Read the CISOs Connect™ Magazine CISO Spotlight Edition here: https://bit.ly/3Z2tIGc

Magazine Profiles the People Behind the Business-Critical Role

CISOs Connect™, an exclusive membership-only community, today announced the release of the inaugural Spotlight Edition of CISOs Connect Magazine, celebrating Chief Information Security Officers spearheading the war against ballooning cybercrime.

As cyber attacks proliferate and gain in sophistication across our increasingly connected globe, CISOs play an ever-more-critical role in safeguarding sensitive governmental, corporate and organizational data.

CISO Matt Lemon and His Son

 

“With this first CISO Spotlight Edition of CISOs Connect Magazine, we are highlighting the people behind the role — what drives them, their visions of the future, and the unique culture of giving back that defines this professional community,” said Aimee Rhodes, the CEO of CISOs Connect.

While the job will vary from organization to organization, CISOs must all demonstrate a range of skills that include technical expertise, negotiating savvy, coolness under fire and an ability to anticipate the future. They must also be continuous learners in an ever-shifting threat landscape.

No longer simply data protection specialists with a narrow lens into security concerns, CISOs have evolved into a class of business leaders deeply conversant with how their organizations work so they can balance risks and threats to help stakeholders achieve their goals.

“It’s an honor to be featured in this inaugural edition of CISOs Connect’s Spotlight Edition, along with many other talented and devoted members of our industry,” said Dr. Garrett Smiley, Chief Information Security Officer at Serco. “It is a valuable service to shine a spotlight on those of us who do so much behind the scenes to protect our organizations and our nation’s security. The fascinating profiles you will read here address not only professional trajectories but also the passions that drive us in our personal lives, and the wide array of interests, hobbies and good deeds we pursue. It’s a unique community that has many exciting stories to tell.”

The CISO Spotlight Edition is available here.

Many of the industry professionals who appear in this issue are recipients of CISOs Connect’s Top 100 CISO (C100) awards, a leading industry peer recognition honoring the pre-eminent security leaders across the United States and Canada.

Earlier this month, CISOs Connect opened nominations for its 2023 C100 awards, which will pay tribute to the achievements of an exceptional group of security professionals who are also committed to sharing the benefit of their wisdom with others in the industry.

What distinguishes this award from other forms of industry recognition is that it is peers recognizing peers as well as having a transparent process. Criteria for eligibility are clearly defined, and a declared board of expert judges – themselves pre-eminent CISOs — will choose the winners. Nominations close April 17, 2023, with the winners to be announced May.

As a fundamental part of their mission to support and recognize the CISOs unceasing efforts to safeguard their enterprises and organizations globally, CISOs Connect™ partnered with the following organizations to make the inaugural CISO Spotlight Edition possible:

Black Kite
Forte Group 
Mayfield Fund 
Qnary 
Uptycs

Read the press release here: https://www.prnewswire.com/news-releases/cisos-connect-releases-inaugural-ciso-spotlight-edition-of-its-magazine-301779749.html

About CISOs Connect

CISOs Connect is an exclusive membership-only interactive community of trusted cyber peers and subject matter experts. Connected by common interests, this community allows cyber experts to share knowledge and expertise through proprietary content, research and analysis, while exchanging information, ideas and collaborating with trusted colleagues to make informed business and technology decisions.

CISOs Connect™ is part of Security Current™, known for its Security Shark Tank® and is lauded for its CISO driven content, knowledge sharing, and community. It is purpose-built and led by the top CISOs in North America.

The post CISOs Connect™ Releases Inaugural CISO Spotlight Edition of Its Magazine appeared first on Security Current.

Russia’s repeated military failures in Ukraine have amplified the significance of the information battleground, says Oleh Derevianko, a leading Ukrainian cybersecurity expert based in Kyiv.

“It was always one of their core focuses. But because of their failure on the battlefield, disinformation operations, psychological operations like hack and leak attacks, and deep fake attacks will be even more and more important for them,” said Derevianko, the Co-founder, Chairman and Chief Vision Officer of Information Systems Security Partners, a private cybersecurity company founded in 2008 in Ukraine and now operating globally.

“I think that anything that can help them divide Ukrainian allies or influence public opinion in specific countries so they could try to make them doubtful will be one of their prime targets,” he said. “There will be disruptive cyber attacks as well, but disruptive cyber attacks really take a lot of time, whereas you can have huge quantities of hack and leak attacks, or attempts to undertake them.”

Shortly before Derevianko spoke, a Russian missile barrage pounded Kyiv. The Russian onslaught is now entering its second year, and Derevianko maintains that the war was made possible because Russia was successful in its disinformation operations in the first place.

“Thanks to their propaganda and disinformation inside of their country, they persuaded their own population about all these narratives that they’re disseminating there, portraying Ukraine as some kind of Nazi state and so on,” he said. “We know that with their narratives, they managed to create a very strong public opinion in Russia itself that support the war.”

Ukraine has enlisted foreign governments and international volunteers in its information campaign against Moscow, and “I think it’s pretty clear that Ukraine and its allies are winning the information war against Russia, at least in the West,” Derevianko said.

“Without the proper counter-disinformation campaigns, Ukraine and its allies wouldn’t be able to maintain the right perception about Russia as an aggressor. This informational component is extremely important for the purpose of maintaining allies’ support for Ukraine and supplying everything that’s needed to win this war,” he said.

Initially, the Russian disinformation campaign did hamper foreign governments’ willingness to supply Ukraine militarily, Derevianko said.

“Russia was pretty successful in the first months of this war in making the West extremely fearful of so-called escalation and nuclear conflict,” he said. “Even though I believe that many experts believe that they would never dare to do that because they would be fully destroyed, it dominated public opinion and many of the political circles of many countries. How long did it take for them to supply more powerful weapons to Ukraine?”

The significant international cyberspace aid “was pretty useful for government institutions because many of the government institutions were really not well equipped with the technology,” Derevianko said. 

The private sector, by contrast, had core technologies available, and the key lesson to be learned from Ukraine’s current experience in cyber warfare is that “people, and the quality of your team’s skills, matter the most in cybersecurity,” he said.

“You can have all the technology on earth, but it really depends on the quality of your people and how well your processes are operationalized,” he said. 

Another lesson he’s drawn is that organizations should have contingency funding available for deep full compromise assessment. Without that kind of evaluation, they’re open to more severe variants of the attack they’ve mitigated, he said.

Ukraine didn’t have a lot of suppliers of red and blue team exercise platforms or cyber ranges until recently. What it did have “is the real exercises,” he said, as it’s been facing Russian cyber attacks since 2014, the year Moscow invaded Crimea and annexed it from Ukraine.

That same year, Russian-backed separatists also seized power in parts of the Donbas region of eastern Ukraine. Two days before launching its full invasion, Moscow declared two areas of the Donbas, Donetsk and Luhansk, as independent states.

“Since 2014, we’ve appeared at the front lines of cyber warfare,” Derevianko said. “Ukraine became a testing ground for cyber war. We realized that Russia was not just attacking Ukraine, but also testing and developing techniques and capabilities, using Ukraine as a playground for that.” 

“There are continuous attacks and response, continuous attacks and response and the need to recover,” he said. “So basically teams were trained to respond to huge attacks, not just in terms of detecting and mitigating them, but also to recover from them, which means that for us, resilience is extremely important.”

After the full scale invasion started, cyber attacks multiplied threefold in 2022, Derevianko said. The CyberPeace Institute, a non-profit organization in Geneva, documented 249 cyber incidents against entities in Ukraine last year, as opposed to 464 cyber incidents against entities in nation-states that are not the combatants.

Derevianko estimates that more than 60 different groups are executing attacks against Ukraine and its allies.

The attacks that were relatively successful for Russia were against those targets to which the threat actors had access before the invasion began, including the communications system that was struck on the first day of the war or another attack against a nationwide telco company that culminated in March 2022 but the company had been breached back in January, he said.

Once the invasion began, there was “a clear tendency for using simpler and more easily modifiable tools rather than the tailored, specific attacks that they were executing before, when they had time to prepare,” he said.

Today, “I would say that Russia may be much more interested in cyber attacks aiming at espionage rather than disruption.”

Derevianko doesn’t think the Russians have had a strategic impact with their cyber attacks.

“I don’t think so, and I don’t think they were capable of doing that,” he said. “This is the result of Ukraine – and especially private sector operators – taking care of cybersecurity for the last eight years, and especially since 2017.”

That year, a wave of powerful cyberattacks using NotPetya malware targeted Ukraine, hitting the Chernobyl nuclear power plant, government ministries, media, utilities and financial institutions before spreading to other parts of the world. The attacks have been blamed on Russia, which has denied responsibility.

Asked if Russian cyber capabilities were overestimated, Derevianko replied: “I don’t think that the Russian capabilities were overestimated. I think that overall cybersecurity attacks as a method of modern warfare was overestimated by the general public and possibly political decision makers. Not in the sense that it’s not risky, but overestimated in the sense that it can create the same damage as the kinetic missile strikes.

“Cybersecurity has a strategic importance during warfare because it lets you keep all your services to people functioning.”

While Russian attackers put Ukrainian government institutions in their sights, their primary targets were commercial enterprises such as banks, telecoms, media, energy, and defense and security companies, Derevianko said.

“Even though the number of attacks increased, you don’t see many sophisticated attacks because you need a lot of manual work to execute those attacks,” he said. “Smaller companies are of course a big target, especially those who are within the supply chain to larger enterprises, to the government, to the defense and security sector, or to critical infrastructure.”

Because of the private sector preparation, the attacks were disruptive but not calamitous, he said. Cyber attacks and military attacks on civilian targets have often taken place in close proximity.

Ransomware attacks are down this past year, and he assumes that hacking groups that were engaged in financially motivated attacks are now being hired for state-sponsored attacks. What’s more, Ukraine was not a major magnet for ransomware attacks before the war because it is not as wealthy as many of its Western allies, he added.

Ukrainian officials, breaking new ground, have maintained that the Russian digital warfare constitutes a war crime and wants the International Criminal Court in the Hague, a war crimes tribunal, to investigate.

The post Kremlin’s Military Failures in Ukraine Magnify Importance of Information Battleground appeared first on Security Current.

Program designed to deepen the exclusive community’s commitment to helping cybersecurity professionals gain the knowledge they need to make informed business and technology decisions

NEW YORK, March 13, 2023 — CISOs Connect™, an invitation-only membership community dedicated to the professional advancement of Chief Information Security Officers across the globe, today announced the launch of its Chief Information Security Officer (CISO) in Residence program. Dr. Kevin McKenzie, an industry-recognized leader in information technology and security, will inaugurate the role.

As CISOs Connect’s™ first CISO in Residence, McKenzie will oversee and shape the high-value content that the organization provides through proprietary research, analysis and peer messaging. The objective: to engage the CISOs Connect™ community to help cybersecurity chiefs get the information they need to carry out their ever-evolving jobs.

“Today’s CISOs operate in a world of rapidly increasing threats, responsibilities and accountability. In addition to securing an ever-expanding attack surface, we are also on the front line of driving business growth. It is imperative for us to have a community that bolsters us professionally, offers opportunities for information sharing, and lends support, mentorship and guidance,” McKenzie said.

“It is a great honor to have been chosen to be the inaugural CISO-in-Residence at CISOs Connect™, an exclusive, community of trusted cyber peers and experts. CISOs Connect recognizes that today’s interconnected world is all about collaboration, support and information sharing, and I’m very excited to be helping to drive the organization’s mission.”

David Cass, President of CISOs Connect™, said: “We are excited to bring on a security practitioner as seasoned and multifaceted as Kevin. As a CISO myself, I know that someone of his caliber will bring incalculable value to our organization and the top-tier professionals we serve.” 

McKenzie comes to CISOs Connect™ with decades of experience in formulating and executing strategic visions for high-profile security programs in healthcare, federal information systems, high performance computing, newspaper publishing and retail. His multi-industry knowledge positions him to understand the needs and nuances of the diverse CISOs Connect™ community in these volatile times.

McKenzie also has been serving as a faculty member at Clemson University, teaching information systems and analytics courses in Clemson’s College of Engineering and the College of Business.  His many board appointments include service on CISOs Connect’s™ Distinguished CISOs Board.

“We’re thrilled to have Kevin on board as CISOs Connect’s™ inaugural CISO in Residence,” said Aimee Rhodes, CEO of CISOs Connect™. “In this new role, Kevin will dedicate himself to furthering CISOS Connect’s™ goal of providing unique analysis and high-value content to professionals navigating an environment that’s becoming more complicated by the day. He will also play an instrumental role in engaging our CISOs community to understand how we can best answer its needs.

“Kevin’s rich experience as a practicing CISO and respected academic puts him prime position to help CISOs get the information they want, while encouraging the collaboration that is so crucial in today’s security world.”

Read the press release here

About CISOs Connect

CISOs Connect is an exclusive invitation-only interactive community of trusted cyber peers and subject matter experts. Connected by common interests, this membership community allows cyber experts to share knowledge and expertise through proprietary content, research, and analysis while exchanging information, ideas and collaborating with trusted colleagues to make informed business and technology decisions.

The post CISOs Connect™ Names Industry Veteran Kevin McKenzie as Inaugural CISO in Residence appeared first on Security Current.

Security Shark Tank® Participating Companies:

Black Kite

Salt Security

Security Risk Advisors (SRA)

Uptycs

Breaks Sponsor

Tines

Dinner Sponsor

Astrix Security

The post CISOs Connect™ Security Shark Tank® NYC 2023 appeared first on Security Current.

CISOs Select Winners Based on Real-world Experience; Vendor Submissions Now Open

NEW YORK, July 18, 2022 – CISOs Connect™ today announced the launch of its annual CISO-selected vendor recognition, the 2022 CISO Choice Awards, and named the Distinguished CISO Board of Judges selecting the winning solutions and providers.

Honoring security vendors of all types, sizes and maturity levels, the CISO Choice Awards program recognizes differentiated solutions valuable to the CISO and enterprise. Security solution providers are from across the world. Submit for consideration here: https://www.research.net/r/CISOChoiceAwardsApplication2022

The CISO Choice Awards are a differentiated program based on the real-world experiences and perspectives of end-user executives, with clear criteria and a known and transparent Board of CISO Judges.  Part of Security Current’s exclusive CISOs Connect membership knowledge-sharing community, the CISO Choice Awards recipients are selected by the board who have first-hand knowhow and insights from building and maintaining their own programs.

“As CISOs grappling with real-world challenges on a daily basis, we know what distinguishes a good security solution from a great one,” said Board member Matt Lemon, Huawei Mobile Services CISO. “As a member of the exclusive CISOs Connect community, we want to recognize the innovations that are keeping companies, agencies and institutions safe at a time when cyber onslaughts are dangerously mounting.”

The CISO Choice Awards 2022 Board of Judges spans several verticals. The Board is made up of the following CISOs:

CN CISO Vaughn Hazen
Covanta CISO Tammy Klotz
Customers Bank EVP & CISO Endré Jarraux Walls
DC Department of Human Services (DHS) CISO Montae Brockett
Huawei Mobile Services CISO Matt Lemon
Invitae CISO Dave Ruedger
ICF International VP & CISO Joseph Dyer
IFF VP & CISO Lauren Dana Rosenblatt
One Main Financial CISO Tunde Oni-Daniel
Premise Health CISO Joey Johnson
Prologis VP, IT Governance, Information Security Officer Sue Lapierre
Radian CISO Donna Ross
William Blair CISO Ralston Simmons

Also, on the Board is well-known author and analyst Richard Stiennon, who wrote the Security Yearbook 2022, which includes a directory of some 2800 companies.

“Knowledge sharing and education are top pillars of our CISOs Connect community, and these awards offer an unparalleled look into how top security professionals minimize existing and emerging risks,” said Endré Jarraux Walls, Customers Bank EVP & CISO. “By collecting examples of real-life experiences, the awards will promote discussion and cast a spotlight on the proven partners and cutting-edge solutions that help us safeguard our organizations.”

Tammy Klotz, Covanta CISO added: “With cybercrime costing the world trillions of dollars a year, thousands of security companies and startups have sprung up across the world to focus on these digital dangers, and singling out the best fit for an organization’s needs is a daunting task. The CISO Choice Awards will make it easier for our peers to see which companies have risen above the competition.”

“As CISOs, finding the right cybersecurity technologies and solutions that align with our organization’s security objectives is essential, however, finding the right vendor that understands the value of true partnership is equally important,” said Joseph Dyer, ICF VP & CISO. “The CISO Choice Awards provides an opportunity for knowledgeable CISOs to distinguish exceptional vendors that have developed trust, offer solid security solutions, maintain innovation, and deliver valuable partnerships.”

As a fundamental part of their mission to support the CISOs and the cybersecurity solution ecosystem in order to safeguard enterprises and organizations internationally, Mayfield, a global venture capital firm, has partnered with CISOs Connect.

 

 

About CISOs Connect

CISOs Connect is an exclusive membership-only interactive community of trusted cyber peers and subject matter experts. Connected by common interests, this community allows cyber experts to share knowledge and expertise through proprietary content, research, and analysis while exchanging information, ideas and collaborating with trusted colleagues to make informed business and technology decisions.

CISOs Connect™ is part of Security Current™, known for its Security Shark Tank® and is lauded for its CISO driven content, knowledge sharing, and community. It is purpose-built and led by the top CISOs in North America.

The post CISOs Connect Launches the 2022 CISO Choice Awards with Notable CISO Board of Judges appeared first on Security Current.

The post CISOs Connect™ Chicago 2022 appeared first on Security Current.

Unprecedented CISO Peer-to-Peer Award Selects Winners Based on Transparent Criteria Making it the Leading Honor of Its Kind

NY, New York, June 30 — The Esteemed CISO Board of Judges of the CISOs Top 100 CISOs (C100) Recognition, a first of its kind peer-to-peer honor given by CISOs Connect™, have announced the winners of the award which commends the preeminent security leaders across North America. CISOs Connect is an exclusive membership-only community for enterprise security executives.

“Congratulations to the C100 winners,” said Christine Vanderpool, Florida Crystals VP & CISO.  “With over 500 applicants, I can tell you there were so many deserving recipients. As a first of its kind peer-to-peer award based solely on transparent criteria, the top 100 CISOs are truly exceptional leaders in our field, in the work they do, and in their commitment to give back.”

See the C100 winners here: https://tinyurl.com/3uvm4ejs

The C100 recognition honors the top 100 CISOs across industries who are experienced, proven leaders who share their expertise with others to continue to give back to the industry to further secure and protect organizations in the US and globally. 

The Esteemed CISO Board includes:

Rockwell Automation VP, Global Security and CISO Nicole Darden Ford
Dollar Tree Stores SVP & CISO Kevin McKenzie
Florida Crystals VP & CISO Christine Vanderpool
Freddie Mac SVP & CISO Betty Elliott
Kraft Heinz CISO Ricardo Lafosse
Markel Corporation CISO & Chief Privacy Officer Patricia Titus
NFL CISO Tomás Maldonado
Otis Elevator Co. CISO Mario Memmo
Truist CISO Howard Whyte
University of Chicago Medicine CISO Les McCollum ll
ServiceTitan Sr. Director & CISO Cassio Goldschmidt
World Fuel Services VP & CISO Shawn Bowen

“My CISO peers and I are exceptionally proud of the winners, as these esteemed individuals represent some of the best in our discipline. We received many outstanding nominations, however those awarded truly stood out for their leadership, character, and contributions to our field” said Les McCollum ll, University of Chicago Medicine. “It was important for me and the board that the awardees represent how a CISO can be a critical executive resource, successfully lead their organization through strategic change, and are viewed as an expert in our domain. Finally, when selecting the winners, there was an emphasis on how these individuals give back to the community, industry, and the next generation of security professionals. The 2022 C100 awardees are an incredible group.”

In addition to the criteria to nominate being transparent, the process by which the Esteemed Board of Judges made the final determinations and the Board itself is public. Nominations were self-submitted and by third parties on behalf CISOs who met the established criteria.

Criteria included being in the role of CISO (or equivalent) and at an end-user enterprise or organization for at least five years, with involvement and leadership roles in professional organizations, security-related volunteering and activism, as well as teaching and mentoring future cybersecurity professionals across functions being benchmarks strongly considered amongst others. 

There is no fee or financial requirement at any point associated with the C100 awards. 

The Board of Esteemed Judges in addition to honoring the Top 100 CISOs in the United States have awarded their peers, Kevin McKenzie, Dollar Tree Stores EVP & CISO the CISO Visionary Award and Patricia Titus, Markel Corporation CISO and Chief Privacy officer the CISO Trailblazer Award. 

Kevin exemplifies the Visionary Award which honors a person whose work epitomizes someone with exceptional foresight and vision, furthering cyber security and elevating the CISO role. Kevin is someone who understands not only today’s challenges but has the foresight to look towards the future. He is an innovative and transformational executive who understands the intersection between business and technology while nurturing future generations of security professionals.

Patricia personifies the Trailblazer Award, which honors a person who is forging new territories for growth in the role of cybersecurity professionals. She is someone who elevates the role through her expertise. Because of trailblazers like Patricia, the CISO role has evolved beyond recognition over the past decade. She has helped move you and your peers into the boardroom as CISOs are increasingly essential business leaders. 

As a fundamental part of their mission to support and recognize the CISOs unceasing efforts to safeguard their enterprises and organizations globally, CISOs Connect™ partnered with the following organizations to make the C100 possible: 

• Black Kite
• Zero Networks
• Morgan Franklin Consulting
• Aqua Security
• Horizon3.ai
• Mayfield
• Lynx Technology Partners
• Stellar Cyber

About CISOs Connect

CISOs Connect is an exclusive membership-only interactive community of trusted cyber peers and subject matter experts. Connected by common interests, this community allows cyber experts to share knowledge and expertise through proprietary content, research, and analysis while exchanging information, ideas and collaborating with trusted colleagues to make informed business and technology decisions.  

CISOs Connect™ is part of Security Current™, known for its Security Shark Tank® and is lauded for its CISO driven content, knowledge sharing, and community. It is purpose-built and led by the top CISOs in North America. 

For more information email info@securitycurrent.com

The post CISOs Connect ™ Announces Winners of the 2022 CISOs Top 100 CISOs (C100) Recognition appeared first on Security Current.

The winners of the C100 Award are listed in alphabetical order by first name.

Companies and job titles listed are based on the time the winner was selected.

All awardees are CISOs or CISO equivalents.

Kevin McKenzie, Dollar Tree Inc. Enterprise Chief Information Security Officer and Vice-President of Information Technology

Patricia Titus, Markel Corporation CISO & Chief Privacy Officer

Dr. Adrian M. Mayers, Premera Blue Cross Vice President & Chief Information Security Officer

Aman Raheja, Humana Chief Information Security Officer & Head of IT Operations

Ana Roldan, Nova Southeastern University Executive Director & Chief Technology Officer

Ann Delenela, Entergy Vice President & Chief Information Security Officer

Annessa McKenzie, ConocoPhillips Chief Information Security Officer

Dr. Arun DeSouza, Nexteer Automotive Corporation Chief Information Security & Privacy Officer

Ben Sapiro, Canada Life Head of Technology Risk & Chief Information Security Officer

Benjamin Corll, Coats Group Vice President of Cybersecurity

Brad Maiorino, Raytheon Technologies Chief Information Security Officer

Bradley Schaufenbuel, Paychex Vice President and Chief Information Security Officer

Brandon Champion, GE Power Conversion Chief Information Security Officer

Bret Arsenault, Microsoft Corp. Chief Information Security Officer

Brett Conlon, American Century Investments Chief Information Security Officer

Brett Wahlin, Activision Blizzard Senior Vice President & Chief Information Security Officer

Brian Miller, Healthfirst Chief Information Security Officer

Chandra McMahon, CVS Health Senior Vice President & Chief Information Security Officer

Chris McLaughlin, Johns Manville Chief Information Security Officer

Christopher Porter, Fannie Mae Senior Vice President & Chief Information Security Officer

Colin Anderson, Ceridian Senior Vice President & Chief Information Security Officer

Craig Froelich, Bank of America Chief Information Security Officer

Dr. Cris V. Ewell, NRC Health Chief Security and Privacy Officer

Dan Bowden, Marsh Global Chief Information Security Officer

Dr. Darren Death, ASRC Federal Vice President of Information Security & Chief Information Security Officer

Dave Estlick, Chipotle Mexican Grill Vice President and Chief Information Security Officer

David Hahn, CDK Global Chief Information Security Officer

David Levine, Ricoh USA Inc. Vice President of Corporate and Information Security and CSO

David Ortiz, Church & Dwight Global Chief Information Security Officer

David Shaw, UCLA Information Technology Services Chief Information Security Officer

David Sheidlower, Turner Construction Company Vice President and Chief Information Security and Privacy Officer

David Sherry, Princeton University Chief Information Security Officer

Deneen DeFiore, United Airlines Vice President & Chief Information Security Officer

Devon Bryan, Carnival Corporation Global Chief Information Security Officer

Donna Ross, Radian Group Inc. Executive Vice President, Chief Information Security Officer

Endré Jarraux Walls, Customers Bank EVP & Chief Information Security Officer

Eric Hussey, Aptiv Vice President & Global Chief Information Security Officer 

Erik Decker, Intermountain Healthcare Assistant Vice President – Chief Information Security Officer

Erik Hart, Cushman & Wakefield Chief Information Security Officer

Frank Aiello, MAXIMUS Senior Vice President, Chief Information Security Officer

Dr. Fred Kwong, DeVry University Vice President & Chief Information Security Officer

Dr. Garrett Smiley, Serco Chief Information Security Officer / Vice President of Information Security

Gary Harbison, Bayer SVP, Global Chief Information Security Officer

Greg Bee, Pekin Insurance VP – Chief Risk Officer & Chief Information Security Officer

Holly Ridgeway, Citizens Financial Group, Inc EVP Chief Security Officer

Hussein Syed, RWJBarnabas Health Vice President & Chief Information Security Officer

Jairo Orea, Royal Caribbean Group Global Chief Information Security Officer

James Baird, Focus Brands Chief Information Security Officer

Jason Witty, United Services Automobile Association (USAA) Chief Security Officer

Jasper Ossentjuk, NielsenIQ Senior Vice President & Global Chief Information Security Officer 

Jeffrey W. Brown, State of Connecticut Chief Information Security Officer 

Jim Cameli, Walgreens Boots Alliance Global Chief Information Security Officer & Corporate VP

Jim Goddard, Hellman & Friedman Senior Operating Executive & Chief Security Officer

Joey Johnson, Premise Health Chief Information Security Officer

John Virden, Miami University Chief Information Security Officer & Assistant Vice President of Security, Compliance and Risk Management

Dr. Jorge Llano, New York City Housing Authority Chief Security Officer

Joseph Dyer, ICF International Vice President & Chief Information Security Officer

Justin Metallo, Volkswagen Financial Services Chief Information Security Officer

Keith Wilson, W. R. Berkley Corporation Global Chief Information Security Officer

Ken Athanasiou, VF Corporation Vice President & Chief Information Security Officer

Kevin Morrison, Driven Brands Vice President & Chief Information Security Officer

Kimberly Trapani, American Tire Distributors SVP & Chief Security Officer / Chief Digital Security Officer

Kostas Georgakopoulos, Mondelēz International Inc. Vice President & Global Chief Technology and Information Security Officer

Laura Deaner, Northwestern Mutual Chief Information Security Officer

Leon Ravenna, KAR Global Chief Information Security Officer & Chief Information Officer

Lester Godsey, Maricopa County Chief Information Security Officer 

Marcos Marrero, H.I.G. Capital Chief Information Security Officer

Mark Eggleston, CSC Chief Information Security Officer

Dr. Mark Leary, Regeneron Pharmaceuticals, Inc. Global Chief Information Security Officer

Marnie Wilking, Wayfair Global Head of Security and IT Risk Management

Michael Hanson, Solidigm Chief Information Security Officer

Michael McNeil, McKesson Senior Vice President, Global Chief Information Security Officer

Michael Palmer, Hearst Chief Information Security Officer

Montae Brockett, DC Department of Human Services (DHS) Chief Information Security Officer

Nabeel Yousif, Flexiti VP Information Security & DevSecOps Engineering & Chief Information Security Officer

Nazrin Rezai, Verizon Senior Vice President & Chief Information Security Officer

Peeyush Patel, Careem (Uber Company) Chief Information Security Officer

Phil Venables, Google Cloud Chief Information Security Officer & Google Vice President

Rafi Khan, NJ TRANSIT Chief Information Security Officer

Randall Frietzsche, Denver Health Enterprise Chief Information Security Officer 

Raymond Umerley, Pitney Bowes Vice President, Chief Information Risk Officer

Dr. Robert K Pittman Jr, San Bernardino County – Innovation and Technology Department Chief Information Security Officer

Roland Cloutier, TikTok Global Chief Security Officer 

Ron Green, Mastercard Executive Vice President & Chief Security Officer

Sam Masiello, The Anschutz Corporation Chief Information Security Officer

Scott vonFischer, LyondellBasell Senior Director of Global Cybersecurity

Shaun Khalfan, Discover Financial Services SVP, Chief Information Security Officer

Shaun Marion, Mc Donald’s Vice President & Chief Information Security Officer

Sherron Burgess, BCD Travel Senior Vice President & Chief Information Security Officer

Sheryl Hanchar, Cobham Advanced Electronic Solutions Vice President & Chief Information Security Officer

Stephen Davis, Revlon Inc. CVP & Chief Information Security Officer

Sue Williams Lapierre, Prologis Vice President, IT Governance, Information Security Officer

Supro Ghose, EagleBank Senior Vice President & Chief Information Security Officer 

Tammy Klotz, Covanta Chief Information Security Officer

Tim Callahan, Aflac Senior Vice President, Global Security; Chief Security Officer

Tim McKnight, SAP EVP & Chief Security Officer 

Dr. Tolgay Kizilelma, Sutter Health Information Security Officer

Dr. Trebor Z. Evans, Dollar Bank, FSB Senior Vice President & Chief Information Security Officer 

Vaughn Hazen, CN Rail Chief Information Security Officer

William Scadrett, Allina Health Vice President & Chief Information Security Officer

Dr. Yonesy Núñez, Jack Henry & Associates (Jack Henry) Chief Information Security Officer

Zaki Abbas, Brookfield Asset Management Senior Vice President & Chief Information Security Officer

The post Congratulations to the 2022 C100 Winners appeared first on Security Current.

Security Current’s™ CISOs Connect™ C100 Is a First of Its Kind Honor With Transparent CISO-Only Board and Transparent Criteria

NY, New York, June 16th, 2022 – CISOs Connect™, an exclusive membership-only community of Security Current™, today announced the CISOs Top 100 CISOs (C100) Awards Ceremony recognizing the 2022 winners, the consummate security leaders across North America, will be held on June 29th.

The C100 recognition honors the top 100 North American CISOs across industries who are experienced, proven leaders who share their expertise with others and continue to give back to the industry to further secure and protect organizations in North America and worldwide. 

The C100 Ceremony will be held virtually on June 29th at 5pm Eastern. Register to request to attend here to honor the winners and meet the CISO Board of Judges: https://us06web.zoom.us/webinar/register/WN_nyXq9nV6RmKgyv6sTXl9Xg 

The Distinguished CISO Board includes:

Rockwell Automation VP, Global Security and CISO Nicole Darden Ford
Dollar Tree Stores EVP & CISO Kevin McKenzie
Florida Crystals VP & CISO Christine Vanderpool
Freddie Mac SVP & CISO Betty Elliott
Kraft Heinz CISO Ricardo Lafosse
Markel Corporation CISO & Chief Privacy Officer Patricia Titus
NFL CISO Tomás Maldonado
Otis Elevator Co. CISO Mario Memmo
Truist CISO Howard Whyte
University of Chicago Medicine CISO Les McCollum ll
ServiceTitan Sr. Director & CISO Cassio Goldschmidt
World Fuel Services VP & CISO Shawn Bowen

• Key criteria, amongst others considered, included:
  • A CISO (or equivalent) and at an end-user enterprise or organization for at least five years
  • Involvement and leadership roles in professional organizations
  • Volunteering and activism
  • Mentoring, teaching and educating future cybersecurity professionals across business and technical functions 

There is no fee or financial requirement at any point associated with the C100 awards. 

As a fundamental part of their mission to support and recognize the CISOs’ unceasing efforts to safeguard their enterprises and organizations globally, CISOs Connect™ partnered with the following organizations to make the C100 possible: 

• Black Kite
• Zero Networks
• Morgan Franklin Consulting
• Aqua Security
• Horizon3.ai
• Mayfield
• Lynx Technology Partners
• Stellar Cyber

About CISOs Connect™

CISOs Connect is an exclusive membership-only interactive community of trusted cyber peers and subject matter experts. Connected by common interests, this community allows cyber experts to share knowledge and expertise through proprietary content, research, and analysis while exchanging information, ideas and collaborating with trusted colleagues to make informed business and technology decisions.  

CISOs Connect™ is part of Security Current™, known for its Security Shark Tank® and is lauded for its CISO driven content, knowledge sharing, and community. It is purpose-built and led by the top CISOs in North America. 

For more information email info@securitycurrent.com

The post Esteemed Board of CISO Judges to Host Ceremony Honoring the CISOs Top 100 CISO (C100) 2022 in North America appeared first on Security Current.

New report reveals APIs and cloud applications are CISOs’ greatest threat to security readiness 

Research surveying more than 400 Chief Information Security Officers finds they are prioritizing Zero Trust and partner risk management to help mitigate critical security challenges.

June 1, 2022. Tysons Corner, VA – Just-published research, The CISOs Report: Perspectives, Challenges and Plans for 2022 and Beyond, reveals that Chief Information Security Officers (CISOs) are grappling with a wide range of risks and challenges, especially linked to accelerating utilization of technologies like cloud-based applications and the use of Application Programming Interfaces (APIs). The report is based on a survey of more than 400 Chief Information Security Officers (CISOs) working across a broad set of companies and industry sectors in the US, Canada and other select nations. 

Quickly evolving technologies, compounded by the effects of remote work, create new layers of risk

Recent shifts in the IT landscape have resulted from the dramatic escalation of remote work, cloud adoption, BYOD and changing development practices. The security impacts of those changes are reflected in where CISOs see the most need to strengthen their defenses.

CISOs rate their organization’s IT components most needing security improvement as:

• APIs – 42%
• Cloud applications (SaaS) – 41% 
• Cloud infrastructure (IaaS) – 38% 

Industry use of API technology has exploded over the last few years due to the shift to component-based microservices architecture used extensively in modern applications, and the growing adoption of cloud services.  Not to be overshadowed, too, are web applications in general, which are proving to be particularly susceptible to a wide variety of client-side attacks (e.g., formjacking, Magecart). 

CISOs rate their organization’s security processes most in need of improvement as:

• Data discovery and classification – 38% 
• Data backup and recovery, as well as vulnerability remediation – 36% each
• Development security operations (DevSecOps) – 35% 

CISOs are taking action on Zero Trust

While early on some were quick to relegate Zero Trust as hype, it is not. A full 96.5% of CISOs surveyed are either underway with or actively planning for a Zero Trust initiative. Only 7.5% claim to already have a robust implementation, but even those will require ongoing improvement to extend key practices to the application and data layers as cyber threats continue to evolve. Over 50% say implementing or enhancing their Zero Trust model is one of their top three priorities for the coming year.

Third-party risk pervades

While supply chains have become essential to the success of almost all businesses, CISOs see plenty of supplier and partner challenges to overcome. Third-party risk tops a long list of cyber vulnerabilities causing CISOs the most concern, rating 3.89 on a scale of 1 (lowest) to 5 (highest). This finding tracks with the escalation of supply chain security issues over the last two years. Supply chain attacks rate 3.93 out of 5 as the cyber threat that causes the most concern. Forty three percent of survey respondents indicate that better addressing partner or supplier risk is among their top three priorities for the coming year.

Given third-party concerns, 41% of CISOs plan to add or upgrade third-party security and risk management technology over the next year. Other technologies high on the shopping list include network/micro segmentation (65%), container security (57%) and security service edge (SSE) platform (55%).

About The CISOs Report

The CISOs Report is the only industry report representing solely the perspectives of the senior-most cybersecurity executives ultimately responsible for their organization’s safety. It provides unprecedented insights into the greatest challenges and opportunities they face, and allows CISOs to benchmark tactics and technologies they are pursuing to achieve their goals against those of their peers. 

Mario Memmo, Vice President, Chief Information Security Officer, Otis Elevator Company, said, “As a CISO, I am always interested in what my peers are experiencing and how they are dealing with the challenging cyber threats we face. The insights provided in this report are invaluable in getting that peer-to-peer perspective, and helping us benchmark against the best practices of others in our profession.”

The study was conducted by AimPoint Group, W2 Communications, and CISOs Connect, three organizations engrained in the cybersecurity industry, delivering CISO, business and marketing consulting services.

The CISOs Report would not be possible without the support of sponsor organizations: Accenture Federal Services; Beyond Identity; Black Kite, Feroot Security; Gigamon; Horizon3.ai; Lynx Technology Partners; Menlo Security; NetRise; SpyCloud; VMware; and Zscaler. To access the complete report, please visit: /thecisosreport/.

About the Authors

Aimpoint Group (APG) delivers high-impact marketing for the world’s leading cybersecurity solution providers. The company’s services include marketing consulting, cybersecurity research, and content creation. For more information, please visit: https://www.aimpointgroup.com. 

CISOs Connect is an exclusive invitation-only interactive community of trusted cyber peers and subject matter experts.  Connected by common interests, this membership community allows cyber experts and CISOs to share knowledge and expertise through proprietary content, research, and analysis while exchanging information, ideas and collaborating with trusted colleagues to make informed business and technology decisions.

W2 Research, a division of W2 Communications, leverages industry analyst and research expertise to produce findings and reports that offer unique insights and inform client initiatives. W2 Communications is a digital marketing and public relations firm specializing in cybersecurity. Boasting a seasoned team of industry experts that blend technical expertise and deep sector knowledge W2 Communications has a reputation for building brands and driving leads. For more information, please visit: www.w2comm.com.

The post The CISOs Report: Perspectives, Challenges and Plans for 2022 and Beyond appeared first on Security Current.