New US CISO appointments, January 2021

Keep up with news of CSO, CISO and other senior security executive appointments.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Page 3
Page 3 of 24

June 21, 2019: David Scholefield joins Flexys Solutions as CISO

Scholefield has vast experience working across diverse information security sectors including banking, pharmaceuticals and retail. With a history of both hands-on security assurance and risk and compliance management for organisations as diverse as Boots, ABN Amro, Lotus Cars, CSC, Vodafone and Toshiba. He brings decades of practical information security experience to bear on his role at Flexys, which provides a collections platform based on microservices architecture.

“Flexys offers a unique blend of service innovation and process maturity which lends itself to agility in its products whilst maintaining the highest level of security assurance,” said Scholefield in a press release. “As an infosec professional, I’m looking forward to exceeding our customers’ security expectations on the journey ahead.”

“From the inception of the business we have designed-in a secure approach to everything we do,” said Jon Hickman, CEO, in a press release. “This means information security is front and centre of all our collections solutions and a core part of Flexys company culture.”

June 18, 2019: Respond Software announces Brett Wahlin as VP of security and trust

Wahlin has nearly 30 years of operational experience leading enterprise security architecture, policy, operations and development. He comes to Respond Software, a leader in robotic decision automation, having served as a CISO and CSO for a variety of organizations, including Hewlett Packard, Sony Network Entertainment, Staples, McAfee and Los Alamos Laboratory. With personal experience in the evolution of the CISO, Brett will work closely with customers to realize how they can apply automation to transform the role of the security analyst and their security operations.

June 17, 2019: Aryaka Names Edward Frye as CISO

Frye, who previously served as head of security at Elementum SCM, Inc., will assume company-wide leadership of managed SD-WAN provider Aryaka’s information security program as well as collaborate with the industry to share best practices on information security. 

"Edward is a seasoned and trusted leader who possesses the talent and skillset needed to maintain our industry-leading security practices,” said Ashwath Nagaraj, co-founder and CTO of Aryaka, in a press release. “Edward’s experience and reputation as a hands-on security leader for a number of leading North American enterprises will allow us to build a best-in-class security strategy that reinforces Aryaka as the trusted leader in managed SD-WAN.” 

"Aryaka’s security strategy is compelling, and I’m confident that we can turn the current program into one that’s recognized on a global scale,” said Frye in a press release. “Aryaka is enjoying increased adoption throughout the world, and I’m excited to be joining at such a critical moment in the company’s growth.”

Frye is an information security leader with over 20 years of experience establishing cross-functional, practical security approaches. Prior to joining Aryaka, Frye was head of security at Elementum SCM, Inc.

June 17, 2019: Dr. Chris Bernard named CISO at the University of Connecticut

Bernard comes from Bucknell University where he has served as CISO for the past three years. Prior to Bucknell, he spent eight years overseeing infrastructure teams at Miami University in Oxford, OH, on areas of enterprise IT that include network engineering, telecommunications, security engineering, field services, classroom services and data centers. At Miami University, he also taught courses in computer programming and gaming. In addition to extensive experience in higher education, his background includes corporate positions in banking and finance, manufacturing, healthcare and consulting.  Chris holds a number of IT security certifications and multiple advanced degrees.

June 13, 2019: Deborah Golden will lead U.S. Cyber Practice for Deloitte’s Risk and Financial Advisory

A respected authority on cyber issues to boards, industries and organizations, Golden specializes in collaborating with clients on cybersecurity, technology transformation, and privacy and governance solutions. She has held many leadership roles within Deloitte and for the past five years, Golden served as the government and public services (GPS) cyber leader, the GPS advisory market offering leader, and the GPS empowered well-being leader. Golden brings more than 25 years of experience pertaining to information technology spanning numerous industries with an in-depth focus on government and public services, life sciences and health care, and financial services.

“Cybersecurity is a top-of-mind strategic business issue for both boards and management across industry and government. Deloitte Risk and Financial Advisory’s Cyber Practice helps organizations not only protect themselves from cyber-attacks, but also utilize a cyber strategy as a source of competitive advantage,” said John Peirson, CEO for Deloitte Risk and Financial Advisory and principal Deloitte & Touche LLP, in a press release. “Deborah brings valued experience, perspective, and leadership to our practice and clients in navigating the complexity of a cyber everywhere reality.”

“I’m thrilled to take the reins of the largest and fastest growing cyber practice. We are at the forefront of helping clients to navigate the complexity around issues such as interconnectivity, data governance as both an asset and a liability, the shifting threat landscape and the future of detection and response — while at the same time managing enterprise risk and addressing the burgeoning cyber talent gap,” said Golden in a press release.

June 13, 2019: Michael Leigh will lead Grassi & Co.’s Cyber and Information Security practice (CIS) 

Leigh brings an approach in addressing cybersecurity risks for clients focuses on reducing their value-at-risk and the potential impact that threat has on their businesses. By bridging the gap between the executives and practitioners of an organization, he addresses cyber risk by focusing on empowering his clients to approach their security strategy from a business standpoint, not just a technical one.

Leigh has participated in the National Security Administration’s Red Team/Blue Team Conference, the Silicon Valley ISACA, and the Triangle InfoSeCon. He has held the position of global head of digital forensics and incident response for NCC Group, an international security consulting firm, and has held senior leadership positions in information security for major technology providers, including Cisco Systems and Oracle Corporation.

“By bringing someone with Michael’s expertise to the firm, we are able to save our clients from security risks that could have a catastrophic impact on their financials, their reputations, and those of the clients they serve,” said Louis C. Grassi, CEO of Grassi, in a press release. “With data being the core of nearly every business decision made today, this role is one of the most vital as we help navigate our clients in the direction of success they desire.”

“I look forward to bringing my expertise to the clients at Grassi & Co.,” said Leigh in a press release. “By identifying clients’ value-at-risk, I am able to bring to light the risks that are most important to their businesses and build protections around these assets. My approach results in saving the client precious time, effort and money—not to mention many sleepless nights and headaches.”

June 11, 2019: Bank Leumi USA appoints Carl Nelor CISO

Nelor heads the bank’s information security team and is responsible for leading the execution and ongoing development of its information and cyber security programs. He reports to Martin Droney, EVP and CIO.

He joins Bank Leumi USA after a decade at Société Générale, where he most recently served as CISO for the Americas region. He has extensive experience in information and IT risk reduction, fraud prevention, data and reputation protection, management consulting and profit center management. Over the course of his career, he has designed and implemented more than 20 cyber security projects and programs across 100-plus global systems in order to strengthen the cyber resiliency of the respective firms.

“Carl is an experienced leader who has built agile, risk-oriented and business-focused cyber security systems from the ground up,” said Droney in a press release. “Well versed in both the regulatory environment and the rapidly evolving information security space, he is a key asset in protecting our business and our clients.”

June 5, 2019: Jim Routh moves to MassMutual as head of enterprise information risk management

Routh will drive a holistic information risk management approach across the company, with a focus on managing cybersecurity risks, ensuring all cybersecurity-related regulatory and compliance requirements are met, and overseeing the safeguarding of MassMutual’s information assets. 

jim routh MassMutual

Jim Routh, MassMutual head of enterprise information risk management

Routh is a well-known visionary and recognized leader in the cybersecurity industry who brings a wealth of knowledge and experience, and a demonstrated track record for delivering security capabilities that drive business results. Most recently, he served as CISO for CVS Health, where he led the security integration for CVS Health in the acquisition of Aetna and developed a three-year plan for achieving enterprise level resilience. Prior to that, Routh served as CISO for Aetna, global head of application and mobile security at JP Morgan Chase and CISO at KPMG, the Depository Trust & Clearing Corp. and American Express.

"Jim’s reputation as a thoughtful and innovative leader who builds exceptional and diverse teams will be invaluable as we work to establish and drive MassMutual’s vision for all of our technology and digital efforts,” said Gareth Ross, head of MassMutual's Enterprise Technology and Experience group, in a press release. 

June 3, 2019: NIU names Fred Williams CISO

Williams will ensure that the Northern Illinois University (NIU) community can engage in academic activities and conduct business affairs safely over its online and internal networks. 

“Our students, faculty and staff come to campus with more connected technology than ever before,” Williams said in a press release. “Many of them use three or four devices every day so it’s the Division of Information Technology’s (DoIT) responsibility to make sure they can navigate NIU’s network and access WiFi in a secure fashion.”

Williams has worked at the NIU DoIT for the past 20 years, primarily focusing on the institution’s technology infrastructure and networks. Recently, he led the charge in launching multi-factor authentication (MFA) for students in 2017, and faculty and staff just last month.

CIO Matthew Parks said in a press release the university has seen a reduction in exposure to data and information breaches caused by email phishing attacks, thanks to MFA. He says Williams’ leadership in that effort was vital. “Fred is one of the most proficient DoIT professionals on campus. He has a vision for leveraging best practices to protect the university’s digital information.” Parks said. “He is vigilant in his efforts to protect our systems and will be a great asset as we work to implement additional layers of protection.”

May 29, 2019: ServerCentral Turing Group hires Thomas Johnson as CISO

In recognition of the increased financial, legal, regulatory and operational risks facing companies as they undergo digital transformation, ServerCentral Turing Group (SCTG), a managed IT infrastructure service provider, has named compliance and information security veteran Thomas Johnson as CISO.

Johnson brings 25 years of experience with helping Fortune 500 companies in the highly regulated healthcare, banking, government and manufacturing industries manage disaster recovery, business continuity, data protection, security products and risk management projects.

“Cybersecurity risks have always existed and have been a priority for us, which is why we’re excited to appoint a Chief Information Security Officer to lead these efforts,” said Daniel Brosk, COO at SCTG, in a press release. “As our customers become more aware of the increased risks and regulations they face as they transform their businesses, SCTG is well positioned to guide our clients through their governance and cybersecurity initiatives.”

Johnson also serves an adjunct professor at the Illinois Institute of Technology in its Cybersecurity and Digital Forensics department. Prior to SCTG, he was a security consultant at Peters and Associates, where he served as CISO for various companies in the healthcare, banking, government and manufacturing sectors. Johnson has also served as CKISO at Metropolitan Bank Group, which is now Byline Bank.

May 28, 2019: Gary Owen moves to Wells Fargo as CISO

Owen joins the company’s Technology organization and repors directly to Saul Van Beurden, head of Technology. He will be responsible for maintaining and enhancing Wells Fargo’s comprehensive risk and information security framework. Owen will lead information security strategy and governance, identity and access management, security engineering, line-of-business engagement and cyber defense and monitoring.

gary owen wells fargo Wells Fargo

Gary Owen, Wells Fargo CISO

With nearly 30 years of experience working in risk and technology roles, Owen was most recently CISO at WarnerMedia, formerly Time Warner, where he was responsible for global information security strategy, technology risk management, information protection and compliance. Previously, he developed and led the Cybersecurity and Technology Risk Practice at Promontory Financial Group and held executive roles in information security with Goldman Sachs & Co. and Citigroup, where he led global threat management, incident response and cyber intelligence.

Owen is a previous chairman and vice chairman of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and is active with the Securities Industry and Financial Markets Association (SIFMA), Real Estate Cyber Consortium and Media Information Security Sharing Forum. In coordination with industry peers, he also works regularly with U.S. agencies on issues such as critical infrastructure protection and information sharing in coordination with industry peers.

May 28, 2019: AXIS Names Kelly Isikoff CISO

Isikoff will oversee enterprise-wide information security strategies, as well as partner with the company’s business segments and its Global Cyber and Technology unit to provide strategic counsel to its clients and distribution partners. She will report to Global CIO Keith Schlosser and will be based in the company’s New York office.

“Kelly brings experience leading information security strategies for world-class organizations spanning multiple sectors. I expect that both our colleagues and customers will benefit from Kelly’s deep expertise, which spans technology risk management, information protection and security assurance, among other areas,” said Schlosser in a press release.

Prior to joining AXIS, Ms. Isikoff spent two-and-a-half years at RenaissanceRe, where she served as the firm’s CISO. Previously, she served as executive director, CISO, at JP Morgan Asset Management. Before that, Ms. Isikoff spent more than 10 years at Citigroup, where she rose to the position of senior vice president, security technology.

May 29, 2019: Donald “Clay” Carter joins Xylem as senior director, product cybersecurity

Carter will be responsible for developing and leading a product security program to align cybersecurity services with the application and embedded system development teams who are creating products, services and solutions across Xylem’s global brands and businesses. This includes defining processes, standards, solutions stack, and services as well as identifying gaps in capabilities and making recommendations for continuous improvement.

Carter has more 12 years of security systems engineering experience across several technology and security domains in the financial and technology industries. Most recently, he served as senior director, product security engineering at General Electric (GE), where he built security software products, designed secure enclave environments, and led several agile development teams. He also played a key role in providing consultative services on multiple acquisitions and divestitures across the GE portfolio. 

Carter holds a Bachelor of Science in Computer Engineering and a Master of Engineering in Systems Engineering, from the University of Virginia. He also holds two designations as a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).

May 20, 2019: HaystackID promotes John Wilson to CISO, Sergio Garcia to VP of forensics

In this newly created role, Wilson will be responsible for extending the ediscovery services firm’s information security program to support international expansion and infrastructure investments concentrated on data security and privacy, technology optimization and continuity and legal and regulatory compliance. In conjunction with this appointment, computer forensics expert Sergio Garcia has been promoted within HaystackID to vice president of Forensics. Garcia will assume leadership of the company’s Forensics First Practice from Wilson.

An internationally recognized digital evidence expert, Wilson joined HaystackID in 2018 as president of forensics and brings more than two decades of cybersecurity, computer forensics and information technology experience to the CISO role.

“The growth and internationalization of our business warrants a dedicated and expert focus on information security,” said Hal Brooks, CEO of HaystackID, in a press release. “John’s expertise will be of immediate value to our customers, and we are excited to have him leading our information security efforts.”

An industry acknowledged eDiscovery technology expert with extensive forensics expertise, Garcia joined HaystackID in 2018 as a senior forensics consultant. He will lead HaystackID’s efforts to help customers ensure defensible practices related to computer forensics, records management, eDiscovery and information governance. He will also be a primary expert for HaystackID’s Forensics First Practice.

“Sergio’s impressive skills in driving the Forensics First support of our customers will continue to be an invaluable asset for HaystackID as we expand and deepen our commitment to providing customers the best computer forensics and investigation technology and talent available,” said Wilson in a press release. “His proven performance in planning, organizing, conducting, and managing complex audits and investigations will be of great and immediate value to customers in his expanded role as vice president of forensics.”

May 8, 2019: Fermin Serna hired as Semmle’s first CSO

Serna will be responsible for building a security research team focused on securing open source software. He will also lead product security across all of Semmle, which provides a code analysis platform for securing software. He joins the company after more than seven years at Google, where he most recently served as head of product security. Prior to Google, Serna spent over four years at Microsoft after co-founding and serving as CTO of Next Generation Security S.L.

Serna is an accomplished security researcher credited with multiple high-impact CVE disclosures, including a Pwnie Award for Best Client-Side Bug.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Page 3
Page 3 of 24
Subscribe today! Get the best in cybersecurity, delivered to your inbox.