Would You Be a Human Sacrifice for $2 Million a Year?

Posted on July 23rd, 2014 by Dan Rampe

CISO

A plotline in bad (okay really bad) movies, books and TV is the one about the uncharted South Sea island where one person each year is honored by being sacrificed to the volcano god. Kind of an extreme form of taking your boss out to lunch on his/her birthday. Anyway, for a full year before being tossed into the volcano…er…happily jumping in… the sacrificee* is treated to every pleasure the island can provide.

*FYI the added “e” was intentional.

Sacrifice with perks

The job description of the person being sacrificed has a lot of similarities to the job description of chief information security officer (CISO). Well, it does if you add soccer goalie and baseball manager to the mix. There’s an old saying that baseball managers are hired to be fired and one mistake by a goalie can negate all the saves that he/she racked up in the previous minutes. As David Jordan, the chief information security officer for Arlington County, Virginia put it, “We’re like sheep waiting to be slaughtered. We all know what our fate is when there’s a significant breach.” The good news is that while they’re waiting, they’re well treated. According to one study, CISO signing bonuses and salaries range from $188,000 to $1.2 million with perks like working from home, lots of time off and promises of big budgets for staff and security software.

In Nicole Perlroth’s piece on nytimes.com (find the complete article at this link.), she discusses the lot of the CISO from high stakes decisions to getting burned at the stake. The following has been excerpted from her piece and edited to fit our format:

[Toughest job in business world]

Chief information security officers have one of the toughest jobs in the business world: They must stay one step ahead of criminal masterminds in Moscow and military hackers in Shanghai, check off a growing list of compliance boxes and keep close tabs on leaky vendors and reckless employees who upload sensitive data to Dropbox accounts and unlocked iPhones.

They must be skilled in crisis management and communications, and expert in the most sophisticated technology….

[Always right]

“We have to be correct 100 percent of the time,” said Tom Kellermann, the chief information security officer at Trend Micro, a security firm. Cybercriminals, he said, “must be correct once.”

A decade ago, few organizations had a dedicated chief information security officer, or CISO (pronounced SEE-so), as they are known. Now, more than half of corporations with 1,000 or more employees have a full- or part-time executive in the post, according to a study conducted last year by the Ponemon Institute, a research firm.

Many of the chief information security officers who took part in the Ponemon study rated their position as the most difficult in the organization. Most of those questioned said their job was a bad one, or the worst job they have ever had.

[Forced out]

Beth Jacobs, who oversaw Target’s data protection, among other duties, was forced to resign….Stephen Fletcher, who supervised data security for the State of Utah, resigned after a breach two years ago revealed the personal data of 780,000 Medicaid recipients. In January, Justin Somaini, Yahoo’s chief information security officer, left his post shortly before the company acknowledged a breach of some customers’ newly revamped email accounts.

The job is so pressured that many end up leaving — voluntarily or not — after two years, according to the Ponemon study. This compared with chief executives, who stick around for 10 years on average, according to other research.

[Whom/what do you trust?]

Of all the headaches that chief information security officers face, one of the biggest is figuring out which security products to trust.

“In the old days, there was a saying, ‘Nobody ever got fired for buying IBM,’ because you could trust IBM,” said Andrew Caspersen, a former chief information security officer at Charles Schwab. “But security firms have never been able to establish that level of credibility.”

What is more, while many information security officers agree that antivirus software, a traditional form of protection, fails to defend against modern-day threats, some say newer products are not much better.

[Layered defense]

They say there is no silver bullet when it comes to breach defense. It is a matter of layering the most effective technologies, hiring the best people, then hoping for good luck.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Cybersecurity Pros Earn $500,000+ per Year

Posted on June 25th, 2014 by Dan Rampe

Cybersecurity

Cybercriminals can make big bucks. That is if they don’t go to jail. Stopping cybercriminals also pays well. And there’s no jail. Now this would be the perfect place for a snarky remark – except we work with some of the finest cybersecurity pros on the planet and may need them to pick up a lunch tab now and then.

Anyway…

Seth Fitzgerald notes in his piece on toptechnews.com (Link to article) that as “the costs associated with data leaks continue to rise, large organizations are finding it more cost effective to hire seasoned IT experts — including some who earn more than $500,000 a year…”

Now hiring

Organizations are looking to put together cybersecurity teams whose mission is to protect customer data. PepsiCo and USAA (United Services Automobile Association) among others are hiring chief information security officers (CISOs), and says Fitzgerald, “paying big money….”

CISO reports to CEO, more teams, more software

Fitzgerald says, “By hiring a CISO who reports directly to the CEO, businesses can ensure a C-suite emphasis on data and network security. These top-level hires may be part of the solution, but more comprehensive cybersecurity teams and software are generally also needed to provide sufficient protection.”

FBI also beefing up cybersecurity

The FBI is in the process of hiring 2000 additional cybercrime professionals.

Store less data. Encrypt more

In addition to having the best available cybersecurity software and experienced anti-cybercrime professionals, Fitzgerald observes that companies should “either store less data so that customers are not put at-risk or they must heavily encrypt data to make any stolen information useless to the criminals.”

1,000,000 cybersecurity positions need filling

Cisco’s 2014 Annual Security Report says more than one million cybersecurity positions remain unfilled around the world. And, the U.S. Bureau of Labor Statistics expects the information security analyst field to grow by 37 percent through 2020.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.