Tag Archive for: CISO

Generative AI, cyber insurance fill out city CISO toolbelts


Local government cybersecurity officials said during an online event Tuesday that procurement, cybersecurity insurance and generative artificial intelligence are all tools they can use to combat ransomware.

Officials said they continue to be concerned with ransomware attacks, a longstanding threat to the public sector that rose 51% during the first eight months of 2023 compared to the same period a year earlier, according to the Center for Internet Security.

“Unfortunately, Atlanta several years ago had a ransomware attack. So that is very fresh in their minds,” Atlanta Chief Information Officer Alan Greenberg said during StateScoop and EdScoop’s Cybersecurity Modernization Summit. “They are very incentivized to make sure they put in all of the proper protections.”

Local agencies often have strict procurement rules to ensure government has the opportunity to spend tax dollars on the most effective and cost-efficient technologies. But those slow processes can become obstacles to rapid response.

“This is a lessons learned — make sure you understand your entity’s emergency procurement process,” said Brian Gardner, chief information security officer of Dallas, which last year suffered a ransomware attack that knocked offline the court system and Dallas Police Department website. “When you have a [cyber] event, you don’t want that to be a tripping point for yourself to slowing your ability to recover down.”

Gardner urged security officers to familiarize themselves with state and local emergency contracting protocols so they can be ready for cyberattacks.

Kim Lagrue, New Orleans’ security chief, said she’s an advocate for cybersecurity insurance, which can help offset costs from common cyber risks, including data breaches and ransomware.

“Cybersecurity insurance gave us a blanket move forward,” Lagrue said. “But many areas, small municipalities, smaller organizations, struggle to afford cyber security insurance, as the premiums have escalated so high.”

According to a 2022 survey by the nonprofit CompTIA , 92% of local governments have a governmentwide cybersecurity policy for employee behavior and operations. The…

Source…

Illinois CISO Adam Ford steps down for role at cyber firm Zscaler


After five years as chief information security officer for the Illinois Department of Innovation and Technology, Adam Ford has moved into a new role at Zscaler, a cloud security company in San Jose, California.

Ford worked for the state of Illinois since 2000, starting his government tenure as a network architect and engineer. In 2023, he was the recipient of the National Association of State Chief Information Officers’ Thomas M. Jarrett State Cybersecurity Leadership Award for strengthening the state’s cybersecurity infrastructure, multi-factor authentication initiatives for network and system access and the improvements he made to information sharing, joint training exercises and coordinated responses to cyber incidents across state government agencies.

Prior to his departure, Ford posted on social media thanking the state’s administration for “strong sponsorship of cybersecurity initiatives” and the technology department’s leadership.

“In my more than 20 years with the state of Illinois, I’ve never failed to be impressed by the people who work here,” Ford wrote on LinkedIn earlier this week. “Public service isn’t all glamour, folks! Thank you to all my co-workers at DoIT and other agencies for putting in long hours, for wading into seemingly impossible problems and solving them, and for your friendship while doing so.”

The CISO position at the Illinois DoIT is open to applications until Jan. 19.

Sophia Fox-Sowell

Written by Sophia Fox-Sowell

Sophia Fox-Sowell reports on artificial intelligence, cybersecurity and government regulation for StateScoop. She was previously a multimedia producer for CNET, where her coverage focused on private sector innovation in food production, climate change and space through podcasts and video content. She earned her bachelor’s in anthropology at Wagner College and master’s in media innovation from Northeastern University.

Source…

New CISO Global, Halcyon partnership seeks to combat ransomware



SiliconAngle reports that cyber resilience-focused companies CISO Global and Halcyon Technologies have collaborated to provide integrated security offerings featuring their respective cyber solutions …

Source…

CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief


HP and Dell Technologies are two of the world’s largest international computer manufacturers. Their CISOs, Joanna Burkey (HP) and Kevin Cross (Dell), both manage security teams comprising many hundreds of people, and are responsible for corporate security across multiple jurisdictions. The role of CISO is different for a multinational corporation compared to a national company.

Reporting and budget

Historically, the CISO reports to the CIO, and this remains the most common reporting structure. Not all CISOs agree with this because of the inherent conflict of interest between IT and security. Both Burkey and Cross believe it is right for some companies, but wrong for others.

There’s no one size fits all solution to the hierarchy issue, says Burkey. “Every company has a different culture and different value prop; and it is these that determine the right location for the CISO.”

Cross has a very similar view. “There is no right or wrong answer to this,” he says. “It is dependent on the company culture and the business landscape how things should best be structured.” Supporting this, he notes that Dell’s structure is slightly unusual. “I report to a chief security officer who reports to general counsel, who reports to the CEO.” A stronger than usual integration with Legal could be considered important for a firm working across multiple jurisdictions with different privacy and data security requirements.

Joanna Burkey, CISO at HP
Joanna Burkey, CISO at HP

Budget is always an issue for any CISO – getting sufficient funds to do what is important. One of the weaknesses in having the CISO report to the CIO is that it is still common for the security budget to be taken as a percentage of the IT budget. But security has grown beyond IT alone. 

“Cybersecurity is a strategic horizontal in most enterprises,” comments Burkey. “Cyber is important everywhere and it is really important that the funding model and the financial partnerships for cyber span the enterprise.”

Achieving this is complex and governed by the individual business landscape. “I’ve seen different models that can work,” she continued. “Budget could be received from a single source, such as the CFO or CTO, but…

Source…