Aphinia - Your CISO Wire Update
I hope you won this week!
Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:
These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:
→ Gary Starling appointed as CISO at IntelePeer.
→ Andrew Alaniz was appointed as Deputy CISO at Regions Bank.
→ Josh DeFrain was appointed as CISO at Rokt.
→ Dana Kilcrease was appointed as CISO at Berkeley College.
→ John Noltensmeyer was promoted to CISO at TokenEx.
→ Norman Hunt was appointed as GEICO.
→ George Do was appointed as CISO at GLP.
→ Lori Temples was promoted to Deputy CISO at Goldman Sachs.
→ Ali Qutob was appointed as CISO at Hunter Douglas.
Appointed? Promoted? Let us know!
In related news, Chuck Springer - one of our own! - was recognized as one of the 2023 Top 100 Information Security professionals. Congrats! This recognition is well deserved.
Do you want to share your story with fellow CISOs? Want to impart your wisdom and share actionable insights? And - importantly - to further enhance your personal brand and get visibility for the next advisory role, consulting gig or a new position?
Check out our awesome conversation with our guest Jamey Cummings (Partner - Cybersecurity and Technology, JM Search) on the active, passive or urgent job search for CISOs, state of the market and some of the best practices:
For your personal 30 minutes of spotlight simply respond with "interview" in the subject of the email and we will find time that works for you.
Our dance card is filling up fast, please respond today!
Several important events happened that merit your attention:
Are things so bad for CISOs? Is this true? Cybersecurity people are so stressed out, they’re bailing from their jobs after breaches.
Cyber Safety Review Board. A senior Department of Homeland Security official confirmed Wednesday that DHS is working with Congress and the White House on a bill that would codify the Cyber Safety Review Board (CSRB) — a brand-new effort for examining significant cybersecurity incidents.
Forward deployed. Over 40 US specialists have been sent to Ukraine to help battle cyber threats from Russia.
Leaked Google document: “We Have No Moat, And Neither Does OpenAI”. “Who would pay for a Google product with usage restrictions if there is a free, high quality alternative without them?” The punch line: both Open AI and Google eventually will be eclipsed by open source.
Meta's Q1 2023 APT report: Meta took down accounts used by several APT groups to target audiences across South Asia. It removed Facebook and Instagram accounts operated by the hacker-for-hire group Bahamut, Indian APT group Patchwork, and others.
Avast Q1 2023 report: Avast states that infostealers and phishing operations have remained the top threats to desktop consumers. On the mobile side of things, adware is still king, with more than three-quarters of all detections.
ChatGPT used for evil. Meta says ChatGPT-related malware is on the rise, specifically applications that lure users into downloading malicious apps and browser extensions.
Former Uber CSO walks: Former Uber chief security officer Joe Sullivan was sentenced to three years probation and wil avoid prison time after covering up a 2016 Uber data breach.
The judge said:
"... because of your good character, I'm not going to give a custodial sentence. But if I have a similar case tomorrow, even if the defendant had the character of Pope Francis, they would be going to prison.
And I want that to be known when you go out and talk to your CISO friends, you tell them that you got a break not because of what you did, not even because of who you are, but because this was just such an unusual one-off, the first of its kind... if there are more, people should expect to spend time in custody regardless of anything, and I hope everybody here recognizes that. I hope everybody in the CISO community takes this as a lesson, and not leniency, which is what I'm showing to you."
These senior cybersecurity sales roles you may want to forward to your friends and colleagues:
→ State of New Mexico is looking for a CISO in Santa Fe, NM.
→ RES Servicing Corp is looking for a CISO in Kew Gardens, NY.
→ New Jersey Institute of Technology is looking for a CISO in Newark, NJ:
→ Caterpillar is looking for a Deputy CISO in Irving, TX.
→ CampusWorks is looking for a CISO (remote).
→ B&H Photo is looking for a CISO in New York, NY.
Looking for a job? Hiring? Let us know.
These are virtual and live events for the cyber community you may find interesting:
=ADD TO YOUR CALENDAR ! Aphinia Event: May 24, 2023 1:00 - 2:00 pm EST =
We will be sending the zoom details for this event shortly - please block your calendar for 1pm on May 24, 2023.
→ Lee Kappon (CEO of Suridata) - “Catch Me if You Can - Keeping Up with the Ever-Changing SaaS”
Lee Kappon is the CEO and Co-Founder of Suridata, a SaaS Security company.
An entrepreneur and innovator at heart, Lee was listed in Forbes' 30 under 30 list. Lee has initiated and managed the development of innovative technological solutions for large companies. She holds an MBA from Tel-Aviv University and served as an officer in the Israeli Defense Forces.
→ Idan Wiener (CEO and Founder of Illustria) - “Here’s Why Open Source Isn’t Safe and What to Do About It.”
Idan is the Co-founder and CEO of Illustria, and has vast experience in both startup and corporate environments, with exposure to international markets. Idan served seven years as a Captain at the Israeli Naval Academy leading soldiers and officers in complex classified operations.
=Industry Events=
• Gartner Security & Risk Management Summit is taking place on Jun 5, 2023 in National Harbor, MD
• BlackHat is taking place on August 5, 2023 in Las Vegas, NV.
I met so many Aphinia members at RSA last week, but I missed even more! If you are planning to attend #BlackHat in August, please let me know. We’d love to meet face to face.
Attending or hosting an event? Let us know!
There’s been discussion on implications of using AI products by OpenAI (ChatGPT) and Github (Copilot) in the work environment - from cybersecurity and potentially, legal standpoints.
To offer your opinion on the subject and to participate in the discussion, join Aphinia Slack channel here >
Bad guys have been busy recently 📈 :
Raleigh Housing Authority breached. Cyber attack shuts down Raleigh Housing Authority computer system.
Capita opens up about the breach. Capita admits some pension data 'likely' to have been accessed in March breach.
Mackenzie Investments breached. Toronto-based Mackenzie Investments confirmed to CTV News Toronto on Wednesday that a third party vendor, InvestorCOM Inc., was compromised. Data breach exposes clients’ personal information at one of Canada’s largest investment firms.
Aetna’s vendor breached. According to Aetna, the cyber attack involved the company NationsBenefits, which provides hearing and flex card benefits to some Aetna members.
Dallas ransomware attack: Dallas, was hit by a ransomware attack that has disrupted its IT networks and official websites. The city's 311 public service hotline, municipal court, police department, and city hall IT services have been disrupted.
But a handful of bad guys were nabbed 👮♀️:
Operation SpecTor: $53.4 million seized, 288 vendors arrested in dark web bust.
Try2Check takedown: US authorities have charged Russian national Denis Kulkov with running Try2Check an illegal service used by carding gangs to check the validity of stolen credit cards. Authorities took down Try2Check and are offering a $10 million reward for any information leading to Kulkov's arrest.
Google is after CryptBot: Google launched litigation against distributors of the CryptBot infostealer and a New York court has granted a temporary restraining order that allows it to take down current and future domains tied to the distribution of CryptBot.
Stay safe.
Misha Sobolev
Aphinia