APHINIA - Your Weekly CISO Wire
Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:
These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:
Daniel Langley was appointed as CISO at the State of Oklahoma.
Gregg Cottage was appointed as CISO & CIO at NN Inc.
Tom Schmitt was appointed as CISO at Tapestry.
Nicole Trimbey was appointed as CISO at ATI.
Thomas Wilcox was appointed as CISO at Radicle Health.
Mrityunjay Gautam was appointed as CISO at Instacart.
Gary Dodd was appointed as CISO at GridSecurity Inc.
Radhika Bajpai was appointed as CISO at Russel Investments.
Sundararajan Srinivasan was appointed as CISO at Root Inc.
Appointed? Promoted? Let us know!
Aphinia is growing! Say hello, reach and connect with our new members:
Melanie Bergen, Business Information Security Officer, Principal Financial
Dotan Akiva, CIO / CISO, Certilman Balin Adler & Hyman, LLP
Chris Bollerud, CISO, AppZen
Victor Hsiang, CISO, GATX
Jason Rhykerd, CISO, Sheetz, Inc
Brian Palmer, Director of IT Security and Infrastructure, Ventas
Payam Tarverdyan, Distinguished Architect, Expedia Group Inc.
Chirag Shah, Global Information Security Officer & DPO, Model N, Inc.
David Vuong, Head of IT & Security (CISO), Tektome
Ravi Bhatarai, Head of IT Security, Pritzker Group
Mini Mathews, ICT Program Director, Ericsson
Yehonatan Frenkel, Information Security Lead, Dynamic Yield by Mastercard
Akshay Lad, Lead Cyber Security Engineer, Ritchie Bros Auctioneers
Welcome on board!
Who in your network can benefit from Aphinia? Please send them here »
Not yet a member? Apply here »
Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min
Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:
a new Advisory role or a consulting gig
a promotion or appointment
a book deal or a speaking engagement at industry conference
Our dance card is filling up fast, here’s the link to grab your time slot now: https://calendly.com/aphinia/30min
Meanwhile, check out our recent conversation with Cory Musselman (Global CISO, Kyndryl) on all things cybersecurity.
Full interview here»
Several important events happened that merit your attention:
Ted Cruz blocks nationwide data privacy bill: Senator Ted Cruz has blocked a bill that aimed to extend data privacy protections, currently reserved for lawmakers and officials, to all Americans. The bill, introduced by Senator Ron Wyden, sought to curb data broker practices that enable doxxing and threats, but Cruz argued it could hinder law enforcement.
UK renews push for Apple to unlock encrypted cloud data: The UK government has issued a new order demanding Apple provide access to encrypted cloud backups of British users, following a previous attempt that sparked a diplomatic clash with the US.
Cisco firewalls under active attack: Nearly 50,000 Cisco ASA and FTD firewalls remain exposed to two critical flaws enabling unauthenticated remote code execution. Despite CISA’s emergency directive, thousands of devices are still unpatched and exploited in ongoing attacks.
EU lawmakers challenge funding of spyware firms: A group of 39 European parliamentarians is demanding answers after revelations that EU funds and state-owned entities financially supported spyware companies like Intellexa and Cy4Gate.
U.S. cybersecurity programs set to expire amid gridlock: The Cybersecurity Information Sharing Act of 2015 and a $1 billion state and local grant program are set to expire as Congress fails to reach a funding deal, raising concerns over reduced threat sharing and weakened national cyber defenses.
US army fixes NGC2 cyber flaws: The US Army says it has resolved major cybersecurity flaws in its Next Generation Command and Control (NGC2) system. Despite earlier warnings of “very high risk,” officials confirmed the issues were mitigated and testing is moving ahead as the program expands.
Android Trojan steals money overnight: The Klopatra banking Trojan, disguised as the Mobdro app, has infected thousands of devices in Italy and Spain, remotely draining victims’ bank accounts at night using stolen credentials.
Industry news: Attiki, a cybersecurity company that provides threat intelligence and security monitoring has raised $3.26 million (€2.8 million). Paris based cybersecurity company, Filigran, which offers open-source tools and services has raised $58 million. Oneleet, a cybersecurity company which provides compliance automation, attack monitoring and code scanning has raised $33 million. SAIC acquires SilverEdge. Vectra AI acquires Netography. Xcelerate Solutions acquires clearAvenue.
These senior cybersecurity executive roles you may want to forward to your friends and colleagues:
College of Charleston is looking for a Chief Information Security Officer in Charleston, SC.
Amtrak is looking for a VP, Chief Information Security Officer in Washington, DC.
Valleywise Health is looking for an Executive Director IT Security & CISO in Phoenix, AZ.
Getty is looking for a Chief Information Security Officer in Los Angeles, CA.
CalSAWS is looking for a Chief Information Security Officer in Gold River, CA.
Glocomms is looking for a Chief Information Security Officer in New York, NY.
Soni Resources is looking for a Deputy Chief Information Security Officer in Philadelphia, PA.
Suntory Global Spirits is looking for a Vice President, Chief Information Security Officer in Chicago, IL.
Blackmere Consulting LLC is looking for a Chief Information Security Officer (remote).
Blackmere Consulting LLC is looking for a Deputy Chief Information Security Officer (remote).
Looking for a job? Hiring? Let us know.
Our Chicago CISO Mastermind dinner with Eric Hart was a epic! Thank you everyone who attended!
Quick Sign Up - Aphinia In-Person CISO Mastermind Dinners:
Events are filling up very fast. So if you are traveling to the conferences or local to these cities sign up today:
Oct 15, 2025 - New York, NY - Join here>
Nov 4, 2025 - Boston, MA - Join here>
Nov 5, 2025 - Philadelphia, PA - Join here>
Dec 1, 2025 - Las Vegas, NV (Re:Invent) - Join here>
Dec 7, 2025 - Dallas, TX (Gartner IAM) - Join here>
Dec 11, 2025 - Houston, TX - Join here>
Further Details About Aphinia In-Person Events:
New York CISO Mastermind dinner is taking place on October 15, 2025 in New York, NY. This mastermind is co-hosted by Vlad Brodsky (OTC Markets Group) and Hardik Mehta (JPMorgan). If you are in New York, this is a “must attend” event. We have four remaining spots, so sign up here today.
Boston CISO Mastermind dinner is taking place on November 4, 2025 in Boston, MA. This mastermind is co-hosted by Javed Ikbal (Bright Horizons). If you are in Boston, this is a “must attend” event. Space is limited, so sign up here today.
Philadelphia CISO Mastermind dinner is taking place on November 5, 2025 in Philadelphia, PA. This mastermind is co-hosted by Bob Stasio (Interim CISO, Merck). If you are in Philadelphia, this is a “must attend” event. If you are in Philadelphia, this is a “must attend” event. Space is limited, so sign up here today.
Re:Invent CISO Mastermind dinner is taking place on Dec 1, 2025 in Las Vegas, NV. This mastermind is co-hosted by David Tyburski (CISO, Wynn Resorts). If you are going Re:Invent this year, this is a “must attend” event. Space is limited, so sign up here today.
Gartner I&M CISO Mastermind dinner is taking place on Dec 7, 2025 in Dallas, TX. This mastermind is co-hosted by Ian Schneller (Former CISO, Health Care Service Corp.). If you are going Gartner’s conference this year, this is a “must attend” event. Space is limited, so sign up here today.
Houston CISO Mastermind dinner is taking place on Dec 11, 2025 in Houston, TX. If you are based in the area, this is a “must attend” event. Space is limited, so sign up here today.
=> Want to host or sponsor a CISO Mastermind around a conference you are going to or in the city where you live? Reach out!
Industry Events:
Executive Perspectives is taking place at The Lotos Club in New York on October 29, 2025.
Re:Invent is taking place on Dec 2, 2025 in Las Vegas, NV.
Gartner: Identity & Access is taking place on Dec 8-10, 2025 in Grapevine, TX.
Gartner IT Infrastructure, IT Operations and Cloud Strategies is taking place on Dec 9-11, 2025 in Las Vegas, NV.
Black Hat Europe is taking place on Dec 9, 2025 in London, UK.
RSAC is taking place on March 22-26, 2026 in San Francisco, CA.
Black Hat is taking place on Aug 1-6, 2026 in Las Vegas, NV.
Attending or hosting an event? Let us know!
Bad actors have been busy recently 📈:
Discord disclosed that hackers have breached a third-party customer support provider, exposing limited user data, but no direct access to Discord accounts occurred.
A third-party breach has exposed some Renault customer data, but the company stated that no financial details were compromised.
Hacker group Black Mirror has leaked the first batch of Rostec documents, revealing Russia’s international arms deals, payment struggles, and sanction-evasion logistics schemes.
Salesforce confirmed recent extortion attempts tied to social engineering but found no evidence of a platform breach, stressing continued vigilance and customer support.
Suspected North Korean hackers targeted SBI Crypto in a $21M theft, laundering the funds across exchanges before funneling them through Tornado Cash.
Following a GitLab breach, Red Hat is investigating claims that hackers stole thousands of consulting files, including detailed customer network information.
Hackers breached BK Technologies’ systems on September 20, stealing employee data and causing minor disruptions, with costs largely covered by insurance.
Over 171,000 individuals had their personal and medical information compromised after hackers gained access to Doctors Imaging Group’s network in November 2024.
A ransomware attack on Asahi Group Holdings caused week-long disruptions at its Japanese subsidiaries, halting production, delaying shipments, and leading to stolen data.
Motility reported a data breach involving Social Security and driver’s license numbers after detecting suspicious network activity in August.
A critical GoAnywhere MFT flaw (CVE-2025-10035) was exploited as a zero-day by China-based group Storm-1175, enabling backdoor access, data theft, and Medusa ransomware deployment.
But a handful of guys were nabbed 👮♀️:
Interpol arrests 260 in Africa cybercrime crackdown: Interpol and authorities across 14 African countries arrested 260 people in a major cybercrime operation targeting romance scams and sextortion, seizing over 1,200 devices. Investigators linked nearly 1,500 victims to the scams, with estimated losses of $2.8 million.
Australian man fined $350k over AI deepfakes: An Australian man was fined nearly $350,000 for creating non-consensual pornographic deepfakes of women, the first case of its kind in the country.
China sentences “four great families” scam leaders to death: China has sentenced 16 members of Myanmar’s “Four Great Families” scam syndicates to death, with others receiving life or long-term prison sentences. The crackdown followed a multi-year investigation into large-scale telecom and cyber fraud, including the notorious “Crouching Tiger Villa” scam compound.
Cambodia arrests 24 foreigners in scam center crackdown: Cambodian police arrested 24 foreign nationals during coordinated raids on scam centers after a three-month investigation. Authorities seized laptops, phones, and SIM cards used in fraud operations, with suspects now under interrogation to identify the masterminds
Hackers apologize after nursery cyberattack: The hacker group Radiant issued an apology after stealing data from the Kido nursery chain, claiming they deleted all children’s records. The group faced widespread outrage for targeting nurseries and said it would no longer pursue similar attacks.
Stay safe.
Misha Sobolev
Aphinia
***
P.S.: Are you a senior GTM executive at a cybersecurity company wanting to get your story in front of 2,000+ of cybersecurity executives? Sponsor a thought leadership section in the next issue of CISO Wire.