The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.
CSO’s Movers & Shakers is where you can keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.
March 12, 2019: RealWear hires Patrick Neise as its first CISO
Highly regarded in the information security field, Neise most recently served as a cybersecurity professional at Johns Hopkins Applied Physics Laboratory (APL) and a defense consulting firm. He has consulted for a variety of top defense and private sector companies on digital strategy, information security and penetration testing. Prior to APL, he served as the red team mission director in support of Department of Defense and U.S. government security efforts and the initial development efforts for U.S. Cyber Command’s cyber protection teams.
“Data protection is a fundamental requirement for every industrial customer working to create a safer and more productive connected workforce,” said Andy Lowery, cofounder and CEO of RealWear, in a press release. “We are thrilled to have Patrick on board as our first CISO. We will continue to build security and data protection into everything we do.”
“This is a chance of a lifetime to be a part of a movement to safely and securely connect every worker to the digital information they need at the right time and at the right place,” said Neise in a press release.
March 6, 2019: Darren Cook is Effectual’s new CSO
Cook will lead the security practice at professional services consultancy Effectual and provide clients with guidance on managing business risk through the alignment of security with business objectives. He brings over 18 years of experience as a security risk management professional. Most recently, he held the role of director of information security at Datapipe, where he built global security operations from the ground up and led a multi-disciplined, cross-functional security team. Cook was also instrumental in the creation of the company’s enterprise-wide security program and building a multi-cloud, multi-million-dollar managed security service provider (MSSP) business.
“Traditional approaches to security are no longer adequate for the cloud,” said Cook in a press release. “Security programs must evolve to mitigate risk associated with an elastic attack surface and meet the demands imposed by today’s data privacy and security regulations.”
One of the industry’s first qualified Payment Card Industry Security Standards Council (PCI SSC) internal security assessors, Cook has a proven record of security and compliance expertise. He worked directly with qualified security assessors to certify Datapipe as a PCI level one service provider for 13 consecutive years.
“Security is job one for any cloud transformation initiative. We built Effectual on the premise of empowering our clients to move to the cloud with confidence,” said Effectual CEO Robb Allen in a press release. “Darren’s hands-on technical expertise, cybersecurity knowledge and business acumen are a perfect fit for our vision and drive to provide successful business outcomes.”
March 4, 2019: Silicon Labs announces Sharon Hagi as CSO
Hagi will oversee the cybersecurity strategies and best practices for delivering security technologies at the company’s IoT hardware and software portfolio. He also joins Silicon Labs’ corporate strategy team in his newly created role.
“We are delighted to welcome Sharon as Silicon Labs’ first chief security officer,” said Daniel Cooley, chief strategy officer at Silicon Labs, in a press release. “Sharon brings 20 years of experience in the cybersecurity industry as a security architect and strategist. His knowledge and expertise will be invaluable in this strategic new role as we deliver connectivity solutions that enhance security and trust in the IoT.”
Prior to joining Silicon Labs, Hagi served as vice president of security at Ethoca, a leading global provider of collaboration-based technology that enables card-issuing financial institutions, ecommerce merchants and online businesses to tackle issues involving fraud, chargebacks and disputes. He was also chief technology strategist at IBM Security where he developed security solutions and products addressing infrastructure, cloud and mobile.
“Enabling more companies to focus on security and privacy is important to the growth of the IoT market,” said Hagi in a press release. “I am thrilled to join Silicon Labs and have the opportunity to work with a phenomenal global team to innovate and deliver state-of-the-art integrated security, ensuring connected devices and services are secure and safe for customers and end users, from silicon to cloud.”
March 4, 2019: EVOTEK appoints Matt Shufeldt as CISO/executive advisor for the Denver market
Shufeldt will lead the cybersecurity expansion of EVOTEK into the Denver market. “Cyber threats are of the most important risks our customers must consider and protect against to ensure the longevity of their business,” said Jeff Klenner, EVOTEK president, in a press release. “We have been deliberate on how we have selected the CISO/Executive Advisors to join our team. I am excited to have Matt lead our efforts to drive security posture improvement in Denver.”
With over 25 years in technology and as a multi-industry CISO, Shufeldt brings decades of practical experience building and operating security programs. He formerly served as a CISO at both Cognizant Healthcare and Sports Authority. He was the inaugural winner of the CTA APEX CISO of the Year award in 2017 and is a board member for the Denver OWASP chapter.
“Denver’s security community is one of the healthiest, most driven and collaborative in the country,” said Shufeldt in a press release. “Denver’s clients are smart, driven and forward looking. EVOTEK has the right approach to create lasting customer relationships built on expertise, trust and successful outcomes.”
March 1, 2019: City of Boston names Greg McCarthy as CISO
Mayor Martin J. Walsh announced the appointment of McCarthy as the city’s first CISO. He will lead the Cybersecurity Team within the Department of Innovation and Technology. This appointment elevates the role previously held by McCarthy and marks a commitment to strengthening efforts to protect the City of Boston’s technology platforms and data from cyber threats.
Since joining the City of Boston’s Cybersecurity Team in 2010, McCarthy has managed the implementation of numerous information security solutions and helped develop the city’s first cybersecurity awareness program for employees. In this role, McCarthy will continue to lead efforts to strengthen the cybersecurity capabilities across the city and further the team’s mission through modernizing technology, partnerships and regular training.
“Cybersecurity is something we clearly have to take seriously, and there are always new challenges ahead; a humbling reminder that our work in this field is never done,” said McCarthy in a press release. “It is an honor to be in this position for the City of Boston, and to have the opportunity to lead the city into a new chapter of maturity in how we protect our systems, data, and constituents.”
Prior to joining the City, McCarthy spent five years as a principal research technician at the Rhode Island Department of Corrections. He holds an undergraduate degree in Criminal Justice and a graduate degree in Information Assurance, both from Northeastern University. He has also earned a Certified Information Security Manager (CISM) certification from ISACA, graduate certification in Project Management from Boston University, and a Project Management Professional (PMP) certification from the Project Management Institute.
February 21, 2019: Cindi Carter joins MedeAnalytics as CSO
Carter will oversee global enterprise security, advance a culture of accountability, and protect people, information assets, data and technologies for healthcare analytics firm MedeAnalytics and its clients.
“Cindi is a poised and fierce addition to MedeAnalytics,” said Paul Kaiser, MedeAnalytics CEO, in a press release. “As a respected leader in the industry with a proven record of success, Cindi’s expertise and deep insight in cyber and data security will be a vital asset in the relentless protection of our organization, and the information and data entrusted to us by our clients.”
Named as SC Media Magazine’s “Women to Watch in Cyber Security 2018,” Carter previously served as the deputy CISO at Blue Cross and Blue Shield of Kansas City where she led vulnerability management, threat intelligence, and cyber defense.
“I’m excited about joining MedeAnalytics, and it’s my mission to ensure the company is safe, secure and resilient against cyber and physical threats,” said Carter in a press release. “Security needs to be a shared mindset across the organization, from top-down and bottom-up. Advancing a culture that places high value on securing and protecting our company and the clients’ information entrusted to us is my guiding principle.”
Carter holds several recognized certifications in security, information technology, and project management. She holds a Master of Science degree in Information Technology and a Bachelor of Science degree in Management Information Systems; both from Central Michigan University.
February 20, 2019: Venminder hires Gordon Rudd as third-party risk officer
Gordon will work with the delivery team at Venminder, a vendor risk management software and services firm, as a third-party risk management subject-matter expert in residence, assisting with client engagements and the further development of Venminder’s educational series. “We’re thrilled to welcome Gordon to the Venminder family,” said James Hyde, Venminder CEO, in a press release. “Gordon’s impressive background in third-party risk management and cybersecurity brings valuable insight that our clients will appreciate, as well as allows us to further continue our commitment of providing free educational materials that help the industry navigate this area.”
Gordon has more than 30 years of experience in the financial services industry. Most notably, Gordon held the position of vice president, CISO at RCB Bank. He implemented and managed the bank’s cybersecurity and enterprise risk management programs, which included managing internal and external audits and regulatory examinations, creating the vendor management office and implementing a successful continuous process improvement program. Gordon is also the founder of the CISO Mentoring Project and is an engaged mentor to many aspiring and active CISOs across the country.
“I am very excited to now be in a position where I can contribute to helping thousands of organizations and individuals meet regulatory expectations and implement best practices,” said Gordon in a press release.
February 13, 2019: Former Walmart CISO Kerry Kilker joins Fishtech as executive VP and CISO
Kilker will be responsible for driving internal and customer-facing initiatives related to security, governance, and compliance at the cybersecurity firm. He will also run newly created Fishtech Group Innovation Center in Northwest Arkansas. Most recently, Kilker was senior VP and CISO for Walmart Technology, where he established and operated a world-class cybersecurity program for the world’s largest retail organization.
“I am excited to join the nationally recognized Fishtech team with its history of building large, fast-growth companies in the cybersecurity space,” said Kilker in a press release. “Being part of such an entrepreneurial team is a career high, and I’m especially pleased with this opportunity to bring leading edge cybersecurity resources to the Northwest Arkansas region.”
“Kerry is an icon in our space,” said Gary Fish, CEO and founder of Fishtech Group, in a press release. “Having worked at the ‘Fortune 1’ for 30-plus years, Kerry brings a wealth of knowledge from his viewpoint of customer wants and needs. His hard-won perspective will help tailor our service and technology offerings to serve today’s heavily burdened CISOs.”
February 8, 2019: University of Delaware names Ken Kurz as CISO for information technologies
Kurz is responsible for information security governance, including strategy and program administration, policy development, enforcement and compliance, risk assessment, incident response and training and awareness programs. Kurz will oversee the IT-Technical Security and the IT Security Policy and Compliance teams within UD Information Technologies and provide counsel on institution-wide information security and related security policy, procedures, and compliance issues. Previously, he was vice president of IT and CIO at Corporate Office Properties Trust and the CISO at the University of Oklahoma