Who Wants To Be A Global CISO?

A CIO Conversation

My most interesting days as a security recruiter are the ones where I get to interact with senior leaders within my client companies.  Sometimes I deal with security leaders who are adding security talent to their staffs.  Other times, I’m on the phone with a Chief Executive Officer, Chief Information Officer, Chief Risk Officer, Chief Compliance Officer, Chief Financial Officer, Head of Human Resources…the list goes on.

By regularly interacting with these non-security business leaders, I'm fortunate to stay fresh in my knowledge and understanding of what the business wants, needs and expects from security leadership.

Today, I was on the phone with the Chief Information Officer of a global $20 Billion Dollar company.  We were discussing his need to hire a Chief Information Security Officer (CISO) for the first time.  I’ve been fortunate to fill many brand new, newly created positions like this one in my 20+ years of recruiting.  This is my favorite kind of search to deliver to.

The greatest value I gain by investing time with stakeholders who will be involved in a hiring decision is the insight I gain into that person’s style and personality.  Recruiting is an art rather than a science.  Connecting two human beings who will spend more time together in a company than either individual spends at home with their spouse is a highly complex proposition that I take very seriously.

The time this CIO invested with me today puts me in a highly competitive position on behalf of my client to know in a matter of just a few minutes when I’m on the phone with a prospective CISO candidate, that I'm on the phone with the right person.  Without this CIO interaction, I’d hit the target but I would be less likely to hit the bulls eye.   

What The CIO Needs

In today’s conversation, the CIO talked about his unique corporate culture, the need for me to find a CISO who will help to build out the information security framework, the technology risk management framework and the need for me to find CISO candidates who have worked in global industrial companies like his. 

There wasn’t much if any technology discussed in this level of conversation although a CISO candidate who had experience securing large complicated global ERP environments and or large complicated document management  / global collaberation environment would be strongly preferred.  Most discussion topics centered around business, applications, global risk issues, managerial skills, the need for someone to possess exceptionally strong business-focused communication skills and the need for the CISO to have exceptionally strong executive presence.    

Who Might Fit This Job

If you’re a CISO already and your experience somewhere along the way comes from a global industrial company in an industry like manufacturing, consumer products, mining, oil & gas, chemical, etc., you might be a fit.  Perhaps you aren’t a CISO but you’re currently a Director or Vice President and you’re ready for the next step up in your career.  You might qualify as a candidate for this role.

If you’re on the hunt for CISO Jobs, you’ll find this position on the Security Jobs page of SecurityRecruiter.com or you can call me directly at 719 686 8810.

Jeff Snyder’s SecruityRecruiter.com Security Recruiter Blog

Cyber Security News for the Week of May 14, 2012

From our friends at Citadel Information Group

Cyber Security Commentary - ISSA-LA 4th Annual Information Security Summit

Join us on May 16 for ISSA-LA's 4th Annual Information Security Summit.  Keynote addresses by Alan Paller of the SANS Institute, DHS' Bruce McConnell and business coach Chris Coffey. Perfect for business, technology and information security leaders. Nonprofits can attend for free by taking advantage of ISSA-LA's special scholarship fund. Email vp@issa-la.org for more information.

The ISSA Summit provides business leaders with a concentrated, thought-provoking, and valuable education in the nature of these threats, and how organizations can and should mitigate their risks from today's cyber threats.  I highly recommend that executives take advantage of this annual event.

Eric Schwab
General Manager
GFI Software

Visit the ISSA-LA Summit Website for more information or to register.

Cyber Crime

Hackers target Twitter spammers in massive account data breach: Summary: A massive breach has led to more than 55,000 Twitter accounts being published on the Web. But it appears the hackers may have targeted spammers over ordinary users. Twitter is investigating after 55,000 account details - including username and password combinations - were published online. ZDNet, May 8, 2012

Hackers breach UMaine servers. Affected students made purchases at computer store: A University of Maine computer server breach by hackers may have exposed personal information, including credit card and Social Security numbers of students, college officials said Thursday. Morning Sentinel, May 12, 2012

Cyber Hacktivists

Activist hackers temporarily block Putin's website: Hackers temporarily blocked President Vladimir Putin's web site on Wednesday, carrying out a promise to disrupt government information portals two days after his swearing-in for another six-year term that has drawn street protests. Reuters, May 9, 2012

Cyber Risk

Is Your Cloud Provider Exposing Remnants of Your Data?: CIO - If your organization uses a multi-tenant managed hosting service or Infrastructure as a Service (IaaS) cloud for some or all of your data and you aren't following best practices by encrypting that data you may be inadvertently exposing it.ComputerWorld, May 10, 2012

FBI: Updates Over Public 'Net Access = Bad Idea: The Federal Bureau of Investigation is advising travelers to avoid updating software while using hotel or other public Internet connections, warning that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms. KrebsOnSecurity, May 11, 2012

DHS: Hackers Mounting Organized Cyber Attack on U.S. Gas Pipelines: For the past six months, an unidentified group of hackers has been mounting an ongoing, coordinated cyber attack on the control systems of U.S. gas pipelines, prompting the Department of Homeland Security to issue alerts. ABC News, May 8, 2012

At the Crossroads of eThieves and Cyberspies: Lost in the annals of campy commercials from the 1980s is a series of ads that featured improbable scenes between two young people (usually of the opposite sex) who always somehow caused the inadvertent collision of peanut butter and chocolate. After the mishap, one would complain, "Hey you got your chocolate in my peanut butter!," and the other would shout, "You got your peanut butter in my chocolate!" The youngsters would then sample the product of their happy accident and be amazed to find someone had already combined the two flavors into a sweet and salty treat that is commercially available. KrebsOnSecurity, May 8, 2012

Financial Malware Tricks Users With Claims of Free Credit Card Fraud Insurance: A piece of financial malware called Tatanga attempts to trick online banking users into authorizing rogue money transfers from their accounts as part of the activation procedure for a free credit-card fraud insurance service purportedly provided by their banks, security researchers from Trusteer said Tuesday. IDG News, May 8, 2012

Hackers Gain Access to Homes Through Webcams: Internet users are becoming vulnerable to hackers who can infiltrate software and gain access to webcams. "The main thing to worry about is when software is able to turn on your camera without notifying you, without the user explicitly turning it on, that's the main issue," said Feross Aboukhadijeh, a student at Stanford University in California.Information Week, May 9, 2012

Cyber Security Management

HIPAA/HiTECH - Changes on the Way for Covered Providers: The privacy and security landscape for covered providers will soon be changing. A number of rules are finally making their way through the system in relationship to HIPAA, HiTECH and Stage II Meaningful Use. JDSupra, May 9, 2012

Securing the Village

Pentagon to expand cybersecurity program for defense contractors: The Pentagon is expanding and making permanent a trial program that teams the government with Internet service providers to protect defense firms' computer networks against data theft by foreign adversaries. Washington Post, May 11, 2012

Identity-Theft Victims Given Short Shrift by IRS, Says Watchdog: J. Russell George, the Treasury Inspector General for Tax Administration, or Tigta-an official IRS watchdog-today told a Congressional oversight committee that the Internal Revenue Service gives "confusing and often conflicting instructions" to taxpayers who are victims of identity theft. IRS Deputy Commissioner Steven Miller gave testimony before the committee as well. Wall Street Journal, May 8, 2012

FBI Fears Bitcoin's Popularity with Criminals: The FBI sees the anonymous Bitcoin payment network as an alarming haven for money laundering and other criminal activity - including as a tool for hackers to rip off fellow Bitcoin users. ... That's according to a new FBI internal report that leaked to the internet this week, which expresses concern about the difficulty of tracking the identify of anonymous Bitcoin users, while also unintentionally providing tips for Bitcoin users to remain more anonymous. Wired, May 9, 2012

Cyber Defenders

Cybersecurity Firms Ditch Defense, Learn To 'Hunt': The most challenging cyberattacks these days come from China and target Western firms' trade secrets and intellectual property. But a problem for some is a business opportunity for others: It's boom time for cybersecurity firms that specialize in going after Chinese hackers. NPR May 10, 2012

Cyber Research

Cybersecurity Experts Begin Investigation on Self-Adapting Computer Network That Defends Itself Against Hackers: In the online struggle for network security, Kansas State University cybersecurity experts are adding an ally to the security force: the computer network itself. Newswise, May 10, 2012

Jeff Snyder’s SecurityRecruiter.com Security Recruiter Blog

Mobile Phone Change Time, iPhone or Android or Windows Phone?

I placed a question on LinkedIn 24 hours ago asking people in the telecommunications sector to share their advice.  This is a very cool feature of LinkedIn by the way.  Within the 9 answers I've received, I've received answers from NYC, Los Angeles, Baltimore, Austrailia, Canada, India, UAE, Netherlands and the UK in 24 hours.

I currently have a Windows desktop machine that runs my life through Outlook.  I don't travel that much so I'm usually at my desk and Outlook schedules my world just fine. 

My Blackberry phone used to talk to my desktop machine through a direct USB connection.   Something went wrong and that relationship and communication isn't good any longer.  Not to mention that I can’t stand the little tiny keys at the bottom of my Blackberry.

About a year ago, I stepped into the Apple world for the first time when I purchased an iPad.  The idea was to use this device when traveling rather than carrying the much heavier laptop.  Not only has the device been outstanding as a travel companion but I’ve found many other business uses for this device.

For example, when I started doing public speaking, a friend showed me the Keynote iPad application and I was off and running with a tool to create presentations.  I’ve delivered a couple of presentations now and all I have to do is to show up with the iPad in hand.

My iPad is configured to receive the same email that comes in on my desktop machine.  An IT friend came over one night to set up iCloud for me.  He promised that in 15 minutes, he’d have my Windows desktop, my Apple iPad and my Blackberry telephone all getting along nicely through Apple’s iCloud. 

An hour into his visit, he admitted that there was a problem and he wouldn’t be able to make Apple’s iCloud work in my universe.

In less than 48 hours, Verizon will graciously allow me to sign another 2 year contract with a telephone upgrade.  I’m looking for a phone that will integrate with my Outlook calendar.  Ideally, this phone would integrate nicely with my iPad as well. 

Though I’m appreciative of the 9 people who invested their time to provide answers on LinkedIn, the answers add up to a variety of opinions and no clear answer.  I don’t play games on my telephone.  In fact, since I make a living on the phone, my phone to me is like a hammer would be to a carpenter.  Here are a few of the comments that were shared on LinkedIn:

“I can't speak to how any of them interact with Outlook and Windows. I can tell you that you should NOT get a Droid X2 (Motorola). I have two phones, an iPhone, which I love, and the Droid. There are things I like about the Android system and my hatred of the phone has nothing to do with it not being Apple. It is a horrid phone and the phone "app" crashes all the time, often while I'm trying to make a call. Ugh.” Amy

“Let me guess... You're retiring a Blackberry?  With your requirements, I'd say you'll be sorely disappointed with whatever you try.  These days, phones don't "play nicely with Outlook on a Windows Desktop" anymore; that's what Blackberry used to do. Instead, they hook into the same Exchange Server (or generic IMAP and CalDAV servers, as the case may be) your Outlook is hooked into. So if you keep your mail and calendar locally and want to sync them via USB or Bluetooth, you'll need to play around with third-party apps, which may or may not work to your liking...” Nick

“Either work well with outlook, but maybe you should look at a windows device if you want nice” Tim

“First, *not* iPhone since you're a security professional, and Apple's "trust us, we've made all the decisions for you, don't bother your little head about security, just enjoy the pretty colors" stance generally doesn't sit well with those. Your clients deserve better (IMHO). Also, while it's possible that your desires exactly match what Apple provides (3.7" screen, can't replace battery, no physical keyboard, no removable storage, etc), it's also unlikely; and at some point, there are so many compromises it's not worth it. 

Windows Phone is basically the same thing, just not overpriced.  Not sure what you mean "play nice with an iPad". If basic file transfer, anything should be fine. 

Which Android? Decide what screen size you want, whether you require a physical keyboard, whether it'll see use as a global phone, whether you might wish to use an extended battery sometime. If you're the impatient type, be sure to get one with zero lag time when responding to commands (dental work ain't cheap). If you want to reduce attack surface, choose one that can be easily rooted (so then you can remove/disable useless cruft). Quad-core, 4G etc, are all technologies to enable game-playing, soap-opera streaming, and other wastes of time; since you don't plan to engage in those, why pay the cost of higher power consumption?” from K

“Look no further, and go for the IPhone, it will automatically sync with your Ipad and Outlook with all your updates, on Contacts, calendar, notes, documents, and media if you want, over icloud.  For official emails, you can use Microsoft Exchange, and for personal email you can use, the IPhone email app, which will sync with your email account, are intervals chosen by you.  Please click the following link to know more http://www.apple.com/ae/iphone/#icloud 

The best thing about an IPhone is the user friendliness of the applications, I have been using an IPhone 4 for more than a year, and it has never crashed, not even once.  While the Android devices are cheaper, and they promise you free applications on the Android market, but these applications are not even half as good as the applications available on the iTunes / app store.  I have used both the Android and the Apple OS devices, and I personally feel that the IPhone is far ahead of rest of the lot.” Damodhar

BEST ANSWER SO FAR BUT IT MAKES ME WORK!

“Your entire setup looks seriously outdated. Sorry to be the bearer of bad news, but chances are that going forward, you will only see more frustration. The technology has evolved in a way that sort of left your needs unattended. It seems to me (rightly or not -- you tell me) that you have become a part of a small "desktop-centric" minority. 

The idea that things are going to revolve around the desktop was very popular a decade or so ago, but things have changed since. The prevailing thinking today is that your content is going to be stored server-side (on premises or "in the cloud", but on a server nevertheless), and you can use multiple client devices (desktops, laptops, phones, tablets) to view it and add to it. Mainstream vendors are no longer concerned with things talking to desktops or Outlook; instead, they make things that talk to servers. Incidentally, the desktop itself is increasingly used to access server-based content, too... 

I don't know how comfortable you are with this, pardon the management-speak, "new connectivity paradigm", but that's where the mainstream is. Whether you want to rejoin it is entirely up to you. 

As to the iCloud, I am skeptical. Apple is not known for being able to make scalable online applications, so I thought it best to stay away from iCloud. If you're interested, here's the setup I came up with for myself. My mail (with my own domain name) and calendar are hosted on Yahoo! Small Business (before you ask, I settled on it back in 2004, before there ever were such things as Gmail and Google Calendar; plus, unlike Gmail, Yahoo! Small Business doesn't have a cap on storage space). I use a small army of devices (currently, two Windows desktops, three Windows laptops, one Linux desktop and an iPhone) to access it all. If I wanted to add a Mac or a tablet into the mix, it can be done in minutes. 

I don't know if you're comfortable with this sort of "server-centric" setup, but in my opinion ("opinion" being the operative word), this is the only way to make your content accessible to multiple devices running on multiple platforms. Reliance on the desktop just isn't going to get you there... “ Nick


HELP!!!

I’m open to suggestions.  It seems to me that although I was asking for advice around a mobile phone decision, what Nick is suggesting that I should move my calendar system to a cloud platform such as Google or Yahoo or something similar.  This makes sense to me.  It just sounds like work I don’t particularly want to do when I have jobs to fill with clients who are screaming for great security talent.

Any thoughts you’d like to share?

Jeff Snyder’s SecurityRecruiter.com Security Recruiter Blog

Cyber Security News for the week of May 7, 2012

From our friends at Citadel Information Group

Cyber Security Commentary - ISSA-LA 4th Annual Information Security Summit

Join us on May 16 for ISSA-LA's 4th Annual Information Security Summit.  Keynote addresses by Alan Paller of the SANS Institute, DHS' Bruce McConnell and business coach Chris Coffey. Perfect for business, technology and information security leaders.  

Nonprofits can attend for free by taking advantage of ISSA-LA's special scholarship fund. Email vp@issa-la.org for more information

I recommend the Summit to both the CIO and their staff because it's the one day you can count on to get informed, learn how to stay informed, and build a network of strong security professionals who are passionate about supporting the "neighborhood watch" of information security.  

Jennifer Terrill, CISSP
Vice President Information Technology /  CISO
True Religion Brand Jeans

Visit the ISSA-LA Summit Website for more information or to register.

Cyber Crime

Hackers Blackmail Belgian Bank With Threats to Publish Customer Data: Hackers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank does not pay €150,000 (US$197,000) before Friday, May 4, they said in a statement posted to Pastebin. Elantis confirmed the data breach on Thursday, but the bank said it will not give in to extortion threats. PC World, May 3, 2012

Global Payments Breach Window Expands: A hacker break-in at credit and debit card processor Global Payments Inc. dates back to at least early June 2011, Visa and MasterCard warned in updated alerts sent to card-issuing banks in the past week. The disclosures offer the first additional details about the length of the breach since Global Payments acknowledged the incident on March 30, 2012. KrebsOnSecurity, May 4, 2012

Cyber Crime - HIPAA

SC inspector general analyzing security processes following theft of Medicaid information: COLUMBIA, S.C. - South Carolina's inspector general is reviewing the security systems of state agencies following the theft of more than 228,000 Medicaid patients' personal information, Gov. Nikki Haley said Monday. The Republic, April 30, 2012

Cyber Hacktivists

Hackers plan attack on Russian government sites: The activist hacker group Anonymous said on Friday it planned to attack Russian government websites in order to support opposition protests ahead of Vladimir Putin's inauguration as president. Reuters, May 4, 2012

Cyber Privacy

How to Muddy Your Tracks on the Internet: Legal and technology researchers estimate that it would take about a month for Internet users to read the privacy policies of all the Web sites they visit in a year. So in the interest of time, here is the deal: You know that dream where you suddenly realize you're stark naked? You're living it whenever you open your browser. The New York Times, May 3, 2012

Cyber Risk

Processor Warns of Hacking Trend: Over the past year, First Data, the largest payments processor in the U.S., has seen an uptick in "trolling" - hackers sniffing networks for remote access into point-of-sale systems that are open or loosely protected. BankInfoSecurity, April 30, 2012

Fears of spying hinder U.S. license for China Mobile: WASHINGTON - Concerned about possible cyber spying, U.S. national security officials are debating whether to take the unprecedented step of recommending that a Chinese government-owned mobile phone giant be denied a license to offer international service to American customers. LA Times, May 5, 2012

Malware for Macs Lucrative, Security Researchers Say: Last month, cybercriminals embarked on what quickly became one of the largest-scale malware attacks on Apple computers to date. Their motive was financial: security researchers now estimate that the infected computers made the malware's creators $10,000 a day. The New York Times, May 1, 2012

Cyber Threat

Android Apps Slurp Excessive Data: More than one-third of Android apps request "excessive permissions," giving them access to more data than they require. InformationWeek, May 1, 2012

Snow Leopard hit hardest by Flashback malware: Russian security company Dr. Web recently analyzed one of the latest known variants of the Flashback malware for OS X, and in doing so revealed some interesting statistics regarding the infection rates of the malware - which, by some perspectives, counters criticism of Apple's lapse in attention to security on OS X. Cnet, April 30, 2012

6 Discoveries That Prove Mobile Malware's Mettle: Mobile malware hasn't yet grown to the problematic levels that once plagued Windows PCs back in the days before Trustworthy Computing. That doesn't mean mobile vulnerabilities aren't exploitable, though: Today's security researchers are not only creating and discovering proof-of-concept examples with real-world applicability, but they're finding in-the-wild samples, too. Dark Reading, May 3, 2012

Cyber Vulnerability

The 10 worst Web application-logic flaws that hackers love to abuse: Hackers are always hunting to find business-logic flaws, especially on the Web, in order to exploit weaknesses in online ordering and other processes. NT OBJECTives, which validates Web application security, says these are the top 10 business-logic flaws they see all the time. NetworkWorld, May 3, 2012

Mac Malware Targeting Unpatched Office Running on OS X: Microsoft is reporting that malware is exploiting unpatched versions of its Microsoft Office Word 2000 suite to compromise Apple Macintoshes running Snow Leopard or earlier versions of Mac OS X. eWeek, May 2, 2012

Adobe warns: Flash Player malware hitting IE on Windows users: Adobe has shipped an extremely urgent Flash Player patch to block in-the-wild malware attacks against Windows users. ZDNet, May 4, 2012

Cyber Security Management

8 Reasons Conficker Malware Won't Die: Obstinate. That's how Microsoft has labeled Conficker, which, despite being three years old and targeted for eradication, continues to survive-and even thrive-in corporate networks. InformationWeek, April 30, 2012

Vulnerability Management

Hackers' Favorite Target Last Year Was a Blast From the Past: If you need more proof that users are a weak link in computer security, look no further than today's report from Symantec, which showed that hackers' favorite target in 2011 was a security hole fixed about four years ago. Bloomberg, April 30, 2012

Securing the Village

For Stronger IT Security, Build Relationships, Not Walls: Security leaders put up walls. Firewalls, barriers to entry, ways to control the flow of information. It's what we do. But ironically, to do a better job of protecting our enterprises, we've got to become more open and collaborative. Forbes, May 4, 2012

Cyber Career

Hottest IT Skill? Cybersecurity: Embattled by hactivists, cybercriminals and foreign rivals seeking to steal proprietary information, U.S. corporations are ramping up their hiring of cybersecurity experts, with open jobs reaching an all-time high in April. PC World, May 3, 2012

Cyber Crime Busters

Microsoft says raid damaged cybercrime operation: BALTIMORE - Microsoft and the banking industry Monday provided a detailed, behind-the-scenes account of an operation they said disrupted a major cybercrime operation that used malicious software to allegedly steal $100 million from consumers over the last five years. Fox News, April 30, 2012

Cyber Expose

Flashback malware exposes big gaps in Apple security response: A pair of high-profile malware attacks have given Apple a crash course in security response. Based on recent actions, 70 million current Mac owners have a right to expect much more from Apple than they're getting today. ZDNet, April 29, 2012

Jeff Snyder's SecurityRecruiter.com Security Recruiter Blog

Cyber Security News, Week of April 30, 2012

Cyber Security Commentary - ISSA-LA 4th Annual Information Security Summit

From our friends at Citadel Information Group

Join us on May 16 for ISSA-LA's 4th Annual Information Security Summit.  Keynote addresses by Alan Paller of the SANS Institute, DHS' Bruce McConnell and business coach Chris Coffey. Perfect for business, technology and information security leaders. Nonprofits can attend for free by taking advantage of our special scholarship fund. Email vp@issa-la.org for more information.

After almost two decades of building and managing technology companies, I can attest to two unmistakable and converging facts.  First, the intellectual property, financial data, and other assets of almost every organization are now in electronic format.  And second, we are seeing a skyrocketing volume of espionage, theft, and other malicious activity conducted against those electronic assets.

The ISSA-LA Summit provides business leaders with a concentrated, thought-provoking, and valuable education in the nature of these threats, and how organizations can and should mitigate their risks from today's cyber threats.  I highly recommend that executives take advantage of this annual event.

Eric Schwab
General Manager
GFI Software

Visit the ISSA-LA Summit Website for more information or to register.

ISSA-LA

ISSA-LA Offers Free Registration Program For NonProfits: The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) has created a donation fund of up to $20,000 to IT employees and executives of nonprofits to attend, at no charge to the attendees, the fourth annual Information Security Summit on Wednesday, May 16, 2012 at Hilton Universal City Hotel in Los Angeles. The theme of the one-day Summit is The Growing Cyber Threat: Protect Your Business, which includes the business of operating nonprofits. DarkReading, April 27, 2012

Cyber Security Management

Mac Flashback Malware Still Going Strong, Security Experts Say: Security experts looking at the Flashback malware that had infected hundreds of thousands of Apple Macs worldwide are trying to come to an agreement over how many of these systems are still compromised by the exploit. eWeek, April 23, 2012

Infected Computers to Lose Web Access When FBI Band-Aid Falls Off: The safety net that federal authorities set up several months ago as a countermeasure to a massive malware scam will be shut down in July. When that happens, computers that are still infected with the malware, known as "DNSChanger," may be completely unable to access the Internet. The FBI and other groups have set up tools to diagnose and mend affected computers. TechNewsWorld, April 23, 2012

One in Five Macs Infected With Malware: Sophos: One in every five Apple Macs is infected with malware, according to a survey by security software firm Sophos. eWeek, April 24, 2012

Cyber Risk - HIPAA

OCR settles HIPAA case for $100k: April 26, 2012 - On April 17, 2012, the United States Department of Health and Human Services Office for Civil Rights ("OCR") reached a settlement with Phoenix Cardiac Surgery ("PSC") for alleged violations of the HIPAA Privacy and Security Rules. chiroeco.com, April 26, 2012

Cyber Crime - HIPAA

Hospitals seeing more patient data breaches: A bi-annual survey of 250 healthcare organizations shows that the percentage experiencing a patient data breach is up. And with the growth in electronic records-keeping, more of those problems are originating from laptops and mobile devices rather than a human slip-up in handling paper documents. NetworkWorld, April 13, 2012

Cyber Criminals

Russia's Million Dollar Hackers: Few nationalities are as good at making money from hacking than the Russians. Their share of the global cyber crime market, an estimated $12.5 billion black market, doubled last year to $4.5 billion, according to Moscow-based Group-IB, a cyber security services firm working mainly with the Russian government and banks to help reduce online fraud. Forbes, April 24, 2012

Refund Tax Fraud, iPhone, Feed Identity Theft By Employees: Last Thursday night, an undercover deputy from the Hillsborough County, Fla. Sheriff's office, acting on a tip, made a street buy. What makes this noteworthy is he didn't buy drugs. Instead, he purchased 33 stolen names, birth dates and Social Security numbers. The Sheriff's office says the seller, Joseph Burden, 29, was found to have 221 names in his book bag and admitted he'd taken them from his employer, Tampa-based ProVest. In an e-mailed statement, ProVest President James Ward says the arrested employee has been placed on leave and that "ProVest takes data security and privacy seriously; numerous precautions are and have been in place to safely guard consumer data." ProVest ironically, specializes in fraud detection, skip tracing and loss mitigation. Forbes, April 24, 2012

Cyber Legislation

House cybersecurity sponsors respond to privacy concerns: Leaders of the House Permanent Select Committee on Intelligence pledged Tuesday to amend their cybersecurity bill, the Cyber Intelligence Sharing and Protection Act, to address the main concerns raised by civil libertarians and privacy advocates. The revisions are clear improvements, and they show that the committee is trying hard to limit the measure's scope. Nevertheless, the bill still has a fundamental problem: By encouraging network operators to share information with the government about what their customers do online, it threatens to turn ISPs and online service providers into snoops. LA Times, April 25, 2012

House GOP dares Senate on cybersecurity: The House is sending a message to the White House and Senate Democrats this week by passing a batch of cybersecurity bills aimed at preventing the digital version of a Pearl Harbor: Not on our watch. Politico, April 25, 2012

Cybersecurity bills aim to prevent 'digital Pearl Harbor': NEW YORK (CNNMoney) - Cybercrime isn't just a threat to your bank account or personal computer - it's an issue of national security.Foreign spies and organized criminals are inside of virtually every U.S. company's network. The government's top cybersecurity advisors widely agree that cyber criminals or terrorists have the capability to take down the country's critical financial, energy or communications infrastructure. CNN, April 23, 2012

Jeff Snyder’s SecurityRecruiter.com Security Recruiter Blog

Kaspersky: "Apple is 10 years behind Microsoft in security" - Neowin

Kaspersky: "Apple is 10 years behind Microsoft in security" - Neowin:

'via Blog this'

Security Jobs: Chief Information Security Officer, Phoenix, AZ

Global Chief Information Security Officer, a Converged Security Officer Role

Location: AZ-Phoenix

Compensation: Executive Package, Salary, Bonus, Stock

Relocation: Full Relocation Package

Education: BA/BS Required, Masters Preferred

Certification: CISSP, CISM Preferred

SecurityRecruiter.com has been engaged by a Global $20+ Billion Dollar company that employs in excess of 31,000 employees around the globe to identify, recruit and deliver a Chief Information Security Officer who will guide the company’s information security, compliance and technology risk management strategies into the future.  Our clients operations are located in North America, South America, Europe, Asia and Africa.

Overview:

In this role you will be the company’s first CISO and the top security executive in the company.  You will oversee and coordinate global security efforts across the company including information technology, human resources, communications, legal, facilities and other groups.  You will identify security initiatives and you will set security standards.

To qualify for this role, you will have to demonstrate 10 or more years of experience in and around IT and at least 5 years of experience specifically providing information security leadership in a global company.  Our client does business around the globe.  Candidates who do not have global experience will not be qualified for this role.

This role reports to a highly accomplished Global CIO.  Peers to this position will be Directors and Senior Directors. 

Responsibilities:

·         Establish direction for a global information security program that is aligned with strategic business objectives.

·         Provide leadership to a network of security directors and vendors who are responsible for safeguarding the company’s Assets, Intellectual Property (IP), Computer Systems and the Physical Safety of employees and visitors.

·         Identify protection goals, objectives and metrics consistent with the corporate strategic plan and measure the effectiveness of the overall security program.

·         Manage the development and implementation of global security policies, standards, guidelines and procedures to ensure ongoing maintenance of security. 

·         Physical security protection responsibilities will include asset protection, workplace violence protection, access control systems, video surveillance and more.

·         Information protection responsibilities will include network security architecture, network access and monitoring, policies, employee education and security awareness and more.

·         Work closely with other executives to prioritize security initiatives and spending based on appropriate risk management and financial methodology.

·         Work with local, state and federal law enforcement and other related government agencies from a cyber security perspective (i.e. NSA, CIA, FBI, Secret Service, State and Local agencies)

·         Oversee Incident Response Planning as well as the investigation of security breaches.  Assist with disciplinary and legal matters associated with breaches as necessary.

·         Perform other duties as necessary.

Minimum Qualifications

·        Requires a BA/BS degree.  A Master’s degree is preferred.

·         Demonstrate a minimum of 10 years of experience in Information Technology where at least 5 years or experience was focused in Information Security and Risk Management leadership.

·         Experience providing security leadership in a global company.

·         Demonstrate a collaborative management style.

·         Requires an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security related concepts to a broad range of both technical and non-technical staff.

·         Experience with business continuity planning, auditing, risk management and contract and vendor negotiation.

·         Established relationships within the law enforcement community.

·         A solid understanding of information technology and information security

·         Demonstrated ability to lead and mentor teams and to develop skill sets in team members.

Preferred Qualifications:

·         CISSP, CISM

·         Global experience with Africa, South America and Asia could be a candidate differentiator

Additional Information:

·         Occasional travel will be required to global locations

Our client is an equal opportunity, affirmative action employer

  

Apply For This Job:  https://www.securityrecruiter.com/submit_resume_and_profile.php

Jeff Snyder’s SecurityRecruiter.com Security Recruiter Blog