Aphinia - Your CISO Wire Update
Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:
These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:
→ Todd Jacobs was appointed as Chief Information Security Officer at Spiff Inc.
→ Derek Pizzagoni was appointed as Chief Information Security Officer at Children’s Hospital Los Angeles.
→ Scott Roberts was appointed as Chief Information Security Officer at UiPath.
→ Dan Sheehan was appointed as Chief Information Security Officer at Wolfe.com
→ Victor Cortes was appointed as Chief Information Security Officer at Scotiabank.
→ Karen Gispanski was appointed as Chief Information Security Officer at Millennium Physician Group.
→ Heather Grant-Evans was appointed as Chief Information Security Officer at Marqeta.
→ Ralph Heres was appointed as Chief Information Security Officer at Covina.
→ Lucia Stacy was appointed as Chief Information Security Officer at Stanley Black & Decker.
→ Khash Kiani was appointed as Chief Information Security Officer at Business Wire.
Appointed? Promoted? Let us know!
Aphinia is growing! Say hello, reach and connect with our new members:
David Bergh, CISO, Avantax
Anant Subramanian, Principal, Dinnovation LLC
Corey Hlavacek, Director - IT Security, enVista LLC
Dana Simberkoff, Chief Risk, Privacy and Information Security Officer, AvePoint Inc.
Darren LaCasse, Director, Threat, Detection, and Response, Elastic
David Nathans, CISO, Siemens Healthineers
Welcome on board!
Do you want to share your story with fellow CISOs? Want to impart your wisdom and share actionable insights? And - importantly - to further enhance your personal brand and get visibility for the next advisory role, consulting gig or a new position?
Check out our wide ranging conversation with our guest Don Baham (CISO Germantown Technologies ) about all things cybersecurity, current and emergent infused threats and best practices, and career advice:
For your personal 30 minutes of spotlight simply respond with "interview" in the subject of the email and we will find time that works for you.
Our dance card is filling up fast, please respond today!
Several important events happened that merit your attention:
SEC new reporting requirements. SEC will require public companies to disclose “material” cybersecurity breaches within four days of the incident.
IBM published cyber cost report. IBM report, average cost of cybersecurity breach is up to $4.5 million. Half of breached organizations unwilling to increase security spend despite soaring breach costs.
New DDoS type: Radware say they are seeing large-scale DDoS attacks being carried out using a new attack method. Named HTTPS DDoS Tsunami, this new method can generate DDoS attacks with extremely high RPS (Requests Per Second) rates, sometimes reaching 880,000 or higher. The new attack method is challenging to mitigate because attackers switch the type of HTTP requests they use every few minutes.
Still not at the table. 65% of Fortune 500 companies have CISO reporting to CIO or CTO, and not to CEO.
CISA report: CISA says that half (54%) of the security incidents that impacted government agencies and critical infrastructure organizations in 2022 have been traced back to attackers using valid credentials to access the victim's network. This includes credentials for admin accounts, VPN servers, and other crucial systems
SonicWall report. SonicWall says it observed a 399% rise in cryptojacking attacks. The biggest spike was registered across European organizations, where cryptojacking attacks rose by 788%.
These senior cybersecurity sales roles you may want to forward to your friends and colleagues:
→ Computer World Services is looking for a Chief Information Security Officer in Rockville, MD.
→ Council for Affordable Quality Healthcare is looking for a Chief Information Security Officer in Washington, DC.
→ South Dakota State Government is looking for a Chief Information Security Officer in Sioux Falls, SD.
→ North Orange County Community College District is looking for a Chief Information Security Officer in Anaheim, CA
→ United States Senate is looking for a Chief Information Security Officer in Washington, DC.
→ Extreme Reach is looking for a Chief Information Security Officer in New York, NY.
→ Michigan Technological University is looking for a Chief Information Security Officer in Houghton, MI.
→ NationsBenefits is looking for a Chief Information Security Officer in Plantation, FL.
→ Aqueduct is looking for a Chief Information Security Officer in Boston, MA.
→ New York Department of Health is looking for a Chief Information Security Officer in Albany, NY.
→ Connecting Experts is looking for a Chief Information Security Officer (Remote).
Looking for a job? Hiring? Let us know.
These are virtual and live events for the cyber community you may find interesting:
=Industry Events=
BlackHat is taking place on August 5-10, 2023 in Las Vegas, NV. Are you going? We'd love to meet!
InfoSec World is taking place on September 25-27, 2023 in Lake Buena Vista, FL
CISO Summit is taking place on November 16, 2023 in New York, NY.
CyberTech is taking place on January 29-31, 2024 in Tel Aviv, Israel.
RSA 2024 is taking place on May 6-9, 2024 in San Francisco, CA.
If you are planning to attend #BlackHat in August, please let me know. We’d love to meet face to face.
Attending or hosting an event? Let us know!
There’s been discussion on implications of using AI products by OpenAI (ChatGPT) and Github (Copilot) in the work environment - from cybersecurity and potentially, legal standpoints.
To offer your opinion on the subject and to participate in the discussion, join Aphinia Slack channel here >
Bad guys have been busy recently 📈 :
Government contractor Maximus hit by MOVEit ransomware hack. 11 million personal records exposed.
Tampa General Hospital data breach impacts 1.2 million patients.
Estée Lauder has confirmed suffering a data breach just as two ransomware groups claimed to have targeted the company, both allegedly stealing vast amounts of information.
Norway says Ivanti zero-day was used to hack govt IT systems.
North Korean cyber group suspected in JumpCloud breach.
Netscaler ADC bug exploited to breach US critical infrastructure org.
Rutgers, Stony Brook among colleges warning of data exposure from MOVEit hack.
PokerStars alerts players in about “cybersecurity incident” that exposed personal information.
Iranian stalkerware app Spyhide has been silently gathering sensitive data from over 60,000 compromised Android devices.
Crypto payments platform Alphapo has fallen victim to a massive hack resulting in $31 million stolen.
Franklin Mint Federal Credit Union said MOVEit hack compromised the data of 140k customers.
But a handful of guys were nabbed 👮♀️:
Wisconsin teen charged with $600k DraftKings mass hack.
Ilya Sachkov, CEO of Russian cybersecurity firm, sentenced to 14 years in prison for treason.
Maine State Senator asks Biden to pardon Silk Road founder Ross Ulbricht.
Bitfinex hackers agree to forfeit $4.5 billion in bitcoin in a plea deal.
Ukraine dismantled a massive bot farm, seized 150,000 CIM cards.
CEO of ICS Holding, one of the Russian tech companies that helped the Kremlin implement its SORM national surveillance system, Anton Cherepennikov died having allegedly overdosed on "medical gas."
Stay safe.
Misha Sobolev
Aphinia