Aphinia - Your CISO Wire Update
I hope you won this week!
Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:
These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:
→ Mark Carter was appointed as CISO at Vimeo.
→ Rick Velasquez was appointed as CISO at Paradigm.
→ David Shaw was appointed as CISO at Transact Campus.
→ Christopher McDowell was appointed as CISO at Lakeside Software.
→ Joshua Lane was appointed as CISO at Veeco Investments.
→ Hunter Barbour was appointed as CISO at WVU Medicine.
→ Mike Johnson was appointed as CISO at Rivian.
→ Aaron Shafer was appointed as CISO at MindBody.
Appointed? Promoted? Let us know!
Do you want to share your story with fellow CISOs? Want to impart your wisdom and share actionable insights? And - importantly - to further enhance your personal brand and get visibility for the next advisory role, consulting gig or a new position?
Check out our awesome conversation with Joyce Brocaglia (Global Cybersecurity Practice Leader, Alta Security) on the active, passive or urgent job search for CISOs, state of the market and some of the best practices:
For your personal 30 minutes of spotlight simply respond with "interview" in the subject of the email and we will find time that works for you.
Our dance card is filling up fast, please respond today!
Several important events happened that merit your attention:
SEC focused on cyber risk. Company boards are bracing for new SEC cybersecurity regulations. Growing cooperation between corporate boards and chief information security officers has strengthened cyber defense as looming regulations could demand greater accountability
Block get sued for not disclosing the data breach. Former Afterpay shareholders have brought a class action against Jack Dorsey’s Block, claiming it failed to disclose a cyber breach mere weeks before buying the Australian buy now pay later company. The data breach, which occurred on December 10, 2021, wasn’t revealed until April 4, after which share prices tumbled 15% overnight.
Congress crafting legislation to regulate AI. Senate Majority Leader Chuck Schumer is spearheading the congressional effort to craft legislation regulating AI, circulating a broad framework among experts in recent weeks. While the federal government has made early moves, including the Commerce Department beginning to take steps to create AI safety rules, critics say more comprehensive legislation is needed.
Mimecast predicting $8 trillion in losses due to cyber threats in 2023. Mimecast, an email security company, released its 2023 State of Email Security report detailing the risks faced by businesses in the form of email-borne attacks and the need to increase the response due to the growing sophistication of those attacks. The SOES report was compiled by interviewing 1,700 information technology and cybersecurity professionals on the type and volume of attacks experienced and the security measures businesses currently have in place.
Microsoft Bing usage jumps with ChatGPT update. In a new effort to jump ahead of leading search engine Google, Microsoft has announced an update to its Bing browser with a feature that integrates ChatGPT and allows it to answer search terms. When users now search for answers in Bing, they will see answers presented by “Bing AI” using OpenAI’s GPT-4. Users can then continue dialogue with the artificial intelligence for follow-up questions.
These senior cybersecurity sales roles you may want to forward to your friends and colleagues:
→ WELLDYNE is looking for a Director, IT Security / CISO (remote).
→ Amynta Group is looking for a CISO (remote).
→ Los Angeles Unified School District is looking for a Deputy CISO in Los Angeles, CA.
→ California State Univerity is looking for a CISO (remote).
→ The New York City Department of Investigation (DOI) is looking for a CISO in Manhattan, NY.
→ First Central Savings Bank is looking for a CISO in Glen Cove, NY.
Looking for a job? Hiring? Let us know.
These are virtual and live events for the cyber community you may find interesting:
=SAVE THE DATE! Aphinia Events! =
=> April 20, 2023: 3:00-4:00 pm EST. Add zoom link to your calendar: https://us06web.zoom.us/j/9411931651
Virtual Roundtable. Chris Brown (New Cyber Executive) will discuss balancing personal and professional risks related to executive cybersecurity roles.
=> May 24, 2023: 1:00-2:00 pm EST. Virtual Roundtable. New actionable insights from two promising Israeli cybersecurity startups. Add zoom link to your calendar: https://us06web.zoom.us/j/9411931651
→ Lee Kappon (CEO of Suridata) - “Catch Me if You Can - Keeping Up with the Ever-Changing SaaS”
Lee Kappon is the CEO and Co-Founder of Suridata, a SaaS Security company.
An entrepreneur and innovator at heart, Lee was listed in Forbes' 30 under 30 list. Lee has initiated and managed the development of innovative technological solutions for large companies. She holds an MBA from Tel-Aviv University and served as an officer in the Israeli Defense Forces.
→ Idan Wiener (CEO and Founder of Illustria) - “Here’s Why Open Source Isn’t Safe and What to Do About It.”
Idan is the Co-founder and CEO of Illustria, and has vast experience in both startup and corporate environments, with exposure to international markets. Idan served seven years as a Captain at the Israeli Naval Academy leading soldiers and officers in complex classified operations.
=Industry Events=
• RSA 2023 is taking place on April 24-27 in San Francisco, CA. Are you going to RSA’23? Drop us a line, we’d love to meet up!
On Wednesday, April 24 we will be meetings Aphinia members at Open Cybersecurity Alliance Breakfast at RSA at W Hotel, Social Terrace, 181 3rd St. RSVP here »
Separately, to mix work and fun, to meet old buddies and to network, here is the comprehensive list of RSA parties »
• Gartner Security & Risk Management Summit is taking place on Jun 5, 2023 in National Harbor, MD
• BlackHat is taking place on August 5, 2023 in Las Vegas, NV
Attending or hosting an event? Let us know!
There’s been discussion on implications of using AI products by OpenAI (ChatGPT) and Github (Copilot) in the work environment - from cybersecurity and potentially, legal standpoints.
To offer your opinion on the subject and to participate in the discussion, join Aphinia Slack channel here >
Bad guys have been busy recently 📈 :
Dutch market research agency Blauw hacked and the personal data of more than two million Dutch citizens was stolen from its servers at the end of last month.
Capita (UK IT service provider) suffered a major cybersecurity breach. The incident is ringing bells with the government officials since Capita is a major contractor for the NHS and other UK government agencies.
Students at many of US and Canadian universities and colleges had their data stolen by hackers after a breach at AudienceView.
Fortra, the maker of the GoAnywhere file transfer appliance, is sued by 130 of its clients after they were hacked and had their data stolen by the Clop cybercrime group.
Proskauer Rose, a global law firm, had client data left unsecured for six months.
Evotec suffered a breach when a cyber attack took systems offline.
QuaDream, an Israeli company, emerged as an additional source of zero click exploits to hijack mobile devices (in addition to famous NSO’s Pegasus).
Microsoft, Fortra and Health-ISAC obtained a court order to take down servers (528 servers seen in the wild) hosting cracked Cobalt Strike that is used by attackers.
Kaspersky posted about Telegram's increasing role in the phishing market as it acts as a host for many "shops" and phishing panel backends.
Flashpoint published a report with the current main five dark web marketplaces: Mega, Blacksprut, Solaris, Kraken, and OMG!OMG! Market, remaining after the takedown of Hydra.
Resecurity found a new dark web marketplace that in three months since launch gathered quite a following: STYX offers illicit services ranging from data dumps to cash-out services and from DDoS attacks to stolen credentials.
But a handful of bad guys were nabbed 👮♀️:
German authorities seized the servers of FlyHosting, a hosting provider for staging DDoS attacks. German police served eight search warrants and identified five individuals aged 16-24 suspected of operating the service since mid-2021.
Sri Lankan authorities have arrested 39 Chinese hackers for stealing money from the bank accounts of people living in different countries.
Police in Europe arrested two cybercriminal leaders in Ukraine, while ten other members were arrested across Europe. Ukrainian police say the group ran at least 100 phishing sites, scamming 1,000+ victims in Czech Republic, Poland, France, Spain, Portugal, and other countries out of $4.3 million.
119 arrests and 208 property searches took place in 13 nations as part of Genesis Market takedown.
Fancy Bear’s leader was doxxed.
Stay safe.
Misha Sobolev
Aphinia