Tag Archive for: chief

CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief

/in


HP and Dell Technologies are two of the world’s largest international computer manufacturers. Their CISOs, Joanna Burkey (HP) and Kevin Cross (Dell), both manage security teams comprising many hundreds of people, and are responsible for corporate security across multiple jurisdictions. The role of CISO is different for a multinational corporation compared to a national company.

Reporting and budget

Historically, the CISO reports to the CIO, and this remains the most common reporting structure. Not all CISOs agree with this because of the inherent conflict of interest between IT and security. Both Burkey and Cross believe it is right for some companies, but wrong for others.

There’s no one size fits all solution to the hierarchy issue, says Burkey. “Every company has a different culture and different value prop; and it is these that determine the right location for the CISO.”

Cross has a very similar view. “There is no right or wrong answer to this,” he says. “It is dependent on the company culture and the business landscape how things should best be structured.” Supporting this, he notes that Dell’s structure is slightly unusual. “I report to a chief security officer who reports to general counsel, who reports to the CEO.” A stronger than usual integration with Legal could be considered important for a firm working across multiple jurisdictions with different privacy and data security requirements.

Joanna Burkey, CISO at HP
Joanna Burkey, CISO at HP

Budget is always an issue for any CISO – getting sufficient funds to do what is important. One of the weaknesses in having the CISO report to the CIO is that it is still common for the security budget to be taken as a percentage of the IT budget. But security has grown beyond IT alone. 

“Cybersecurity is a strategic horizontal in most enterprises,” comments Burkey. “Cyber is important everywhere and it is really important that the funding model and the financial partnerships for cyber span the enterprise.”

Achieving this is complex and governed by the individual business landscape. “I’ve seen different models that can work,” she continued. “Budget could be received from a single source, such as the CFO or CTO, but…

Source…

Former Uber security chief sentenced for data-breach cover-up

/in


SAN FRANCISCO — The former chief security officer for Uber was sentenced to probation Thursday for trying to cover up a 2016 data breach in which hackers accessed tens of millions of customer records from the ride-hailing service.

Joseph Sullivan was sentenced to a three-year term of probation and ordered to pay a fine of $50,000, the U.S. attorney’s office announced.

Sullivan, 54, of Palo Alto was convicted by a federal jury in San Francisco last October of obstructing justice and concealing knowledge that a federal felony had been committed.

It was believed to be the first criminal prosecution of a company executive over a data breach.

Sullivan was hired as Uber’s chief security officer in 2015. In November 2016, Sullivan was emailed by hackers, and employees quickly confirmed that they had stolen records on about 57 million users and also 600,000 driver’s license numbers, prosecutors said.

After learning of the breach, Sullivan began a scheme to hide it from the public and the Federal Trade Commission, which had been investigating a smaller 2014 hack, authorities said.

According to the U.S. attorney’s office, Sullivan told subordinates that “the story outside of the security group was to be that ‘this investigation does not exist,’ ” and arranged to pay the hackers $100,000 in bitcoin in exchange for them signing non-disclosure agreements promising not to reveal the hack. He also never mentioned the breach to Uber lawyers who were involved with the FTC’s inquiry, prosecutors said.

Uber’s new management began investigating the breach in the fall of 2017. Despite Sullivan lying to the new chief executive officer and others, the truth was uncovered, and the breach was made public, prosecutors said.

Sullivan was fired along with Craig Clark, an Uber lawyer he had told about the breach. Clark was given immunity by prosecutors and testified against Sullivan.

Prosecutors had recommended a sentence of 15 months in federal prison for Sullivan, who submitted more than 100 letters of support from friends, family and colleagues.

In an April sentencing memo, prosecutors said that showed that Sullivan is “a wealthy, powerful man” with a deep network of family and friends.

“There…

Source…

Wilsbach named as next Air Combat Command chief

/in


The Biden administration has tapped Air Force Gen. Kenneth Wilsbach, the service’s top officer in the Pacific, to run Air Combat Command, the Pentagon announced Thursday.

If confirmed by the Senate, Wilsbach would come in at a time of transition for ACC, the Air Force’s largest umbrella organization for air warfare. He would bring to ACC his experience as a career fighter pilot who has spent most of the past four decades in the Pacific, as the U.S. military views China as its top strategic threat.

He is set to succeed Gen. Mark Kelly, who has led the command since August 2020. Air Force Staff Director Lt. Gen. Kevin Schneider was nominated April 20 to replace Wilsbach at Pacific Air Forces; it’s unclear what Kelly’s next move will be.

Wilsbach was commissioned into the Air Force in 1985 and became a decorated pilot with more than 5,000 flight hours in the F-15C, F-16C and F-22 fighter jets and MC-12 intelligence plane. His awards include the Defense Distinguished Service Medal, Defense Superior Service Medal, Legion of Merit and the Bronze Star, among others, according to his official biography.

Prior to leading PACAF, he recently served as the deputy commander of U.S. forces in South Korea, commander of U.S. Northern Command’s Alaska branch, and operations director at U.S. Central Command. He joined PACAF in July 2020.

ACC oversees more than 156,000 personnel across nearly 250 locations around the world. It supplies fighter and intelligence-collection aircraft, cyber warfare specialists and more to commanders in North America, South America, the Middle East and Southeast Asia.

The command is beginning to retire hundreds of its older aircraft after decades at war in Iraq, Afghanistan and Syria, and hopes to build a more flexible and technologically advanced force for the years ahead.

The Pentagon also announced Thursday that Maj. Gen. Linda Hurry will pin on a third star to become the deputy commander of Air Force Materiel Command, the service’s acquisition and maintenance hub. She currently serves as the logistics director at Air Force headquarters.

It’s unclear when their nominations might get across the finish line. Hundreds of military job changes are on hold in the…

Source…

Vladimir Putin’s cyber warfare chief sent sex toys after his email is hacked – World News

/in


Ukrainian hackers broke into Sergey Morgachev’s AliExpress account and ordered several sex toys and gay pride flags in his name in an “symbolic act of moral humiliation”

Sergei Morgachev, a Russian top-ranking spy, was hacked(InformNapalm)

A top Russian military spy has been bombarded with sex toys after his personal email was hacked.

Ukrainian hackers claim they gained access to Sergey Morgachev’s AliExpress account, ordering multiple sex toys and gay pride flags in his name.

The embarrassing hack was intended as “a symbolic act of moral humiliation.”

Morgachev is Vladimir Putin‘s Lieutenant Colonel at Moscow’s chief intelligence office, the GRU.

It is believed he was in charge of Russia‘s notorious “Fancy Bear” hackers, also known as APT28.

The hackers, who call themselves Cyber Resistance, claimed on Telegram that they had managed to break into Morgachev’s email account.

Then, they were able to access personal information such as family photos and scanned documents of people associated with him, according to the open-source intelligence site Info Nampalm.

Source…