Aphinia - Your CISO Wire Update

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

→ Josh Lemos appointed as Chief Information Security Officer at GitLab.

→ Ron Aucoin was appointed as Chief Information Officer at Beazer Homes.

→ Roger Brotz was appointed as Chief Information Officer at Acadia Healthcare.

→ Alan Mitchell was appointed as Chief Information Officer at Celanese.

→ Ron Ropp was appointed as Chief Information Officer at Portland General Electric.

→ Todd Bell was appointed as Chief Information Officer at Mortgage Solutions Financial.

→ Charles Mendoza was appointed as Chief Information Officer at Auto Lenders.

→ Ravi Pentapaty was appointed as Chief Information Officer at Cardlytcs.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Adam Traylor, Deputy CISO, Ventech Solutions

• Aladdin Elston, CISO, Altimetrik

• Alex Alborzfard, Director, Information System Security, The Enrollment Management Association

• David Ogg, Cyber Risk Leader, Principal

• Todd Thorsen, Chief Information Security Officer, CrashPlan Group

• Adam Gladsden, SVP, Global Head Cyber Solutions, Swiss Re

Welcome on board!

Two Aphinia members: Ricardo Lafosse and Joshua Brown were named as “2023 Top 10 CISO” by the Enterprise Security Magazine.

Well deserved! Congrats!

Do you want to share your story with fellow CISOs? Want to impart your wisdom and share actionable insights? And - importantly - to further enhance your personal brand and get visibility for the next advisory role, consulting gig or a new position? 

Check out our wide ranging conversation with our guest Jamey Cummings (Partner, Cybersecurity and Technology, JM Search) on the state of the job market for CISOs, best practices and pitfalls:

For your personal 30 minutes of spotlight simply respond with "interview" in the subject of the email and we will find time that works for you. 

Our dance card is filling up fast, please respond today!

Several important events happened that merit your attention:

• Crime pays, unfortunately. The gang behind the LockBit ransomware allegedly made more than $91 million in ransom payments from more than 1,700 targets, according to CISA. Victims include organizations like Continental, Bridgestone, Accenture, UK Royal Mail, the city of Oakland (California), and the Italian Internal Revenue Service. However, three leaders of the group behind LockBit were arrested.

• FCC Privacy and Data Protection Task Force: The US Federal Communications Committee has launched a Privacy and Data Protection Task Force. The new task force will help the FCC draft laws and investigate data privacy incidents in the telco space. This will include breaches at telco providers and supply chain attacks and vulnerabilities at telcos and their suppliers.

• Proofpoint Human Factor report: Security firm Proofpoint has published its annual Human Factor report. The report analyzes recent techniques used by threat actors that combine technology and psychology to go after their targets. The report looks at TOAD attacks, new phishing techniques that bypass MFA, and recent social engineering techniques adopted by the likes of Emotet and SocGolish.

• AppStore staggering fraud numbers: Apple says it blocked nearly 3.9 million stolen credit cards from being used to make fraudulent purchases on App Store in 2022. The company says it blocked more than $2 billion in fraudulent transactions throughout 2022 and banned 714,000 accounts from its transactions system.

• Investigation into Chinese cranes: The Dutch government investigating Chinese cranes installed in Dutch ports. The investigation comes after reports from US intelligence that China may use software installed on the cranes to collect data on the movement of goods and military equipment through Western ports.

• Forward deployed. The US Department of Defense has formally acknowledgedand defined the concept of "expeditionary cyberspace operations." The term refers to deploying military and intelligence assets in the field to conduct a cyberspace operation closer to the target.

• Bot traffic on the rise. Imperva reported that roughly 47.4% of internet traffic it analyzed last year came from bot networks, a percentage that is up 5.1% from the previous year. Of these, Imperva says that roughly 30% was "bad bots" used for various forms of automated attacks.

• Cost of supply chain attacks on the rise. A Juniper Research report estimates that businesses around the world are expected to suffer almost $46 billion in losses to software supply chain incidents this year. Juniper expects the same losses to jump by 76% and reach $81 billion by 2026.

These senior cybersecurity sales roles you may want to forward to your friends and colleagues:

→ New York City is looking for a Deputy CISO - Threat Management in Brooklyn, NY.

→ University of Utah is looking for a CISO in Salt Lake City, UT.

→ CareFirst BlueCross BlueShield is looking for a CISO in Owings Mills, MD.

→ State of Wisconsin is looking for a CISO in Dane County, WI.

→ Boise State University is looking for a CISO in Boise, ID.

→ Commure is looking for a CISO (remote).

→ The City University of New York (CUNY) is looking for a Deputy CISO in New York, NY.

Looking for a job? Hiring? Let us know.

=SAVE THE DATE ! CISO Dinner Series =

Aphinia is co-hosting a series of CISO Dinners in June with the focus on top challenges and security strategies for 2023 and beyond with one of our partners.

These dinners offer a great opportunity to connect with peers, and to network. Space is limited, so sign up today.

• Northern California- June 21, 2023. Sign up here >

  • Location: Be.Steak.A

  • Time: 5:30PM-8:30PM PST

  • Speakers:

    • Raj Thomas, VP of Security, GAP 

    • John Byrun, VP Security, Sephora 

• San Antonio, Texas- June 27, 2023 Sign up here >

  • Location: JPrime 

  • Time: 5:30PM-8:30PM CST 

  • Speakers:

    • Eddie Contreras, CISO, Frost Bank 

    • Amitai Ratzon, CEO, Pentera 

• Boston, MA - June 29, 2023 Sign up here >

  • Location: Contessa

  • Time: 5:30PM-8:30PM EST 

  • Speakers:

    • Michael Francess, Director, Cyber Security Advanced Treat, Wyndham Hotels

    • Bob Litterer, CISO, Teradyne   

• Chicago, IL- June 29, 2023 Sign up here >

  • Location: Steak 48 

  • Time: 5:30PM-8:30PM CST

  • Speakers:

    • Amitai Ratzon, CEO, Pentera

=Industry Events=

• BlackHat is taking place on August 5, 2023 in Las Vegas, NV. Are you going? We'd love to meet!

• InfoSec World is taking place on September 25-27, 2023 in Lake Buena Vista, FL

I met so many Aphinia members at RSA last week, but I missed even more! If you are planning to attend #BlackHat in August, please let me know. We’d love to meet face to face.

Attending or hosting an event? Let us know!

There’s been discussion on implications of using AI products by OpenAI (ChatGPT) and Github (Copilot) in the work environment - from cybersecurity and potentially, legal standpoints.

To offer your opinion on the subject and to participate in the discussion, join Aphinia Slack channel here >

Bad guys have been busy recently 📈 :

• Information from all La. driver’s licenses likely taken in cyber breach.

• University of Georgia likely affected by data breach.

• The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign.

• Italy's Industry Ministry reports 'heavy' cyberattack.

• Floating Point Group halts trading after losing pp to $20M in security breach.

• Health Service Ireland latest victim of MOVEit cyber attack.

• Department of Transportation breach may have affected 237K current and former employees.

But a handful of bad guys were nabbed 👮‍♀️:

• Russian national was arrested and charged by U.S. law enforcement for allegedly targeting victims around the world with the notorious LockBit ransomware.

• Gozi banking malware “IT chief” finally jailed after more than 10 years.

• Jailed hacker told to pay £100,000 after stealing unreleased Ed Sheeran music.

• Hacker marketplace sprung up again after the takedown.

• Hackers behind Spain's asylum black market arrested.

• Ukraine's Cyber Police has disrupted the activities of a phishing gang that hijacked more than 15,000 Telegram accounts. The gang consisted of five Ukrainians and one Russian national.

Stay safe.

Misha Sobolev

Aphinia