APHINIA - Your Weekly CISO Wire

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

• Kurt Haberstroh was appointed as CISO at Williams.

• Todd Mesick was appointed as CISO at Lubrizol.

• Brian Costello was appointed as CISO at TabaPay.

• Vasanth Madhure was appointed as CISO at VIAVI Solutio

• Jonathan Sanchez was appointed as CISO at BrandSafway.

• Kimberly Hood was appointed as CISO at Unitil.

• Tyler Berends was appointed as CISO at Sunrise Banks.

• Ed Moyle was appointed as CISO at FiT.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Altaf Uddin, CIO and CISO, Kansas Secretary of State

• Anurag Bihani, Data Scientist, SLB

• Brandon Lindsay, Director, Information Security & Data Protection, HIAS

• Dean Gibson, Senior Director, IT Infrastructure and Security, Quva Pharma

• Fred Harder, Senior Director of Security Engineering, Dun and Bradstreet

• Ioannis Haviaras, Manager, Governance, Risk and Compliance, Comcast

• Jim Lola, CISO & Head of IT, Sonim Technologies, Inc.

• Mike Gala, VP, Cybersecurity, Comcast

Welcome on board!

Who in your network can benefit from Aphinia? Please send them here »

Not yet a member? Apply here »

Do you want to share your story with fellow CISOs? Book your time now: https://calendly.com/aphinia/30min

Do you want to impart your wisdom and share actionable insights? And, importantly, to further enhance your personal brand so that you would get:

• a new Advisory role or a consulting gig

• a promotion or appointment

• a book deal or a speaking engagement at industry conference

Our dance card is filling up fast, here’s the link to grab your time slot now: https://calendly.com/aphinia/30min

Meanwhile, check out our recent conversation with Renana Friedlich (CISO, LPL Financial) on all things cybersecurity.

Full interview here»

Several important events happened that merit your attention:

• SEC dropped charges against SolarWinds and Tim Brown (congrats, Tim!): SEC drops remaining claims against SolarWinds over 2020 hack. The whole community of CISOs can now breath a little lighter after this.

• CISA ramps up hiring amidst escalating security threats: CISA will embark on a large hiring campaign to restore critical staffing lost under the previous administration. The agency plans new recruitment, flexibility measures, and university partnerships to reinforce its defenses as concerns over Chinese cyber activity grow.

• U.S. launches strike force against Southeast Asian crypto scams: The U.S. has created a Scam Center Strike Force to combat cryptocurrency investment fraud targeting Americans, run by Chinese transnational criminal organizations. The team has already seized over $401 million in crypto and works with federal and international partners to disrupt scams and recover stolen funds.

• Google sues operators behind massive phishing scheme: Google is taking legal action against the “Lighthouse” phishing-as-a-service operation that has scammed millions globally. The company is also backing new U.S. laws and deploying AI tools to help users detect and avoid fraudulent messages.

• Cybersecurity laws reinstated after shutdown: President Trump signed a bill ending the 43-day government shutdown and restoring two major cyber laws. Lawmakers and experts stress that urgent long-term action is needed to secure federal and local digital infrastructure.

• Lawmakers push governors to block ICE from DMV data: Senator Wyden, Rep. Espaillat, and 38 Congress members urged 19 Democratic governors to stop ICE from accessing residents’ DMV records, citing politicized use. Some states, including Illinois and New York, have already restricted access.

• EU rolls out optional democracy shield: The EU unveiled its Democracy Shield plan to curb foreign election interference through a new resilience centre, AI-election guidance, and safety measures for political candidates. But participation is voluntary, reflecting political tensions and limiting how much the initiative can compel member states to act.

• UK moves to toughen cyber defences: The UK is introducing new laws to harden cyber protections for essential services like the NHS, transport, water, and energy. The Cyber Security and Resilience Bill aims to curb rising threats by imposing stricter duties, expanding oversight to key suppliers, and improving national incident reporting.

• Military veteran considered to lead NSA and cyber operations: Army Lt. Gen. Joshua Rudd is under consideration to lead U.S. Cyber Command and the NSA despite having no direct cyber or signals intelligence background. His extensive Indo-Pacific and special operations experience is seen as an asset for regional security and strategic leadership.

• Russia blocks returning SIM cards to curb drone threats: Russia has introduced a 24-hour mobile data and SMS block on SIM cards brought back from abroad to prevent their use in guiding Ukrainian drones. Access can sometimes be restored early via a captcha, but technical glitches have limited its effectiveness.

• China-backed AI cyber espionage on the rise: Reports indicate that in September 2025, China-linked actors used Anthropic’s AI to autonomously launch cyberattacks on 30 global organizations. The AI handled most of the operations, including mapping systems, creating exploits, and exfiltrating data, signaling a new era of AI-driven cyber threats.

• Federal networks on edge as Cisco flaws go unpatched: U.S. federal agencies failed to properly update critical Cisco devices, leaving networks exposed to China-linked hackers. CISA issued fresh guidance after discovering numerous agencies had not applied the required security patches despite previous directives.

• Industry news: Polygraf AI, which uses AI to detect deception, deepfakes, and data leaks, has raised $9.5 million. Mate, a cybersecurity start-up, which builds AI-powered security operations centers and threat detection solutions, has raised $15.5 million. Apono, a provider of cloud-based identity access solutions, has raised $34 million. Tenzai, Israeli cybersecurity company, which automates penetration testing using AI tools, has raised $75 million. Corsica Technologies acquires AccountabillT. Cloudflare acquires Replicate.

These senior cybersecurity executive roles you may want to forward to your friends and colleagues:

• St. Peter’s Hospital is looking for a Director Chief Information Security Officer - IS Technology in Helena, MT.

• Eclaro is looking for a Chief Information Security Officer in Charlotte, NC.

• The University of North Carolina Asheville is looking for a Chief Information Security Officer in Asheville, NC.

• St Peter’s Healthcare System is looking for a Chief Information Security Officer in New Brunswick, NJ.

• Madison-Davis is looking for a Chief Information Security Officer in New York City, NY.

• Milliman is looking for a Chief Information Security Officer in Seattle, WA.

• EY is looking for a Chief Information Security Officer for US GPS in McLean, VA.

• Leidos is looking for a Cyber CISO, Consolidated Nuclear Security in Oak Ridge, TN.

• REE Medical is looking for a Chief Information Security Officer in (remote).

Looking for a job? Hiring? Let us know.

Are you a cybersecurity executive based in Houston?

Join us on December 16, 2025 for a CISO Mastermind Dinner:

Secure your spot today here: https://luma.com/o61ahvqi

Quick Sign Up - Aphinia In-Person CISO Mastermind Dinners:

Events are filling up very fast. So if you are traveling to the conferences or local to these cities sign up today:

Dec 1, 2025 - Las Vegas, NV (Re:Invent) - Join here>

Dec 7, 2025 - Dallas, TX (Gartner IAM) - Join here>

Dec 16, 2025 - Houston, TX - Join here>

Further Details About Aphinia In-Person Events:

• Re:Invent CISO Mastermind dinner is taking place on Dec 1, 2025 in Las Vegas, NV. This mastermind is co-hosted by David Tyburski (CISO, Wynn Resorts). If you are going Re:Invent this year, this is a “must attend” event. Space is limited, so sign up here today.

• Gartner IAM CISO Mastermind dinner is taking place on Dec 7, 2025 in Dallas, TX. This mastermind is co-hosted by Ian Schneller (Former CISO, Health Care Service Corp.). If you are going Gartner’s conference this year or if you are local to the DFW area, this is a “must attend” event. Space is limited, so sign up here today.

• Houston CISO Mastermind dinner is taking place on Dec 16, 2025 in Houston, TX. If you are based in the area, this is a “must attend” event. Space is limited, so sign up here today.

=> Want to host or sponsor a CISO Mastermind around a conference you are going to or in the city where you live? Reach out!

Industry Events:

• Re:Invent is taking place on Dec 2, 2025 in Las Vegas, NV.

• Gartner: Identity & Access is taking place on Dec 8-10, 2025 in Grapevine, TX.

• Gartner IT Infrastructure, IT Operations and Cloud Strategies is taking place on Dec 9-11, 2025 in Las Vegas, NV.

• Black Hat Europe is taking place on Dec 9, 2025 in London, UK.

• RSAC is taking place on March 22-26, 2026 in San Francisco, CA.

• Black Hat is taking place on Aug 1-6, 2026 in Las Vegas, NV.

Attending or hosting an event? Let us know!

Bad actors have been busy recently 📈:

• Nikkei Inc. has reported unauthorized access to its Slack platform after a virus-infected computer exposed credentials, potentially leaking data of 17,368 employees and partners.

• Following a cyberattack last Thursday, RTV Noord experienced significant outages across its broadcasting and online platforms, with staff relying on manual operations.

• Over 1.71 GB of internal documents and 1.2 million donor records were stolen from the University of Pennsylvania in a cyberattack that exploited stolen employee credentials.

• A suspected cyberattack has forced the German city of Ludwigshafen to disable its IT systems, disrupting online services while citizen data remains secure.

• Authorities in South Korea suspect North Korean involvement in a cyberattack that hijacked a human rights activist’s computer to distribute malware through their messaging app.

• The Washington Post has confirmed that it was among the victims of a cyber breach linked to Oracle’s E-Business Suite.

• Marks & Spencer reported a €154 million loss in profit following a cyberattack that crippled its online sales for weeks, with the retailer blaming Russian-linked hackers known as DragonForce.

• A successful cyberattack by the Russian state-backed Sandworm group deployed multiple data-wiping malware strains that crippled Ukraine’s education, government, and grain sectors.

• The U.S. Congressional Budget Office reported a network breach believed to be the work of a foreign actor, potentially exposing internal reports and correspondence with congressional offices.

• Four Pakistani senators revealed that online scammers had defrauded them, as lawmakers criticised the National Cyber Crime Investigation Agency for its inaction.

• Hyundai AutoEver America has revealed that its March 2025 data breach exposed names, SSNs and driver’s licenses.

But a handful of guys were nabbed 👮‍♀️:

• Russian hacker pleads guilty in ransomware scheme: Aleksey Volkov, a Russian national, pleaded guilty to acting as an initial access broker for Yanluowang ransomware attacks targeting eight U.S. companies. He faces up to 53 years in prison and must pay over $9.1 million in restitution to the victims of the attack.

• Samourai wallet developer sentenced: A Samourai Wallet developer, Keonne Rodriguez, was sentenced to five years in prison for running an unlicensed bitcoin mixing service that laundered $237 million.

• Pakistani data seller arrested: Anees Ahmed Shah was arrested for selling personal data of millions of Pakistanis, which he obtained from the black market and offered through multiple websites. Authorities recovered a one-terabyte hard disk from him and are investigating his network further.

• German scam kingpin nabbed: A German national linked to a Tbilisi-based scam call center defrauding thousands worldwide has been arrested in Georgia. Authorities are considering extradition to Germany as investigations continue.

• Capital One hacker resentenced with home confinement: A U.S. judge reimposed the original sentence for Paige Thompson, the former AWS engineer behind the 2019 Capital One breach. She received time served, supervised release, and must pay $40.7 million in restitution.

Stay safe.

Misha Sobolev

Aphinia

***

P.S.: Are you a senior GTM executive at a cybersecurity company wanting to get your story in front of 2,000+ of cybersecurity executives? Sponsor a thought leadership section in the next issue of CISO Wire.