Security executives on the move and in the news

Find up-to-date news of CSO, CISO and other senior security executive appointments.

New CSO, CISO appointments
metamorworks / Getty Images

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.

CSO’s Movers & Shakers is where you can keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.

June 5, 2019: Jim Routh moves to MassMutual as head of enterprise information risk management

Routh will drive a holistic information risk management approach across the company, with a focus on managing cybersecurity risks, ensuring all cybersecurity-related regulatory and compliance requirements are met, and overseeing the safeguarding of MassMutual’s information assets. 

jim routh MassMutual

Jim Routh, MassMutual head of enterprise information risk management

Routh is a well-known visionary and recognized leader in the cybersecurity industry who brings a wealth of knowledge and experience, and a demonstrated track record for delivering security capabilities that drive business results. Most recently, he served as CISO for CVS Health, where he led the security integration for CVS Health in the acquisition of Aetna and developed a three-year plan for achieving enterprise level resilience. Prior to that, Routh served as CISO for Aetna, global head of application and mobile security at JP Morgan Chase and CISO at KPMG, the Depository Trust & Clearing Corp. and American Express.

"Jim’s reputation as a thoughtful and innovative leader who builds exceptional and diverse teams will be invaluable as we work to establish and drive MassMutual’s vision for all of our technology and digital efforts,” said Gareth Ross, head of MassMutual's Enterprise Technology and Experience group, in a press release. 

June 3, 2019: NIU names Fred Williams CISO

Williams will ensure that the Northern Illinois University (NIU) community can engage in academic activities and conduct business affairs safely over its online and internal networks. 

“Our students, faculty and staff come to campus with more connected technology than ever before,” Williams said in a press release. “Many of them use three or four devices every day so it’s the Division of Information Technology’s (DoIT) responsibility to make sure they can navigate NIU’s network and access WiFi in a secure fashion.”

Williams has worked at the NIU DoIT for the past 20 years, primarily focusing on the institution’s technology infrastructure and networks. Recently, he led the charge in launching multi-factor authentication (MFA) for students in 2017, and faculty and staff just last month.

CIO Matthew Parks said in a press release the university has seen a reduction in exposure to data and information breaches caused by email phishing attacks, thanks to MFA. He says Williams’ leadership in that effort was vital. “Fred is one of the most proficient DoIT professionals on campus. He has a vision for leveraging best practices to protect the university’s digital information.” Parks said. “He is vigilant in his efforts to protect our systems and will be a great asset as we work to implement additional layers of protection.”

May 29, 2019: ServerCentral Turing Group hires Thomas Johnson as CISO

In recognition of the increased financial, legal, regulatory and operational risks facing companies as they undergo digital transformation, ServerCentral Turing Group (SCTG), a managed IT infrastructure service provider, has named compliance and information security veteran Thomas Johnson as CISO.

Johnson brings 25 years of experience with helping Fortune 500 companies in the highly regulated healthcare, banking, government and manufacturing industries manage disaster recovery, business continuity, data protection, security products and risk management projects.

“Cybersecurity risks have always existed and have been a priority for us, which is why we’re excited to appoint a Chief Information Security Officer to lead these efforts,” said Daniel Brosk, COO at SCTG, in a press release. “As our customers become more aware of the increased risks and regulations they face as they transform their businesses, SCTG is well positioned to guide our clients through their governance and cybersecurity initiatives.”

Johnson also serves an adjunct professor at the Illinois Institute of Technology in its Cybersecurity and Digital Forensics department. Prior to SCTG, he was a security consultant at Peters and Associates, where he served as CISO for various companies in the healthcare, banking, government and manufacturing sectors. Johnson has also served as CKISO at Metropolitan Bank Group, which is now Byline Bank.

May 28, 2019: Gary Owen moves to Wells Fargo as CISO

Owen joins the company’s Technology organization and repors directly to Saul Van Beurden, head of Technology. He will be responsible for maintaining and enhancing Wells Fargo’s comprehensive risk and information security framework. Owen will lead information security strategy and governance, identity and access management, security engineering, line-of-business engagement and cyber defense and monitoring.

gary owen wells fargo Wells Fargo

Gary Owen, Wells Fargo CISO

With nearly 30 years of experience working in risk and technology roles, Owen was most recently CISO at WarnerMedia, formerly Time Warner, where he was responsible for global information security strategy, technology risk management, information protection and compliance. Previously, he developed and led the Cybersecurity and Technology Risk Practice at Promontory Financial Group and held executive roles in information security with Goldman Sachs & Co. and Citigroup, where he led global threat management, incident response and cyber intelligence.

Owen is a previous chairman and vice chairman of the Financial Services Information Sharing and Analysis Center (FS-ISAC) and is active with the Securities Industry and Financial Markets Association (SIFMA), Real Estate Cyber Consortium and Media Information Security Sharing Forum. In coordination with industry peers, he also works regularly with U.S. agencies on issues such as critical infrastructure protection and information sharing in coordination with industry peers.

May 28, 2019: AXIS Names Kelly Isikoff CISO

Isikoff will oversee enterprise-wide information security strategies, as well as partner with the company’s business segments and its Global Cyber and Technology unit to provide strategic counsel to its clients and distribution partners. She will report to Global CIO Keith Schlosser and will be based in the company’s New York office.

“Kelly brings experience leading information security strategies for world-class organizations spanning multiple sectors. I expect that both our colleagues and customers will benefit from Kelly’s deep expertise, which spans technology risk management, information protection and security assurance, among other areas,” said Schlosser in a press release.

Prior to joining AXIS, Ms. Isikoff spent two-and-a-half years at RenaissanceRe, where she served as the firm’s CISO. Previously, she served as executive director, CISO, at JP Morgan Asset Management. Before that, Ms. Isikoff spent more than 10 years at Citigroup, where she rose to the position of senior vice president, security technology.

May 29, 2019: Donald “Clay” Carter joins Xylem as senior director, product cybersecurity

Carter will be responsible for developing and leading a product security program to align cybersecurity services with the application and embedded system development teams who are creating products, services and solutions across Xylem’s global brands and businesses. This includes defining processes, standards, solutions stack, and services as well as identifying gaps in capabilities and making recommendations for continuous improvement.

Carter has more 12 years of security systems engineering experience across several technology and security domains in the financial and technology industries. Most recently, he served as senior director, product security engineering at General Electric (GE), where he built security software products, designed secure enclave environments, and led several agile development teams. He also played a key role in providing consultative services on multiple acquisitions and divestitures across the GE portfolio. 

Carter holds a Bachelor of Science in Computer Engineering and a Master of Engineering in Systems Engineering, from the University of Virginia. He also holds two designations as a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).

May 20, 2019: HaystackID promotes John Wilson to CISO, Sergio Garcia to VP of forensics

In this newly created role, Wilson will be responsible for extending the ediscovery services firm’s information security program to support international expansion and infrastructure investments concentrated on data security and privacy, technology optimization and continuity and legal and regulatory compliance. In conjunction with this appointment, computer forensics expert Sergio Garcia has been promoted within HaystackID to vice president of Forensics. Garcia will assume leadership of the company’s Forensics First Practice from Wilson.

An internationally recognized digital evidence expert, Wilson joined HaystackID in 2018 as president of forensics and brings more than two decades of cybersecurity, computer forensics and information technology experience to the CISO role.

“The growth and internationalization of our business warrants a dedicated and expert focus on information security,” said Hal Brooks, CEO of HaystackID, in a press release. “John’s expertise will be of immediate value to our customers, and we are excited to have him leading our information security efforts.”

An industry acknowledged eDiscovery technology expert with extensive forensics expertise, Garcia joined HaystackID in 2018 as a senior forensics consultant. He will lead HaystackID’s efforts to help customers ensure defensible practices related to computer forensics, records management, eDiscovery and information governance. He will also be a primary expert for HaystackID’s Forensics First Practice.

“Sergio’s impressive skills in driving the Forensics First support of our customers will continue to be an invaluable asset for HaystackID as we expand and deepen our commitment to providing customers the best computer forensics and investigation technology and talent available,” said Wilson in a press release. “His proven performance in planning, organizing, conducting, and managing complex audits and investigations will be of great and immediate value to customers in his expanded role as vice president of forensics.”

May 8, 2019: Fermin Serna hired as Semmle’s first CSO

Serna will be responsible for building a security research team focused on securing open source software. He will also lead product security across all of Semmle, which provides a code analysis platform for securing software. He joins the company after more than seven years at Google, where he most recently served as head of product security. Prior to Google, Serna spent over four years at Microsoft after co-founding and serving as CTO of Next Generation Security S.L.

Serna is an accomplished security researcher credited with multiple high-impact CVE disclosures, including a Pwnie Award for Best Client-Side Bug.

 “Open source is foundational to many organizations’ code, making their software even more vulnerable,” said Semmle CEO Oege de Moor in a press release. “Fermín shares our belief that security is a shared responsibility, and he is the best person to lead our efforts to secure all open source, not only for Semmle, but for the industry.”

“The elephant in the room is open-source security,” said Serna. “Open source plays a critical role in product innovation, but it also presents unique vulnerabilities that CISOs are only just beginning to understand. I am impressed by Semmle’s unique approach to tackling this problem, and look forward to having a more significant impact on the future of product security.”

May 8, 2019: 8x8 hires Michael Armer as VP and CISO

Armer brings over 20 years of cybersecurity and information technology leadership experience to 8x8, a cloud provider of voice, video, chat and contact center solutions, in areas of data privacy, intellectual property protection, risk management and corporate cyber governance. He was most recently VP and CISO at Barrick Gold Corporation and prior to that served as the head of information security for Lam Research Corporation.

In his global role, Armer is responsible for 8x8’s corporate-wide information security management activities, including compliance, strategic planning, governance, and controls. This includes identifying, evaluating, and reporting on 8x8’s overall security performance and posture in connection with regulatory requirements, industry best practices and threat landscape.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Page 1
Page 1 of 22
FREE Download: Get the Spring 2019 digital issue of CSO magazine today!