In the midst of all the news about the Home Depot breach, Bloomberg released an interesting follow-up story about the JPMorgan Chase compromise in June. For Greg Rattray, who had just started as CISO, it was an inauspicious beginning. The previous individual in that role had exited, following about five other senior execs, to join First Data Corp. Seems like the position was vacant for a few months while the bank tried to fill the role.
Unfortunately, this is a common story in information security. Because of the talent shortage, key leadership roles are often left unfilled for months, leaving gaping holes in organizations. For all the mockery of those at the C-level, good management can make or break a security program. And while most security professionals have probably had the experience of finding a big, unexpected pile of manure at a new job, the JPMorgan Chase story is everyone’s worst nightmare. Our biggest fear is having a breach on our watch, even though we tell ourselves that it’s inevitable.
“It sucks that this happened at the beginning of Greg’s watch, but this is a legacy issue,” said Tom Kellermann, chief cybersecurity officer at anti-virus software firm Trend Micro Inc. “They had an acting person who was juggling way too much, with no one fully dedicated to the role for a bit of time.”
Story continued here:
Today’s post pic is from Etsy.com