Aphinia - Your Weekly CISO Wire

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

→ Ricardo Johnson - I was recently appointed (Oct 2nd) as VP, Chief Information Security Officer at Dentsply Sirona.

→ Jeff Maxon (CISO of the State of Kansas) was promoted to CITO of the State of Kansas.

→ Michael Housch was appointed as Chief Information Security Officer at Dark Matter Technologies.

→ Lalit Trivedi was appointed as Head of Information Security at FlexM.

→ Steven Calicut was appointed as Chief Information Security Officer at ECMC Hospital.

→ George Irungu was appointed as Chief Information Security Officer at CAQH.

→ Marco Maiuriano was appointed as Chief Information Security Officer at First Citizens Bank.

→ Diana Lovati was appointed as Chief Information Security Officer at True Anomaly.

→ Tyron Fitzgerald was appointed as Chief Information Security Officer at Montrose Environmental Group.

→ Adam Glick was appointed as Chief Information Security Officer at PSG.

→ Whitney Palacios was appointed as Chief Information Security Officer at BigBear.ai

→ Michael Irwin was appointed as Chief Information Security Officer at Odyssey Logistics.

→ Tim Williams was appointed as Chief Information Security Officer at Insulet Logistics.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Bob McCarthy, Head of Security, Brilliant Earth

• Boris Orbach, Head of Global Information Security, GG Group

• Chad Viola, Senior Director, Information Security, AM Best

• Chris Caliri, CIO, RA Capital

• Crane Hassold, Executive Director of Intelligence, Artemis Threat Intelligence

• Ebrima Ceesay, Sr Distinguished Engineer, Capital One

• Eric Lengvenis, Principle Architect for Data Protection, Wells Fargo & Co.

Welcome on board!

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role

• a consulting gig

• a promotion or appointment

• a book deal

• a speaking engagement at industry conference

Our dance card is filling up fast, please respond today!

Here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out our wide ranging conversation with our guest Matthew Sharp (CISO, Xactly Corp.) about all things cybersecurity, current and emergent threats; about often challenging relationship between CISOs and cybersecurity vendors, and much more:

Several important events happened that merit your attention:

• DDoS on the rise: AWS, Cloudflare and Google observed mass exploits of a novel zero-day vulnerability used to launch distributed denial of service attacks reaching a record-breaking scale.

• Splunk issued a CISO report: almost half of the 350 security executives surveyed said their organizations were hit by multiple disruptive cyberattacks during the last year. More than 4 in 5 CISOs surveyed said their organization paid the ransom.

• Equifax to pay for the breach: UK watchdog fined Equifax $13.4 million for role in cyber breach. The FCA said the hackers could also access the personal data of 13.8 million UK consumers because the data was stored on company servers in the United States.

• Microsoft’s products have 40% of all exploits: the database of 1,019 exploited CVEs, some dating back to 2002, was updated Thursday to include those with known ransomware exploits. At least 184 CVEs have known use in ransomware attacks, according to CISA. Of those, more than 2 in 5 of the vulnerabilities exploited by threat actors to conduct ransomware are linked to Microsoft products, which are ubiquitous in the enterprise.

• If it looks like a platypus: DeFi trading service Platypus has lost more than $2 million worth of crypto assets after an attacker gained access to its systems. The incident marks the third time the platform was hacked this year after suffering similar breaches in January and July. It lost $8.5 million in the first hack and just $50,000 in the second.

• SEC is investigating Progress Software: The US Securities and Exchange Commission has launched a formal investigation into Progress Software, the company behind the MOVEit file-sharing server. According to a regulatory filing, Progress says the SEC has started a fact-finding investigation and is seeking documents from the company related to how the company handled a string of hacks of its MOVEit software earlier this year.

• Fraud wrapped into incompetence surrounded by bad luck: how FTX lost $400 million to a hack the day it went bankrupt, after valued at $32 billion a few month prior.

• Cyber insurers cut their premiums, but demand you do more: the good news is that that correction has taken place now. And now we’re seeing a flattening of premiums. But you need to demonstrate very strong cyber maturity to continue to have cyber insurance.

• CISO salaries: CISO salaries have gone up by 11% in 2023, but growth has slowed, and fewer open positions are currently available. The average CISO salary this year has been $550,000, but more than half of CISOs are making below $400,000.

According to a joint study of compensation data from more than 600 CISOs across Canada and the US, the best-paying jobs are on the US West Coast and in the tech and financial sectors.

These senior cybersecurity sales roles you may want to forward to your friends and colleagues:

→ City of Mesa is looking for a Chief Information Security Officer in Mesa, AZ.

→ Infipact is looking for a Chief Information Security Officer (remote).

→ Beacon Systems is looking for a Chief Information Security Officer at Jackson, MS.

→ City of Fredericksburg is looking for a Chief Information Security Officer in Fredericksburg, VA.

→ Norton Healthcare is looking for a Chief Information Security Officer in Louisville, KY.

→ Sky River Casino is looking for a Chief Information Security Officer in Elk Grove, CA.

→ Equity Bank is looking for a Chief Information Security Officer in Wichita, KS.

→ Norton Healthcare is looking for a Chief Information Security Officer in Louisville, KS.

Looking for a job? Hiring? Let us know.

These are virtual and live events for the cyber community you may find interesting:

Recently we had a session with Steve Martino, former CISO at Cisco, who talked about his experience as an Aphinia member and as a Gerson Lehrman Group consultant was awesome.

If you missed it, here is the recording:

Next steps: if you would like to explore fairly material consulting opportunities with Gerson Lehrman Group, send an email at getstarted@glgroup.com and your GLG contact there - Nicole Mikhov - will help you.

Separately, last week we had two excellent presentation by founders of cybersecurity startups out of Israel. If you missed them, check out the recorded sessions:

=Industry Events=

• CISO Summit is taking place on November 16, 2023 in New York, NY.

• RSA 2024 is taking place on May 6-9, 2024 in San Francisco, CA.

Attending or hosting an event? Let us know!

There’s been discussion on implications of using AI products by OpenAI (ChatGPT) and Github (Copilot) in the work environment - from cybersecurity and potentially, legal standpoints.

To offer your opinion on the subject and to participate in the discussion, join Aphinia Slack channel here >

Bad guys have been busy recently 📈 :

• Air Canada breached, 210 GB of data was stolen.

• A major security breach has hit Spanish airline, Air Europa, in the past 24 hours putting customers’ credit cards at risk.

• D.C. Elections Board says hackers may have accessed voter data.

• Flagstar Bank of Michigan is notifying over 837,000 people that their data was stolen.

• Cloud gaming firm Shadow says hackers stole customers’ personal data.

• RI hospitals fight cyberattacks on ‘almost a daily basis’.

• Hackers steal data and demand ransom from Metro Transit in St. Louis.

• Simpson Manufacturing shuts down IT systems after cyberattack.

• Valve bolsters security after hackers infected Steam games with malware.

• Vietnamese government operatives reportedly tried to infiltrate the phones of U.S. Congress members, American policy professionals, and journalists using advanced spyware.

But a handful of guys were nabbed 👮‍♀️:

• Cybercrime syndicates busted for luring Chinese nationals to work in “scam farms” in Myanmar and Cambodia.

• French cybercriminal pleads guilty to fraud and aggravated identity theft for hacking private information.

• Hong Kong and Macao police arrest 4 more people linked to JPEX cryptocurrency platform.

• BEC scammer pleads guilty to part in $6m scheme.

• Global crackdown on dark web drug market: 300 arrests and $53 million seized.

Stay safe.

Misha Sobolev

Aphinia