protection initiatives. This includes the security oversight of Duck Creek’s On-Demand, mobile, and cloud-enabled services for property and casualty (P&C) insurance companies.
“John’s expertise combines technical skill with strategic vision – a combination that we need to safely and efficiently take our growing user base into the future,” said Michael Jackowski, CEO of Duck Creek, in a press release. “John will oversee all of our IT security programs, including the navigation of cyber security threats.”
With more than 25 years in IT, including 15 years as a security professional, Germain brings the experience necessary to effectively thwart cyber risks and protect the integrity and availability of Duck Creek’s intellectual property by anticipating and preventing potential security threats.
“This is a pivotal time for Duck Creek as the company grows and expands across global markets,” said Germain in a press release. “I look forward to being part of the company’s continued evolution, and implementing security programs that allow us to provide customers and partners with the safest, highest-quality P&C solutions possible.”
Prior to joining Duck Creek, Germain served as VP and CISO of IT Infrastructure at Xylem, Inc., an American water technology provider, for nearly 20 years and created critical infrastructure to defend the company from potential security threats. Germain also has been named a Top 100 CISO and a Top 25 Breakaway CISO Leader.
September 7, 2017: Jason Albuquerque is Carousel Industries’ first CISO
Albuquerque, who had been the company’s director of business systems and operations, will focus on establishing a comprehensive security office as a center of excellence for Carousel Industries, a provider of communication and network technologies, professional and managed services, and cloud solutions. He will also partner with the company’s pre-sales engineering team to identify and develop new client engagements in cyber-attack prevention. As CISO, he will lead the assessment, evaluation, prioritization and mitigation of the internal and external security threat to Carousel’s services, network infrastructure and business information systems.
“Jason Albuquerque’s appointment to the CISO position at Carousel underscores the growing global importance of this strategic role to enterprises in all industries,” said Bill Thompson, Carousel’s executive vice president of operations in a press release. “In his new role, Jason is already leading the charge to build an informed organizational culture of cyber security, further positioning Carousel as the vanguard for our customers and creating an unbreakable relationship forged by credibility and trust.”
“Globally, cyber-attacks of all types are escalating as more sophisticated tactics are being deployed to elude traditional security controls,” said Albuquerque in a press release. “Manufacturers, suppliers, partners and service providers are all under greater scrutiny than ever from their clients and from one another to apply increased governance, improved processes and enabling technologies to reduce and mitigate threats. This dynamic presents interesting challenges as well as significant business opportunities and I look forward to guiding our clients’ cyber security initiatives and further expanding our security practice.”
September 7, 2017: Former Santander Bank CISO Geoff Hauge joins Edgile as Eastern Regional Partner
At Edgile, a cyber risk and regulatory compliance partner to Fortune 500 companies, Hauge will work with highly regulated organizations to solve both on-premises and cloud challenges, including security, identity and access management (IAM) and industry-specific governance, risk, and compliance (GRC).
“As a world-class CISO who has led organization-wide security and compliance transformation for global institutions, Geoff’s client-focused perspective makes him a solid addition to our executive team,” said Edgile CEO Don Elledge in a press release. “His experience assessing and managing complex cybersecurity threats and regulatory landscape challenges—while communicating effective solutions up through the board-level—adds tremendous value for our customers.”
Hauge joins Edgile from Santander Bank, where he served as both U.S. CISO and U.S. chief information risk officer. He led major transformational cybersecurity and data protection initiatives, and established governance, oversight, and assurance programs in accordance with customer data requirements under the Gramm–Leach–Bliley Act (GLBA).
“Working directly in financial services over the past six years, I’ve gained firsthand appreciation for the challenges highly-regulated clients face in defining, communicating, and delivering successful security and GRC programs,” said Hauge in a press release. “I am deeply proud to join the industry-leaders at Edgile, and to partner with clients in advancing their security, transformation, and growth.”
August 31, 2017: eCurrency appoints Mitch Cohen as CSO
eCurrency Mint Limited (“eCurrency”), the pioneer of the innovative technology that enables central banks to issue a digital fiat currency, today announced two appointments to its executive suite: Stefan Carlsson as Chief Financial Officer (CFO) and Mitch Cohen as Chief Security Officer (CSO).
Cohen has been a longtime advisor to eCurrency, a pioneer of technology that enables central banks to issue a digital fiat currency, and started working closely with the management team earlier this year. Mitch brings 30 years’ information technology leadership experience to eCurrency with the last 10 years dedicated to building information security programs.
Cohen has expertise in cyber risk management and security requirements for U.S. federal information systems and healthcare information systems. Prior to joining eCurrency, he provided cyber security program management services to NASA, where he oversaw multiple information security teams including security operations, penetration testing, security assessments, incident response, public key infrastructure and compliance while also serving on the agency’s authentication architecture working group.
August 11, 2017: Glenn Johnson promoted to executive VP and CIO/CISO at North State
North State, a technology company focused on inspiring the Internet-driven lifestyle through high-touch experiences, expects Johnson to provide leadership to the company’s information systems and related technologies. He will also oversee governance, policy and strategic direction at North State for all companywide and business unit IT and IT security functions.
Johnson previously served as chief technology officer and CISO Stalwart Systems, a company acquired by North State in 2015. Earlier in his career, Johnson held senior-level technical positions in security, networking and Unix administration for two Fortune 100 companies and served in a lead capacity for a NASA enterprise rollout.
“We are excited to have Glenn as our CIO/CISO and as part of our executive leadership team,” North State CEO Royster Tucker III said in a press release. “Glenn’s new role underscores North State’s focus on strategically using secure technology to deliver great experiences and outcomes for our customers. We welcome his experience and vision as we continue to build on our strong technology base.”
“I am excited to become CIO/CISO during this exciting time of growth and change,” Johnson said in a press release. “Not only is the company providing vital technology IT solutions to customers, but it is also committed to enhancing and leveraging its own IT systems. I look forward to working with the executive team and the outstanding group of IT professionals to help shape the IT strategy for North State.”
August 9, 2017: Steve White joins ForgeRock as CSO
White brings his 20 years of cyber security experience to digital identity management solution provider ForgeRock. He is expected to transform the company’s security and compliance programs into a dynamic cyber defense strategy. A business-savvy technologist with over 17 years of security experience across multiple disciplines, White has a rich history of successfully leading security-focused change for agile product engineering/operations/development organizations.
“Steve White has the ideal mix of ingenuity, skills and expertise to lead ForgeRock’s information security strategy and operations as we enter the next phase of our growth,” said CEO Mike Ellis in a press release. “The fastest growing segments of our business involve managing digital identities in the cloud, and customer identity and access management implementations for global brands. These types of business cases pose unique security challenges that require thorough, precise approaches through all stages from development to ongoing operations. All of us at ForgeRock are excited to have Steve leading our security efforts.”
White comes to ForgeRock from Sonos, where he oversaw the security strategy and programs for the company. He previously held senior information security positions at CenturyLink Cloud and Amazon, and also was a key leader driving the launch and growth of a cybersecurity consulting practice for Microsoft Services. Steve began his career in cybersecurity as an officer in the U.S. Air Force, holding multiple engineering and leadership roles in various Air Force cyber units.
“Digital identity is the key enabling technology powering many of the fastest-moving and challenging trends in business today, from digital transformation and the internet of things, to Open Banking, PSD2, GDPR and more,” said White in a press release. “Having worked in government, retail and consumer IoT, I’ve had firsthand experience in numerous projects and deployments where digital identity technology was required to secure personal data, devices, and things. ForgeRock’s impact on the value and transformation for enterprises, to enable trusted human and IOT relationships across their ecosystem of customers and routes to market, through the amazing innovations that ForgeRock is driving in the digital identity space makes this an incredible opportunity. I’m thrilled to be joining the ForgeRock team.”
August 8, 2017: Bay Dynamics names former U.S. CISO Gregory J. Touhill to its board of directors
Cyber risk analytics software provider Bay Dynamics added retired Brigadier General Touhill to its board to help the company’s efforts to enable enterprises and government agencies to adopt a risk based approach to cyber security. “Bay Dynamics and I share a vision of enabling public and private organizations to approach cyber security as a risk management problem,” said General Touhill in a press release. “I am looking forward to adding my expertise to a company that is at the forefront of risk based security.”
Over his career, General Touhill has developed cyber security policies and strategies that executives can understand, adopt and lead across their entire organizations to overcome relentless cyber challenges. He served as the United States’ first federal CISO in addition to holding senior level information technology positions at more than a dozen private and public-sector organizations, including his current position as president of Cyxtera Technologies’ new Cyxtera Federal Group.
“Cyber security cannot be approached as an occasional project or a reaction to a breach. It is now one of many risks enterprises and agencies must manage on a day to day basis,” said Feris Rifai, co-founder and CEO at Bay Dynamics in a press release. “Through his thought leadership and actions, it is clear General Touhill shares this philosophy, which is why having him join our board is the meeting of kindred spirits. Bay Dynamics is already at the forefront of risk oriented cyber security and we are looking forward to incorporating General Touhill’s ideas and perspective as we evolve even further to accomplish our mission.”
August 7, 2017: Episerver hires Sue Bergamo as both CIO and CISO
Bergamo will drive the long-term IT strategy, as well as the security and risk strategies for Episerver, which provides a cloud-based platform to manage digital content, commerce and marketing. In her role, she is expected to collaborate across departments in support of the company’s risk and security assessment program.
A veteran of Microsoft, Bergamo brings to the newly expanded role more than two decades of leadership experience in strategic planning, product management, IT operations and infrastructure, cybersecurity, data management, application development and process redesign at Fortune 500 companies including Cigna, CVS Pharmacy, Liberty Mutual and Staples.
“With the necessary global focus on data privacy and security laws in the wake of many very public cyber attacks, we recognize the vital role security and IT infrastructure plays in delivering secure business applications in the cloud in a way that complies with rapidly evolving legislation,” said Mark Duffell, president and CEO of Episerver, in a press release. “Ongoing investment in our products as well as compliancy initiatives like Privacy Shield, ISO27001, and the European Union (EU) general data protection regulation (GDPR) is paramount to our continued growth and success, and Sue brings the right mix of vision and leadership to help us achieve our goals on behalf of our customers around the world.”
Before joining Episerver, Bergamo was a global technology strategist at Microsoft for over three years. Earlier, she served in a number of CIO positions including facilities management and food services conglomerate Aramark. She also headed up enterprise data management at global office supply retailer Staples and oversaw enterprise application development for drugstore giant CVS Pharmacy.
“It is a privilege to join a company like Episerver that has a true vision and commitment to driving innovation and digital transformation for all companies on a global scale,” said Bergamo in a press release. “In my new role as CIO and CISO, I look forward to driving operations and strategies that align with that vision and that support and protect Episerver’s customers and employees as it continues to grow on the leading edge of content and commerce solutions.”
August 4, 2017: Lyft hires Mike Johnson as its first CISO
Fast-growing ride-hailing company Lyft, Inc., has named Johnson as its director of engineering and chief information security officer. He joins Lyft from Salesforce.com, where he held several security roles.
"I joined Lyft to help a fantastic team execute as well as drive new security and privacy initiatives necessary to maintain our incredible growth, especially as Lyft pushes into new areas such as self-driving cars,” says Johnson. “I'm concentrating on growing the team through the hiring of world class security professionals and ensuring we have the right technology in place to keep up with the growth of the company."
August 2, 2017: Scott Caschette promoted to CISO at managed IT service provider Vology
Caschette moves up form a senior technology strategist role to lead Vology’s managed security practice, with the mission to protect the company’s customers and employees against accelerating cybersecurity threats. “In less than a year, Scott has become an integral part of the Vology team, offering distinctive insight as a former CIO for one of our customers,” said Barry Shevlin, CEO of Vology in a press release. “With his pragmatic approach to problem solving and his security background, he was the ideal choice to take the CISO role and build out our managed security practice.”
“By combining our world-class network operations centers, partner relationships, nationwide network and extensive skill sets in enterprise security, Vology is uniquely positioned to deliver managed security offerings to its customers,” said Caschette in a press release. “In the ever-changing environment of cyber threats, organizations are faced with challenges from policy creation to threat mitigation and remediation.”
Caschette has more than 25 years of experience in providing leadership in the design and implementation of enterprise technology. Prior to joining Vology in November 2016, Caschette served as CIO at Albertelli Law for more than four years. There, he developed and executed a complete technology transformation, successfully modernizing, securing, and ensuring compliance in infrastructure, data management, disaster recovery, vendor management, delivery, and sustainability. Caschette holds a Bachelor of Arts in Management of Information Systems from Front Range College.
Caschette is actively involved in multiple organizations with strong commitments to advancing the local tech community. In addition to his role on the CIO Executive Council, Caschette is an advocate for the Tampa Bay Technology Forum. He currently serves on the events committee, and he was one of four judges for the group’s Annual Industry Achievement Awards in 2014 and 2015. Caschette is also an advisory board member to several companies and start-ups.
August 2. 2017: Mark Nunnelly picked to run newly formed Massachusetts technology and security agency
Massachusetts Governor Charlie Baker’s administration has announced the formation of a new executive branch agency, the Executive Office of Technology Service and Security (EOTSS) to provide secure and quality digital information, services and tools to constituents and service providers. Nunnelly, currently the executive director of MassIT, has been named as secretary of EOTSS and CIO for the Commonwealth.
Through EOTSS, Nunnelly will have oversight on all IT activities of state agencies. EOTSS will focus on centralizing IT infrastructure services across the executive department and review and update policies and procedures governing state cybersecurity, digital platforms and data management.
“Establishing the Executive Office of Technology Service and Security will allow state government to streamline state services, improve cybersecurity and better serve our constituents,” said Governor Baker in a press release. “We look forward to developing this secretariat to support the Commonwealth’s focus on providing modern, secure and stable technologies.”
“The rate and pace of change have forced all large organizations to rethink their digital service approach from a security, service and structure perspective,” said Nunnelly in a press release. “This reorganization will help equip the many talented IT professionals across the State with the right structure, tools, and platform to secure our information and provide better service to our constituents. We look forward to working with leaders from across the executive branch in making progress against these imperatives.”
August 1, 2017: Diane E. McCracken promoted to executive VP and chief security officer at Customers Bank
McCracken will have executive oversight of all security operations, including cyber, information, application and physical security as well as business continuity and disaster recovery at Customers Bank, a community-based, full-service bank with assets of approximately $10.9 billion
“Security is a top priority for Customers Bank, and managing risks effectively and proactively requires executive-level commitment and attention,” said COO Richard Ehst in a press release. “By elevating the CSO to an executive role, we are able to take a more strategic approach to our security operations that includes unprecedented visibility across all areas of the bank, with results that will benefit each and every one of our customers. Diane’s knowledge of Customers Bank and her vast successes in information technology and security make her an ideal fit for this role.”
McCracken has more than 18 years of experience as a technologist with a specialty in information technology. She began her career in information security in 2004 as an analyst with Sovereign Bank. She joined Customers Bank in 2011 as the Information Security Leader and has held various roles since then, including launching the Bank’s first mobile app in 2012, leading the vendor management practice, and building the bank’s cybersecurity programs. She was promoted to Chief Security Officer in September 2015.
“Customers Bank’s approach to security has always been innovative, which is evident not only in the size of its security team but also in the ongoing assessment and evolution of its security practices,” said McCracken in a press release. “It has been a privilege to be part of such a dedicated team, and I look forward to taking it to the next level as Executive Vice President.”
July 31, 2017: The NTSC appoints Discover Financial Services CISO James McJunkin and MoneyGram International CISO Betty Elliott to its board of directors
McJunkin brings knowledge from the financial services industry and will help influence the strategic direction of the NTSC, which provides a platform for CISOs to advocate for beneficial legislative and regulatory policies. He joins CISOs who represent a broad cross-section of enterprise companies and have a vested interest in protecting the security of their customers and employees through policies that improve national cybersecurity standards and awareness.
“As someone who spent nearly 30 years in state and federal government as a law enforcement professional and held significant leadership positions at the FBI within their Counterterrorism Division, I understand the need for sound cybersecurity policy that helps both business and government,” said McJunkin in a press release. “The NTSC gives CISOs an important platform to help influence legislation and policy around critical issues such as data breach notification, public-private information sharing, and encryption.”
At Discover Financial Services, Mr. McJunkin is responsible for second line risk management of information security. That includes governance of the enterprise-wide information security program, internal and external investigations; third-party vendor compliance for information security, business continuity, and executive protection; and physical security for the entire corporate enterprise.
Representing the financial services industry, Elliott will help influence the strategic direction of the NTSC. “After serving as a CISO in a variety of industries and leading security teams at Fortune 500 companies, I’ve seen the effects that national cybersecurity legislation and policies can have on business,” said Elliott in a press release. “As a member of the NTSC board, I look forward to working with CISOs from a variety of backgrounds to offer my insights and engage in dialogue with policymakers on Capitol Hill.”
Elliott joined MoneyGram in April 2015 as its VP, CISO. She leads the MoneyGram Information Security team whose responsibilities include managing security risk, security governance, forensics, security awareness, identity and access management, vulnerability management, security operations, security engineering, security architecture, internal fraud, and agent victim fraud.
July 31, 2017: Bob Thibodeaux is the new CISO at DefenseStorm
DefenseStorm, a provider of co-managed cybersecurity operations for financial has hired Thibodeaux as chief information security officer (CISO) as part of an effort to accommodate the company’s rapid growth.
With more than 20 years of information security experience, Thibodeaux is an expert in managing IT, security and network operations. In his new role, Thibodeaux is responsible for overseeing incident response processes, risk management and penetration testing for community banks and credit unions across the U.S. He is also tasked with maintaining a current understanding of the threat landscape for the financial industry and translating that knowledge to identify risks and develop actionable plans to protect DefenseStorm and its customers.
Before joining DefenseStorm, Thibodeaux worked at F5 Networks as a senior security engineer, where he directed the development and management of the company’s security operations. Prior to that, he served as senior manager of IT infrastructure at The Seattle Times and as senior network engineer for InterNAP Network Services. Additionally, Thibodeaux is a Certified Information Systems Security Professional (CISSP) and Global Information Assurance Certified (GIAC) Penetration Tester.
“At DefenseStorm, we rely heavily on our sharp and talented employees. Cybersecurity is an ongoing initiative that cannot be solved indefinitely and our customers are targeted with new cyber threats constantly,” said Sean Feeney, CEO of DefenseStorm in a press release. “Having a skilled, experienced staff like Bob is vital to helping our customers address their security issues and is ultimately key to DefenseStorm’s success as a company.”
July 27, 2017: Matt Sorensen joins Secuvant as CISO, VP of risk management
Sorensen’s focus at the independent cyber security risk management and managed detection and response firm will be on bringing value to businesses through Secuvant’s Cyber-7 risk management methodology. He will lead the Secuvant cyberRPM practice. Sorensen brings 17 years of security experience, over 17 professional certifications in cyber security and 6 years as an attorney to Secuvant.
“Having someone as skilled and well respected as Matt join the Secuvant management team is nothing short of incredible,” said Ryan Layton, CEO and co-founder of Secuvant in a press release. “Matt has a very unique combination that is rare to find in cyber security, that being business, legal and technical. He has proven to many businesses and their executives that he is the go-to guy when it comes to cyber risk advisory, and now he can add the Secuvant Cyber-7 methodology that just puts client benefits over the top.”
Prior to joining Secuvant Matt was an attorney with Holland and Hart in Salt Lake City, focused on managing data breach events, overseeing incident response and investigation teams for clients and helping commercial data breach victims prepare civil claims against negligent data custodians and processors.
“Secuvant starts by helping executives understand that security is a business risk and not just a technical one,” said Sorensen in a press release. “I am excited to deliver value to our clients using the Cyber-7 process which is like nothing I’ve seen before. That is what attracted me to Secuvant. The way they help businesses address growing security threats while enabling revenue and lowering risks and costs, is unique in the marketplace.”
July 27, 2017: MCNC promotes Chris Beal to CISO, expands cybersecurity team
By appointing Beal to the CISO role and adding two new positions to its security team, MCNC expects to further develop and implement innovative cybersecurity solutions for its customers. The non-profit MCNC operates the North Carolina Research and Education Network (NCREN), which connected institutions of the University of North Carolina System, Duke University, and Wake Forest University to each other, and through advanced research networks such as Internet2 and National Lambda Rail, to the world.
Beal will also assess and monitor network vulnerabilities and risk posture, advisory services so organizations can best manage security risks and threats, and training and education opportunities to help NCREN users stay informed.
“Chris continuously demonstrates a wealth of knowledge and expertise on the latest cybersecurity issues and solutions,” said MCNCpresident and CEO Jean Davis in a press release. “His promotion as well as the addition of two team members will allow MCNC to advance upon the foundational elements we've implemented over the past two years to benefit not just our customers but all of North Carolina.”
Beal joined MCNC in 2013 as Chief Security Architect. His responsibilities have included working with customers to build MCNC's internal security and risk management programs to ensure security policies, services, and strategies meet the needs of MCNC and the NCREN user community.
“Increased reliance on digital resources means that our customers depend on us to help protect these resources,” said Beal in a press release. “At MCNC, we want to leverage our knowledge and expertise to help our customers identify and address their pressing cybersecurity challenges. We will work with our constituents to carefully research and deploy solutions that keep our collective digital environments better protected against threats and vulnerabilities.”
July 26, 2017: Capsule8 appoints former RSA chairman Art Coviello to its board of directors
Capsule8 has announced that Coviello will bring his 35-plus years of operating and management experience to the company. This coincides with Capsule8’s announcement of its beta release of its flagship product, Capsule8 Protect, a threat prevention and response platform purpose-built for cloud-native environments.
“We’re on the verge of a huge market shift as companies migrate from monolithic architectures to modern cloud-native infrastructures. And while they want to embrace new and open technologies – like containers and microservices – the security risks associated with Linux need to be addressed,” said Coviello in a press release. “Capsule8 is one of the most exciting security companies I’ve come across in recent years and I’m eager to help them achieve their full market potential.”
In 2015, Art Coviello retired as Executive Chairman of RSA, the security division of EMC. During Coviello’s two-decade career at RSA, the company evolved from its roots in authentication and encryption to being a leader in the most important emerging areas of information security, including security analytics, identity, and governance, risk and compliance (GRC).
“As we bring our product to market, it’s great to have Art – who was behind one of the greatest successes in the enterprise security market – on our team,” said John Viega, Capsule8 CEO, in a press release. “There are few people in the industry with Art’s experience, network and know how. We are thrilled that he has agreed to bring his time and talent to Capsule8.”
July 21, 2017: Phil Lea named head of security and compliance at Advanced
With the hiring of Lea, British software and services company Advanced hopes to further strengthen its leadership team to deliver technology solutions with security in mind. He will focus on customer security, security technologies and governance. This will include enhancing the tools that Advanced uses to secure its products, customers and internal IT as well as developing managed security service offerings for its hosted and IT outsourced customers.
Lea will also be responsible for coordinating security governance across Advanced and ensure the entire business is ready for future regulatory requirements including the General Data Protection Regulation (GDPR).
“Advanced has undergone what is arguably the largest transformation of any UK company at this current time,” said Lea in a press release. “Its ambition represents a unique opportunity for any senior leader, and I am thrilled to be joining the organization as it focuses on accelerating its growth. Key to this growth, as with any company, is a solid security strategy and I look forward to supporting Advanced through its next transformative phase as well as helping customers securely reimagine their own businesses.”
Lea has over 20 years’ IT and security experience at companies such as Fujitsu, Gartner and the Department for Work and Pensions. At Fujitsu, he spent over eight years as Managing Security Consultant before taking up the role of Security Practice Manager where he led the Chief Information Security Officer (CISO) and Consultancy Practices in the technology giant’s security operations team
July 19, 2017: Managed security provider MKACyber names Mark G. Hall as director, operational risk and compliance
Hall joins MKACyber, a managed security services provider (MSSP) and security consulting firm, to help its customers align their cyber defenses against identified threats and risks to their business operations and high value data and systems. He brings over 30 years of experience in information assurance and cybersecurity working for both the public and private sector.
Prior to joining MKACyber, Hall worked as an independent consultant and senior partner with the Cyber Security Consulting Group. He also served as vice president, cyber security engineering at Decisive Analytics Corporation. Hall also spent nearly 25 years in the intelligence community and later the Department of Defense (Office of the Secretary of Defense)
“Mark is a seasoned cybersecurity professional. He brings unique insights to our customers’ cyber defense requirements. His previous work on a variety of IA initiatives and programs, as well as the enforcement and compliance with policy and security protocols that he supported, made him perfect for this position,” said MKACyber found and CEO Mischel Kwon in a press release.
July 19, 2017: Proofpoint adds Capital One CISO Michael Johnson to its board of directors
Cybersecurity company Proofpoint, Inc., named Johnson as an independent director for the company effective July 18. He is currently senior vice president and chief information security officer (CISO) of Capital One Financial Corporation. Prior to this role, he served as the chief information officer for the U.S. Department of Energy overseeing cybersecurity, cyber enterprise integration, enterprise information resources management, cyber supply chain risk management and headquarters information technology operations.
“We are pleased to welcome Michael to Proofpoint’s Board of Directors,” said Eric Hahn, Proofpoint founder and chairman of the board in a press release. “He brings exceptional information security and risk management knowledge to the position that will further enhance our ability to maintain our momentum and grow market share as we protect more than fifty percent of the Fortune 100 from advanced threats and compliance risks.”
July 18, 2017: Randy James to lead ICF’s cybersecurity and resilience business
Global consulting and technology services provider ICF named James senior vice president and division lead for the company’s enterprise cybersecurity and resilience (ECR) practice. The company expects James to leverage his extensive experience in cyber consulting, engineering and operations to accelerate ICF’s current strategy of helping to protect organizations against rising cyber threats without disrupting innovation and growth.
James has over 30 years of experience in information technology, critical infrastructure protection and professional services. He most recently served as vice president of cyber at SAIC and also served as CISO at CSC Government Solutions.
“Randy is one of the nation’s most respected cybersecurity and resilience leaders and is an incredible addition to the ICF team,” said Ellen Glover, executive vice president of transformation and resilience solutions at ICF in a press release. “I look forward to working with Randy to keep our clients ahead of the curve with the best technologies, strategies and tools to address the increasing sophistication and frequency of cyber attacks.”
“I am honored to join a team that is leading the next generation of cyber defense,” said James in a press release. “I am eager to build upon the company’s extensive experience and solid foundation in solving complex cybersecurity challenges.”
July 11, 2017: Former federal CISO Gregory Touhill heads new Cyxtera division
In 2016, President Barack Obama appointed Brigadier General Gregory J. Touhill as the nation’s first federal chief information security officer (CISO). Now he brings his considerable cybersecurity experience to secure infrastructure provider Cyxtera Technologies as president of the newly formed Cyxtera Federal Group (CFG). CFG will offer Cyxtera’s data center services and cybersecurity capabilities to federal agencies and departments.
As the federal CISO, Touhill he was responsible for ensuring that the proper set of digital security policies, strategies and practices were adopted across all government agencies. “We are excited to announce the further expansion of Cyxtera’s business with the launch of Cyxtera Federal Group, and we could not have found a finer leader than Greg Touhill to head this endeavor,” said Manuel D. Medina, CEO of Cyxtera. “There is truly no one better to lead this business than Greg, who is one of our country’s premier cybersecurity experts. His experience as the first federal CISO of the United States will be invaluable to our company and our government customers.”
Touhill is expected to help CFG will support agencies across the federal government with a portfolio of secure infrastructure solutions delivered from a global footprint of data centers, including six in the Washington, D.C. metropolitan area where the division will be based.
“Cyxtera’s technology and capabilities are among the most innovative and effective in the marketplace, and it is an honor to join their world-class team,” said Touhill in a press release. “I have spent my entire professional career defending our country, and I’m looking forward to joining the private sector to help create efficient, effective and secure solutions to protect the federal government’s critical information systems, on which our citizens and institutions rely. With cyberattacks on the rise in frequency and severity, it is more important now than ever that we effectively secure our systems, networks and data.”
Touhill is a retired U.S. Air Force officer and combat veteran who served in several commands around the world including U.S. Transportation, Central, and Strategic Commands. He also led the creation of the Air Force’s cyberspace operations training programs. He is a sought-after speaker and author within the information technology industry, where he is best-known for his “Cybersecurity for Executives: A Practical Guide,” which is used widely at colleges and universities across the country.
July 11, 2017: Databricks hires David Cook as CISO to lead cloud and data security efforts
Citing rapid growth of its Unified Analytics Platform as a factor, Databricks, brought Cook on board as chief information security officer (CISO) to “evolve Databricks’ already significant investment and leadership in cloud and data security,” according to a press release.
Prior to joining Databricks, Cook served as the chief security officer (CSO) for Jive Software, where he was responsible for Jive's physical and logical security of personnel, physical assets and information assets, including IT, product, and cloud, leading Jive's corporate security strategy and programs. In addition to being Jive’s CSO, Cook ran Technical Operations for Jive’s Cloud platform. Before Jive, Cook held a director of security roles at Blue Coat Systems and Jasper Wireless where he ran the organization’s corporate and product security programs.
“The opportunity to join Databricks, already a leader in cloud and data security, and to be a part of an innovative and talented team was a no brainer,” said Cook in a press release. “It’s not only an incredible opportunity, but now my responsibility to build a security platform that will be the gold standard for enterprise cloud security.”
June 29, 2017: Yassir Abousselham named CSO for identity solution provider Okta
A former Google executive, Abousselham brings nearly 20 years of experience leading security teams to Okta. Most recently, he was the CISO for SoFi, where he built the company's information security and privacy program. Abousselham will report directly to Okta's CEO, Todd McKinnon.
Abousselham will be responsible for setting and meeting security standards for both Okta and its products. “Security is increasingly top of mind for organizations around the globe. We’ve always been committed to achieving the highest level of security standards for both our business and our customers,” said McKinnon in a press release. “We needed an experienced security executive with a successful track record of building security teams, driving secure product development, managing technology risk and achieving regulatory compliance to lead that initiative. Yassir fits that bill exactly.”
“Businesses are under attack like never before and such attacks will only continue to intensify in sophistication and regularity. As organizations everywhere continue to move to the cloud and adopt best-of-breed technologies, traditional security tools aren't able to address the mounting security challenges that they demand. The Okta Identity Cloud not only enables customers to seamlessly access technology, but solve their toughest security and access challenges,” said Abousselham in a press release.
June 26, 2017: Shipbuilder HII hires Ron A. Davis as its first CISO
Huntington Ingalls Industries (HII), the largest military shipbuilder in the U.S., has tasked Davis with responsibility for ensuring the early identification of threats and risks and the implementation of controls and other processes and methods to protect information systems for the entire HII enterprise.
“Cybersecurity is a top priority for HII,” said Chris Kastner, executive vice president, business management, and chief financial officer, in a press release. “Our information systems must remain secure to not only protect our business, but to protect information vital to our nation’s defense. We look forward to Ron joining our team and putting his extensive cyber experience to work in this very important role.”
Davis joins HII after serving as CISO for Vencore since 2015. He has also held several positions at BAE Systems, including director of global cybersecurity program integration and director of global cybersecurity operations. In a contracting capacity, Davis served as senior lead information systems security engineer at the Defense Logistics Agency headquarters and the Department of Homeland Security. He has an extensive background in cybersecurity policy and procedure development, security architecture, security risk management, cyber threat management, and incident response.
June 26, 2017: Prevalent appoints healthcare security expert Dr. Kevin Charest to board of directors
Ensuring security across all the connected digital players in the healthcare ecosystem p resents enormous challenges. To help meet those challenges, third-party risk management solution provider Prevalent, Inc., has added Dr. Charest to its board of directors. He brings 25 years of healthcare cybersecurity expertise, including managing global defense and IT security at the nation's largest private and public healthcare organizations.
"We're very pleased to have Kevin join our board and share his experience and insights with the Prevalent team," said Jonathan Dambrot, CEO, Prevalent, in a press release. "Kevin possesses a unique understanding of both the business and technical issues driving third-party risk management across the diverse healthcare ecosystem. His leadership in global security and his vision and passion for protecting personal data will be invaluable to Prevalent and our customers as we move towards the next stage of managing third and fourth party risk."
"The healthcare ecosystem comprises more than 480,000 interconnected entities of all sizes and maturity, but they all share the same significant challenge of managing Nth party risk. Prevalent's broad capabilities and experience in this space gives them a unique opportunity to address this problem. I look forward to sharing my perspective and expertise to help Prevalent advance their delivery for the healthcare market and beyond," said Dr. Charest in a press release.
Dr. Charest has held roles in both the public and private healthcare sector, including leading global cyber defense operations for UnitedHealth Group. He also served as the CISO for the Department of Health and Services (HHS). Dr. Charest is currently the board secretary for (ISC)², an international nonprofit cybersecurity membership association best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification.
June 26, 2017: Idaho Independent Bank hires Wade Griffith in dual operations/CISO role
The bank hired Griffith as senior vice president of operations, but he will also serve as its CISO, according to a press release. Griffith has nearly 39 years of experience in bank operations, technology and risk management. He will lead IIB’s operations, project and applications management. Griffith graduated with a bachelor’s degree in Business Administration from the College of Idaho and is a graduate of the Northwest Intermediate Banking School and School of Bank Marketing.
June 20, 2017: SaaS analytics platform provider Looker appoints Ryan Gurney as CSO
Gurney is expected to lead Looker Data Sciences' security and compliance initiatives around its data platform solution. He will develop and execute a security and compliance roadmap for current and future products, as well as implement company-wide governance policies and procedures.
“Security has always been a priority at Looker,” said Frank Bien, CEO of Looker, in a press release. “Now with our regional expansion and growing presence in the enterprise we need to ensure our security programs scale appropriately. We are thrilled to have Ryan bring his years of experience to Looker and lead the advancement of our security initiatives.”
Prior to Looker, Ryan managed security and compliance functions as vice president of security at Zendesk and director of IT for Engine Yard. Previously, he managed a security engineering team at eBay.
“Looker provides a feature rich platform empowering our customers to understand their data,” said Gurney in a press release. “In providing a hosted cloud environment, I recognize that building and maintaining customer trust is paramount. I am excited to join Looker to ensure that we exceed our customer’s security needs, and to find innovative ways to utilize the Looker application to augment our own internal security capabilities.”
June 16, 2017: Ex-VMware exec Sandra Crosswell becomes SonicWall's first CSO
Data breach detection and prevention solution provider SonicWall hired Crosswell as its first chief security officer (CSO). Prior to SonicWall, Crosswell was a senior manager at VMware, leading the InfoSec red team. Shel has more than 25 years of experience in program management for Fortune 500 companies. Her portfolio includes large M&A IT and application migrations, data center builds and consolidations, as well as leading security teams and compliance programs for the technology sector. Crosswell won an MVP award for her work at HP and was a SANS “Ones to Watch in Cybersecurity” winner in 2016.
June 5, 2017: Dr. Malcolm Shore joins Huawei Technologies (Australia) as its cyber security officer
Dr. Shore has had a long career in information systems and security. After retiring as the Assistant Director Information Systems in Defence Headquarters for the Royal New Zealand Air Force, he joined the Government Communications Security Bureau taking responsibility for New Zealand's national information systems security.
He has also held two Head of Security roles in the telecommunications sector, at Telecom New Zealand and the Australian National Broadband Network (NBN) company. Across these roles he managed all aspects of physical security, information security, and privacy and delivered Sarbanes Oxley and Protective Security Policy Framework compliance.
"Dr. Shore is well respected in the information security sector and has a strong understanding of our products and people," said John Lord AM, chairman of Huawei Australia, in a press release. "We are delighted to have him lead on cyber security in Australia."