Security executives on the move and in the news

Share on facebook
Share on twitter
Share on linkedin

Source: CSO Magazine On:

Read On

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.

CSO’s Movers & Shakers is where you can keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.

March 12, 2019: RealWear hires Patrick Neise as its first CISO

Highly regarded in the information security field, Neise most recently served as a cybersecurity professional at Johns Hopkins Applied Physics Laboratory (APL) and a defense consulting firm. He has consulted for a variety of top defense and private sector companies on digital strategy, information security and penetration testing. Prior to APL, he served as the red team mission director in support of Department of Defense and U.S. government security efforts and the initial development efforts for U.S. Cyber Command’s cyber protection teams.

“Data protection is a fundamental requirement for every industrial customer working to create a safer and more productive connected workforce,” said Andy Lowery, cofounder and CEO of RealWear, in a press release. “We are thrilled to have Patrick on board as our first CISO. We will continue to build security and data protection into everything we do.”

“This is a chance of a lifetime to be a part of a movement to safely and securely connect every worker to the digital information they need at the right time and at the right place,” said Neise in a press release. 

March 6, 2019: Darren Cook is Effectual’s new CSO

Cook will lead the security practice at professional services consultancy Effectual and provide clients with guidance on managing business risk through the alignment of security with business objectives. He brings over 18 years of experience as a security risk management professional. Most recently, he held the role of director of information security at Datapipe, where he built global security operations from the ground up and led a multi-disciplined, cross-functional security team. Cook was also instrumental in the creation of the company’s enterprise-wide security program and building a multi-cloud, multi-million-dollar managed security service provider (MSSP) business.

“Traditional approaches to security are no longer adequate for the cloud,” said Cook in a press release. “Security programs must evolve to mitigate risk associated with an elastic attack surface and meet the demands imposed by today’s data privacy and security regulations.”

One of the industry’s first qualified Payment Card Industry Security Standards Council (PCI SSC) internal security assessors, Cook has a proven record of security and compliance expertise. He worked directly with qualified security assessors to certify Datapipe as a PCI level one service provider for 13 consecutive years.

“Security is job one for any cloud transformation initiative. We built Effectual on the premise of empowering our clients to move to the cloud with confidence,” said Effectual CEO Robb Allen in a press release. “Darren’s hands-on technical expertise, cybersecurity knowledge and business acumen are a perfect fit for our vision and drive to provide successful business outcomes.”

March 4, 2019: Silicon Labs announces Sharon Hagi as CSO

Hagi will oversee the cybersecurity strategies and best practices for delivering security technologies at the company’s IoT hardware and software portfolio. He also joins Silicon Labs’ corporate strategy team in his newly created role.

sharon hagiSilicon Labs

Sharon Hagi, Silicon Labs CSO

“We are delighted to welcome Sharon as Silicon Labs’ first chief security officer,” said Daniel Cooley, chief strategy officer at Silicon Labs, in a press release. “Sharon brings 20 years of experience in the cybersecurity industry as a security architect and strategist. His knowledge and expertise will be invaluable in this strategic new role as we deliver connectivity solutions that enhance security and trust in the IoT.”

Prior to joining Silicon Labs, Hagi served as vice president of security at Ethoca, a leading global provider of collaboration-based technology that enables card-issuing financial institutions, ecommerce merchants and online businesses to tackle issues involving fraud, chargebacks and disputes. He was also chief technology strategist at IBM Security where he developed security solutions and products addressing infrastructure, cloud and mobile.

“Enabling more companies to focus on security and privacy is important to the growth of the IoT market,” said Hagi in a press release. “I am thrilled to join Silicon Labs and have the opportunity to work with a phenomenal global team to innovate and deliver state-of-the-art integrated security, ensuring connected devices and services are secure and safe for customers and end users, from silicon to cloud.”

March 4, 2019: EVOTEK appoints Matt Shufeldt as CISO/executive advisor for the Denver market

Shufeldt will lead the cybersecurity expansion of EVOTEK into the Denver market. “Cyber threats are of the most important risks our customers must consider and protect against to ensure the longevity of their business,” said Jeff Klenner, EVOTEK president, in a press release. “We have been deliberate on how we have selected the CISO/Executive Advisors to join our team. I am excited to have Matt lead our efforts to drive security posture improvement in Denver.”

matt shufeldtEVOTEK

Matt Shufeldt, EVOTEK CISO/executive advisor

With over 25 years in technology and as a multi-industry CISO, Shufeldt brings decades of practical experience building and operating security programs. He formerly served as a CISO at both Cognizant Healthcare and Sports Authority. He was the inaugural winner of the CTA APEX CISO of the Year award in 2017 and is a board member for the Denver OWASP chapter.

“Denver’s security community is one of the healthiest, most driven and collaborative in the country,” said Shufeldt in a press release. “Denver’s clients are smart, driven and forward looking. EVOTEK has the right approach to create lasting customer relationships built on expertise, trust and successful outcomes.”

March 1, 2019: City of Boston names Greg McCarthy as CISO

Mayor Martin J. Walsh announced the appointment of McCarthy as the city’s first CISO. He will lead the Cybersecurity Team within the Department of Innovation and Technology. This appointment elevates the role previously held by McCarthy and marks a commitment to strengthening efforts to protect the City of Boston’s technology platforms and data from cyber threats.

greg mccarthy boston headshotCity of Boston

Greg McCarthy, City of Boston CISO

Since joining the City of Boston’s Cybersecurity Team in 2010, McCarthy has managed the implementation of numerous information security solutions and helped develop the city’s first cybersecurity awareness program for employees. In this role, McCarthy will continue to lead efforts to strengthen the cybersecurity capabilities across the city and further the team’s mission through modernizing technology, partnerships and regular training.  

“Cybersecurity is something we clearly have to take seriously, and there are always new challenges ahead; a humbling reminder that our work in this field is never done,” said McCarthy in a press release. “It is an honor to be in this position for the City of Boston, and to have the opportunity to lead the city into a new chapter of maturity in how we protect our systems, data, and constituents.”

Prior to joining the City, McCarthy spent five years as a principal research technician at the Rhode Island Department of Corrections. He holds an undergraduate degree in Criminal Justice and a graduate degree in Information Assurance, both from Northeastern University. He has also earned a Certified Information Security Manager (CISM) certification from ISACA, graduate certification in Project Management from Boston University, and a Project Management Professional (PMP) certification from the Project Management Institute.

February 21, 2019: Cindi Carter joins MedeAnalytics as CSO

Carter will oversee global enterprise security, advance a culture of accountability, and protect people, information assets, data and technologies for healthcare analytics firm MedeAnalytics and its clients.

“Cindi is a poised and fierce addition to MedeAnalytics,” said Paul Kaiser, MedeAnalytics CEO, in a press release. “As a respected leader in the industry with a proven record of success, Cindi’s expertise and deep insight in cyber and data security will be a vital asset in the relentless protection of our organization, and the information and data entrusted to us by our clients.”

Named as SC Media Magazine’s “Women to Watch in Cyber Security 2018,” Carter previously served as the deputy CISO at Blue Cross and Blue Shield of Kansas City where she led vulnerability management, threat intelligence, and cyber defense.

“I’m excited about joining MedeAnalytics, and it’s my mission to ensure the company is safe, secure and resilient against cyber and physical threats,” said Carter in a press release. “Security needs to be a shared mindset across the organization, from top-down and bottom-up. Advancing a culture that places high value on securing and protecting our company and the clients’ information entrusted to us is my guiding principle.”

Carter holds several recognized certifications in security, information technology, and project management. She holds a Master of Science degree in Information Technology and a Bachelor of Science degree in Management Information Systems; both from Central Michigan University.

February 20, 2019: Venminder hires Gordon Rudd as third-party risk officer

Gordon will work with the delivery team at Venminder, a vendor risk management software and services firm, as a third-party risk management subject-matter expert in residence, assisting with client engagements and the further development of Venminder’s educational series. “We’re thrilled to welcome Gordon to the Venminder family,” said James Hyde, Venminder CEO, in a press release. “Gordon’s impressive background in third-party risk management and cybersecurity brings valuable insight that our clients will appreciate, as well as allows us to further continue our commitment of providing free educational materials that help the industry navigate this area.”

Gordon has more than 30 years of experience in the financial services industry. Most notably, Gordon held the position of vice president, CISO at RCB Bank. He implemented and managed the bank’s cybersecurity and enterprise risk management programs, which included managing internal and external audits and regulatory examinations, creating the vendor management office and implementing a successful continuous process improvement program. Gordon is also the founder of the CISO Mentoring Project and is an engaged mentor to many aspiring and active CISOs across the country.

“I am very excited to now be in a position where I can contribute to helping thousands of organizations and individuals meet regulatory expectations and implement best practices,” said Gordon in a press release.

February 13, 2019: Former Walmart CISO Kerry Kilker joins Fishtech as executive VP and CISO

Kilker will be responsible for driving internal and customer-facing initiatives related to security, governance, and compliance at the cybersecurity firm. He will also run newly created Fishtech Group Innovation Center in Northwest Arkansas. Most recently, Kilker was senior VP and CISO for Walmart Technology, where he established and operated a world-class cybersecurity program for the world’s largest retail organization.

“I am excited to join the nationally recognized Fishtech team with its history of building large, fast-growth companies in the cybersecurity space,” said Kilker in a press release. “Being part of such an entrepreneurial team is a career high, and I’m especially pleased with this opportunity to bring leading edge cybersecurity resources to the Northwest Arkansas region.”

“Kerry is an icon in our space,” said Gary Fish, CEO and founder of Fishtech Group, in a press release. “Having worked at the ‘Fortune 1’ for 30-plus years, Kerry brings a wealth of knowledge from his viewpoint of customer wants and needs. His hard-won perspective will help tailor our service and technology offerings to serve today’s heavily burdened CISOs.”

February 8, 2019: University of Delaware names Ken Kurz as CISO for information technologies

Kurz is responsible for information security governance, including strategy and program administration, policy development, enforcement and compliance, risk assessment, incident response and training and awareness programs. Kurz will oversee the IT-Technical Security and the IT Security Policy and Compliance teams within UD Information Technologies and provide counsel on institution-wide information security and related security policy, procedures, and compliance issues. Previously, he was vice president of IT and CIO at Corporate Office Properties Trust and the CISO at the University of Oklahoma

ken kurzUniversity of Delaware

Ken Kurz, University of Delaware CISO for information technologies

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 2

“Ken Kurz brings extensive experience in leading information security and technology teams to UD, including experience in higher education,” said Sharon Pitt, UD’s vice president of information technologies and CIO, in a press release. “His ability to build partnerships, assess complex situations, and deliver technology solutions that meet UD’s needs will be an asset both strategically and tactically to our community.”

Kurz said he sees his role in information security at UD as both exciting and complex. “I can’t think of a more exciting time at UD to take on this position,” Kurz said in a press release. “Faculty, staff, students, and alumni expect real-time anywhere access to services and information while keeping their data secure. Ensuring that reality presents enormous challenges and opportunities for our UDIT teams. I’m looking forward to collaborating with the UD community and continuing to broaden our role as trusted advisors across the university.”

December 2018: President Trump appoints Brian Harrell as assistant secretary for infrastructure protection at DHS

Harrell serves as the first Department of Homeland Security’s assistant director for infrastructure security within the newly renamed U.S. Cybersecurity and Infrastructure Security Agency (CISA).

harrell official 2018U.S. Department of Homeland Security

Brian Harrell, assistant secretary for infrastructure protection, DHS

Recently recognized as one of Security Magazine’s Most Influential People in Security, Brian is the former managing director of enterprise security at the Duke Energy Corporation. He is also the former director of the electricity ISAC and director of critical infrastructure protection programs at the North American Electric Reliability Corporation (NERC) where he was charged with helping protect North America’s electric grid from physical and cyber-attack. Brian has spent time during his career in the U.S. Marine Corps and various private sector agencies with the goal of protecting the United States from security threats.

December, 2018: Pioneer Natural Resources names Gregory Wilson as CISO

Wilson will oversee strategy and operations of an information security function and will lead the Cyber Security Steering Committee. He will coordinate and collaborate with the IT department, risk management, corporate security, audit and compliance functions on all information security initiatives at the independent oil and natural gas exploration company. 

Prior to joining Pioneer, Wilson served as the head of information security at 1st Global. He led the IT compliance and security function at TPG Capital and the IT compliance and security group at Lehigh Hanson.

February 7, 2019: Brian Fricke moves to BBVA Compass as CISO

Fricke will oversee the bank’s information security and engineering risk functions. He is responsible for setting the bank’s enterprise information security policy and overseeing its information and cybersecurity risk functions for all its associated websites and systems. Fricke brings 18 years in information security and risk management to the role.

“Brian has deep experience in building information security initiatives across a multitude of organizations and military installations,” said BBVA Compass Head of Engineering Jorge Ortiz in a press release. “It’s clear from his vast experience and educational pursuits that information and cybersecurity are his passion. We’re thrilled that he’s bringing that trove of experience with him to this role that is vitally important for the bank and the customers it serves.”

Prior to his role at BBVA Compass, Fricke was the CISO for the Bank OZK, where he established a first-of-its-kind information security program. He has also worked as the CISO at the Military Sealift Command in Washington, DC. Other experience includes stints at the U.S. Securities and Exchange Commission, USAID OIG and five years as a sergeant in the Marine Corps.

Fricke is on the advisory committee on cybersecurity for executive education at the USF School of Public Affairs, a CISO steering committee member for the Mid-size Bank Coalition of America and a volunteer senior information assurance analyst for the Cyber Security Forum Initiative. He was also a member of the board of directors for OutServe.

February 7, 2019: David Hahn named CSO at Silicon Valley Bank

Hahn will oversee operations for SVB’s cybersecurity, business continuity and physical security programs. He is based in Santa Clara and reports to CIO Nick Shevelyov.

“We are excited to welcome David Hahn to lead security operations at SVB,” said Nick Shevelyov, CIO at Silicon Valley Bank, in a press release. “Hahn’s broad knowledge and dynamic experience in information security operations will be instrumental as we continue to enhance our technology capabilities to support our innovative clients.”

Hahn joins SVB from Hearst Corporation, one of the largest conglomerates in the world, where he led corporate information security and risk as the company’s first CISO. Previously, he led the creation of the cyber fraud program at Intuit. He also spent 23 years in information security at Wells Fargo. 

February 6, 2019: DocuSign CISO Vanessa Pegueros joins Carbon Black’s board of directors

Cloud-based endpoint security vendor Carbon Black announced that Vanessa Pegueros, a seasoned technology leader and security executive, has joined Carbon Black’s board of directors. Pegueros currently serves as vice president and CISO for DocuSign, Inc. 

Throughout her distinguished career, Pegueros has held numerous senior security executive positions, including roles at U.S. Bank, Expedia, Inc., Washington Mutual, Inc., Cingular Wireless and AT&T Wireless.

“We’re pleased to welcome Vanessa to the Carbon Black board of directors as we continue our mission to keep the world safe from cyberattacks,” said Carbon Black President and CEO Patrick Morley in a press release. “Vanessa is a strong leader with a wealth of technology experience. Her impressive security background is a perfect complement to our board as we continue to scale the company and drive global growth.”

January 31, 2019: Dr. Abdul Rahman joins Fidelis Cybersecurity as chief scientist

Dr. Rahman brings over 10 years of experience in government cyber defense programs and building security infrastructures able to protect against a variety of threats to his new role at Fidelis Cybersecurity, a provider of threat detection, threat hunting, and response solutions. 
“I am happy to announce the addition of Abdul to our management team as we have an opportunity to change the security game,” said Nick Lantuh, president and CEO, Fidelis Cybersecurity, in a press release. “With his diverse Intelligence Community and DoD background coupled with deep data-science expertise, he brings the necessary skills to formulate and deploy cutting-edge research and strategies into Fidelis’ product portfolio.”

Prior to Fidelis, Dr. Rahman worked as a contractor for the U.S. government designing, deploying and supporting big data cyber defense platforms for large customers. He has held senior leadership roles in his previous companies including vice president of technology and innovation as well as chief scientist. Dr. Rahman holds doctorate degrees in both physics and mathematics. He specializes in the development of analytical capabilities to process data for learning algorithms that enable pattern matching, correlation, and anomaly detection to support cyber network defense use cases.

“Fidelis is one of the only companies in the market that has the ability to actually help enterprises calculate their vulnerable attack surface,” said Dr. Rahman in a press release. “It’s incredible technology. I knew I wanted to be involved in its continued development and innovation.”

January 28, 2019: eShopWorld appoints Ray Thorpe as CISO

Thorpe joins cross-border commerce company eShopWorld with more than 20 years of global experience in information security and technology, including 10 years in senior leadership roles. The newly created CISO role is part of an ongoing commitment to data security and risk management.

“Security has always been a top priority in all aspects of our operations, and appointing Ray reflects our continued commitment in this regard,” said eShopWorld CEO Tommy Kelly in a press release. “In today’s retail climate, cybersecurity is at the forefront for every business leader. We are committed to elevating our risk disciplines and ensuring that we continually adopt best practices aligned to protect eShopWorld’s information and reputation and those of all of our clients and stakeholders.”

As CISO, Thorpe will be responsible for eShopWorld’s overall information security strategy. He brings expertise across information security, data protection, IT change management, audit and compliance. His previous industry experience spans banking, payments, retail and managed services consulting.

Prior to joining eShopWorld, Thorpe was a senior manager at global standards organization BSI, where he provided advisory and auditing services regarding information security, data protection, digital risk management, governance and compliance to some of the world’s largest organizations. Prior to that, he served as a PCI security standards council advisor and head of IT and security at payment services and financial solutions company MyGate Global. He holds a post-graduate degree in Management Information Systems from the University of Cape Town and an MSc in Information Security from Royal Holloway, University of London.

January 28, 2019: Southwest promotes Michael Simmons to managing director technology / CISO

Simmons will continue to be responsible for all aspects of cybersecurity across Southwest’s facilities, airports and aircraft, comprising of security engineering, security operations, incident response, threat intelligence, risk and compliance and security software development. Simmons joined Southwest in 2016, and he previously had leadership accountability for cybersecurity, IT strategy and enterprise architecture, IT maintenance and support and IT service management where he helped lead a multi-year department-wide transformation initiative to better align information technology with the business to deliver strategic initiatives.

January 24, 2019: AttackIQ hires Christopher Kennedy as

headshot chris kennedy 002AttackIQ

Chris Kennedy, AttackIQ CISO and VP of customer success

In this newly formed role, Kennedy will be responsible for managing all aspects of customer relations and success, as well as internal information security strategy at AttackIQ, a provider of continuous security validation.

“Kennedy joins AttackIQ with a thorough understanding of how to enable our customers to secure their environment leveraging the MITRE ATT&CK framework,” said Brett Galloway, CEO of AttackIQ, in a press release. “Kennedy’s ability to leverage his experience in operations, risk management, and security testing, and his time as a former customer will be instrumental in his ability to drive success for our customers.”

Kennedy joins AttackIQ from Bridgewater Associates, where he was head of security for infrastructure technology and controls engineering, and brings more than 20 years of cybersecurity risk and operations practitioner experience. Previously, Kennedy led the development of the U.S. Department of Treasury’s and the U.S. Marine Corps’ cybersecurity operations programs, defense and federal contracting for Northrop Grumman, and is a former Marine Corps Officer and Operation Iraqi Freedom veteran.

“I’m delighted to be joining the AttackIQ team. After a career of trying to answer the key security executive question of ‘what is my risk posture today?’, I firmly believe that breach simulation and continuous security validation will become the heart of the CISO program,” said Kennedy in a press release. “We will continue to help our customers disambiguate the security investment process through an objective, measurable, threat driven analysis of their security program using the MITRE ATT&CK framework which will make communication, coordination and program execution easier, risk oriented, and more effective.” 

January 23, 2019: Chris Roberts joins Attivo Networks as chief security strategist

Previously a member of the Attivo Networks Advisory Board, Roberts is one of the world’s foremost experts on counter threat intelligence. He will use his more than 20 years’ security experience to further develop and define strategy and processes for the company’s government and industry customers on issues related to cybersecurity strategy, policy, risk threat assessments, and incident response.

Roberts will work with customers globally to develop and implement risk reduction strategies across new and legacy technologies. He will manage an advanced consulting services program that will provide compliance/assurance reviews to assess whether cybersecurity policies and standards are being met and to provide cybersecurity strategy and operations guidance for C-level executives. He will also be a key driver of strategy and vision around the Attivo Networks deception portfolio in areas where he has deep expertise including adversary and vulnerability research and market education.

“Adding Chris Roberts to our executive team further strengthens our ability to stay on the leading edge of countering cyber-adversaries globally,” said Tushar Kothari, CEO of Attivo Networks, in a press release. “We are delighted to have Chris join Attivo in a full-time capacity. His unique methods of addressing the evolving threat landscape and his experience with all information systems will make him indispensable to our customers and the rapidly emerging deception market.”

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 3

Prior to joining Attivo Networks, Roberts most recently was chief of adversarial research and engineering for LARES, LLC. Previously, Roberts was chief security architect for Acalvio Technologies, where he drove deception technology innovation, directing a portfolio of services designed to improve the physical and digital security posture of clients.

“As an advisor to Attivo for the past seven months, I have had the opportunity to witness first-hand how the company is cementing its position as the market and technology leader in deception-based threat detection,” said Roberts in a press release. “I am looking forward to taking on a larger role at the company, and as chief security strategist, will apply innovative approaches to countering cybersecurity threats through the use of deception.”

January 22, 2019: Washington State Bureau of Reclamation names John Barrows as CSO

Barrows will oversee the Security Program, a risk management program designed to protect Reclamation’s facilities as well as employees, contractors, and the public at or near those facilities. The Bureau of Reclamation is the largest wholesale water supplier in the U.S.

barrowsBureau of Reclamation

John Barrows, Bureau of Reclamation CSO

“Ensuring Reclamation’s facilities and the people around them are secure is our number one priority in supporting the delivery of water and generation of power,” said Karen Knight, the Bureau of Reclamation’s security, safety and law enforcement director, in a press release. “John’s extensive experience in all aspects of security and law enforcement will help ensure that security measures are implemented and unacceptable risks are mitigated.”

Barrows joined Reclamation’s Security Program in 2015 as the fortification program team lead. Prior to Reclamation he served as the deputy division chief at Headquarters Air Force Space Command Security Forces from 2009 to 2015. Barrows was on active duty in the U.S. Air Force from 1980 to 2005 as a law enforcement specialist (security forces) and later in his career as a security forces chief master sergeant.

Following his military career from 2005 to 2009, Barrows worked at Northrop Grumman in the Systems Division where he served Air Force Space Command as a Scientific Engineering and Technical Assistance contractor in the Space Systems Security Branch.

January 17, 2019: Privia Health announces Paul Shenenberger as senior VP of IT operations and CISO

Shenenberger was most recently the CIO and security officer of Summit Health Management of New Jersey. In his role at Privia, Mr. Shenenberger will oversee the IT infrastructure serving a network of more than 2,000 Privia providers.

“I am thrilled to join Privia to support the crucial work of driving innovation while living up to the trust patients have in us in protecting their sensitive data”

Shenenberger will be leading national physician organization Privia’s ongoing technology operations and service, as well as continually developing and updating the company’s information security strategy. He will be managing a talented team of information technology and security professionals to continue Privia’s leadership in technology innovation and security compliance. `

“I am thrilled to join Privia to support the crucial work of driving innovation while living up to the trust patients have in us in protecting their sensitive data,” Shenenberger said in a press release. “I have always taken a customer-first approach and have long admired Privia’s mission to impact the patient-provider relationship, enabling improved patient care and a seamless experience.”

Shenenberger has more than ten years of experience working as a healthcare technology executive with large medical groups and hospital systems. He has spent his career serving in multiple technology executive roles including CIO, CTO and CISO.

January 14, 2019: Box hires Lakshmi Hanspal as CISO

With more than 20 years of experience in information security, risk management and privacy, Lakshmi will be responsible for Box’s cybersecurity practice, security operations and data and platform protection. She will help Box scale its security organization and work with Box customers to ensure their security needs.

lakshmi hanspal boxBox

Lakshmi Hanspal, Box CISO

Lakshmi was most recently CSO at SAP Ariba. Previously, she was the senior leader for information security and risk at PayPal. Lakshmi advises several Silicon Valley startups and serves on the advisory boards of numerous cloud companies. She is also an active supporter and promoter of women in technology and developing talent within teams.

“In today’s world, security threats have become persistent, and compliance and privacy are only getting more complex. This coupled with the fact that the nature of work is dramatically changing driven by a new generation of worker with different expectations and cultural norms, makes it imperative that organizations move to secure and compliant cloud services, such as Box, to protect their most critical information,” said Lakshmi in a blog post.”

January 8, 2019: Ronald Buchanan is Washington state’s new CISO

Working under Washington Technology Services (WaTech) Director Jim Weaver, Buchanan will oversee the state Office of CyberSecurity. He brings more than 20 years of global information security experience to the role with deep expertise managing cybersecurity, developing and leading high-performing teams, and managing risk and compliance in heavily regulated environments.

Buchanan will be moving from his current role as chief information risk officer and IT director, Information Security and Privacy Office, for the Oregon Health Authority and Department of Human Services. Previously he worked as the director of special investigations and threat analysis for Pearson VUE and as a senior cybersecurity advisor with Battelle supporting the FBI’s Criminal Justice Information Services (CJIS) division.

“Ron is an experienced information security professional who has the depth of expertise needed to build on the important work the Office of CyberSecurity does to safeguard the personal information of Washington state residents,” Weaver said in a press release. “I look forward to working with Ron.”

December 31, 2018: Vermont governor announces Nicholas Andersen as the state’s new CISO

Working for the Vermont Agency of Digital Services (ADS), Andersen brings 12 years of cybersecurity experience to this position. Since 2017, he served as a vice president at Invictus International Consulting, LLC, and co-founder of Pueo Business Solutions, LLC. In those roles, he assisted with information assurance and cybersecurity in partnership with the Defense Intelligence Agency, Federal Aviation Administration, U.S. Department of Homeland Security, U.S. Army, Coast Guard, and Navy, and the U.S. Marine Corps Forces Cyber Command. In 2018, Andersen received the U.S. Government Information Security Leadership Award for his work in penetration testing, incident response, and risk and vulnerability assessment services across the federal government.

“Nick’s experience in government and private industry, as well as his strategic, policy and operations experience make him an exceptional fit for the job,” said ADS Secretary John Quinn in a press release. “His skillset and experiences will benefit our ongoing security initiatives, as well as promote additional innovative initiatives. We look forward to his arrival.”

“Nick will make a great addition to the ADS team and to the Agency’s important work to secure and modernize Vermont’s information technology services,” said Governor Phil Scott in a press release. “His background and expertise in this area is a tremendous asset for the Agency and our state.”

Andersen earned a B.S. in Information Technology Management from American Public University System in 2011 and an M.S. in Information Security and Assurance from Western Governors University in 2014.

December 19. 2018: Richard Noguera joins Yapstone as CISO

Noguera will drive all information security initiatives, including application security, incident response, threat and vulnerability management, and security architecture for online marketplace payments provider Yapstone’s world-class risk and security program, reporting directly to CTO Sanjay Saraf.

As the former CISO for Gap, Inc., Noguera established industry leading detect-and-response capabilities for any attacks or threats targeting its customers, employees, and partners. This was achieved across a global footprint spanning 3,000-plus stores globally. He was also accountable for securing transactions across all Gap web and mobile properties, including Gap, Old Navy, Banana Republic and Athleta.

“At Yapstone, security is fundamental to what we do every day,” said Noguera in a press release. “What excites me is that Yapstone is enabling truly frictionless payments, using leading-edge security technologies to do so.”

“Security is an intrinsic part of our global payments platform and is embedded in every part of our micro-services based architecture,” said Saraf in a press release. “I am excited to have Rich join our Product Engineering team, lead our security technology group and continue to make security a key element in our end-to-end development process and culture across the company.” 

December 19, 2018: Danny Pickens named director of threat research for Fidelis Cybersecurity

As director of the Threat Research Team, Pickens brings over a decade of experience in military intelligence, counterterrorism and cybersecurity to Fidelis. “Danny has a wealth of expertise, coming from the military and intelligence communities as well as leading large-scale, commercial cyber threat intelligence operations. We are thrilled to have him lead our Threat Research Team in delivering countermeasures and finished intel to our products and customers,” said Nick Lantuh, president and CEO, Fidelis Cybersecurity, in a press release.  

Prior to joining Fidelis, Pickens served as a director at Optiv where he managed the Global Threat Intelligence Center and lead research for managed security services. He spent the majority of his career within the United States military and various divisions of the Department of Defense and other U.S. Government organizations, working across the tactical, operational and strategic levels of intelligence and cyber operations. He continues to serve in the U.S. Army Reserves as an intelligence team Non-Commissioned Officer in Charge (NCOIC) where he supervises the preparation and dissemination of all-source intelligence products, intelligence summaries, forecasts, and assessments.

“The best cybersecurity is armed with true intelligence – the work of understanding threat motives to better predict and prevent malicious activities,” said Pickens in a press release. “This intelligence is required for leaders to make informed and good, judgement-based decisions. It has a role in every industry, but the expectation and abilities in cyber threat intelligence have evolved dramatically in the past few years, moving way beyond a threat feed or blocking at the perimeter based on static indicators. Fidelis is at the forefront of this evolution. I am thrilled to join the highly-experienced team here, where we have such strong technology supporting us and vision for the future.”

December 14, 2018: David Jollow appointed CISO at Healogics

Jollow will conduct assessments of current IT security and risks and provide next-generation security solutions at Healogics, a provider of advanced chronic wound-care services. He will also be responsible for enhancing, implementing and operating an updated comprehensive information security program. Jollow will report to Healogics CIO Ty Smith.

david jollowHealogics

David Jollow, Healogics CISO

“We are so impressed by David’s track record of delivering business value through process excellence and team development,” said Smith in a press release. “I believe that David’s broad experience in establishing, leading and managing information security programs will help us take our offerings to the next level. We are thrilled to welcome him as our new CISO.”

Most recently, Jollow served as the CISO at Nemours Children’s Health System for over four years. While there, he developed and led an enterprise information security program. Jollow was also responsible for all aspects of information security including policies and procedures, technology, awareness, training, incident management and team development. Prior to Nemours, Jollow was the head of information security at Bausch & Lomb.

Jollow is a former United States Marine and is a Certified Information Security System Professional (CISSP). He earned his MBA and Bachelor of Science in Electrical Engineering from the Rochester Institute of Technology.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 4

December 11, 2018: GlaxoSmithKline announces Dawn-Marie Hutchinson as CISO for pharmaceutical and R&D units

Hutchinson will leverage her extensive experience in cybersecurity and risk management to enhance business strategy, improve supply chain operations and manage enterprise risk. She has more than 18 years of success in healthcare, retail, technology and professional services sectors and is a recognized thought leader and writer. Hutchinson is credited with establishing standards and controls for the anonymization of identifiable data and authored the white paper for defining those levels, as well as use cases for the secondary uses of medical data.

Named as one of the “Top 12 Most Influential Women in Cyber Security” by CSO Magazine and “Eight Women to Watch” by SC Magazine, Hutchinson has also received recognition as a trailblazer for women in cybersecurity and has hosted “SPARK,” an event at Black Hat to encourage mentorship and opportunities for women in the space.

December 8, 2018: Bill Carver named CISO at NetSPI

As NetSPI’s top security officer, Carver will ensure that the data, communications, systems, assets and vulnerability orchestration solutions are secure at NetSPI, a provider of orchestrated vulnerability management and security testing services. He will leverage his experience managing diverse and complex cybersecurity strategies to safeguard both NetSPI and its global customers from new types of attacks and vulnerabilities.

“By creating this role, we are demonstrating that security is embedded in every aspect of our business, from IT architecture and software development to operations, policies and procedures,” said Aaron Shilts, president and COO, in a press release. “And Bill is perfect for the role. His passion for helping organizations improve their security posture will benefit not only NetSPI, but our clients as well.”

Previously NetSPI’s practice director for advisory services, has more than two decades of information security experience. Prior to joining NetSPI, he helped establish consulting services capabilities at Optiv and FishNet Security, focusing on the evaluation and improvement of information security programs. He has also held information security roles at Merck and CitiFinancial.

“In today’s globally connected society, cybersecurity is more critical than ever. I am thrilled to contribute to NetSPI’s vision both in leading our internal cybersecurity efforts as well as providing strategic direction to help support our client’s threat and vulnerability management programs,” Carver said in a press release.

November 26, 2018: Code42 adds VP of information systems to CISO Jadee Hanson’s title

Hanson, who joined data loss protection, visibility and recovery solutions provider Code42 in 2016 as senior director of information security, was promoted to CISO in April 2018. Jadee Hanson, Code42 CISO, expands her leadership position to include VP of information systems. Jadee will manage global security and IS organizations.

In her expanded role, Hanson manages information technology, business enablement and internal application development. In addition, she leads global risk and compliance, security operations, incident response, and insider threat monitoring and investigations.

hanson jadee headshot2 780x735Code42

Jadee Hanson, Code42 VP of information systems and CISO

“Since joining Code42, Jadee has played a pivotal role in advancing our data security strategy and program. We are excited to have Jadee expand her leadership position,” said Joe Payne, Code42’s president and CEO, in a press release. “Jadee is not only committed to putting the protection of our customers’ data first, but is also an advocate for women in technology and drawing on diverse viewpoints to solve business challenges.”

Hanson brings more than 15 years of experience in data security strategy and technology implementation to Code42. Prior to Code42, Hanson worked at Target Corporation, where she served as senior director of information security and in a variety of other capacities. Hanson also held a management position at Deloitte, specializing in data security governance, risk and compliance.

“I can’t think of a more exciting time to take on this position. Companies and employees today expect real-time, anywhere-access to data. This opens up big challenges and opportunities for security and IS teams,” said Hanson in a press release. “I’m looking forward to changing the traditional way security and IS are viewed — and broadening our role to trusted advisor for our customers, industry partners and employees.”

November 20, 2018: FBI’s Richmond division chief, Adam Lee, named CSO at Dominion Energy

Lee, special agent in charge of the Federal Bureau of Investigation’s Richmond Division since 2014, will join the company as vice president and CSO effective December 1. In this newly created post, Lee will be responsible for physical and cybersecurity across Dominion Energy’s footprint. He will be expected to direct the development and implementation of corporate security policies and procedures that protect physical and cyber assets and to comply with all applicable laws and regulations, including those dealing with privacy. Lee will liaise with all outside government and law enforcement officials on physical and cyber security matters for the company.

“Adam Lee brings unparalleled experience to Dominion Energy as we work to harden our physical and cyber assets and protect them from potential bad actors,” said Thomas F. Farrell, II, chairman, president and CEO, in a press release. “He is well-respected in law enforcement both around Virginia and our nation, and I expect him to do a tremendous job at our company, just as he has done for more than 20 years in the FBI.”

Lee retired from the FBI after a career spanning 22 years in intelligence, white collar and cybercrimes, honest services fraud, among others. He was previously chief of the FBI’s Public Corruption and Civil Rights Section. In 2017, he was appointed by former FBI Director James Comey to lead a comprehensive study of the FBI’s headquarters and organizational model. Lee’s experience there also includes leading the Central Virginia Domestic Security Alliance Council (DSAC) – which is composed of selected Fortune 500 companies within Virginia – and providing investigative and technical support on complex cyber intrusions and managing the FBI’s relationship with government and private sector in Virginia in the areas of organizational risk, insider threat and cyber intrusion detection.

November 15, 2018: Freshworks hires Shivanath Somanathan as CISO

Somanathan will be responsible for information security, governance, risk and compliance related to product development and production infrastructure at customer engagement software provider Freshworks. He brings more than two decades of industry experience spanning the information assurance, business security and cyber resilience sectors. Somanathan most recently served as CISO for India operations with Tata Communications.

Somanathan holds a master’s in cyber law and security from National Law University in Jodhpur, India, and a degree in B. Tech-Electrical & Electronics Engineering from the University of Calicut. He also earned postgraduate diplomas in international business from Pondicherry University and digital business from Columbia University (New York).

“As a unicorn and a next-gen SaaS firm in the making, Freshworks is best-positioned to create a value differentiator in the market through its adaptive security posture. It not only caters to the data protection and privacy requirements of our clients, but also meets the regulatory and statutory obligations for the markets they serve. I’m excited to create and sustain a model where security is forged at the speed of business,” Somanathan said in a press release.

November 15, 2018: Chris Hickman becomes Keyfactor’s first CSO

Hickman will be responsible for capturing the voice of Keyfactor customers and evangelizing the importance of securing every digital identity to improve cyber defense and operational efficiency. He is a recognized expert in digital identity security, with more than 20 years in the industry including Alacris and Critical Path. He was most recently vice president of platform enablement at Keyfactor, responsible for the on-boarding of customers, systems integration, support and operations.

“More and more we’re hearing about the innovative ways our customers leverage the Keyfactor platform,” said Kevin von Keyserling, CEO and cofounder of Keyfactor, in a press release. “We created this role to ensure our customers continue to drive our future innovation. At the same time, we needed a leader who can deliver thought leadership to the market and encourage enterprises to invest in solutions to secure every digital identity. And there’s no one more qualified for that role than Chris. He knows each Keyfactor customer’s solution intimately and is well respected by his industry peers.”

“Our customers are visionary leaders that enable their companies to conduct business on a global scale without security becoming a barrier to success,” said Hickman in a press release. “They continue to push the boundaries of conventional IT and are looking to Keyfactor to provide solutions to address the security implications of those new initiatives. As CSO, I will bring these challenges to the talented Keyfactor team and ensure we continue to provide the innovative solutions our customers need.”

November 15, 2018: Zapproved appoints David P. Smith as CTO and CISO

Smith will lead the engineering team at ediscovery software provider Zapproved, drawing on his 25 years of experience designing and implementing scalable, secure, and highly available systems for companies including Wolters Kluwer, ACTIVE Network and Hilton Hotels. His expertise in enterprise-class architecture, security, and large-scale team management will support the expansion of Zapproved’s ediscovery suite capabilities.

November 14, 2018: DSTOQ names David Holtzman as CSO

Previously a technical advisor at DSTOQ, a licensed stock exchange without borders allowing for peer-to-peer trading of tokenized securities, Holtzman will oversee everything related to the security of the DSTOQ platform as CSO. This will involve implementing policies and procedures regarding areas such as business continuity planning, loss prevention, fraud prevention, and privacy. Holtzman will oversee the safeguarding of intellectual property and computer systems, as well as the creation of global security policy, standards, guidelines and procedures to ensure the ongoing maintenance of DSTOQ’s platform as a safe and secure way to invest.

“I am thrilled to be a part of the DSTOQ team, and am very passionate about what this project can accomplish,” said Holtzman in a press release. “The DSTOQ platform is borderless, meaning that it unlocks the potential to reach emerging markets across the world. This harnesses democratizing power on a global scale, and offers a more affordable and accessible way for investors to get involved in the market. I’m so excited to be on board and help implement a secure and viable investment option for both new and experienced investors.”

With over 30 years of experience in the field of emerging technology, Holtzman has held roles as an executive, software developer, advisor and entrepreneur. As an early-stage internet pioneer while CTO of Network Solutions, Holtzman managed the root server of the internet, designing the global DNS registration system used by ICANN. As IBM’s Internet Information Chief Scientist, he ran the development of Cryptolopes, selling encrypted, digitized content. Meanwhile, during his time at Booz Allen & Hamilton, Holtzman designed and built Minerva, a distributed information system used by NATO and Wall Street.

November 8, 2018: Michael Johnson is MEDHOST’s new CISO

Johnson will be responsible for aligning and overseeing security and networking initiatives as related to enterprise programs and business objectives at MEDHOST, a provider of healthcare engagement solutions. He will play a pivotal role in further strengthening the security of our customers’ information assets and technologies and furthering MEDHOST’s efforts to protect its own data.

Michael brings 20-plus years of IT and security experience to MEDHOST. He spent the last eight years at Community Health Systems (CHS) in various information security roles—most recently as the senior director of cybersecurity. Prior to his time with CHS he spent 10 years with HCA as a consulting engineer. Michael has also served 14 years in the United States Army Reserves and Tennessee National Guard.

“We’re excited for Michael to be part of the MEDHOST team,” said Jason Myers, CIO at MEDHOST, in a press release. “MEDHOST takes the security of its assets, technologies and its customers’ data very seriously. It was critically important to us to find somebody with extensive experience and an exceptional record in the information security field, especially in healthcare, and we have found that in Michael.”

November 7, 2018: Jérôme Razniewski named CISO at Shift Technology

Razniewski will report to Shift cofounder and CTO David Durrleman, and he will drive the company’s efforts focused on data security, data integrity, and adherence to global industry regulations and best practices at this provider of fraud detection solutions for the insurance industry.

A highly experienced data and systems security professional, Razniewski joins Shift from La Banque Postale, a €5.7 billion banking subsidiary of the La Poste group, where he served as the organization’s information systems security officer. Razniewski will operate from the company’s Paris headquarters and oversee all data security strategies and initiatives while expanding Shift’s global team of data security experts.

An information security veteran, Razniewski has held a number of data and systems security positions including leadership roles with DIFENSO and France Telecom.

“Data is at the heart of what we do at Shift. Our clients have entrusted us with their data and we take that responsibility seriously,” explained Durrleman in a press release. “Jerome is a proven information and systems security professional, which includes having expertise in the protection of financial services data. This level of expertise is incredibly important as we continue to expand globally. Jerome is the right CISO to spearhead the expansion of our data security team and continue to make good on our unwavering commitment to data security and integrity.”

November 5, 2018: MedBen promotes Wendell Crain to VP of information systems and CSO

Crain joined MedBen in 2003 as a technical specialist and was subsequently promoted to technical services lead and manager of technical services and web development. Most recently, he served as director of security, infrastructure and web development.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 5

wendell crainMedBen

Wendell Crain, MedBen VP of information systems and CSO

As a director, Crain managed MedBen’s comprehensive security measures, including electronic data privacy, disaster recovery and business resumption planning, and loss and fraud prevention. “Protecting personal health information has always been important to us, but in the past several years Wendell has introduced safeguards that bring an unprecedented level of security to our clients’ data,” Kurt Harden, MedBen’s president and CEO, said in a press release. “We’re pleased that he has agreed to direct our IS team.”

In addition to his CSO responsibilities, Crain will oversee MedBen’s IS operations involving its claim systems, websites, network and computer resources, as well as overseeing the company’s data services unit.

November 5, 2018: Lehigh University names Eric Zematis as new CISO

Effective December 17, Zematis will report to Bruce M. Taggart, vice provost for Library and Technology Services. “We are delighted that Eric Zematis has agreed to become CISO at Lehigh,” Taggart said in a press release. “Eric is a highly capable and well-respected IT security professional and will provide critical leadership in our efforts to protect Lehigh’s digital assets, increase campus-wide cybersecurity awareness, and develop more secure university business practices.”

eric zematisLehigh University

Eric Zematis, Lehigh University CISO

Zematis has 20 years of experience in higher education IT, most recently holding the position of information security officer at Charter Oak State College before becoming its CISO in 2017. He also recently served as senior director of infrastructure at Western Connecticut State University.

As a member of the Library and Technology Services leadership team, Zematis will work with university leadership and with staff throughout Lehigh, addressing the larger institutional issues of security policy and practice, data governance, risk assessment and business continuity, as well as the compliance requirements.

Zematis will also take the lead role in the creation or expansion of proactive threat reduction and security response measures, including vulnerability assessment and remediation, malware detection, desktop patch management and full-disk encryption across campus.

“Protecting our data and systems is an integral part of how we serve our community, accomplished through a partnership between technology, administration, and academics,” said Zematis in a press release. “I am excited to join Lehigh as the chief information security officer and look forward to the opportunity to collaborate across such a vibrant community to create safer digital pathways for everyone to work, live, and learn.”

October 23, 2018: Cisco’s Edna Conway joins InfoSec Global’s advisory board

Conway, CSO of Cisco’s Global Value Chain, joins the InfoSec Global (ISG) advisory board, which lends its expertise to accelerate the cryptography company’s multi-industry market momentum and meet the growing demand for IoT security. She brings over 30 years of rich experience in developing and leading strategies that improve security and resilience throughout global supply chains. Her roles and expertise in delivering security architectures, technology licensing and government security solutions will help to drive ISG’s global strategy in highly regulated markets.

“I am thrilled to join ISG’s advisory board and support its mission to put flexible cryptographic control in the hands of its customers. ISG’s Cryptographic Lifecycle Management brings the promise of adaptable security and cryptography to reality – for today and for our quantum future,” said Conway in a press release. 

October 18, 2018: Sujay Jaladi joins Harbor as CISO

Formerly the head of information security at Ripple, Jaladi will oversee the information security strategy and programs at Harbor, a blockchain-based private securities firm.

“Sujay has the perfect blend of fintech and blockchain experience to accelerate our efforts to build a trusted platform for issuers, investors and regulators,” said Bob Remeika, Harbor CTO and co-founder, in a press release. “Harbor is bringing traditional finance to blockchain, which requires institutional-grade systems, processes and procedures. Sujay’s experience building institutional-grade programs will be invaluable to ensuring the safety of customer data and complying with regulatory requirements.”

sujay jaladiHarbor

Sujay Jaladi, Harbor CISO

“I’ve followed Harbor’s progress for some time and am excited to help deliver a highly secure service that issuers and investors can rely on to make critical financial transactions,” said Jaladi in a press release. “The mission to reengineer private securities is an exciting opportunity and Harbor is well positioned to lead.”

Sujay is a cybersecurity strategist with more than a decade in senior roles at leading companies, including Ripple, Gusto, Prosper Marketplace, Xoom Corporation (a PayPal service), and Hightail. Most recently at Ripple, Sujay was responsible for all aspects of security and managing risk across the company. His experience includes working in high-transaction environments where millions of transactions are processed every hour and performance is extremely critical. 

October 17, 2018: Derek Vadala named global head of cyber risk for MIS at Moody’s

In this newly established role, Vadala will develop Moody’s Investors Service’s (MIS’s) capabilities for evaluating cyber risk, including a framework for the consideration of cybersecurity risk in credit analysis, and will spearhead innovative research, analytics and market outreach in this area.

“As with environmental, social and governance risks, we see cyber risk as an area of increasing relevance to issuers, investors, counterparties and government authorities as it impacts operational and credit risk. Moody’s has a unique perspective that can help enhance market understanding of the ways credit and cyber risk intersect,” said Rob Fauber, president of MIS, in a press release. “Derek has a wealth of direct leadership experience in cyber and information security, and we are fortunate to have him lead the development of our cyber risk analysis capabilities.”

Vadala has served as Moody’s CISO since 2013 and has been with Moody’s since 2003. He has over 20 years of experience in information security and technology management and has spoken and published on topics including security risk management for large enterprises and systems administration.

October 17, 2018 Jason Pufahl appointed VP of information and cybersecurity services at TBNG Consulting

Pufahl has joined TBNG, a provider of integrated IT solutions in New England, to lead its information security and cybersecurity services division. In this role, he will expand the company’s service offerings to establish TBNG as a unique and versatile partner in securing customer data and IT resources. Pufahl reports directly to Managing Partner Michael Grande.

“TBNG is committed to expanding its Information and Cybersecurity service offerings and no one is more capable to lead this effort than Jason. He has developed an exceptional reputation as a thought leader in information Security,” said Grande in a press release. “My partners and I are thrilled to welcome him into the TBNG family. In his role, Jason will provide the necessary leadership and experience that will better serve our customers as we continue our growth, both regionally and beyond.”

Pufahl previously served as CISO and director of infrastructure at the University of Connecticut. He has dedicated the last 15 years to information security and privacy, and he possesses over 20 years of information technology experience in total. He has an extensive background in enterprise security technical controls, development of risk management programs, industry compliance requirements, state and federal regulatory demands, identity management and security analytics, and establishment of disaster recovery programs and test scenarios.

October 17, 2018: Dickon Smart-Gill named CIO/CISO and SVP of healthcare at Proficio

Smart-Gill will provide leadership to scale Proficio’s service delivery platforms and head strategic initiatives to extend the managed security services provider’s success in the healthcare industry. He has more than 20 years of experience in healthcare IT and is a CHIME Certified Healthcare Chief Information Officer.

Prior to joining Proficio, Smart-Gill was the corporate CIO of Bumrungrad International, a hospital group located in Southeast Asia. He also cofounded a technology consulting group and ERP/EMR software company that was sold to Microsoft. While at Microsoft, he specialized in architecting healthcare information solutions that interacted with data systems and medical devices. Dickon is a frequent speaker at industry events such as HIMSS.

“We are excited to have Dickon join our leadership team,” said Tim McElwee, Co-CEO and chairman at Proficio, in a press release. “Dickon brings a wealth of experience and expertise to our team as Proficio continues to scale and innovate our service delivery platforms and operations. With a deep understanding of the challenges facing the healthcare industry, Dickon is uniquely qualified to further Proficio’s success in healthcare and other industries.”

“I have observed Proficio’s growth and exceptional execution first hand and now I am thrilled to join such a forward-thinking and innovative company,” said Smart-Gill in a press release. “Proficio’s broad client base and industry-recognized managed security services are best-in-class and the road ahead is exciting and full of opportunities. I look forward to playing a strategic role in advancing the company’s commitment to the healthcare industry and expanding our global business.”

October 9, 2018: Bradley Schaufenbuel is the 2018 Chicago-area Chief Information Security Officer (CISO) of the Year winner

As vice president and CISO, Schaufenbuel oversees the information security function at Paylocity, a suburban Chicago-based technology company that develops and maintains cloud-based payroll and human capital management software. Paylocity has 2,600 employees and maintains operational centers in Schaumburg, Illinois; Meridian, Idaho; and Lake Mary, Florida.  Given the sensitivity of the information that is entrusted to it by millions of client employees, Paylocity has tightly embedded information security and privacy considerations into its products and its award-winning culture and is SSAE 18 audited and ISO 27001 certified.

Schaufenbuel has been an active member of the information security community for over 22 years.  He has written multiple books (including two “For Dummies” titles) and has had numerous articles published in professional journals on a wide variety of topics related to information security and governance.  He is a regular speaker at industry conferences (including RSA Conference USA and several other popular security forums) and is frequently quoted as an expert within respected industry publications. 

Beyond work, Schaufenbuel is passionate about making Chicago a hub for cybersecurity innovation and working to vastly improve diversity within the security profession. He sits on the board of advisors of multiple venture capital funds and startups, with a penchant for supporting organizations that are committed to capitalizing or building security-focused enterprises in Chicago. Schaufenbuel is also an active member of the Security Advisor Alliance, a nonprofit organization consisting of CISOs from around the globe that are committed to improving the strength of cybersecurity teams by promoting diversity and opening up opportunities in the profession to underserved students. 

October 12, 2018: Anil Varghese joins Exeter Finance as senior VP and CISO

Varghese has over two decades of global experience in the information security arena, including stints at American Express and Sony. He most recently served as the CISO for Service King. Varghese will be a member of the IT leadership team reporting to CIO Michele Rodgers.

anil vargheseExeter Finance

Anil Varghese, Exeter Finance senior VP and CISO

Varghese has had direct responsibility for setting strategic direction on IT risk, security, compliance, and privacy issues. He has been engaged to support sensitive M&A due diligence initiatives and fostered key relationships. Varghese has also served as a thought leader and security evangelist for PayPal and other companies.

A sitting board member of Digital Accelerator at SMU, Varghese is an active member of the information security/assurance community, including roles as a presenter/speaker to ISSA, CISO Roundtable, InfraGard, ISACA and the FBI.

October 12, 2018: ICF names Crystal Jones as first global data protection officer

Jones, who also serves as assistant general counsel and director, oversees ICF’s Global Data Protection and ePrivacy program. As data protection officer (DPO), Jones ensures that ICF follows data protection best practices and maintains compliance with regulatory frameworks across the globe, from the European Union’s General Data Protection Regulation (GDPR) to California’s recent landmark privacy legislation.

As both a controller and processor handling large amounts of client, employee and individual personal data across the world, ICF has adapted in design and practice to meet the requirements of these shifting frameworks. Jones has worked to align the company’s internal practices and procedures with globally recognized data protection laws and regulations.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 6

Jones’s data protection team, which resides within ICF’s Office of General Counsel, guides the company’s mandatory all-employee data protection training. Training for best data protection practices enables employees to comply with notice and lawful basis requirements, employ privacy by design and default principles, use privacy-enhancing technologies, such as multi-factor authentication and encryption, demonstrate accountability in all processing activities, and follow risk mitigation protocols.

October 11, 2018: Delaware Department of Technology announces Solomon Adote as state CSO

Adote will be responsible for enhancing and improving the state’s cyber security strategy, including the design and execution of the Delaware Information Security Program and the Continuity of Government and Disaster Recovery Program.

solomon adoteState of Delaware

Solomon Adote, Delaware state CSO

“Cyber security is more important now than ever and we are excited to welcome Solomon back to lead our efforts,” said CIO James Collins in a press release. “He brings a great blend of organizational and tactical information security experience that will be invaluable as our enterprise digital government strategy evolves.”

Adote brings experience designing comprehensive information security programs and deploying some of the industry’s leading technologies. He has also developed hybrid-managed and in-house security operations centers (SOCs) and led the architecture and implementation of secure computing environments for both public and private clouds.

Most recently, he led FMC, Inc.’s, global IT cyber security team for six years. There, Adote was responsible for the security of a complex, 90-site international manufacturing and corporate network. His team covered all aspects of cyber security —from network security, application security, incident response, identity and access lifecycle management, to internet and remote access. Adote has also worked as an IT security technical lead at QVC, Inc., the third largest e-commerce company in North America, where he secured a dynamic Payment Card Industry (PCI) compliant credit card processing environment with a web presence in multiple countries.

October 11, 2018: TLDR hires FBI veteran Jon Fisher as director of security

At TLDR, a global advisory firm for tokenization projects, Fisher joins a team of seasoned security experts, military officials, and FBI cyber agents in delivering enterprise-level security techniques to leading institutions, exchanges, and projects. His years of physical and cyber security experience will further drive TLDR’s overall mission to protect investors and businesses within the blockchain industry against hackers and token theft.

Andre McGregor, partner and global head of security at TLDR, said in a press release, “As investment continues to flood into the emerging blockchain industry, hackers have put a bullseye on blockchain companies who haven’t paid adequate attention to security. We are excited to have Jon join us in our mission to meet this industry-wide challenge. … Jon’s more than 15 years of experience will be an invaluable resource for our clients.”

Fisher boasts extensive experience at the highest level of security management from prior positions at the Metropolitan Police Department in Washington, DC, and three branches of the U.S. military. As a supervisory special agent in the FBI Cyber Division and an FBI Cyber Division liaison to the National Security Agency, Fisher led efforts on a variety of investigations including state-sponsored computer intrusions and transnational organized crime rings.

“The excitement surrounding the blockchain industry right now is palpable thanks to the unprecedented pace of innovation, but with this race to innovate comes a heightened need for security,” said Fisher in a press release. “TLDR is not only tackling the cybersecurity problems of today but looking to the future to anticipate preventative security and custody solutions for clients. I’m confident that my expertise will bolster TLDR in its mission to help educate and empower organizations to remain vigilant against security threats.”

October 10, 2018: Justin Dolly named COO and CSO at SecureAuth

Dolly is a former SecureAuth board member and has extensive experience in advanced information, infrastructure, web, application, and product security, as well as in risk management, network engineering, and design. Dolly comes to SecureAuth from Malwarebytes where he served as CSO and CIO.

October 2, 2018: AutoGrid announces Omprakesh Moolchandani as its first CISO

Moolchandani joined the AutoGrid executive team on October 1 and will play an important role on leadership team at AutoGrid, a provider of security solutions to the energy sector. “Our customers care deeply about the safety and security of their data,” said Dr. Amit Narayan, CEO, in a press release. “We take cybersecurity very seriously, and Om’s appointment and this new position intensify that focus.”

Cybersecurity ranks as the utility industry’s most pressing concern, with more than 80 percent of respondents in Utility Dive’s 2018 State of the Electric Utility Survey listing it as important or very important.

Moolchandani comes to AutoGrid from General Electric’s industrial internet of things unit, Predix, where he served as senior director for cybersecurity. Before GE, Om headed cybersecurity for cloud security company CipherCloud and for several Australian financial and industrial companies.

Moolchandani holds master’s and bachelor’s degrees in computer applications from University of Technology of Madhya Pradesh, a certificate in business strategy from Harvard Business School, and a certificate in IoT business from the MIT Sloan School of Management. Om is a lifetime member of ISACA, the worldwide information systems association

October 1, 2018: County of San Bernardino hires Robert Pittman as CISO

Pittman previously served as CISO for the County of Los Angeles. Prior to that, he was  as their Chief Information Security Officer (CISO).  Prior to that, he was the county’s first assistant CISO for six years. There, Pittman built and grew an enterprise information security program from the bottom up, established a security culture, and designed a sustainable security foundation. 

robert pittmanRobert Pittman

Robert Pittman, County of San Bernardino CISO

As CISO for the largest geographical county in the nation at the County of San Bernardino, Pittman plans to use his experiences and insight gained to better secure the county’s 44 departments or business units and 22,000 employees.

Pittman was given the 2016 Local Government Cybersecurity Leadership and Innovation award by the Center for Digital Government for advancements to the County’s information security program, the 2014 Cyber Security Leadership in Local Government award by the State of California and the Office of the Attorney General, and 2012 CISO of the Year award by the Info Security Products Guide.

September 11, 2018. Richard Bejtlich joins Corelight as principal security strategist 

Bejtlich, an early proponent of the open source Bro Network Security Monitor that is at the heart of the Corelight Sensor network visibility tool, will work with the company’s executive team to help align product development with enterprise needs. He will also communicate the value of Bro data and network security monitoring for countering adversaries.

“Richard has inspired a generation of defenders through his books, blog posts, presentations, and personal example. Corelight is the network visibility company and Richard is the network visibility guru – so this feels like a perfect match,” said Greg Bell, CEO of Corelight, in a press release. “We are thrilled to have him join the Corelight team.”

Bejtlich has spent years championing the importance of network security monitoring and the critical role real-time data plays in assessment, detection, and response processes. His first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection (Addison-Wesley Professional, 2004), includes a chapter devoted to Bro and he has also frequently blogged about the technology.

“After years of protecting networks with Bro, joining the Corelight team feels like the natural next step,” said Bejtlich in a press release. “Other tools offer glimpses of network visibility, but Bro is like the Hubble telescope. I look forward to working with my new team – many of whom I consider security mentors – to help all organizations harness the power of Bro and Corelight to defend their networks.”

Bejtlich was previously Mandiant’s CSO when FireEye acquired Mandiant in 2013. Prior to Mandiant, Bejtlich worked as director of incident response at General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT).

September 27, 2018: Adnan Dakhwe joins security startup Vera as head of security and compliance

For more than a decade, Dakhwe has built and maintained security, compliance, risk and privacy programs. With a passion for security, technology, innovation and entrepreneurship, he has deep experience in security strategy, risk management, cybersecurity, architecture, product security, governance, business continuity and disaster recovery across cloud, hybrid and on-premise environments.

adnan vera new hires 3Vera

Adnan Dakhwe, Vera head of security and compliance

Prior to Vera, Dakhwe served as a manager for MuleSoft’s Global Information and Compliance group. Adnan has served is various leadership roles at a Fortune 100 retailer, one of the largest global consulting organization and a marquee healthcare organization. 

For the last six years, Dakhwe has served on the board of directors of ISACA (San Francisco and then Silicon Valley). He is an active advisor of SecureWorld and a researcher for the Cloud Security Alliance. 

September 24, 2018: Santander UK appoints Emma Leith as CISO

In the newly created role, Leith will be responsible for the delivery of security and privacy services across Santander UK, in line with the continued commitment to protect Santander’s systems, information and customers from the growing cyber risk.

Leith joins from Barclays International, where she was director of cyber strategy and programme. Prior to this, she was CISO for the Corporate Functions and Commodity Trading Division at BP Oil International and has over 13 years’ experience in leading cybersecurity and privacy agendas across a variety of industry sectors including financial services, oil and gas, telecoms and government.

Leith will report to Santander UK COO Michael Harte. “I’m delighted to appoint Emma as Chief Information Security Officer as we continue to build a team delivering innovative products and solutions for our customers and communities that we serve, whilst ensuring information security remains a top priority,” said Harte in a press release. “Emma brings extensive knowledge and experience to the team which will prove invaluable in helping us drive forward our security and privacy agendas across Santander UK to ensure our customers’ prosper.”

“I am delighted to be joining Santander UK. It is well known in the market for creating customer value through innovative solutions and delivering an excellent service,” said Leith in a press release. “I look forward to working with the teams both in the UK and across Santander Group to further build on the existing work and ensure we are well placed for the challenges ahead.”

September 18, 2018: Chris Betz is CenturyLink’s new CSO

Betz will lead the telecommunication company’s corporate security, information security and security product development teams. “Customers rely on CenturyLink to help them protect their homes, their businesses and global critical infrastructure,” said Aamir Hussain, executive vice president and chief technology officer for CenturyLink. “Chris brings a wealth of knowledge informed by the right mix of experience, from his service in the United States Air Force to overseeing product security for one of the world’s foremost brands.”

chris betz centurylinkCenturyLink

Chris Betz, CenturyLink CSO

Previously, Betz led security for Apple products and has held leadership roles in information security, security operations and response and security intelligence at Microsoft, CBS Corporation and the National Security Agency (NSA).

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 7

September 12, 2018: Michael Montoya named CISO at Digital Realty

Montoya is responsible for overseeing information security technology and programs and managing risks related to confidentiality, integrity and availability of systems and data at Digital Realty, a provider of data center, colocation and interconnection solutions. He reports to Executive Vice President, Operations Erich Sanchack.

“Michael brings a unique combination of operational and strategic expertise to his new role at Digital Realty and we’re excited to welcome him to the team,” said Sanchack in a press release. “Michael has extensive experience overseeing global, full-spectrum cybersecurity programs, including managing the demanding and complex requirements of hyperscale cloud providers. This experience will prove invaluable as he helps us to ensure our security resources are aligned to drive the success of our customers. “

Montoya has held a number of executive leadership roles in the technology and cloud industries. He most recently served as chief cybersecurity officer at Microsoft, where he led security initiatives and operations for the development and delivery of Microsoft cloud security products and services. Prior to Microsoft, Montoya served as vice president of cloud and managed services at FireEye, where he led cloud-security operations and redesigned the company’s global data center infrastructure to improve performance and security. He has also held leadership positions at EMC Corporation, Avanade and INC.

September 5, 2018: Jeffrey Miller joins Kansas City Chiefs as VP of security

Miller will report directly to club President Mark Donovan and will be responsible for developing and managing all safety and security plans and programs for all facets of club operations, including facility security, event day safety, vendor-operated security and traffic procedures, as well as team security. He will also serve as the primary liaison between the club and the National Football League office with regards to all security matters.

“We are excited to add Jeff to our executive team in this new role, and we welcome his family to Chiefs Kingdom,” Chiefs President Mark Donovan said in a press release. “Enhancing the fan experience is a constant focus for us and safety and venue security play an important part. Jeff’s wealth of experience at the league level combined with international experience on the front lines of law enforcement will undoubtedly help shape safety and security for all fans and all events at Arrowhead Stadium.”

“It is a privilege to join one of the most prestigious and storied franchises in the history of the National Football League,” Miller said in a press release. “I am honored to become part of the executive leadership team assembled by Mr. Hunt and team President Mark Donovan. I look forward to working with everyone at the Chiefs as well as the tremendous fans that provide such great support to the club. My family and I are excited to become part of the community.”

Miller joins the Chiefs with decades of experience in both private security roles and public law enforcement service. In total, Miller spent eight years at the National Football League office in New York, serving first as director of strategic security programs and later as senior vice president and CSO. As CSO at the NFL, Miller led and supervised all aspects of security for the league.

Prior to joining the National Football League, Miller enjoyed a 24-year career in public service with the Pennsylvania State Police Department (1984-2008) across multiple bureaus, sections and divisions.

August 27, 2018: Gary Gagnon returns to MITRE as VP of cyber strategy and CSO

As vice president of cyber strategy, Gagnon is accountable for developing and leading cyber strategy and guiding its execution across MITRE’s work program. As CSO, Gagnon is responsible for MITRE’s cybersecurity and physical security.

gary gagnon mitreMITRE

Gary Gagnon, MITRE VP of cyber strategy and CSO

“As the challenges and opportunities in cybersecurity grow in complexity, MITRE’s leadership becomes more important to our nation, and I am pleased to welcome Gary back to The MITRE Corporation to direct our efforts,” said MITRE President and CEO Jason Providakes in a press release. “Gary’s deep mission expertise and leadership working with industry, academia, and government are essential skills to deliver on MITRE’s mission to solve problems for a safer world.”

Gagnon rejoins MITRE after most recently serving as vice president and CISO at Amazon. Before that he was at Inmarsat as senior vice president of global security and CISO. Gagnon worked at MITRE for 30 years in many leadership roles including CSO, vice president of the National Cybersecurity Federally Funded Research and Development Center, and senior vice president of intelligence programs.

August 21, 2018: Blink Health adds Kurt Sauer as CISO and member of its executive team

Sauer, who most recently served as vice president of trust and information security at Salesforce, brings 25 years of experience in information security to Blink, which offers a pharmacy app to make prescription drugs more affordable. That experience includes having served as the CSO of Skype from 2003 to 2008.

Sauer’s hiring rounds out Blink Health’s leadership team. The company recently appointed several other renowned executives with decades of combined leadership experience in the pharmaceutical and consumer e-commerce categories. These hirings were made as the company continues to invest in its technology platform and service expansion.

August 17, 2018: Matt Olsen named chief trust and security officer at Uber

In a company-wide email sent to employees, Uber Chief Legal Officer Tony West announced that Olsen would join the company as chief trust and security officer starting in mid-September. Olsen had already been working with Uber as an advisor to help assess the organizational structure and strategy of Uber’s security teams.

“Matt has an incredible background and is deeply respected across industries, having co-founded a cybersecurity firm and served as the director of the National Counterterrorism Center, the general counsel of the National Security Agency, and in leadership positions at the Department of Justice and the FBI,” said West in the email.

West noted the importance of adding the word “trust” to Olsen’s title. “As I’ve said before, earning and maintaining trust is an essential ingredient to our brand proposition, and it’s everybody’s job. That’s particularly true when it comes to handling our riders’ and customers’ data, and our success in that task is core to our Security team’s mission. Given Matt’s experience in and passion for strengthening the nexus between trust and security, I know he’ll make great contributions to our becoming one of our industry’s most trusted brands,” he said.

August 17, 2018: Hilltop Cybersecurity hires Pete Herzog as CISO

Herzog, a well-known white-hat hacker, is respected worldwide for his work with IBM’s Ethical Hacking team, in creating the Open Source Security Testing Methodology Manual (OSSTMM), and for creating Hacker Highschool, the world’s most popular cybersecurity and cyber-safety textbooks for teenagers. Hilltop Cybersecurity has long supported the latter two projects and has integrated OSSTMM research into its products with the help of Herzog.

A featured speaker at RSA annually, Herzog has won numerous awards for his contributions to the cybersecurity space both public and private. “We are privileged to both work with Pete and learn from his insight and experience,” said Hilltop CEO Corby Marshall in a press release. “The leadership of the company is thrilled that he believes enough in the technology and direction of the company’s products to join us in a more substantive full-time role.”

August 16, 2018: Twilio names Nils Puhlmann as chief trust and security officer

Puhlmann will become part of cloud communications platform providerTwilio’s executive management team and will oversee the company’s global trust and security programs.

nils puhlmann headshotTwilio

Nils Puhlmann, Twilio chief trust and security officer

“At Twilio, trust is the number one thing we sell, so being a leader in security, data protection, and compliance is paramount for the millions of developers who use Twilio to power mission critical business applications,” said Jeff Lawson, Twilio co-founder and CEO, in a press release. “Nils is a 20-year security veteran with significant experience in diverse business environments with tremendous passion for building trust amongst our developer community, while keeping their data secure. We are thrilled to welcome him to the team.”

The Twilio security framework is based on the ISO 27001 Information Security Standard. In addition to ISO 27001 certification, Twilio has also achieved SOC 2 attestation for Authy, and Twilio is self-certified to the EU-US Privacy Shield as well as the Swiss-US Privacy Shield Frameworks.

“At Twilio, we’re committed to upholding the high standards of security and data protection, which are reflected in the investments we’ve made in these two mission-critical areas. After serving as an advisor for many years, I’m joining Twilio because security is a priority for the company,” said Puhlmann in a press release. “I’m excited to continue to build our teams and capabilities to support our vision of becoming a leader in trusted communications.”

Puhlmann has served as an advisor to Twilio since 2014. Previously, he served as the CTO of Endgame, and has held CSO positions at Zynga, Qualys, and Electronic Arts. He also co-founded the Cloud Security Alliance nonprofit organization, which promotes the use of best practices for security assurance within cloud computing.

August 9, 2018: Srikant Manda joins Blockchain company AlphaPoint as CISO

With a specialty in financial services, Manda brings 15 years of cybersecurity governance, architecture and operations experience. He has previously worked in cybersecurity operations with Citigroup and TD Bank. More recently, he led security architecture and engineering teams at Juniper Networks and Fortinet. Manda has a strong background in security strategy, governance, architecture, automation, machine learning, and product security. 

“One of the reasons I am especially excited to join AlphaPoint is that it’s clear that the company already prioritizes security — internally as a company as well as for its customers. For example, their partnership with Intel offers a trusted security-focused solution backed by Intel’s Software Guard Extensions (SGXs),” said Manda in a press release. 

“There is a lot of scrutiny around hacks and lost funds on cryptocurrency exchanges, and we do not take this challenge lightly. We work every day to protect our clients and ensure the safety and security of our products and customers through multilayer cybersecurity, physical security, and operational best practices. Sri coming on board doubles down on our commitment to be a security first company,” said AlphaPoint co-founder and CTO Joe Ventura in a press release. 

August 8, 2018: Cloud Computing Concepts welcomes Michael Scheidell as CISO

In addition to managing Cloud Computing Concept’s (C3’s) internal security and compliance activities, Scheidell will assist in the continued development of technology and communications services provider’s rapidly expanding portfolio of security products and services. New services immediately available to clients include on-site security consulting, managed network security, penetration testing, vulnerability assessments and security awareness training.

Respected throughout the security community, Scheidell is a Certified CISO, president of the South Florida Chapter of the Cloud Security Alliance, member of the FBI’s InfraGard, member of the US Secret Service Miami Electronic Crimes Task Force, and a senior member of the IEEE. His expertise in Security, Corporate Information Risk Management, and Privacy has been relied upon by multinational corporations, government agencies, critical infrastructure providers, and healthcare organizations.

“The security and privacy of our customers have always been a top priority for us,” said Rick Mancinelli, CEO of C3, in a press release. “It is an honor to have someone of Mr. Scheidell’s expertise and experience on board to lead our efforts in this area.”

 “It is a pleasure to be working with C3, their partners and their clients,” said Scheidell in a press release. “With a threat landscape that continues to grow in both sophistication and frequency of attack, effective security practices are more important than ever.”

August 7, 2018: NERC promotes Bill Lawrence to VP and CSO

Lawrence will lead all of NERC’s security programs executed through the Electricity Information Sharing and Analysis Center (E-ISAC) operations, directing security risk assessments and mitigation initiatives to protect critical electricity infrastructure across North America. He will also lead coordination efforts with government agencies and stakeholders on cyber and physical security matters, including analysis, response and sharing of critical sector information.

“I am excited to have Bill in this role leading NERC’s security programs,” said NERC President and CEO Jim Robb in a press release. “Bill’s dedication to the security mission of the E-ISAC and his commitment to stakeholders factored heavily in our decision to name him as our top officer for the E-ISAC.”

Lawrence joined NERC in July 2012 and has held a variety of positions with the E-ISAC, including overseeing the development of NERC’s grid security exercise and grid security conference — GridEx and GridSecCon, respectively. Currently, Lawrence serves as senior director of the E-ISAC, leading the division in its mission to identify and mitigate cyber and physical security risks to the grid in North America.

“I am humbled to have this opportunity to make positive strides toward the security and resilience of the grid. Security across North America is a vital piece of our mission. The threats are real, dynamic and extremely significant,” Lawrence said in a press release. “The E-ISAC Long-Term Strategic Plan provides the framework to increasing the EISAC capability required to help stakeholders protect the grid. I look forward to leading that charge and working with our industry and government stakeholders toward that end.”

Prior to joining NERC, Lawrence was a pilot of F-14 Tomcats and F/A-18F Super Hornets for the U.S. Navy. He also served as the deputy director in the Character Development and Training Division at the U.S. Naval Academy, where he taught courses in Ethics and Cyber Security.

August 1, 2018: Ankura Names Gina Ciavarro CISO

Based in Washington D.C. and specializing in information security and governance, Ciavarro brings insights developed from a decade of counseling clients to her new role with this business advisory and expert services firm.

gina ciavarroAnkura

Gina Ciavarro, Ankura CISO

Previously, Ciavarro led Ankura’s information security program development and compliance initiatives for one of the firm’s largest clients. In that role, she developed tailored solutions that fortified and modernized the client’s security systems to fulfill regulatory requirements. Ciavarro’s adaptive approach to information security challenges enables her to seamlessly and collaboratively integrate across business functions to solve complex data protection issues.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 8

“As a recognized expert in IT security, Gina is a perfect fit for the role of chief information security officer. She brings real-world security management experience and a consulting mindset to the role, which will allow her to approach issues from numerous perspectives and deliver valuable business and technology outcomes for Ankura and our clients,” said Kevin Cheung, Ankura’s CIO, in a press release.  

Prior to joining Ankura, Ciavarro served as a principal consultant for Symantec, a leader in the data loss prevention and security services industry. During her career advising large, multi-national enterprises, Ciavarro has developed security strategies focusing on technology implementation and integration, business process, program design, and data governance.

“I am excited to work with Kevin and the Ankura leadership team to meet the challenges of my new role and build upon the efforts already underway to continuously evolve and maintain the firm’s IT security infrastructure,” said Ciavarro in a press release. “Security is clearly top of mind for all clients and as a trusted partner to them, we remain steadfast in our commitment to being a leader in information security and protection.”

August 1, 2018: Arctic Wolf Networks hires Marty Sanders as chief security services officer

In this new role, Sanders will lead all aspects of the delivery of Arctic Wolf’s AWN CyberSOC, which provides a security operations center as a service. He will manage the security engineering teams’ customer interface and back-end analysis.

sanders headshotArctic Wolf Networks

Marty Sanders, Arctic Wolf Networks chief security services officer

With more than 29 years of industry experience, Sanders has held positions ranging from chief technology officer for North America at Kaminario to technology and services team lead at Dell/Compellent.

“With his proven track record for developing and building service organizations known for their amazing customer experience, welcoming Marty to the team means providing the best for our current and future customers,” said Brian NeSmith, CEO and co-founder of Arctic Wolf Networks, in a press release. “We’re strategically building our team, capabilities and infrastructure to ensure we are providing the level of engagement our customers deserve, and the addition of a dedicated CSSO exemplifies this commitment.”

“As enterprises struggle with the troubling dichotomy between an increasing volume of cyber threats and the cybersecurity skills shortage, there is a critical need for outsourced cybersecurity services to support internal teams’ efforts,” Sanders said in a press release. “I’m excited to be a part of developing such a viable market solution, centered around customer service and affordability, to help enterprises of all sizes get the talent and security they need.”

July 19, 2018: Raj Badhwar named CISO at Voya Financial

Badhwar will be responsible for advancing the Voya information security strategy as well as defining associated policies and standards for achieving the strategy. He will lead a team accountable for developing, managing and maintaining the information security and protection policies and standards for all company computing, privacy and collection activities.

Badhwar and the team will expand Voya’s efforts to continually progress enterprise-wide information security capability to secure the privacy of proprietary, intellectual property, personal, privileged or otherwise sensitive company information. He will report directly to CIO Santhosh Keshavan.

“Raj brings to the role vast technical knowledge and deep leadership experience to help Voya advance our security vision and strategy in alignment with our business growth plans,” said Keshavan in a press release. “His broad experience will be instrumental as we continue to safeguard the confidentiality, integrity, and availability of information assets and resources under the care of Voya.”

Badhwar has more than 20 years of experience in cyber security engineering and operations. Most recently, he was global head of information security for AIG, where he led a security strategy centered on the protection and preservation of information assets.

“Voya understands the critical nature of information security in today’s business environment and has demonstrated a strong discipline for protecting customer and company data,” noted Badhwar in a press release. “What’s especially exciting to me is how Voya is strategically advancing its technology capabilities in sync with emerging technologies to uphold its commitment to their customers and shareholders.”

July 18, 2018: Marc Rogers joins Okta as executive director of cybersecurity strategy

Formerly CSO at ScaleFT, which Okta recently acquired, Rogers has nearly 20 years of experience heading up security for Defcon Communications, one of the world’s largest hacker conferences. He brings his “eat, sleep and breathe security” ethos to his new role at Okta.

marc rogersOkta, Inc.

Marc Rogers, executive director of cybersecurity strategy at Okta

Prior to ScaleFT, Rogers was head of infosec for Cloudflare, CSO for AIAM in South Korea, and oversaw Threat Intelligence for Vodafone UK. His core expertise is as a whitehat hacker, investigating and uncovering security issues before communicating them to consumers and industry in a responsible way, such as with his hack of Apple’s TouchID, Google Glass or, most recently, his automotive hacks such as the Tesla Model S. 

Among his more notable contributions to the security industry is his work in television. This includes helping to create and produce the award winning BBC series “The Real Hustle,” and most recently as one of the technical advisors designing hacks for the USA Network TV show, “Mr. Robot.” Rogers is also head of security for DEF CON, the world’s largest hacker’s conference where he tries to stop 20,000 hackers from destroying a hotel.

July 18, 2018: DMDII appoints Koushik Subramanian as director for the National Center for Cybersecurity in Manufacturing

The Digital Manufacturing and Design Innovation Institute (DMDII) announced that Subramanian has been named director of the National Center for Cybersecurity in Manufacturing. DMDII launched the center in March with $750,000 in seed funding from the U.S. Department of Defense. In addition to Subramanian’s role as director of manufacturing cybersecurity for DMDII, he also will serve as CISO for UI Labs, DMDII’s parent organization, which is driving the digital future of manufacturing and cities.

As manufacturing begins to retrofit or build assembly lines with such software and sensors, the attack surface only expands. Thirty-five percent of all cyber-espionage attacks in the US are addressed at the manufacturing sector, the largest amount of any single sector, according to the 2017 Verizon data breach investigation report.

“The security of the American manufacturing supply chain is dependent on the practices of its individual manufacturers, the vast majority of which are smaller enterprises,” said Tracy Frost, director of Department of Defense Manufacturing Technologies, Office of the Secretary of Defense, Manufacturing and Industrial Base Policy. “The Center will lower the educational and cost barriers that the sector faces to increase readiness for cyber-attacks.”

Prior to DMDII, Subramanian, 33, was director of risk and compliance at Uptake Technologies. He led data privacy, risk, and information security initiatives in addition to helping secure newly procured technology.

“We are thrilled to welcome Koushik to the team to guide the National Center for Cybersecurity in Manufacturing as we ramp up our cybersecurity activities,” said Caralynn Collens, CEO of UI Labs, in a press release. “His experience in the industrial IoT space will be invaluable as we continue to address the unique security needs of the connected factory for defense manufacturers and other corporate partners.”

July 16, 2018: CVP names Andrew Onello Joins CVP as director of cybersecurity services

Onello brings years of experience in cybersecurity, having served as the CISO and the Deputy CISO of the Department of Homeland Security (DHS) U.S. Citizenship and Immigration Services (USCIS), and as the security assessment and penetration testing lead at the DHS Immigration and Customs Enforcement (ICE).

“Cybersecurity continues to be an increasingly critical element in client programs, and CVP has expanded its efforts to meet client needs with cutting-edge solutions,” said Anirudh Kulkarni, CVP CEO, in a press release. “Bringing in an executive with the expertise and experience of Andy Onello demonstrates our commitment to being the best in cybersecurity.”

“I’m excited and honored to join CVP,” said Onello in a press release. “The company has a great executive team, highly talented technologists, impressive growth, and a commitment to continue their leadership in the cybersecurity market.”

July 11, 2018: F5 names Mary Gardner as CISO

Gardner is responsible for F5 Network’s corporate-wide information security management efforts, along with strategic planning, governance and controls. This includes identifying, evaluating, and reporting on F5’s overall security performance and posture in alignment with regulatory requirements and evolving industry best practices.

mary gardnerF5 Networks

Mary Gardner, F5 Networks CISO

Gardner will also provide strategic input to product development and other teams with respect to F5’s current security offerings and technology roadmap, as well as the company’s broader cybersecurity and threat research efforts.

“Security is top of mind for any organization, and having a sharp, adaptable leader in place is essential,” said Tony Bozzuti, CIO and SVP of information technology at F5, in a press release. “Mary’s impressive career to date and knowledge of application security are a testament to the skills, aptitude, and authority she brings to the table. Her perspective will be a valuable asset as F5 expands its security and technology efforts to better support today’s multi-cloud environments and modern enterprises’ digital transformation efforts.”

Gardner joins F5 from Seattle Children’s, where she served as CISO. She has also held security leadership positions at Fred Hutchinson Cancer Research Center, Port of Seattle, JPMorgan Chase, and Washington Mutual. Gardner holds a B.S. from Trinity University. She is also a Certified Information Systems Security Professional (CISSP) and member of the Executive Women’s Forum.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 9

July 9, 2018: Intel hires Window Snyder as chief software security officer

As chief software security officer, vice president and general manager of the Intel Platform Security Division, Snyder will be responsible for Intel’s security product roadmap across all segments. She will work with business group within the company to ensure their objectives are met.

Snyder will engage with the security industry drive partnerships with the operating system and security ecosystem to better understand the growing complexity of attacks, gain insight as to how Intel might differentiate its security capabilities, and take a more customer-centric route to market.

Snyder was most recently CSO for Fastly. Before that, she spent more than five years at Apple working on security and privacy strategy. She was also a founding member at Matasano and a senior security strategist at Microsoft.

“I am looking forward to Window leveraging her experience in the community and bringing further valuable industry insight into Intel’s hardware-enabled security solutions,” said Doug Fisher, senior vice president and general manager of the Software and Services Group for Intel Corporation, in a blog post.

June 21, 2018: Sovos promotes John Strasser to CSO

Strasser had led Sovos’s security practice for more than five years at the global tax software company. As CSO he is responsible for information security, compliance, data privacy and global networking. Strasser’s promotion was one of several management appointments that were part of an initiative to advance Sovos’ cloud platform, S1, which the company announced earlier this month. The S1 platform was built to help businesses deploy tax solutions anywhere they need them and with any infrastructure strategy through a single, API-enabled platform.

“Tax software used to be something you bought, installed and almost forgot about, but that’s not the case anymore. In our customers’ business models, they now need modern, connected technology backed by proactive support from people that know how to make the most of it,’” said Laura Handler, head of customer success, in a press release. “Our customer success team was built to take tax software to the next level so our customers are prepared not just for today, but for what comes next.”

June 20, 2018: Alan Daines is FactSet’s new CISO

Daines will oversee the security organization at FactSet, and analytics, content, and services company. “We are excited to have Alan join FactSet and bring his extensive leadership and expertise to further enhance our cybersecurity program,” said Cindy Finkelman, CIO at FactSet, in a press release. “FactSet has been a trusted partner to our clients worldwide for nearly 40 years, and the addition of Alan to our team exemplifies our commitment to building on that strength.” 

Daines joins FactSet from Dell Technologies, where he was the CISO and responsible for leading Dell’s global cybersecurity organization. During that time, his team helped secure Dell products, protect the enterprise environment, manage cyber risk, and maintain compliance. Most recently, he was responsible for bringing together Dell and EMC’s security organizations as part of the largest technology acquisition in history. Daines has more than 20 years of experience in information technology security and infrastructure roles.

June 11, 2018: Matt Stamper named CISO and executive advisor at Evotek

Stamper will guide digital enablement solutions provider Evotek’s clients as they develop and mature their cybersecurity programs to address digital risks. Prior to joining Evotek, Stamper was a research director in Gartner’s Security and Risk Management practice where he covered security program design, security incident response, security governance, privacy, breach and attack simulation, and security standards and frameworks. Earlier, Stamper was the CISO for U.S. operations and vice president of services at KIO Networks (formerly redIT), an international managed services provider.

matt stamperEvotek

Matt Stamper, Evotek CISO

“Cybersecurity has become a top priority for organizations around the globe,” said Jeff Klenner, president of Evotek, in a press release. “With Matt’s practical experience as a security leader and his time with Gartner as a research director, he has the perfect combination of practice and knowledge to address the most critical security threats our customers face.”

Stamper is co-author of the CISO Desk Reference Guide (Volumes 1 and 2) and serves on the board of a number of high-profile organizations including the San Diego chapter of ISACA, the communications sector for the San Diego chapter of InfraGard, and the San Diego Cyber Center of Excellence (CCOE). He is also a member of the San Diego CISO Round Table.

June 6, 2018: BitGo hires Tom Pageler as CSO

Pageler will lead the security team at BitGo, which builds security systems for digital currencies. He will be responsible for security governance and risk management, information security and operations, compliance, and physical security.

“We serve an institutional market that requires stringent security policies and best practices, and we are taking our security posture to an even higher level. To lead this effort, we are excited to announce that Tom Pageler has joined as the Chief Security Officer (CSO) at BitGo,” said BitGo CEO Mike Belshe in a blog post.

Prior to BitGo, Pageler was CSO and chief risk officer (CRO) at Neustart. He has also served as CISO and CRO at DocuSign. Pageler has also had security roles at JPMorgan Chase and Visa.

June 6, 2018: CNA names Garrett Williams as senior vice president and chief compliance officer

Williams is responsible for the overall strategic leadership and direction of CNA’s Enterprise Compliance Group. He reports to Scott Weber, executive vice president and general counsel. Williams joined CNA from State Farm, where most recently he served as leader of State Farm’s Enterprise Compliance and Ethics department, AML/OFAC officer, and chief privacy officer. There, he was responsible for partnering with State Farm’s CISO to establish comprehensive information security and privacy governance.

“Garrett’s industry experience, compliance expertise, and strong ethical perspective will strengthen CNA’s compliance programs and ensure that CNA maintains a proactive and comprehensive approach to compliance,” Weber said in a press release.

June 5, 2018: Red Clay hires Michael Pearson as CISO

Pearson will oversee Red Clay’s new suite of security solutions – SecureGrid, SecureH2O and SecureGas – to assist electric, water and gas utilities in assessing critical vulnerabilities within their advanced metering infrastructure systems.

Williams has over 25 years of experience in internet technology companies, including roles in product management, business development, marketing and executive leadership. He has extensive experience in multiple information security engineering disciplines including corporate information security leadership and management, measuring and improving organizational productivity, risk assessment, process re-engineering, application and platform controls, cryptography, and network and physical protection. Williams holds patents for the first intrusion prevention service and is a Certified Information Systems Security Professional and a Certified Ethical Hacker.

“We’re thrilled to have Mr. Pearson at the helm of this important new offering,” said Michael Cocroft, Red Clay’s chief strategy officer, in a press release. “Ensuring the security of critical infrastructure requires a proactive, informed approach. We believe Michael Pearson is just the right person to help utilities achieve the level of information security that is now an absolute necessity.”

May 25, 2018: Oakland County, Michigan, names Bridget Kravchenko as its first woman CISO

Bridget has impressive qualifications,” Oakland County Executive L. Brooks Patterson said in a press release. “We’re looking forward to utilizing her expertise to boost Oakland County’s information security.”

Previously, Kravchenko was the CISO at Federal-Mogul Motorparts, where she led the team responsible for strategic security planning, policy, and procedure. Prior to that, she was the CISO at Meridian Health Plan. She is the chairperson of Michigan InfraGard, a public-private partnership with the FBI dedicated to the protection of the United States and its citizens, critical infrastructure and key resources. She also attended FBI CISO Academy in Quantico, Virginia.

“I’m inspired to serve in the public sector under the leadership of County Executive Patterson and CIO Phil Bertolini,” Kravchenko said in a press release. “Oakland County has a national reputation as a technology leader which is what attracted me to this role.”

“Information security is one of our highest priorities in the county and we have worked hard to protect the assets with which we are entrusted,” Bertolini said in a press release. “Bridget is highly respected and brings a wealth of industry experience which will help Oakland County continue to be a leader in this area.”

May 18, 2018: BioConnect hires Courtney Gibson as CTO/CISO

Gibson, the former CISO at OANDA Corporation joins the executive team at this developer of biometric solutions. He will report to CEO and Chairman Rob Douglas. “Courtney is joining our executive team at the right time. We are experiencing significant demand and scale for the BioConnect platform,” said Douglas in a press release. “His expertise in cybersecurity, highly regulated environments, building out large-scale financial systems and his deep technical leadership make him a strong fit. Under Courtney’s leadership, we will be able to significantly expand our engineering team while staying true to our commitment to data privacy, strong biometric authentication and delivering on large-scale activations for our customers and partners.”

“I have long believed that, as an industry, we need to be doing much more to help people secure their everyday lives,” said Gibson in a press release. “BioConnect has the technology, people and vision to transform how we manage identity and the risks of fraud and theft. I am very excited to join the BioConnect team, and to help contribute to that journey.”

At OANDA, Gibson helped grow the team from a 15-person startup to a 300-person global company processing up to $10 billion a day in global currency transactions. Courtney was also responsible for for the development of both API and web-based products for OANDA’s data and analytics business (B2B, SaaS).

May 15, 2018: Andy Sobotta joins Bridgestone Americas as CISO

Sobotta will be based in Nashville and will report to CIO Stefano Mezzabotta with dotted-line reporting to Chris Karbowiak, chief administrative officer, chief risk officer and executive vice President, Bridgestone Americas. He will oversee the protection of the company’s IT assets, ensuring robust IT security architecture, operations and compliance throughout the Americas.  

andy sobottaBridgestone Americas

Andy Sobotta, Bridgestone Americas CISO

“In today’s globally connected society, cybersecurity is more critical than ever,” said Mezzabotta in a press release. “We are thrilled to have Andy join Bridgestone to lead our information security team in the Americas. His expertise and leadership will help ensure we have the right cybersecurity strategy and the right standards in place that are necessary to prevent and mitigate risks.”

Sobotta has more than 20 years of experience as an information security executive, including nearly 10 years in the automotive industry. He most recently served as CISO at Sensata Technologies, Inc., after four years as associate executive director of global information security with Procter & Gamble. Sobotta also served as CISO for Elavon/US Bank and for Volkswagen of America.

May 15, 2018: Nicole Fellouris names CISO at 360Civic

Fellouris joins 360Civic, a provider of web development and technology services to public sector entities, on a retainer basis from Elite Development Group, where she was CEO. “Nicole has more than two decades of cybersecurity experience in both the public and private sector. We are delighted to welcome her to 360Civic,” said 360Civic COO Elizabeth Zayas in a press release.

Fellouris founded Elite Development Group, which was directly responsible for remediation of more than 100 cybersecurity incidents and breaches. Her accomplishments and contributions to the cybersecurity community were recognized by both federal law enforcement and intelligence agencies, resulting in a board member appointment to the Los Angeles division of Infragard, inclusion in the Secret Service’s Electronic Crimes Task Force, think tank participation specific to IT security-centric compliance frameworks, and appointment as a subject matter expert in cybersecurity and cyber warfare.

In addition to achieving PhDc status in clinical neuroscience, Nicole is a graduate of both the FBI and ATF Citizen’s Academies and the FBI’s Infrastructure Liaison Officer (ILO) program, specializing in cyber counter intelligence operations and asymmetric warfare.

May 10, 2018: WeWork hires former White House CISO Cory Louie

Louie becomes the first CSO for fast-growing global workspace provider WeWork. He will focus on both the safety of WeWork’s physical spaces as well as the security and privacy of our members’ and employees’ information.  

cory bio picWeWork

Cory Louie, WeWork CSO

“At WeWork, we have always taken security very seriously. However, as we grow and begin serving an increasing number of enterprise members, our trust, safety and security mission becomes more complex,” said Shiva Rajaraman, WeWork CTO, in a statement. “We are fully committed to meeting and exceeding the expectations of all our members. We already have a strong security foundation that we have built over the past eight years. Now, under Cory’s leadership, we will be enhancing our overall security maturity and building a world-class security team that positions us at the forefront of security innovation.”

Cory has over 17 years of experience protecting information and building security organizations across government, non-profit, technology and law enforcement. His distinguished career includes time at the The White House, Planned Parenthood, Dropbox, Google, and the U.S. Secret Service where he oversaw everything from cyber to physical security.

May 10, 2018: Nicko van Someren joins nanopay’s executive team as CSO

Formerly a member of the advisory board for this real-time payment platform provider van Someren is expected to ensure nanopay’s products and services are secure in their design, implementation and operation. He will also work with the product and marketing teams of nanopay to carry the message of the company’s security to a wide variety of audiences including customers, users, partners, investors and regulators.

“I am excited to be joining nanopay and to help it transform the way that payments are processed,” said van Someren in a press release. “Cryptographic security has always been at the core of what nanopay does, and as CSO, I shall be working to ensure that key principles of security and trust lie at the heart of everything we do going forward.”

Van Someren joins the team with more than 25 years of experience in technology leadership roles. Most recently, he worked with the Linux Foundation, a non-profit dedicated to supporting major open source software projects, as the CTO and executive director of the Core Infrastructure Initiative, a program to systematically improve the security of open source projects in general and with a particular focus on those foundational projects on which the modern IT world is built.

Prior to the Linux Foundation, van Someren served as the founder and CTO of the world’s leading cryptographic hardware security module company, nCipher Plc, until its acquisition by Thales eSecurity in 2008; the CTO of mobile security company Good Technology Inc., which was acquired by Blackberry in 2015; the chief security architect of the global networking company Juniper Network; and the founder and CTO of embedded networking company ANT Plc.

“Nicko’s been advising us since the beginning of nanopay. His proven track record and strategic vision on security are a perfect fit for the company and align well with the direction of nanopay,” said Laurence Cooke, founder and CEO of nanopay, in a press release. “With the addition of Nicko to our team, our products will set a new standard for secure, frictionless payments.”

May 1, 2018: Atrion’s new CISO is Richard Moore III

Moore is expected to expand upon Atrion’s service offerings with concepts like vCISO the virtual chief information security officer (vCISO). He brings over 25 years of experience in designing, leading, and maintaining the implementation and assurance frameworks for organizational information to this full-service information security and technology consulting firm. He has 15 years of military service with the U.S. Marine Corps intelligence community, concluding his military service as regimental intelligence chief.

rich moore 2 200x300Atrion

Richard Moore III, Atrion CISO

In the private sector, Moore ascended to security leadership roles within KPMG and the Royal Bank of Scotland – Citizens Bank, leading the regulatory and data protection programs. Prior to joining Atrion, Richard Moore served as CISO at New York Life Insurance Company and managing director at Alvarez & Marsal.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 10

April 30, 2018: Tracy Reinhold named CSO at Everbridge

Reinhold will be responsible for advancing enterprise-level security strategy at Everbridge, which provides event management and enterprise safety software applications. He will also work closely with customers and partners to optimize their organizational approach to managing and responding to critical events.  This newly created role will report to CEO Jaime Ellertson.

Previously, Reinhold has served in executive leadership roles in security and incident management for some of the world’s largest brands. As CSO at Fannie Mae, he was responsible for designing and managing the company’s enterprise resilience strategy. He established a robust enterprise response model that enabled senior leaders to respond to security and business disruptions in an efficient and consistent manner. Prior to Fannie Mae, Reinhold served as vice president of global investigations at Walmart, and before his commercial roles in security, Reinhold served as a special agent with the Federal Bureau of Investigation for 22 years. 

“The role of CSO continues to evolve in complexity as well as in terms of its importance to the creation of business value,” said Ellertson in a press release. “Tracy has demonstrated an impressive track record in helping Fortune 500 businesses bridge the gap between security and risk to maximize the operational response to critical events. We are excited to add Tracy’s deep insight and expertise in helping customers address today’s wide-ranging security challenges.”  

“Everbridge is the gold standard for how enterprises deliver organizational resilience on an unprecedented scale,” said Reinhold in a press release. “I look forward to working alongside Everbridge’s talented leadership team in helping to expand the reach and impact of the company’s global Critical Event Management platform and solutions.”

April 25, 2018: CISO Guy Flechter adds data protection officer title to his role at AppsFlyer

By taking on the DPO role along with his CISO duties, Flechter will help AppsFlyer, a provider of mobile attribution and marketing analytics, meet its commitment to high standards of data security and privacy. He will lead an expanded data security team that will enforce data protection laws and practices for ongoing diligent compliance with the requirements of European Union (EU) General Data Protection Regulation (GDPR), and relevant data protection laws and regulations across AppsFlyer’s solutions and teams.

Flechter has more than 15 years of experience in information security and data privacy. Previously, he served as information security team lead at LivePerson, where he kept the organization aligned with the most up-to-date and relevant industry standards, as well as spearheaded the security operations team.

“We put clients’ needs at the center of everything we do, and, as a data processor under the new GDPR guidelines, we will assist them in every way possible to become compliant by the time enforcement begins,” said Oren Kaniel, CEO and co-founder of AppsFlyer, in a press release. “Guy will continue to lead our information security efforts and assist our clients with understanding the role we play as data processor, help implement best practices under the new GDPR guidelines, as well as lead AppsFlyer’s GDPR compliance moving forward.”

“I have been protecting data and privacy, which I view as a fundamental human right, for over 15 years,” said Flechter in a press release. “As both an information security officer, and as an end user who values privacy protection, I expect GDPR to benefit both businesses and consumers, providing more transparency and enhancing trust across our industry.”

April 24, 2018: Charles Wilson promoted to CSO at Rock Family of Companies and Bedrock

Wilson will oversee all aspects of security operations throughout the entire enterprise, ensuring a safe and secure working environment for the more than 30,000 Rock Family team members in Detroit, Cleveland and across the country. He will also lead the relationship and partnership development with local law enforcement, allowing a real-time contribution of data and services in the communities where the companies are located.

charles wilson rock familyRock Family of Companies

Charles Wilson, CSO Rock Family of Companies and Bedrock

“We took a very deliberate approach to finding the right leader for security operations, conducting a nationwide search,” said Jay Farner, Quicken Loans CEO, in a press release. “No matter who we spoke with, or where we looked, Charles’ name and skill set always stood out, and he was already leading the security apparatus at Greektown Casino-Hotel, which will make his transition seamless. His strong background and experience makes him the perfect match for this dynamic and important position, and the fact that he is a native Detroiter is another tremendous plus.”

In addition to most recently serving as the vice president of support services at Greektown Casino-Hotel for the last four years, Wilson served 20 years in the Detroit Police Department (DPD). There, he was a direct liaison to the business community, fostering a positive working relationship between DPD and local businesses.

“I am inspired by the new challenge before me and look forward to working alongside all of the talented men and women of the security team and the entire Rock Family of Companies,” Wilson said in a press release. “I have dedicated my career to Detroit, and it is an honor and privilege to be part of an organization so actively involved in the community. The Rock Family of Companies has hired thousands of Detroiters, breathed new life into historic buildings and committed its significant resources to both the rebirth of downtown and Detroit’s neighborhoods. I am proud to be leading the organization’s focus on safety as a key pillar of its overall mission.”

April 19, 2018: Popular promotes Betina Castellví to CSO

Castellvi will lead the newly created Corporate Security Group, led by Betina Castellví as the Chief Security Officer at Popular, a bank that serves Puerto Rico, the Caribbean, and Latin America. This new group will consolidate all corporate efforts related to cyber security and enterprise fraud. Castellví will be a member of the senior management team and will report directly to Ignacio Alvarez, president and CEO of Popular.

“Security is a top priority for Popular. We continue to invest considerable resources to ensure that we protect our customers’ information and our corporation in this rapidly-changing environment.  We are confident that the creation of this group will further increase awareness of this important matter and facilitate collaboration across the organization,” said Alvarez in a press release.

Castellví’s career at Popular, which spans over 20 years, includes leadership roles in several areas, such as financial, operational and market risk, and most recently, the position of general auditor, which she assumed in 2012.  Castellví, a Certified Public Accountant and lawyer, earned a Bachelor’s Degree in accounting from the Wharton School of the University of Pennsylvania and a law degree from the University of Puerto Rico.

April 13, 2018: BYU names Tracy Flinders as CISO

Flinders will establish and oversee a cybersecurity program for the university that covers communications, applications and infrastructure. 

tracy flinders byuBrigham Young University

Tracy Flinders, BYU CISO

“Our campus systems and information are constantly being attacked and must be protected, but we must also accomplish our university mission and get our work done,” said Kelly Flanagan, BYU’s vice president of IT and CIO, in a press release. “The proper balance of these two efforts is critical, and Tracy is just the right person to provide it. Tracy is an experienced leader and manager who doesn’t panic or overreact during difficult moments. He will provide leadership that will put BYU on a firm IT security foundation, but will also safely guide the campus community through inevitable security incidents.”

Flinders is a seasoned executive leader with 28 years in the IT industry. He most recently worked as a managing director of BYU OIT’s Business Support organization.

April 18, 2018: Dr. Sam Small named CSO at ZeroFOX

Dr. Small will work with social media security provider ZeroFOX’s enterprise customer portfolio to develop, execute and maintain strategies that address the security threats intertwined with social media platforms. As one of the country’s foremost experts on intellectual property (IP), Dr. Small will continue to invest, build upon and protect ZeroFOX’s proprietary platform and continued growth.

zerofox sam smallZeroFox

Dr. Sam Small, ZeroFOX CSO

“The social media landscape has never been more vulnerable, and ZeroFOX is leading the global charge to ensure security is top of mind when it comes to interacting with these platforms,” said James C. Foster, CEO of ZeroFOX, in a press release. “As we enter our next phase of growth, Sam will help us drive security both internally at ZeroFOX and for our customers.”

At ZeroFOX, Dr. Small will drive ZeroFOX’s security vision both internally and externally for customers. He will work directly with customers at the CXO level to deliver the company’s services and technology as well as infusing the ZeroFOX Platform with his expertise. Finally, Dr. Small will help oversee all ZeroFOX’s IP and internal security operations.

“ZeroFOX’s team is committed to delivering the people, technology and processes that will keep our customers secure on social media,” said Dr. Small in a press release. “They’ve architected a scalable platform to solve enterprise social media and digital security challenges both now and in the future, and I look forward to being part of this forward-thinking team.”

Prior to being named CSO, Dr. Small served on ZeroFOX’s board of advisors. He was also the CEO and founder of Fast Orientation, an enterprise security software startup. Additionally, after earning his doctorate in computer science from Johns Hopkins University, he led an academic security research lab and launched two security startups.

April 16, 2018: Myrna Soto leaves CISO role to join ForgePoint Capital as a partner

Soto will be a member of the investment team at ForgePoint (formerly Trident Capital Cybersecurity), a venture capital firm focused on the cybersecurity industry. The ForgePoint investment team and will help identify investment opportunities; advise portfolio companies; participate in due diligence activities; organize the CISO, CIO, and CTO community; and refine the firm’s investment strategy.

myrna soto forgepointForgePoint Capital

Myrna Soto, ForgePoint Capital partner

“I have had the honor to serve as an advisory board member to a number of startups, growth-stage companies and large technology solution providers.  My work identifying core technologies for security innovation and being a design partner in that regard has always been very gratifying,” Soto tells CSO. “Now I will have the opportunity to do this at a much deeper scale.” 

“Myrna is a tremendous addition to our team given her demonstrated success managing global cybersecurity and technology risk programs at leading Fortune 500 companies,” said J. Alberto Yepez, Co-founder and managing director at TCC, in a press release. “Her broad industry insights, business acumen and experience serving in public company boards will bring invaluable perspective to our investment activities and to the growth of our portfolio companies. Myrna is a champion of diversity and has been recognized multiple times as one of the most powerful women in cybersecurity and most powerful Latinas in business.”

As a former CISO, Soto expects to apply her operational and strategic experience to help startups develop go-to-market strategies, position product, provide implementation guidance, and advise on how best to have their product or service embraced by security leaders. “Identifying innovated technologies and products that will lead us to the next generation of core security technologies is all the enticement I need [to join ForgePoint],” says Soto. “I am thrilled to be named a partner in the firm and to be the first female partner in the firm’s history.”

Soto was previously senior VP and global CISO of Comcast Corp., which she joined in 2009. “When I started at Comcast, we were extremely federated in our approach to security. Rationalizing security investments, maturing operational processes, and maturing a very strong and effective security program across the enterprise is something I am very proud of,” says Soto. “I am also very proud of the teams and leadership we developed and who will lead the company into the next stage of continuous improvement.”   

Leaving that team of practitioners and business people is one regret that Soto has leaving the CISO role. “I will also miss the diverse set of businesses Comcast represents. Comcast was an extremely exciting place to be at. However, I am certain I am replacing it with another incredible vertical that will foster and develop the next generation of innovative security solutions,” says Soto.

She has a total of 25 years of information security and technology leadership experience at American Express, Royal Caribbean Cruise Lines, Kemper Insurance and MGM Resorts. Soto was also recently named to Fortune magazine’s “50 Most Powerful Latinas in Business“ for the second consecutive year and has been recognized by SC Magazine among the “Top 10 Power Players for Women in Security” and among the Top 100 Technology Executives by the Hispanic IT Executive Council.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 11

​​April 16, 2018: Unisys hires Mathew Newfield as CISO

Newfield will lead the Unisys corporate information security team, which is responsible for the design, development and implementation of the company’s corporate information security and risk program across all regions and functions. That includes the company’s two go-to-market organizations, Enterprise Solutions and Unisys Federal. He reports to Eric Hutto, senior vice president and president, Enterprise Solutions, Unisys.

Prior to joining Unisys, Newfield served as director of global managed security services (MSS) for IBM as well as the business information security officer within IBM’s security organization. In that role, he was responsible for the delivery of services in 133 countries and managing a staff of 1,500 security professionals. Newfield also has previously held security leadership roles with Cybertrust, RSA and DDC Advocacy.

Newfield has published books on security and has been an instructor with the SANS Institute, a security research and education organization. He has been a frequent presenter around the world on cyber topics and worked closely with many global organizations to improve their security.

“Matt’s experience working as a global leader at some of the world’s most prominent security and technology companies will help Unisys to continue our momentum as a company focused on leading-edge security,” said Hutto in a press release. “He brings an enormous array of skills and knowledge in both internal and client-facing roles. Unisys will leverage this experience in protecting both client information assets and our own.”

April 16, 2018: Former DEFCON security head Marc Rogers Joins ScaleFT as CSO

Rogers brings over 20 years of security industry expertise to zero-trust security company ScaleFT. He has held the role of head of security for DEFCON, the world’s longest-running hacker conference, since 1999. Most recently, Rogers served as head of information security at CloudFlare, Inc., responsible for the global security of the compliance, product security, infrastructure security, and threat intelligence teams. He brings deep technical expertise to the ScaleFT mission of helping companies achieve their own BeyondCorp-inspired zero-trust security architectures.

“Marc has been incredibly valuable as an advisor and community advocate, and we are extremely excited to welcome him to ScaleFT,” said Jason Luce, CEO and co-founder of ScaleFT, in a press release. “We share the same vision for security as a significant business enabler, with zero trust as the right model, and we look forward to his contributions to our fast-growing company.”

Rogers has been a prominent figure in the information security field for decades, where he is best known for his whitehat hacking including Google Glass, Apple’s TouchID and most recently The Tesla Model S sports car. He has served on industry steering groups that include the Microsoft CISO council and the GSMA Security Group. He has also advised several TV networks including BBC, where he appeared on and advised the series, “The Real Hustle”, and most recently USA Network’s MR Robot where he designed hacks such as the Femtocell used for the finale in Season 2.

“I have been incredibly impressed with how ScaleFT has brought the core principles of BeyondCorp to the market in such a positive and meaningful manner,” said Rogers in a press release. “It’s my strong belief that security should be seen as a business enabler, never a blocker, and ScaleFT is the company to bring that confidence to organizations of all size through its Zero Trust platform.”

April 12, 2018: Justin Calmus appointed CSO at OneLogin

With deep experience across enterprise information security in CIO and CSO roles, Calmus will architect and lead unified access management provider OneLogin’s risk management, security and compliance efforts. He will drive security and compliance requirements for some of the most demanding computing environments for companies such as AAA, Airbus, Citizen, and Tesco.

justin calmusOneLogin

Justin Calmus, OneLogin CSO

Before joining OneLogin, Calmus served as VP of hacker success at HackerOne, the leading bug bounty platform, where he was responsible for representing and cultivating HackerOne’s community of more than 100,000 hackers. Prior to his tenure there, he served as CIO and CSO at Zenefits, was director of enterprise security at Salesforce, and manager of security engineering at LinkedIn.

“Security is paramount as digital transformation empowers businesses with enhanced efficiency and business agility,” said OneLogin CEO Brad Brooks in a press release. “Justin has a unique blend of experience and expertise, and I am delighted to have him leading our efforts.”

“OneLogin is at an exciting stage of its growth from both a business and a technology perspective as it pioneers the new unified access management category,” said Calmus in a press release. “I’m thrilled to be joining the executive team to lead security and compliance efforts as the company moves its vision forward.”

April 10, 2018: Michael Ngo joins ORock Technologies’ executive team as CSO

Ngo is responsible for ensuring the security and compliance of ORock’s infrastructure as a service (IaaS) and cloud service offerings. He recently completed his 28-year military career as a colonel with the US Army, where he directed worldwide network operations and cyber defense for large-scale organizations of over 7 million systems, on 15,000 separate networks, across various security domains.

Prior to joining ORock, Ngo served as COO, Joint Force Headquarters Department of Defense Information Networks (JFHQ-DODIN). He was responsible for command and control of defensive cyberspace activities focusing on unity of command and unity of effort within the DoD to secure, operate, and defend DoD Networks.

“Mike’s deep experience overseeing and protecting critical DoD networks made him the ideal candidate to ensure the security and compliance of ORock solutions,” said Gregory Hrncir, co-founder and CEO of ORock. “We’re excited about the addition of another distinguished military leader to our team of senior executives and advisors.”

Ngo holds a Master of Science in Information Technology Management from the Naval Postgraduate School and graduated as a ROTC Distinguished Military Graduate with a degree in computer science from Millersville University.

April 5, 2018: Matt Palmer leaves CISO role to direct new risk tool at Willis Towers Watson

Palmer oversee the Cyber Risk Profile Diagnostic (CRPD) tool and its development for global advisory, broking, and solutions company Willis Towers Watson. Previously the company’s CISO, he now becomes its

matt palmer Willis Towers WatsonWillis Towers Watson

Matt Palmer, senior director for cyber risk management solutions at Willis Towers Watson

business.

Anthony Dagostino, global head of cyber risk for Willis Towers Watson, said in a press release: “Matt’s excellent track record as CISO and deep knowledge of cyber risk, technology and regulation will be invaluable in supporting our global clients with their own information security programs and leading our innovative new CRDP tool.”

“The benefits of deploying the CRPD tool are numerous and go beyond the structured approach to risk evaluation and control planning,” said Palmer in a press release.  “Ensuring that resources are allocated efficiently for any risk mitigation activities allows companies to improve stakeholder confidence while minimizing the brand and reputational impact in the occurrence of a breach, and also help companies to solve the complex issues around cyber resiliency”.

April 4, 2018: Marzena Fuller named CSO at SignalFx

Fuller joina SignalFx to support the company’s rapidly expanding customer base, strong revenue growth, new partnerships, integrations, and geographic expansion. “We’re at an inflection point as more enterprises are embracing digital transformation and turning to SignalFx as their strategic partner for monitoring their cloud environments in real-time. We’re thrilled to welcome Marzena … to the team that will take SignalFx to the next level,” said Karthik Rau, co-founder and CEO of SignalFx, in a press release.

marzena fuller SignalFXSignalFX

Marzena Fuller, SignalFx CSO

Fuller will lead SignalFx’s security operations, helping the company maintain the highest level of security standards for SignalFx and its enterprise customers. She has extensive experience building security, risk, and compliance programs at big data and machine learning companies, and bringing a customer-oriented approach to information security. Fuller was previously senior director security at Databricks where she was responsible for developing and implementing the company’s security and compliance strategy. Prior to Databricks, she worked as director, security sompliance at Sumo Logic, overseeing the organization’s security, compliance, privacy, risk and data protection programs.

“SignalFx understands that enterprises need to be able to trust their providers with confidential data and assets, so the company takes its stewardship of client data very seriously,” said Fuller in a press release. “I’m excited to help our customers and the SignalFx team standardize and scale best-in-class security practices.”

April 2, 2018: Jesus “Laz” Montano becomes head of enterprise information risk management and CISO for MassMutual

A long-time information technology executive, Montano– Underscoring the importance it places on comprehensive, robust information security and risk management capabilities, Massachusetts Mutual Life Insurance Company (MassMutual) today named long-time information technology executive Jesus “Laz” Montano as Head of Enterprise Information Risk Management (EIRM) and Chief Information Security Officer. Montano reports to Mark Roellig, MassMutual’s Chief Technology and Administration Officer.

Montano will work closely with the executive leadership team at Massachusetts Mutual Life Insurance Company’s (MassMutual). He will direct a holistic risk management approach across the company, including managing operational and cyber security risks, ensuring all regulatory and compliance requirements are met, and overseeing the safeguarding of MassMutual’s information assets. Montano reports to Mark Roellig, MassMutual’s chief technology and administration officer.

“Laz brings to MassMutual both demonstrated expertise and a deep business insight, built on nearly 30 years of technology and cyber security experience, and we look forward to his contributions as part of our unwavering commitment to best-in-class EIRM practices,” said Roellig in a press release. “Importantly, Laz is also a tremendous advocate of fostering diversity and inclusion, a basic tenet of our organization.”

“Joining MassMutual is a great honor, and I am very excited to be part of an organization that feeds the very passion that has been at the center of most of my career – which is safeguarding customer’s information and empowering those around me to do the same,” said Montano in a press release.

Montano joins MassMutual from Voya Financial, where he served as CISO for the past four years, responsible for providing leadership, management and strategy for all aspects of the company’s technology risk and information security. Montano has also held technology security leadership roles at OpenSky, MetLife, The Travelers Companies and Lucent Technologies.

March 29, 2018: Marcura hires Richard Bell as its external data protection officer

In anticipation of the EU’s General Data Protection Regulations, which go into effect in May, The Marcura Group, a Dubai-based group of companies focused on providing innovative business solutions to the maritime industry, appointed TenIntelligence Limited’s Richard Bell as its external data protection officer (DPO).

Bell will serve as an independent consultant for the entire Group on matters related to GDPR compliance. He currently heads the TenIntelligence Security & Privacy practice, advising companies located in Europe, Middle East, and US on physical and cyber security matters. He served as the CISO and head of cyber security operations & investigations for Transport for London (TfL). He works regularly with the National Cyber Security Centre (NCSC), National Crime Agency (NCA) and the Information Commissioner’s Office (ICO). He is a Fellow of The Security Institute and a Member of the Association of Security Consultants.

“Marcura has always endeavored to hold itself up to the highest standards of compliance for the benefit of its customers, and this is no different when it comes to meeting its obligations under the GDPR. The GDPR is considered to be the most stringent data protection law in the world, and with its upcoming implementation, the Group has now taken the necessary steps and initiated various measures to comply with it,” said Felix J. Antero, general counsel and chief compliance officer of the Group in a press release.

March 26, 2018: Troels Oerting will lead World Economic Forum’s new Global Centre for Cybersecurity

Oerting is joining the Forum from Barclays where he was Group CSO and Group CISO. Before that, he was at Europol where he held several roles including head of Europol’s Counter Terrorist and Financial Intelligence Centre and notably, head of the European Cybercrime Centre. He began his career in law enforcement and held multiple senior roles within the Danish National Police including Director, Serious Organized Crime Agency and Director of Operations, Danish Security Intelligence Service.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 12

“The Global Centre for Cybersecurity is the first global platform to tackle today’s cyber risks across industries, sectors and in close collaboration with the public sector. I’m glad that we have found a proven leader in the field who is keen and capable to help us address this dark side of the Fourth Industrial Revolution,” said Klaus Schwab, founder and executive chairman of the World Economic Forum, in a press release.

The Forum’s Global Centre for Cybersecurity offers the first platform for governments, companies, and international organizations to diminish the impact of malicious activities on web. It will focus on the following aims:

  • Consolidate existing cybersecurity initiatives of the World Economic Forum
  • Establish an independent library of cyber best practices
  • Help partners to enhance knowledge on cybersecurity
  • Work toward an appropriate and agile regulatory framework on cybersecurity
  • Serve as a laboratory and early-warning think tank for future cybersecurity scenarios

March 22, 2018: Sean Valcamp named VP, CISO at MGIC

Valcamp comes to Mortgage Guaranty Insurance Corporation (MGIC) from Avnet, Inc., where he held successive positions of increasing responsibility in the IT department. He served for more than 11 years as Avnet’s global security leader and was named the company’s first CISO in 2015. Valcomp has 28 years of experience in the technology industry and holds a Bachelor’s of Science degree in Computer Information Systems from the University of Phoenix.

“Sean will be a great fit in his role at MGIC,” said Greg Chi, senior vice president information services and CIO, in a press release. “His leadership credentials and wealth of experience in Information Risk Management and governance practices make him a valuable addition to our team as we support MGIC’s ongoing growth. I am delighted to welcome Sean to the company.”

March 27, 2018: Doug Yokoyama is the new CIO and CISO at Clarify Health Solutions

Yokoyama will lead data operations at this provider of machine-learning-enabled care optimization, leveraging best-in-class protocols and advanced technologies from a variety of industries to bring the highest levels of fidelity and security to healthcare analytics, risk stratification and care guidance.

With nearly 30 years of experience, Yokoyama has a proven track record for building scalable technology solutions that deliver operational effectiveness and impact for customers. Prior to joining Clarify Health, he was the senior vice president and CIO of Advent Software, a leader in automated portfolio accounting for investment management firms. As the CIO, he led the product development, IT, and data services teams

“With Doug on board, we have a leader with the experience and expertise to deliver the financial services and military-grade security that all healthcare companies should deploy,” said Jean Drouin, MD, CEO and co-founder of Clarify Health, in a press release. “Doug has deep knowledge and experience spearheading data governance process and harnessing both people and technology to advance organizational security measures. We welcome his expertise and contributions as we continue to empower healthcare organizations to succeed in a value-based world, both lowering costs and improving patient outcomes.”

“I’m inspired and impressed by the work the Clarify development and security teams have done to create a safe and scalable framework for processing and storing sensitive data,” said Yokoyama in a press release. “My goal is to continue building on this foundation to enable the company to serve our customers in new ways, including providing patients with more seamless and secure access to their own data.”

March 14, 2018: LenderLive promotes Ian Morgan to CISO

Morgan will be responsible for the confidentiality, integrity, and availability of this mortgage services provider’s information assets. He will partner with LenderLive’s business lines to strengthen existing security controls, setting the strategic direction of information security at LenderLive and adhering to regulatory requirements. He will report to CIO Lorie Helms.

Morgan joined LenderLive in September 2010. Throughout his career with LenderLive, he has held positions of increasing management responsibility within the organization. Most recently, Morgan served as vice president, Technology Solutions, where he guided the build-out of the company’s workflow system, strengthened the company’s eSign, eMortgage, and document imaging platforms, and strove to secure business systems by meeting comprehensive audit requirements. Prior to LenderLive, Morgan held IT management positions with Alameda Mortgage Corporation, Assurity Financial Services, LLC, Information Management Research and Optimus Corporation.

“Information security has become a critical and essential priority for our clients. By creating a dedicated executive level position, we are demonstrating our commitment to protecting client and customer information entrusted to LenderLive,” said Rob Clements, chairman and CEO of LenderLive, in a press release. “Ian is a perfect fit for this position. He’s a seasoned financial services veteran with deep industry knowledge in information technology and security. During his tenure at LenderLive, he has demonstrated proven success in building strong teams to achieve a streamlined and cohesive operation. I am confident that Ian will continue to be a critical contributor as we grow and evolve.”

March 12, 2018: OATI appoints Khalil Houri as CISO and Jerrod Montoya as deputy CISO

Houri and Montoya will lead a new security and risk management team at OATI, a provider of products and services for the energy industy. This team will be responsible for the overall governance of OATI security and risk management, which includes cybersecurity, physical security, vendor management, and security awareness and training. They will report directly to Sasan Mokhtari, president and CEO of the company.

The team will ensure applicable OATI security policies and procedures are in place, enforced, and coordinated across all OATI departments. Houri and Montoya will also interact with customers, regulator and industry groups, law enforcement, and other applicable security groups as needed.

“With the implementation of this dedicated team, OATI can further enhance security measures for customers in this constantly changing security paradigm,” said Mokhtari in a press release.

March 6, 2018: Eddie Saunier named CSO at Burr & Forman

Saunier will lead legal services firm Burr & Forman’s overall information security program and will assume responsibility for managing the firm’s technology and information management compliance and risk.

“Eddie’s devotion to managing and securing Burr & Forman’s systems and networking infrastructure with the utmost level of scrutiny furthers our confidence in his ability to meet all the information security needs of the firm and our client information,” said Burr & Forman CEO Ed Christian in a press release. “Eddie will ensure we are at the forefront of best practices to provide a consistent level of data security.”

Since joining the firm in 2002, Saunier has been responsible for managing the core servers and networking infrastructure as senior systems engineer. Saunier earned his undergraduate degree in materials engineering at the University of Alabama at Birmingham.

March 5, 2018: Florida Agency Network names Matthew Froning as CISO

Froning will drive title agency Florida Agency Network’s (FAN’s) existing information security program and collaborate with the industry to implement best practices on information security.

“We are pleased to welcome Matthew to our team. His reputation, expertise and intimate knowledge of industry best practices will allow us to design and deploy a best-in-class, global security strategy,” said Aaron M. Davis, CEO of FAN.

The former CIO of a leading information security consulting company, Froning has led the charge for improving security processes and procedures for organizations while tightening controls to protect from cyber attacks. A security industry veteran, he developed information security assessment processes which included guidelines and reports aligned with regulatory and ALTA Best Practices. Froning is an Air Force veteran and former federal agent who has investigated, managed and directed computer-related criminal, counterintelligence, counterespionage, fraud and undercover matters for both the federal government and the military.

“Florida Agency Network has been an industry leader in the approach to secure their systems, processes, and the consumer information they are charged with protecting. As part of the team, I look forward to helping FAN continue to enhance their security program and provide the best service and level of security possible for their clients,” said Froning in a press release.

February 28, 2018: Richard Roberts takes on dual COO/CISO role at Stratus Interoperable

As a member of Stratus Interoperable’s executive management team, Roberts’ operations and cybersecurity experience will help drive product delivery and development with a focus on enhanced security at this provider of data integration and business intelligence services in the healthcare industry.

Before joining Stratus Interoperable, Roberts built a healthcare advisory company and spent 10 years at the nation’s largest private healthcare ITO/BPO organization. There he served as chief technology officer with responsibility for IT strategy, planning and cybersecurity for both corporate and customer initiatives. He oversaw enterprise-wide infrastructure architecture and standardization, integration, business transformation, and the development of enterprise application solutions.

“I’m very excited to join the SI Team. It’s my goal to leverage this opportunity to positively influence the quality of patient-centered healthcare, while helping drive Stratus Interoperable and the StratusLink platform to prominence in the healthcare technology industry,” said Roberts in a press release.

February 22, 2018: Lewis Brisbois hires Frank Gillman as CISO

Gillman will work closely with law firm Lewis Brisbois’s Data Privacy & Cybersecurity practice to provide a suite of client services. He has more than 30 years of technology experience in the legal field, including 20 years in the CIO/CTO role for three notable AmLaw 200 firms, including Lewis Brisbois. He has led and implemented first-to-market initiatives for legal technology solutions during his various tenures in the infrastructure, telecommunications, mobility, and data security fields.

“We are very fortunate to have the opportunity to work with Frank in providing client services. With his operational experience and expertise, we are adding tremendous value to a variety of client engagements to better secure their networks and better prepare them to respond to data security incidents,” said Data Privacy & Cybersecurity Chair Sean Hoar in a press release.

As a part of the data privacy and cybersecurity team, Gillman provides clients with security control assessments mapped to information security frameworks, incident response planning, tabletop exercises, executive training in network security awareness, and information security policy and procedure development.

“I’m excited about the opportunity to evolve the traditional CISO role within a law firm to this expanded scope,” Gillman said in a press release. “What makes it doubly so is to be able to do it alongside some of the most talented lawyers in the data privacy and cybersecurity fields.”

February 12, 2018: Equifax names Jamil Farshchi as new CISO

Farshchi, who previously served as CISO at The Home Depot, will assume company-wide leadership of work already underway to transform the company’s information security program and collaborate with the industry to share best practices on information security. He will be based in Atlanta, Georgia, and report directly to the CEO. 

equifax ciso jamil farshchiEquifax

Jamil Farshchi, Equifax CISO

“We are pleased to welcome Jamil to our team and confident that he possesses the talent and skillset needed to continue our journey toward developing industry-leading security practices and, ultimately, to help us regain trust with consumers and customers,” said Paulino do Rego Barros, Jr., interim CEO at Equifax, in a press release. “Jamil has a reputation for helping enterprises rebuild and fortify information security programs.  His expertise in risk intelligence and cybersecurity combined with his intimate knowledge of industry best practices will allow us to design and deploy a best-in-class, global security strategy to re-establish ourselves as a trusted leader.”

Prior to his role at The Home Depot, Farshchi was the first global CISO at Time Warner, where he brought to bear risk-management techniques from the financial and government sectors to develop a model security program for the media and entertainment industry. Before that, Farshchi was the vice president of global information security at Visa, where he developed and implemented the firm’s first global information security strategy; led efforts in mobile security, identity, and big data; and transformed its security program into a recognized global leader.

“Equifax is a company with tremendous potential, and I am confident that we will transform our security program into one of the most advanced and recognized globally,” said Farshchi in a press release. “I am grateful for this new challenge and am looking forward to enabling the business with new insights, a fresh perspective, and a multi-dimensional way of thinking about global data stewardship and information security.“

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 13

February 12, 2018: ThreatModeler Software hires David Nester as CSO

Nester joins ThreatModeler Software, Inc., a provider of an automated threat modeling platform, after serving as the global director of Fortify on Demand at Hewlett Packard Enterprise. “I was truly impressed with the ThreatModeler Platform,” said Nester in a press release. “When the ThreatModeler team demonstrated their automated platform and how it accurately identifies 99% of the potential static and dynamic application vulnerabilities before a single line of code is even written, I knew instantly this was the solution many organizations need.”

ThreatModeler David NesterThreatModeler Software

David Nester, ThreatModeler Software CSO

Nester is an accomplished information security leader with 20 years of experience and success in fulfilling mission-critical security objectives and goals, and directing global technology teams. At Hewlett Packard, he managed the global team of application security experts. Nester offers advanced capabilities in application security and risk management combined with a deep understanding of the intersection between technology, business, and operational needs.

February 9, 2018: Thesys CAT LLC appoints Vas Rajan as CISO for consolidated audit trail

Rajan will be responsible for ensuring security compliance of the CAT System and evolving and executing cybersecurity programs as the CAT platform advances from build to live along with its continuous development and optimization. He will also be responsible for partnering with the CISOs from the self-regulatory organizations (SROs) to ensure the highest standards of security across the CAT System.

Mike Beller, CEO, Thesys Technologies, said in a press release, “Security has been at the forefront of our design and strategy for the CAT system from the beginning, and one important key to success is ensuring there is a well-rounded leader to oversee all the security aspects of the CAT, both before it goes live, and once it is operational. We are pleased that, together with the SROs, we have found an exceptionally talented candidate like Vas, who is highly capable of securing the system and working with the multiple stakeholders within CAT to deliver best in class security practices.”

Rajan joins Thesys CAT with over 20 years of IT experience within the financial services industry. Most recently he served as CISO and business continuity officer of CLS Bank, the member owned FX market utility, where he was responsible for the security strategy of the company in accordance with all requirements of a financial market utility, designated as systemically important by the U.S. government. Prior to CLS, Rajan was head of security and privacy officer of ING Direct USA, a major retail bank and brokerage.

February 6, 2018: Armored Things adds Elizabeth Carter as CSO

A specialist in threat and risk assessment, crisis management and response, and emergency program management, Carter will work with Armored Things customers to bridge the gap between cyber- and physical security. The company develops software that protects large public and private facilities and venues against risks and threats.

elizabeth carter armored thingsArmored Things

Elizabeth Carter, Armored Things CSO

Prior to joining Armored Things, Carter led crisis management for the Americas at Apple, Inc., where she was responsible for responding to incidents and protecting the company’s operations, personnel, and facilities throughout North and South America. Her experience also includes senior director with The Chertoff Group in Washington, DC, where she worked with public and private sector clients on issues related to counterterrorism, cyber security, crisis management, health preparedness, and infrastructure protection.

“Elizabeth has been a friend and trusted colleague for years, and our team couldn’t be more thrilled to have her aboard,” said Armored Things CEO Charles Curran in a press release. “Given her experience that bridges the gap between physical and cybersecurity, she is uniquely qualified to help our clients leverage technology to reduce risks and respond more quickly and effectively to emergencies.”

February 6, 2018: Mario Duarte joins Snowflake Computing executive team as VP of security

Duarte has extensive experience deploying product and company-wide security programs and will continue to advance the industry- and country-specific customer security requirements for Snowflake, a cloud-based enterprise data warehouse provider.  

mario duarte vp of securitySnowflake Computing

Mario Duarte, Snowflake Computing VP of research

“Mario’s industry leadership will be crucial to accelerating product innovation, enhancing our go-to-market strategy and advancing our enterprise-grade security for customers to help enterprises uncover maximum value from their data,” Snowflake CEO Bob Muglia said in a press release.

Duarte has worked in the retail, health care, and financial sectors for two decades. He has built and managed security teams, developed and implemented security programs and has managed PCI and HIPAA compliance initiatives for medium and large organizations. 

“Security has been a pillar of Snowflake’s architecture and culture since day one and it’s what drives us to embrace strong security safeguards in all facets of our business,” Duarte said in a press release. “This strong security ethos empowers us to protect our customers valuable data assets against existing and emerging security threats. Snowflake’s cloud-built data warehouse-as-a-service is uniquely designed to meet rigorous compliance requirements such as FedRAMP, which in turn help to accelerate our customers’ compliance initiatives.”

January 19, 2018: MedSec names Stephanie Domas as VP of research

Domas will responsible for the introduction of MedScan, which allows hospitals to assess the cybersecurity status of the medical devices on their networks. She is widely recognized as one of the leading experts in healthcare cybersecurity, having contributed toward national security guidance and standards for medical devices, authored dozens of industry articles, and presented at major conferences. 

stephanie domas largeMedSec LLC

Stephanie Domas, MedSec VP of research

“Stephanie has done a tremendous job bridging the gap between hospital executives and medical device makers so that both audiences have a better understanding of the challenges and complexities they each face,” said Justine Bone, CEO of cybersecurity software provider MedSec, in a press release. “For a long time, these groups have been working in relative isolation despite having common ground – both want the medical equipment to operate effectively without the risk of cyber intrusions – to the benefit of patients.”

Domas was previously the director of product security at Battelle. At MedSec, she will facilitate collaboration between manufacturers and hospitals, and help them work through pain points on both sides. “I’ll be leading a MedSec team that will help hospitals assess the state of the devices on their networks and facilitate with the medical device manufacturing community to determine the most effective and efficient solutions,” said Domas in a press release. 

Domas is an active member of the UL2900, UL5500, AAMI TIR-57, and AAMI TIR-97 standards committees, shaping industry best practices and security standards for medical devices. She is a registered Professional Engineer (PE) in the state of Ohio, and a Certified Ethical Hacker (CEH).  She was recently named a 2017 Influential Women “One To Watch” by the Executive Women’s Forum, the largest member organization serving emerging leaders as well as the most prominent and influential female executives in the Information Security, Risk Management and Privacy industries.

January 19, 2018: Paytm Payments Bank appoints Nitin Chauhan as CISO

Chauhan will set up and enhance Paytm’s enterprise security strategies, infrastructure, and network design. He will also secure links with partner banks and financial services, and he will oversee regulatory compliance with an emphasis on building a security framework for all Paytm Payments Bank customers.

nitin chauhanPaytm Payments Bank

Nitin Chauhan, Paytm CISO

Chauhan has two decades of infosec experience. Before joining Paytm, he served as the CISO at RBL Bank for more than six years. Prior to that, Chauhan worked with Kotak Bank and other financial institutions. He graduated in Commerce from Delhi University and holds an MBA degree in IT and International Business. He is a CISA professional and is a certified Lead Auditor from BSI for BS 25999 and Lead Implementer for ISO27001 security standard.

January 18, 2018: Susan M. Viveiros named VP, information security officer at BankNewport

Viveiros will be responsible for the development and implementation of BankNewport’s information security, vendor management, and business continuity programs. She comes to BankNewport from HarborOne Bank in Brockton, Massachusetts, where she served as vice president, information security officer.

banknewport viveiros 683x1024BankNewport

Susan Viveiros, BankNewport VP, information security officer

Viveiros is a Certified Information Security Manager (CISM) and Certified Information System Auditor (CISA). She is also Global Information Assurance Security Essentials certified. Viveiros completed the Bryant University Executive Development Center Business Continuity Program and is currently pursuing certification as a chief information security officer from the International Council of E-Commerce Consultants.

January 16, 2018: HaystackID hires Lee Neubecker as CISO

Neubecker will join the executive team at HaystackID LLC, an international end-to-end litigation support, forensics and managed services provider. With both a Certified Information Systems Security Professional (CISSP) and master of business administration (MBA), he boasts a range of technical acumen and experience.

From 2000 to 2016, Neubecker served as president and CEO of Forensicon, Inc., which he founded. He led a team of experts and helped establish his firm as the premier computer forensics firm in the midwest, handling complex investigative and litigation matters including white collar crime, trade secret misappropriation, data breach incident response and various employment litigation matters.

In addition to providing eDiscovery, forensics, litigation support, and data recovery consultation to a wide variety of entities, Neubecker acted as an expert witness and renowned digital sleuth. “Lee’s exceptional understanding of computer forensics, systems and management has made him one of the premier leaders in this industry,” said Haystack president and CEO Kevin D. Glass in a press release. 

January 14, 2018: DataBank appoints Mark Houpt CISO

Houpt will drive DataBank’s information security and compliance initiatives to ensure that the company’s solutions meet rigorous and changing compliance and cybersecurity standards. He is responsible for developing and maintaining the company’s security program roadmap and datacenter compliance programs.

Houpt brings more than 25 years of extensive information security and information technology experience in a wide range of industries and institutions. He holds an MS-ISA (Masters Information Security and Assurance), numerous security and technical certifications (CISSP, CEH, CHFI, Security +, Network+), and he is qualified for DoD IAT Level III, IAM Level III, IASAE Level II, CND Analyst, CND Infrastructure Support, CND Incident Responder, and CND Auditor positions and responsibilities. Houpt is an expert in understanding and the interpretation of FedRAMP, HIPAA and PCI-DSS compliance requirements. Mark is an active member of ISC2, ASIS International, COMPTIA, IAPP, and ISACA, among other leading national and international security organizations.

January 4, 2018: Centra Tech hires Enrique Perez as CISO

Perez spent the last 15 years with VISA, mostly recently as the senior information security and compliance officer for Global Service Operations. Centra Tech, which sells cryptocurrency products, expects Perez to apply his payment card expertise to enhance the security if its Centra Wallet and Card platforms.

enrique perez centra techCentra Tech

Enrique Perez, Centra Tech CISO

Perez previously held the titles of director of external penetration test team and director of information security for VISA Latin American Region. He has been responsible for managing operational and security risk for more than 100 Global Customer Support Services contact centers through identification of risk exposures and examination of controls effectiveness to calculate residual risk. He was also responsible for ensuring adherence to VISA internal policies, PCI—DSS standards, domestic and international regulations (including GDPR, Security Shield and PIPEDA).

December 21, 2017: Jenner Holden promoted to CISO at Axon

Holden assumes his new role in January and will support strategic business initiatives for Axon, a provider of connected law enforcement technologies. Previously senior vice president of information security, Holden will continue to oversee the information security program that protects Axon’s systems and products, including the  Evidence.com platform. Since joining Axon in 2013, Holden has been instrumental in building a company-wide culture of security. He has more than 12 years’ experience evaluating and managing enterprise-level information security programs.

jenner holden axonAxon

Jenner Holden, Axon CISO

“We’re thrilled to have Jenner join the leadership team given his dedication to making the Axon network strong and secure for our customers,” says Rick Smith, Axon CEO and founder, in a press release.

December 15, 2017: Mark Lohman promoted to CISO at Grainger

Since he joined Grainger in 2014 as senior director of information security and business continuity, Lohman has played an important role in establishing and maintaining the company’s cybersecurity vision and collaborating with customers, Grainger leadership, and the board of directors on security-related matters. Lohman also serves as the  HIPAA Security Officer at Grainger, a supplier of maintenance, repair, and operating (MRO) products serving businesses and institutions.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 14

“Mark has decades of experience in information security, and we are excited to announce his new role as Chief Information Security Officer,” said Greg Harman, Grainger vice president and CIO, in a press release. “Cyber threats are constantly evolving at the same time our company information must become more accessible and mobile for our customers, suppliers and team members. This means companies need to prioritize vigilance and awareness to realize information security. Strengthening our commitment to cybersecurity demonstrates to all of our partners that Grainger plays an active role in securing sensitive data and our systems, and enables Grainger to be a reliable and trusted partner.”

Prior to joining Grainger, Lohman spent more than 20 years leading and training security teams, managing incident response issues, and delivering security solutions to large global companies across several industries, including aerospace and defense, energy, financial services and healthcare.

December 13, 2017: Trapp Technology hires Jim Mapes as CISO

Mapes is expected to grow and build on the existing security services suite at this Phoenix-based provider of IT, voice, and cloud hosting solutions, with an increased focus on providing cybersecurity assessments and security managed services for mid-market to enterprise-level businesses.

jim mapes 300x300Trapp Technology

Jim Mapes, Trapp Technology CISO

“I’ve been impressed with Trapp Technology’s success in the managed services market, and I firmly believe that the company is well-poised to lead the cybersecurity services mid-market with smart, business-driven solutions,” said Mapes in a press release.

In his 25-year career in IT, Mapes has 19 years in information security and 14 years in senior leadership roles, of which eight were as CISO. He has acquired a unique matrix of experience in cybersecurity thought leadership including designing Information security programs and operations, advising executive teams and boards, as well as deep technical experience performing forensic investigations, intrusion testing, and incident response. Mapes has worked extensively with healthcare companies and providers to secure patient medical records and meet HIPAA compliance.

December 12, 2017: Anthony Dupree named to joint CIO/CISO role at CareerBuilder

In his dual role, Dupree oversees infrastructure, development opportunities, cloud, and security to ensure that CareerBuilder clients and users are protected in a safe ecosystem. He is responsible for directing CareerBuilder’s global IT and information security vision, policies and programs to execute a state-of-the-art defense.

“Employers need to be hyper-vigiliant in today’s environment where there is a large and growing number of cyber threats,” said Irina Novoselsky, president and COO of CareerBuilder in a press release. “A key focus for CareerBuilder is providing the most comprehensive security in the industry, and having Anthony on board underscores our commitment to anticipating and proactively addressing future vulnerabilities. Anthony is an established thought leader with deep expertise in building watertight security and technology, and his unique role will set new standards for the industry.”

“One of the reasons why I was drawn to CareerBuilder is that security is not just a priority for the organization, it is ingrained in the company culture,” Dupree said in a press release. “At the core of CareerBuilder’s structure is an in-depth, multi-layered defense model that combines the power of people, technology and operations to ensure the company and its partners are protected. This model puts us in the best position to safeguard against outside threats, and I look forward to building upon it in exciting new ways.”

Before joining CareerBuilder, Dupree served as the CIO and CISO of Novitex. He also held senior roles at McGraw-Hill Education, Elizabeth Arden, and Toys R Us, managing global enterprise IT security, network infrastructure and risk and compliance programs. Dupree is also a decorated Army Reserve Officer who served for 28 years before retiring as a Lieutenant Colonel.

December 11, 2017: John Ramsey named CISO at National Student Clearinghouse

In this newly created role, Ramsey is responsible for the overall organizational security strategy, security program oversight, and security architecture development, including all data and information security policies, standards, evaluations, roles, and organizational awareness for the Clearinghouse.

johnramseyNational Student Clearinghouse

John Ramsey, National Student Clearinghouse CISO

Ramsey was formerly the CISO for the U.S. House of Representatives and members of Congress, which has 950 sites across the entire United States and associated territories. In March 2017, he was selected as one of the top 100 CISOs globally, only one of two government CISOs selected.

He has worked in the IT security field for more than 25 years, including security operations for the Department of the Army and Department of State, and as the CISO for the Federal Retirement Thrift Investment Board, which oversees the world’s largest defined contribution retirement plan at $480 billion for 4.8 million people.

While in the U.S. Army for 11 years, Mr. Ramsey was an intelligence and security analyst with concentrations on Russia, Eurasia, Iraq, and Iran, and served as a senior enlisted security advisor for the NATO military commander at Supreme High Allied Powers in Europe. Mr. Ramsey holds a bachelor’s degree in information systems management from the University of Maryland and a master’s degree in management information systems from the University of Central Florida.

November 21, 2017: Protegrity names former IBM director Hira Advani as VP and CSO 

As Protegrity’s VP and CSO, Alliances and Services, Advani will evangelize the importance of security to influence customers and partners. He was most recently an IBM director and software chief security compliance officer. In that role, Advani consulted and collaborated with C-suite executives and board members at global brands to help them build a culture of cyber risk awareness and preparedness. He is a graduate of the Indian Institute of Technology (BS) and the Georgia Institute of Technology (MS). Advani is also a member of IEEE and FIRST Forum for Incident Response for Security Teams.

hira advani photo 300x300Protegrity

Hira Advani, Protegrity VP and CSO

“As Tina Fey put it, ‘Being a good boss means hiring talented people and then getting out of their way,’ and I am delighted to have him lead the initiatives of the Protegrity’s Professional Services and Alliances teams, both of which are fueling our company’s current and projected growth,” said Suni Munshani, Protegrity CEO, in a blog post on the company website.

November 14, 2017: New LookingGlass CSO Jeremy Haas and CRO Michael Taxay appointed to executive leadership team

LookingGlass Cyber Solutions, a provider of threat intelligence-driven security, has hired two cybersecurity professionals to join its executive leadership team: Michael Taxay as chief risk officer (CRO) and general counsel, and Jeremy Haas as CSO. They join the company to help prevent cyber attacks by operationalizing threat intelligence and delivering unified threat protection solutions to government organizations and corporate enterprises.

mike taxay LookingGlassLookingGlass Cyber Solutions

Michael Taxay, LookingGlass CRO and general counsel

“I am enthusiastic about the impact that Mike and Jeremy will have on the company,” said LookingGlass CEO Chris Coleman in a press release. “LookingGlass is dedicated to leading and innovating the threat intelligence solutions market, and their additions will undoubtedly have a positive effect on the evolution of our portfolio and the organization at large.”

Taxay joins LookingGlass after a distinguished career in both the public and private sectors. He recently retired from the FBI Cyber Division as a member of the senior leadership team responsible for the Bureau’s counter-cyber intrusion program. Taxay previously served at the Department of Justice as acting director for Cyber Counterterrorism and Financial Enforcement, and as deputy chief of the Counterterrorism Section. At LookingGlass, Taxay will be responsible for the governance of significant risks impacting the company including strategic, reputational, and operational. He will also be the company’s primary legal advisor and serve as an industry thought leader.

jeremy haas LookingGlassLookingGlass Cyber Solutions

Jeremy Haas, LookingGlass CSO

Haas has spent the past 24 years at the Central Intelligence Agency (CIA) and U.S. Air Force (USAF) supporting intelligence activities. Haas is a recognized cybersecurity expert, having served at the CIA’s Center for Cyber Intelligence within the Directorate of Digital Innovation. There he led and participated in cyber operations, engineering and analysis activities in support of intelligence, counter intelligence, and covert activities. Haas will lead the company’s internal cybersecurity strategy and aid in the development of advanced threat detection and mitigation products.

November 14, 2017: Dave Parsons named CISO at Abacus Group

By joining this IT solutions provider for alternative investment firms, Parsons brings over 25 years of experience in the IT and security fields. He has worked for some of the largest financial services firms in the world, including Barclays, Deutsche Bank, Citibank, and Macquarie Bank. 

“Cybersecurity is and will continue to be the most vital aspect of IT. Having someone of Dave’s caliber join our executive management team is a sign of our continued commitment to being a leader in our industry,” said Chris Grandi, CEO of Abacus Group in a press release.

Parsons will be responsible for the overall strategy and direction for security services at Abacus Group. “I am excited to join such an innovative company with a stellar reputation for service and look forward to working with the team on further enhancing their already extensive cybersecurity offering,” said Parsons in a press release.

Parsons has a master’s degree in information technology from Harvard University and is a Certified Information Systems Security Professional (CISSP). He has extensive knowledge and expertise in developing and managing information security programs and policies against compliance and regulatory requirements. 

November 13, 2017: Allan Alford joins Forcepoint as CISO

Alford will lead the global cyber security firm’s corporate security and governance program, including the implementation of the company’s internal user and data protection program for 2,700 employees worldwide. As Forcepoint’s CISO, he will play a key role in leading the compliance and certification efforts for the company’s security offerings and partners with engineering teams to drive best practices and real-world learnings into security product development. Alford reports to Meerah Rajavel, Forcepoint, chief information officer, and is based in the Austin, Texas headquarters. 

allan alford headshot 2Forcepoint

Allan Alford, Forcepoint CISO

“The security industry is at an inflection point, where customers and vendors must partner to build solutions that can bring visibility to risky behavior or abnormal data usage as the means to stop headline-grabbing data breaches,” said Meerah Rajavel, CIO at Forcepoint in a press release. “Allan understands that a new paradigm must be applied to people, process and technology to adequately address these emerging security threats.” 

With more than 25 years of IT and security experience, Alford joined Forcepoint from Pearson, where he was product and business information security officer. Prior to that, Alford held various IT and security positions at Polycom, where he built and managed the product security program and served most recently as CISO. 

“The human point is an exciting frontier that presents both potential for business value and risk for an enterprise or government agency,” said Alford in a press release. “By combining human-centric security with a modern view on IT, HR and compliance programs, companies like Forcepoint can help employees and partners understand the critical role they play in defending against cyberattacks and protecting sensitive information assets. Instead of operating in silos of business units, IT and corporate functions, we have to look at cybersecurity through the lens of ‘everyone to the defense’.” 

October 19, 2017: Egnyte co-founder Kris Lahiri takes on new data protection officer role

As data protection officer (DPO) at the cloud provider of smart content collaboration and governance, Lahiri will be responsible for continuously monitoring Egnyte’s regulatory compliance with the new General Data Protection Regulation (GDPR). He will act as the main point of contact for the EU Commission during any audits or reviews.

kris Lahiri egnyteEgnyte

Kris Lahiri, Egnyte DPO

“With so much more at stake under GDPR, we believe that all organizations should make the necessary moves to ensure complete compliance with the new rules and regulations, including appointing a DPO,” said Lahiri in a press release. “My team and I take tremendous pride in implementing proper procedures and protocols to ensure Egnyte’s compliance with all regulations, not just the GDPR, and we will continue to make sure all of the data we handle is properly managed and secured.”

Prior to Lahiri’s appointment, he served as Egnyte’s CISO, responsible for creating and implementing global information security strategies that protect all customers’ content and users. Prior to Egnyte Lahiri spent many years leading the design and deployment of large-scale infrastructures for Fortune 100 customers Valdero and KPMG Consulting.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 15

October 18, 2017: Gene Fredriksen moves from CISO to chief information security strategist at PSCU

Fredriksen’s new role is part of an effort at the largest credit union service organization (CUSO) in the U.S. to further strengthen its information security and compliance (IS&C) teams. In this newly created role, Fredriksen will report on several strategic functions primarily focused on relating PSCU’s perspective and stance on cybersecurity to existing clients, prospective clients, consultants in the credit union space and the industry as a whole.

Fredriksen has over 25 years of information technology experience, with the past 20 focused in information security. He joined PSCU in 2013. Since then, he has grown the IS&C teams and service offerings, implemented advanced tools and processes, and advanced PSCU’s relationship with numerous partners. His previous roles include global CISO for Tyco International, VP of technology risk management and CSO for Raymond James Financial, and adviser on various cybersecurity steering committees for the administrations of George W. Bush and Bill Clinton. Fredriksen has served on the R&D committee for the Financial Services Sector Steering Committee of the Department of Homeland Security and was recently appointed to represent credit unions in the Global Forum to Advance Cyber Resilience.

“PSCU’s Information Security & Compliance teams have evolved into a world-class operation, and this is in large part thanks to Gene’s leadership,” said David Bryant, PSCU’s newly appointed CISO, in a press release. “I look forward to working closely with Gene and the rest of the IS&C teams to ensure the highest level of service and security for our Member-Owners and their members alike.”

October 17, 2017: Ely Pinto joins Leumi as CISO 

In this role, Pinto is responsible for leading and executing the bank’s information and cybersecurity programs, and will also be tasked with redeploying an end-to-end information security program. Pinto reports directly to Martin Droney, Leumi’s chief operations and technology officer. The two will work together on developing and expanding the bank’s established information and data security culture with a risk-based approach.

ely pinto leumiLeumi

Ely Pinto, Leumi CISO

“Cybersecurity is a critical area of focus at Leumi, and we are pleased to have Ely on board as we continue to build our bank-wide information security infrastructure,” said Droney in a press release. “Ely’s extensive experience in financial services and technology will bolster Leumi’s information security efforts at a time when banks need to be hypervigilant in the face of heightened cyber activity.”

Pinto brings more than 20 years of leadership experience in providing security solutions at large financial and corporate institutions. Most recently, he spent 12 years as an information security specialist at Sumitomo Mitsui Banking Corporation, where he had also previously served as a solutions architect. In these roles, he was responsible for developing the strategic direction of the bank’s cybersecurity program and the overall security of bank systems, data and networks. Pinto also led the design and implementation of new security technologies and spearheaded security integration and risk mitigation efforts across all technology platforms and business applications, including cloud-based technologies.

October 9, 2017: John O’Driscoll named first CISO of Australia’s Victoria state

The appointment of a CISO is part of a shift in Victoria’s cyber security strategy from an agency-by agency approach to a whole-of-government approach, to better protect public services and information. As CISO, O’Driscoll will focus on leading collaboration across Victoria’s departments and agencies helping with ongoing work to assess, monitor and respond to cyber security risks, as well as engaging with Commonwealth and private sector experts to deliver a resilient and cohesive cyber security environment.

Other key actions from the Cyber Security Strategy that will be led by the CISO include:

  • Develop cyber emergency governance arrangements with Emergency Management Victoria, so that risks are better understood and planned for as part of ongoing work to protect government assets and services
  • Strengthening partnerships across all levels of government and the private sector to share best practice, intelligence and insights
  • Rationalizing and better coordinating the procurement of proven cyber security services
  • Developing a workforce plan to attract, develop and retain skilled cyber security public sector workers
  • Presenting a quarterly cyber security briefing to the Victorian Secretaries Board and the State Crisis and Resilience Committee, so government is better informed of cyber security issues and assessments. 

“John O’Driscoll’s extensive experience working across information technology and cyber security make him ideally suited to be Victoria’s first Chief Information Security Officer, as we seek to secure government services,” said Special Minister of State Gavin Jennings in a press release. 

October 3, 2017: Former Salesforce CSO Brendan O’Connor named ServiceNow security CTO.

O’Connor will lead ServiceNow’s efforts to help enterprises rethink security operations and reduce business risk. ServiceNow Security Operations enables customers to connect security and IT teams, respond faster and more efficiently to threats, and get a definitive view of their security posture. O’Connor will help ServiceNow introduce automation to the security response workflow, elevate the role of security teams, and better orchestrate threat response.

brendan oconnor ServiceNowServiceNow

Brendan O’Connor, ServiceNow security CTO

Before joining ServiceNow, O’Connor spent 10 years at Salesforce where he led Salesforce’s global information security organization as CSO. Prior to his role as CSO, O’Connor was vice president of product security at Salesforce. He has also worked in the financial services and communications sectors as a vulnerability researcher, security engineer, and privacy advocate. 

“I joined ServiceNow because I want to help enterprises rethink security operations and how they manage risk in the age of cloud computing,” said O’Connor in a blog post. “We can provision infrastructure with the press of a button and deploy workloads to the cloud in minutes.  Our security operations need to keep up.  As a former CSO, I am acutely aware of how important it is to respond quickly to new threats and scale security to meet the needs of the business.”

September 28, 2017: Societe General appoints French air force general Antoine Creux as CSO

Creux joins Societe Generale in the newly created role to help improve bank’s defenses against cyber attacks and to mitigate other risks. Prior to Societe Generale,  Creux spent 38 years with the French Defence Ministry, and he was named Chief Inspector of the Armed Services in 2015. Creux will also serve as a member of the bank’s management committee. “In a time of increasing challenges in terms of safety for assets, individuals and information systems, his mission will be to ensure that Societe Generale continues to adopt the most appropriate strategic and operational answers to protect the Group’s assets,” the bank said in a press release. 

September 27, 2017: Phillip Mazzocco joins Peraton executive team as CSO

Mazzocco is expected to lead Peraton’s compliance programs and ensure the safety of its employees, data, and assets. “Phil brings to Peraton more than 20 years of experience providing industrial security for Fortune 500 companies,” said Stu Shea, Peraton CEO, in a press release. “He understands full-spectrum security – the complex interplay among such aspects as risk management, crisis management, program security, international operations, training and insider threat.”

mazzocco phil peratonPeraton

Phil Mazzocco, Peraton CSO

Mazzocco comes to Peraton from Leidos, where he served as vice president, Sector Security, leading security operations across a multi-customer $4 billion portfolio of national security programs. Most recently, he managed the security team fundamental to the multi-billion-dollar modernization of the Defense Healthcare Management Systems for the Department of Defense. He also served on the Board of Directors for the Industrial Security Working Group.

Mazzocco earned his Bachelor of Arts degree in history from the John Carroll University and completed Master of Arts coursework in Central Eurasian studies at Indiana University.

September 21, 2017: McDonald’s names Timothy Youngblood CISO 

Youngblood will lead global food service retailer McDonald Corp.’s global information security organization. Reporting to the executive VP of operations, digital and technology, he will work closely with the McDonald’s senior leadership team and board of directors to drive information security strategy and operations. Youngblood oversees risk management and brand protection on a global scale for the company.  

timothy youngblood mcdonaldsMcDonalds Corp.

Timothy Youngblood, McDonalds CISO

He has 30 years of industry experience ranging from cyber security strategy and operations, product security, IT audit, disaster recovery, risk assessment, and management consulting. Youngblood has served in multiple industries across his career including financial services, healthcare, oil/gas, retail, and manufacturing. 

Prior to McDonald’s, Youngblood was the CISO for Kimberly Clark Corp., and was also the CISO for Dell, Inc. Timothy has held leadership roles at KPMG LLP, EDS, and Siemens Medical Services. He serves on the top security boards in the industry and has been recognized as a top ten CISO leader and 100 top global CISO’s in the industry. 

“McDonald’s is rapidly transforming into the next wave of customer experience and digital platforms,” says Youngblood. “The leadership recognizes the importance of maintaining customer loyalty and trust with cyber security and information risk management being critical foundational elements.  I’m proud to lead the organization that supports this for one of the leading brands globally.” 

September 21, 2017: James Donnelly appointed CISO of fscom 

As CISO at fscom, which provides regulatory advisory services to UK financial institutions, Donnelly will be responsible for helping clients understand and meet their obligations to protect and uphold the data rights and freedoms of their customers and employees. With the introduction of a second Payment Service Directive (PSD2) in the new year and applications for re-authorization opening in October, Donnelly will also work directly with firms to identify what sensitive payment data they are holding and the sufficiency of their information and technology security. 

james donnelly fscomfscom

James Donnelly, fscom CISO

With 13 years’ experience as an IT and information security manager, Donnelly is an expert in guiding companies through the process of developing strategic, appropriate, and compliant IT information security management systems. He has had responsibility for both delivering an IT infrastructure and developing and implementing the strategic governance of the technology and information systems in a non-departmental public body. 

Prior to joining fscom, Donnelly was the IT manager for the Consumer Council, where he successfully led the project to implement ITIL best practices to align the IT services with the needs of the organization. He is also a Certified ISO 27001 lead implementer, certified GDPR practitioner and Prince2 project management practitioner. 

“James brings a wealth of expertise to fscom, that we believe will add huge value to our clients in the coming months and years. With GDPR around the corner, James can provide compliance officers with clarity and practical advice to ensure they meet their regulatory and legal obligations,” said CEO Jamie Cooke in a press release. 

September 18, 2017: GE Digital promotes Nasrin Rezai to VP and global chief information and product cyber security officer

nasrin rezai ge cisoGE Digital

Nasrin Rezai, GE Digital VP and global chief information and product cyber security officer

 

Rezai has held the position of GE chief information security officer since 2016. Previously, Rezai was the global chief information security officer for GE Capital and GE Corporate before moving to her current position. Prior to GE, Rezai worked for twenty years in Technology Risk, Strategy and Operations and senior management roles at State Street Bank, Cisco Systems, and Hewlett Packard Company.

Rezai holds a master’s degree in business administration and a bachelor’s degree in information technology and computer science. She also holds an executive certification from Harvard and Cambridge.

September 18, 2017: Rob Hopps named OWNZONES Media Network’s first CSO

In the newly created role of CSO and senior VP, platform operations, Hopps will oversee all information security, infrastructure and technology operations at OWNZONES, an OTT EntTech company that provides technology and media solutions for the motion picture, television, and digital content creation industries. He is based at the company’s headquarters in Beverly Hills, CA.

rob hopps OWNZONES Media NetworkOWNZONES Media Network

Rob Hopps, OWNZONES Media Networks CSO

“We are excited to have Rob as our first chief security officer,” said Dan Goman, CEO, in a press release. “Rob’s newly created role underscores our commitment to protect our clients. OWNZONES will now have stronger oversight over the secure technology used across all of its OTT platforms and ensure the best and most up-to-date security is employed at all times. Rob has extensive experience and knowledge in handling cyber security threats and creating security roadmaps with exceptional organizational leadership and technology management skills.”

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Page 16

August 4, 2017: Lyft hires Mike Johnson as its first CISO

Fast-growing ride-hailing company Lyft, Inc., has named Johnson as its director of engineering and chief information security officer. He joins Lyft from Salesforce.com, where he held several security roles.

mike johnson lyft cisoLyft

Mike Johnson, Lyft CISO

“I joined Lyft to help a fantastic team execute as well as drive new security and privacy initiatives necessary to maintain our incredible growth, especially as Lyft pushes into new areas such as self-driving cars,” says Johnson. “I’m concentrating on growing the team through the hiring of world class security professionals and ensuring we have the right technology in place to keep up with the growth of the company.”

August 2, 2017: Scott Caschette promoted to CISO at managed IT service provider Vology 

Caschette moves up form a senior technology strategist role to lead Vology’s managed security practice, with the mission to protect the company’s customers and employees against accelerating cybersecurity threats. “In less than a year, Scott has become an integral part of the Vology team, offering distinctive insight as a former CIO for one of our customers,” said Barry Shevlin, CEO of Vology in a press release. “With his pragmatic approach to problem solving and his security background, he was the ideal choice to take the CISO role and build out our managed security practice.”

scott caschette vology cisoVology

Scott Caschette, Vology CISO

“By combining our world-class network operations centers, partner relationships, nationwide network and extensive skill sets in enterprise security, Vology is uniquely positioned to deliver managed security offerings to its customers,” said Caschette in a press release. “In the ever-changing environment of cyber threats, organizations are faced with challenges from policy creation to threat mitigation and remediation.”

Caschette has more than 25 years of experience in providing leadership in the design and implementation of enterprise technology. Prior to joining Vology in November 2016, Caschette served as CIO at Albertelli Law for more than four years. There, he developed and executed a complete technology transformation, successfully modernizing, securing, and ensuring compliance in infrastructure, data management, disaster recovery, vendor management, delivery, and sustainability. Caschette holds a Bachelor of Arts in Management of Information Systems from Front Range College.

Caschette is actively involved in multiple organizations with strong commitments to advancing the local tech community. In addition to his role on the CIO Executive Council, Caschette is an advocate for the Tampa Bay Technology Forum. He currently serves on the events committee, and he was one of four judges for the group’s Annual Industry Achievement Awards in 2014 and 2015. Caschette is also an advisory board member to several companies and start-ups.

August 2. 2017: Mark Nunnelly picked to run newly formed Massachusetts technology and security agency

Massachusetts Governor Charlie Baker’s administration has announced the formation of a new executive branch agency, the Executive Office of Technology Service and Security (EOTSS) to provide secure and quality digital information, services and tools to constituents and service providers. Nunnelly, currently the executive director of MassIT, has been named as secretary of EOTSS and CIO for the Commonwealth.

nunnelly mark massachusettsCommonwealth of Massachusetts

Mark Nunnelly, Massachusetts EOTSS

Through EOTSS, Nunnelly will have oversight on all IT activities of state agencies. EOTSS will focus on centralizing IT infrastructure services across the executive department and review and update policies and procedures governing state cybersecurity, digital platforms and data management.

“Establishing the Executive Office of Technology Service and Security will allow state government to streamline state services, improve cybersecurity and better serve our constituents,” said Governor Baker in a press release. “We look forward to developing this secretariat to support the Commonwealth’s focus on providing modern, secure and stable technologies.”

“The rate and pace of change have forced all large organizations to rethink their digital service approach from a security, service and structure perspective,” said Nunnelly in a press release. “This reorganization will help equip the many talented IT professionals across the State with the right structure, tools, and platform to secure our information and provide better service to our constituents. We look forward to working with leaders from across the executive branch in making progress against these imperatives.”

August 1, 2017: Diane E. McCracken promoted to executive VP and chief security officer at Customers Bank

McCracken will have executive oversight of all security operations, including cyber, information, application and physical security as well as business continuity and disaster recovery at Customers Bank, a community-based, full-service bank with assets of approximately $10.9 billion 

“Security is a top priority for Customers Bank, and managing risks effectively and proactively requires executive-level commitment and attention,” said COO Richard Ehst in a press release. “By elevating the CSO to an executive role, we are able to take a more strategic approach to our security operations that includes unprecedented visibility across all areas of the bank, with results that will benefit each and every one of our customers. Diane’s knowledge of Customers Bank and her vast successes in information technology and security make her an ideal fit for this role.” 

McCracken has more than 18 years of experience as a technologist with a specialty in information technology. She began her career in information security in 2004 as an analyst with Sovereign Bank. She joined Customers Bank in 2011 as the Information Security Leader and has held various roles since then, including launching the Bank’s first mobile app in 2012, leading the vendor management practice, and building the bank’s cybersecurity programs. She was promoted to Chief Security Officer in September 2015.  

“Customers Bank’s approach to security has always been innovative, which is evident not only in the size of its security team but also in the ongoing assessment and evolution of its security practices,” said McCracken in a press release. “It has been a privilege to be part of such a dedicated team, and I look forward to taking it to the next level as Executive Vice President.”

July 31, 2017: The NTSC appoints Discover Financial Services CISO James McJunkin and MoneyGram International CISO Betty Elliott to its board of directors

McJunkin brings knowledge from the financial services industry and will help influence the strategic direction of the NTSC, which provides a platform for CISOs to advocate for beneficial legislative and regulatory policies. He joins CISOs who represent a broad cross-section of enterprise companies and have a vested interest in protecting the security of their customers and employees through policies that improve national cybersecurity standards and awareness.

jimmcjunkin ntscDiscover Financial Services

Jim McJunkin, Discover Financial Services CISO

“As someone who spent nearly 30 years in state and federal government as a law enforcement professional and held significant leadership positions at the FBI within their Counterterrorism Division, I understand the need for sound cybersecurity policy that helps both business and government,” said McJunkin in a press release. “The NTSC gives CISOs an important platform to help influence legislation and policy around critical issues such as data breach notification, public-private information sharing, and encryption.”

At Discover Financial Services, Mr. McJunkin is responsible for second line risk management of information security. That includes governance of the enterprise-wide information security program, internal and external investigations; third-party vendor compliance for information security, business continuity, and executive protection; and physical security for the entire corporate enterprise.

Representing the financial services industry, Elliott will help influence the strategic direction of the NTSC. “After serving as a CISO in a variety of industries and leading security teams at Fortune 500 companies, I’ve seen the effects that national cybersecurity legislation and policies can have on business,” said Elliott in a press release. “As a member of the NTSC board, I look forward to working with CISOs from a variety of backgrounds to offer my insights and engage in dialogue with policymakers on Capitol Hill.”

betty elliott ntscMoneyGram

Betty Elliott, MoneyGram CISO

Elliott joined MoneyGram in April 2015 as its VP, CISO. She leads the MoneyGram Information Security team whose responsibilities include managing security risk, security governance, forensics, security awareness, identity and access management, vulnerability management, security operations, security engineering, security architecture, internal fraud, and agent victim fraud.

July 31, 2017: Bob Thibodeaux is the new CISO at DefenseStorm

DefenseStorm, a provider of co-managed cybersecurity operations for financial has hired Thibodeaux as chief information security officer (CISO) as part of an effort to accommodate the company’s rapid growth. 

robert_thibodeaux_DefenseStormDefenseStorm

Bob Thibodeaux, DefenseStorm CISO

With more than 20 years of information security experience, Thibodeaux is an expert in managing IT, security and network operations. In his new role, Thibodeaux is responsible for overseeing incident response processes, risk management and penetration testing for community banks and credit unions across the U.S. He is also tasked with maintaining a current understanding of the threat landscape for the financial industry and translating that knowledge to identify risks and develop actionable plans to protect DefenseStorm and its customers.

Before joining DefenseStorm, Thibodeaux worked at F5 Networks as a senior security engineer, where he directed the development and management of the company’s security operations. Prior to that, he served as senior manager of IT infrastructure at The Seattle Times and as senior network engineer for InterNAP Network Services. Additionally, Thibodeaux is a Certified Information Systems Security Professional (CISSP) and Global Information Assurance Certified (GIAC) Penetration Tester.

“At DefenseStorm, we rely heavily on our sharp and talented employees. Cybersecurity is an ongoing initiative that cannot be solved indefinitely and our customers are targeted with new cyber threats constantly,” said Sean Feeney, CEO of DefenseStorm in a press release. “Having a skilled, experienced staff like Bob is vital to helping our customers address their security issues and is ultimately key to DefenseStorm’s success as a company.”

July 27, 2017: Matt Sorensen joins Secuvant as CISO, VP of risk management

Sorensen’s focus at the independent cyber security risk management and managed detection and response firm will be on bringing value to businesses through Secuvant’s Cyber-7 risk management methodology. He will lead the Secuvant cyberRPM practice. Sorensen brings 17 years of security experience, over 17 professional certifications in cyber security and 6 years as an attorney to Secuvant.

matt sorensen secuvant cisoSecuvant

Matt Sorensen, Secuvant CISO

“Having someone as skilled and well respected as Matt join the Secuvant management team is nothing short of incredible,” said Ryan Layton, CEO and co-founder of Secuvant in a press release. “Matt has a very unique combination that is rare to find in cyber security, that being business, legal and technical. He has proven to many businesses and their executives that he is the go-to guy when it comes to cyber risk advisory, and now he can add the Secuvant Cyber-7 methodology that just puts client benefits over the top.”

Prior to joining Secuvant Matt was an attorney with Holland and Hart in Salt Lake City, focused on managing data breach events, overseeing incident response and investigation teams for clients and helping commercial data breach victims prepare civil claims against negligent data custodians and processors.

“Secuvant starts by helping executives understand that security is a business risk and not just a technical one,” said Sorensen in a press release. “I am excited to deliver value to our clients using the Cyber-7 process which is like nothing I’ve seen before. That is what attracted me to Secuvant. The way they help businesses address growing security threats while enabling revenue and lowering risks and costs, is unique in the marketplace.”

July 27, 2017: MCNC promotes Chris Beal to CISO, expands cybersecurity team

By appointing Beal to the CISO role and adding two new positions to its security team, MCNC expects to further develop and implement innovative cybersecurity solutions for its customers. The non-profit MCNC operates the North Carolina Research and Education Network (NCREN), which connected institutions of the University of North Carolina System, Duke University, and Wake Forest University to each other, and through advanced research networks such as Internet2 and National Lambda Rail, to the world.

chris beal cisoMCNC

Chris Beal, MCNC CISO

Beal will also assess and monitor network vulnerabilities and risk posture, advisory services so organizations can best manage security risks and threats, and training and education opportunities to help NCREN users stay informed.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 Page 17

A veteran of Microsoft, Bergamo brings to the newly expanded role more than two decades of leadership experience in strategic planning, product management, IT operations and infrastructure, cybersecurity, data management, application development and process redesign at Fortune 500 companies including Cigna, CVS Pharmacy, Liberty Mutual and Staples.

“With the necessary global focus on data privacy and security laws in the wake of many very public cyber attacks, we recognize the vital role security and IT infrastructure plays in delivering secure business applications in the cloud in a way that complies with rapidly evolving legislation,” said Mark Duffell, president and CEO of Episerver, in a press release. “Ongoing investment in our products as well as compliancy initiatives like Privacy Shield, ISO27001, and the European Union (EU) general data protection regulation (GDPR) is paramount to our continued growth and success, and Sue brings the right mix of vision and leadership to help us achieve our goals on behalf of our customers around the world.”

Before joining Episerver, Bergamo was a global technology strategist at Microsoft for over three years. Earlier, she served in a number of CIO positions including facilities management and food services conglomerate Aramark. She also headed up enterprise data management at global office supply retailer Staples and oversaw enterprise application development for drugstore giant CVS Pharmacy.

“It is a privilege to join a company like Episerver that has a true vision and commitment to driving innovation and digital transformation for all companies on a global scale,” said Bergamo in a press release. “In my new role as CIO and CISO, I look forward to driving operations and strategies that align with that vision and that support and protect Episerver’s customers and employees as it continues to grow on the leading edge of content and commerce solutions.”

August 4, 2017: Lyft hires Mike Johnson as its first CISO

Fast-growing ride-hailing company Lyft, Inc., has named Johnson as its director of engineering and chief information security officer. He joins Lyft from Salesforce.com, where he held several security roles.

mike johnson lyft cisoLyft

Mike Johnson, Lyft CISO

“I joined Lyft to help a fantastic team execute as well as drive new security and privacy initiatives necessary to maintain our incredible growth, especially as Lyft pushes into new areas such as self-driving cars,” says Johnson. “I’m concentrating on growing the team through the hiring of world class security professionals and ensuring we have the right technology in place to keep up with the growth of the company.”

August 2, 2017: Scott Caschette promoted to CISO at managed IT service provider Vology 

Caschette moves up form a senior technology strategist role to lead Vology’s managed security practice, with the mission to protect the company’s customers and employees against accelerating cybersecurity threats. “In less than a year, Scott has become an integral part of the Vology team, offering distinctive insight as a former CIO for one of our customers,” said Barry Shevlin, CEO of Vology in a press release. “With his pragmatic approach to problem solving and his security background, he was the ideal choice to take the CISO role and build out our managed security practice.”

scott caschette vology cisoVology

Scott Caschette, Vology CISO

“By combining our world-class network operations centers, partner relationships, nationwide network and extensive skill sets in enterprise security, Vology is uniquely positioned to deliver managed security offerings to its customers,” said Caschette in a press release. “In the ever-changing environment of cyber threats, organizations are faced with challenges from policy creation to threat mitigation and remediation.”

Caschette has more than 25 years of experience in providing leadership in the design and implementation of enterprise technology. Prior to joining Vology in November 2016, Caschette served as CIO at Albertelli Law for more than four years. There, he developed and executed a complete technology transformation, successfully modernizing, securing, and ensuring compliance in infrastructure, data management, disaster recovery, vendor management, delivery, and sustainability. Caschette holds a Bachelor of Arts in Management of Information Systems from Front Range College.

Caschette is actively involved in multiple organizations with strong commitments to advancing the local tech community. In addition to his role on the CIO Executive Council, Caschette is an advocate for the Tampa Bay Technology Forum. He currently serves on the events committee, and he was one of four judges for the group’s Annual Industry Achievement Awards in 2014 and 2015. Caschette is also an advisory board member to several companies and start-ups.

August 2. 2017: Mark Nunnelly picked to run newly formed Massachusetts technology and security agency

Massachusetts Governor Charlie Baker’s administration has announced the formation of a new executive branch agency, the Executive Office of Technology Service and Security (EOTSS) to provide secure and quality digital information, services and tools to constituents and service providers. Nunnelly, currently the executive director of MassIT, has been named as secretary of EOTSS and CIO for the Commonwealth.

nunnelly mark massachusettsCommonwealth of Massachusetts

Mark Nunnelly, Massachusetts EOTSS

Through EOTSS, Nunnelly will have oversight on all IT activities of state agencies. EOTSS will focus on centralizing IT infrastructure services across the executive department and review and update policies and procedures governing state cybersecurity, digital platforms and data management.

“Establishing the Executive Office of Technology Service and Security will allow state government to streamline state services, improve cybersecurity and better serve our constituents,” said Governor Baker in a press release. “We look forward to developing this secretariat to support the Commonwealth’s focus on providing modern, secure and stable technologies.”

“The rate and pace of change have forced all large organizations to rethink their digital service approach from a security, service and structure perspective,” said Nunnelly in a press release. “This reorganization will help equip the many talented IT professionals across the State with the right structure, tools, and platform to secure our information and provide better service to our constituents. We look forward to working with leaders from across the executive branch in making progress against these imperatives.”

August 1, 2017: Diane E. McCracken promoted to executive VP and chief security officer at Customers Bank

McCracken will have executive oversight of all security operations, including cyber, information, application and physical security as well as business continuity and disaster recovery at Customers Bank, a community-based, full-service bank with assets of approximately $10.9 billion 

“Security is a top priority for Customers Bank, and managing risks effectively and proactively requires executive-level commitment and attention,” said COO Richard Ehst in a press release. “By elevating the CSO to an executive role, we are able to take a more strategic approach to our security operations that includes unprecedented visibility across all areas of the bank, with results that will benefit each and every one of our customers. Diane’s knowledge of Customers Bank and her vast successes in information technology and security make her an ideal fit for this role.” 

McCracken has more than 18 years of experience as a technologist with a specialty in information technology. She began her career in information security in 2004 as an analyst with Sovereign Bank. She joined Customers Bank in 2011 as the Information Security Leader and has held various roles since then, including launching the Bank’s first mobile app in 2012, leading the vendor management practice, and building the bank’s cybersecurity programs. She was promoted to Chief Security Officer in September 2015.  

“Customers Bank’s approach to security has always been innovative, which is evident not only in the size of its security team but also in the ongoing assessment and evolution of its security practices,” said McCracken in a press release. “It has been a privilege to be part of such a dedicated team, and I look forward to taking it to the next level as Executive Vice President.”

July 31, 2017: The NTSC appoints Discover Financial Services CISO James McJunkin and MoneyGram International CISO Betty Elliott to its board of directors

McJunkin brings knowledge from the financial services industry and will help influence the strategic direction of the NTSC, which provides a platform for CISOs to advocate for beneficial legislative and regulatory policies. He joins CISOs who represent a broad cross-section of enterprise companies and have a vested interest in protecting the security of their customers and employees through policies that improve national cybersecurity standards and awareness.

jimmcjunkin ntscDiscover Financial Services

Jim McJunkin, Discover Financial Services CISO

“As someone who spent nearly 30 years in state and federal government as a law enforcement professional and held significant leadership positions at the FBI within their Counterterrorism Division, I understand the need for sound cybersecurity policy that helps both business and government,” said McJunkin in a press release. “The NTSC gives CISOs an important platform to help influence legislation and policy around critical issues such as data breach notification, public-private information sharing, and encryption.”

At Discover Financial Services, Mr. McJunkin is responsible for second line risk management of information security. That includes governance of the enterprise-wide information security program, internal and external investigations; third-party vendor compliance for information security, business continuity, and executive protection; and physical security for the entire corporate enterprise.

Representing the financial services industry, Elliott will help influence the strategic direction of the NTSC. “After serving as a CISO in a variety of industries and leading security teams at Fortune 500 companies, I’ve seen the effects that national cybersecurity legislation and policies can have on business,” said Elliott in a press release. “As a member of the NTSC board, I look forward to working with CISOs from a variety of backgrounds to offer my insights and engage in dialogue with policymakers on Capitol Hill.”

betty elliott ntscMoneyGram

Betty Elliott, MoneyGram CISO

Elliott joined MoneyGram in April 2015 as its VP, CISO. She leads the MoneyGram Information Security team whose responsibilities include managing security risk, security governance, forensics, security awareness, identity and access management, vulnerability management, security operations, security engineering, security architecture, internal fraud, and agent victim fraud.

July 31, 2017: Bob Thibodeaux is the new CISO at DefenseStorm

DefenseStorm, a provider of co-managed cybersecurity operations for financial has hired Thibodeaux as chief information security officer (CISO) as part of an effort to accommodate the company’s rapid growth. 

robert_thibodeaux_DefenseStormDefenseStorm

Bob Thibodeaux, DefenseStorm CISO

With more than 20 years of information security experience, Thibodeaux is an expert in managing IT, security and network operations. In his new role, Thibodeaux is responsible for overseeing incident response processes, risk management and penetration testing for community banks and credit unions across the U.S. He is also tasked with maintaining a current understanding of the threat landscape for the financial industry and translating that knowledge to identify risks and develop actionable plans to protect DefenseStorm and its customers.

Before joining DefenseStorm, Thibodeaux worked at F5 Networks as a senior security engineer, where he directed the development and management of the company’s security operations. Prior to that, he served as senior manager of IT infrastructure at The Seattle Times and as senior network engineer for InterNAP Network Services. Additionally, Thibodeaux is a Certified Information Systems Security Professional (CISSP) and Global Information Assurance Certified (GIAC) Penetration Tester.

“At DefenseStorm, we rely heavily on our sharp and talented employees. Cybersecurity is an ongoing initiative that cannot be solved indefinitely and our customers are targeted with new cyber threats constantly,” said Sean Feeney, CEO of DefenseStorm in a press release. “Having a skilled, experienced staff like Bob is vital to helping our customers address their security issues and is ultimately key to DefenseStorm’s success as a company.”

July 27, 2017: Matt Sorensen joins Secuvant as CISO, VP of risk management

Sorensen’s focus at the independent cyber security risk management and managed detection and response firm will be on bringing value to businesses through Secuvant’s Cyber-7 risk management methodology. He will lead the Secuvant cyberRPM practice. Sorensen brings 17 years of security experience, over 17 professional certifications in cyber security and 6 years as an attorney to Secuvant.

matt sorensen secuvant cisoSecuvant

Matt Sorensen, Secuvant CISO

“Having someone as skilled and well respected as Matt join the Secuvant management team is nothing short of incredible,” said Ryan Layton, CEO and co-founder of Secuvant in a press release. “Matt has a very unique combination that is rare to find in cyber security, that being business, legal and technical. He has proven to many businesses and their executives that he is the go-to guy when it comes to cyber risk advisory, and now he can add the Secuvant Cyber-7 methodology that just puts client benefits over the top.”

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Page 18

June 26, 2017:  Shipbuilder HII hires Ron A. Davis as its first CISO

Huntington Ingalls Industries (HII), the largest military shipbuilder in the U.S., has tasked Davis with responsibility for ensuring the early identification of threats and risks and the implementation of controls and other processes and methods to protect information systems for the entire HII enterprise.

davis ron thmbHuntington Ingalls Industries

Ron A. Davis, HII CISO

“Cybersecurity is a top priority for HII,” said Chris Kastner, executive vice president, business management, and chief financial officer, in a press release. “Our information systems must remain secure to not only protect our business, but to protect information vital to our nation’s defense. We look forward to Ron joining our team and putting his extensive cyber experience to work in this very important role.”

Davis joins HII after serving as CISO for Vencore since 2015. He has also held several positions at BAE Systems, including director of global cybersecurity program integration and director of global cybersecurity operations. In a contracting capacity, Davis served as senior lead information systems security engineer at the Defense Logistics Agency headquarters and the Department of Homeland Security. He has an extensive background in cybersecurity policy and procedure development, security architecture, security risk management, cyber threat management, and incident response. 

June 26, 2017: Prevalent appoints healthcare security expert Dr. Kevin Charest to board of directors

Ensuring security across all the connected digital players in the healthcare ecosystem p resents enormous challenges. To help meet those challenges, third-party risk management solution provider Prevalent, Inc., has added Dr. Charest to its board of directors. He brings 25 years of healthcare cybersecurity expertise, including managing global defense and IT security at the nation’s largest private and public healthcare organizations.

dr kevin charest prevalent bodPrevalent, Inc.

Dr. Kevin Charest, Prevalent board member

“We’re very pleased to have Kevin join our board and share his experience and insights with the Prevalent team,” said Jonathan Dambrot, CEO, Prevalent, in a press release. “Kevin possesses a unique understanding of both the business and technical issues driving third-party risk management across the diverse healthcare ecosystem. His leadership in global security and his vision and passion for protecting personal data will be invaluable to Prevalent and our customers as we move towards the next stage of managing third and fourth party risk.”

“The healthcare ecosystem comprises more than 480,000 interconnected entities of all sizes and maturity, but they all share the same significant challenge of managing Nth party risk. Prevalent’s broad capabilities and experience in this space gives them a unique opportunity to address this problem. I look forward to sharing my perspective and expertise to help Prevalent advance their delivery for the healthcare market and beyond,” said Dr. Charest in a press release.

Dr. Charest has held roles in both the public and private healthcare sector, including leading global cyber defense operations for UnitedHealth Group. He also served as the CISO for the Department of Health and Services (HHS). Dr. Charest is currently the board secretary for (ISC)², an international nonprofit cybersecurity membership association best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification.

June 26, 2017: Idaho Independent Bank hires Wade Griffith in dual operations/CISO role

The bank hired Griffith as senior vice president of operations, but he will also serve as its CISO, according to a press release. Griffith has nearly 39 years of experience in bank operations, technology and risk management. He will lead IIB’s operations, project and applications management. Griffith graduated with a bachelor’s degree in Business Administration from the College of Idaho and is a graduate of the Northwest Intermediate Banking School and School of Bank Marketing.

June 20, 2017: SaaS analytics platform provider Looker appoints Ryan Gurney as CSO 

Gurney is expected to lead Looker Data Sciences’ security and compliance initiatives around its data platform solution. He will develop and execute a security and compliance roadmap for current and future products, as well as implement company-wide governance policies and procedures.

ryan gurney v0001slackLooker Data Sciences

Ryan Gurney, Looker CSO

“Security has always been a priority at Looker,” said Frank Bien, CEO of Looker, in a press release. “Now with our regional expansion and growing presence in the enterprise we need to ensure our security programs scale appropriately. We are thrilled to have Ryan bring his years of experience to Looker and lead the advancement of our security initiatives.”

Prior to Looker, Ryan managed security and compliance functions as vice president of security at Zendesk and director of IT for Engine Yard. Previously, he managed a security engineering team at eBay.

“Looker provides a feature rich platform empowering our customers to understand their data,” said Gurney in a press release. “In providing a hosted cloud environment, I recognize that building and maintaining customer trust is paramount. I am excited to join Looker to ensure that we exceed our customer’s security needs, and to find innovative ways to utilize the Looker application to augment our own internal security capabilities.”

June 16, 2017: Ex-VMware exec Sandra Crosswell becomes SonicWall’s first CSO

sandra crosswellSonicWall

Sandra Crosswell, SonicWall CSO

Data breach detection and prevention solution provider SonicWall hired Crosswell as its first chief security officer (CSO). Prior to SonicWall, Crosswell was a senior manager at VMware, leading the InfoSec red team. Shel has more than 25 years of experience in program management for Fortune 500 companies. Her portfolio includes large M&A IT and application migrations, data center builds and consolidations, as well as leading security teams and compliance programs for the technology sector. Crosswell won an MVP award for her work at HP and was a SANS “Ones to Watch in Cybersecurity” winner in 2016. 

June 5, 2017: Dr. Malcolm Shore joins Huawei Technologies (Australia) as its cyber security officer

Dr. Shore has had a long career in information systems and security. After retiring as the Assistant Director Information Systems in Defence Headquarters for the Royal New Zealand Air Force, he joined the Government Communications Security Bureau taking responsibility for New Zealand’s national information systems security. 

He has also held two Head of Security roles in the telecommunications sector, at Telecom New Zealand and the Australian National Broadband Network (NBN) company. Across these roles he managed all aspects of physical security, information security, and privacy and delivered Sarbanes Oxley and Protective Security Policy Framework compliance. 

“Dr. Shore is well respected in the information security sector and has a strong understanding of our products and people,” said John Lord AM, chairman of Huawei Australia, in a press release. “We are delighted to have him lead on cyber security in Australia.”

This post was originally published on this site

Leave a Reply

CIO Newsletters

Copyright ©  2020  CIO Portal. All rights reserved.