The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.
CSO’s Movers & Shakers is where you can keep up with new senior level security executive appointments and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.
August 9, 2017: Steve White joins ForgeRock as CSO
White brings his 20 years of cyber security experience to digital identity management solution provider ForgeRock. He is expected to transform the company’s security and compliance programs into a dynamic cyber defense strategy. A business-savvy technologist with over 17 years of security experience across multiple disciplines, White has a rich history of successfully leading security-focused change for agile product engineering/operations/development organizations.
Steve White, ForgeRock CSO
“Steve White has the ideal mix of ingenuity, skills and expertise to lead ForgeRock’s information security strategy and operations as we enter the next phase of our growth,” said CEO Mike Ellis in a press release. “The fastest growing segments of our business involve managing digital identities in the cloud, and customer identity and access management implementations for global brands. These types of business cases pose unique security challenges that require thorough, precise approaches through all stages from development to ongoing operations. All of us at ForgeRock are excited to have Steve leading our security efforts.”
White comes to ForgeRock from Sonos, where he oversaw the security strategy and programs for the company. He previously held senior information security positions at CenturyLink Cloud and Amazon, and also was a key leader driving the launch and growth of a cybersecurity consulting practice for Microsoft Services. Steve began his career in cybersecurity as an officer in the U.S. Air Force, holding multiple engineering and leadership roles in various Air Force cyber units.
“Digital identity is the key enabling technology powering many of the fastest-moving and challenging trends in business today, from digital transformation and the internet of things, to Open Banking, PSD2, GDPR and more,” said White in a press release. “Having worked in government, retail and consumer IoT, I’ve had firsthand experience in numerous projects and deployments where digital identity technology was required to secure personal data, devices, and things. ForgeRock’s impact on the value and transformation for enterprises, to enable trusted human and IOT relationships across their ecosystem of customers and routes to market, through the amazing innovations that ForgeRock is driving in the digital identity space makes this an incredible opportunity. I’m thrilled to be joining the ForgeRock team.”
August 8, 2017: Bay Dynamics names former U.S. CISO Gregory J. Touhill to its board of directors
Cyber risk analytics software provider Bay Dynamics added retired Brigadier General Touhill to its board to help the company’s efforts to enable enterprises and government agencies to adopt a risk based approach to cyber security. “Bay Dynamics and I share a vision of enabling public and private organizations to approach cyber security as a risk management problem,” said General Touhill in a press release. “I am looking forward to adding my expertise to a company that is at the forefront of risk based security.”
Over his career, General Touhill has developed cyber security policies and strategies that executives can understand, adopt and lead across their entire organizations to overcome relentless cyber challenges. He served as the United States’ first federal CISO in addition to holding senior level information technology positions at more than a dozen private and public-sector organizations, including his current position as president of Cyxtera Technologies’ new Cyxtera Federal Group.
“Cyber security cannot be approached as an occasional project or a reaction to a breach. It is now one of many risks enterprises and agencies must manage on a day to day basis,” said Feris Rifai, co-founder and CEO at Bay Dynamics in a press release. “Through his thought leadership and actions, it is clear General Touhill shares this philosophy, which is why having him join our board is the meeting of kindred spirits. Bay Dynamics is already at the forefront of risk oriented cyber security and we are looking forward to incorporating General Touhill’s ideas and perspective as we evolve even further to accomplish our mission.”
August 7, 2017: Episerver hires Sue Bergamo as both CIO and CISO
Bergamo will drive the long-term IT strategy, as well as the security and risk strategies for Episerver, which provides a cloud-based platform to manage digital content, commerce and marketing. In her role, she is expected to collaborate across departments in support of the company’s risk and security assessment program.
Sue Bergamo, Episerver CIO and CISO
A veteran of Microsoft, Bergamo brings to the newly expanded role more than two decades of leadership experience in strategic planning, product management, IT operations and infrastructure, cybersecurity, data management, application development and process redesign at Fortune 500 companies including Cigna, CVS Pharmacy, Liberty Mutual and Staples.
“With the necessary global focus on data privacy and security laws in the wake of many very public cyber attacks, we recognize the vital role security and IT infrastructure plays in delivering secure business applications in the cloud in a way that complies with rapidly evolving legislation,” said Mark Duffell, president and CEO of Episerver, in a press release. “Ongoing investment in our products as well as compliancy initiatives like Privacy Shield, ISO27001, and the European Union (EU) general data protection regulation (GDPR) is paramount to our continued growth and success, and Sue brings the right mix of vision and leadership to help us achieve our goals on behalf of our customers around the world.”
Before joining Episerver, Bergamo was a global technology strategist at Microsoft for over three years. Earlier, she served in a number of CIO positions including facilities management and food services conglomerate Aramark. She also headed up enterprise data management at global office supply retailer Staples and oversaw enterprise application development for drugstore giant CVS Pharmacy.
“It is a privilege to join a company like Episerver that has a true vision and commitment to driving innovation and digital transformation for all companies on a global scale,” said Bergamo in a press release. “In my new role as CIO and CISO, I look forward to driving operations and strategies that align with that vision and that support and protect Episerver’s customers and employees as it continues to grow on the leading edge of content and commerce solutions.”
August 4, 2017: Lyft hires Mike Johnson as its first CISO
Fast-growing ride-hailing company Lyft, Inc., has named Johnson as its director of engineering and chief information security officer. He joins Lyft from Salesforce.com, where he held several security roles.
Mike Johnson, Lyft CISO
“I joined Lyft to help a fantastic team execute as well as drive new security and privacy initiatives necessary to maintain our incredible growth, especially as Lyft pushes into new areas such as self-driving cars,” says Johnson. “I’m concentrating on growing the team through the hiring of world class security professionals and ensuring we have the right technology in place to keep up with the growth of the company.”
August 2, 2017: Scott Caschette promoted to CISO at managed IT service provider Vology
Caschette moves up form a senior technology strategist role to lead Vology’s managed security practice, with the mission to protect the company’s customers and employees against accelerating cybersecurity threats. “In less than a year, Scott has become an integral part of the Vology team, offering distinctive insight as a former CIO for one of our customers,” said Barry Shevlin, CEO of Vology in a press release. “With his pragmatic approach to problem solving and his security background, he was the ideal choice to take the CISO role and build out our managed security practice.”
Scott Caschette, Vology CISO
“By combining our world-class network operations centers, partner relationships, nationwide network and extensive skill sets in enterprise security, Vology is uniquely positioned to deliver managed security offerings to its customers,” said Caschette in a press release. “In the ever-changing environment of cyber threats, organizations are faced with challenges from policy creation to threat mitigation and remediation.”
Caschette has more than 25 years of experience in providing leadership in the design and implementation of enterprise technology. Prior to joining Vology in November 2016, Caschette served as CIO at Albertelli Law for more than four years. There, he developed and executed a complete technology transformation, successfully modernizing, securing, and ensuring compliance in infrastructure, data management, disaster recovery, vendor management, delivery, and sustainability. Caschette holds a Bachelor of Arts in Management of Information Systems from Front Range College.
Caschette is actively involved in multiple organizations with strong commitments to advancing the local tech community. In addition to his role on the CIO Executive Council, Caschette is an advocate for the Tampa Bay Technology Forum. He currently serves on the events committee, and he was one of four judges for the group’s Annual Industry Achievement Awards in 2014 and 2015. Caschette is also an advisory board member to several companies and start-ups.
August 2. 2017: Mark Nunnelly picked to run newly formed Massachusetts technology and security agency
Massachusetts Governor Charlie Baker’s administration has announced the formation of a new executive branch agency, the Executive Office of Technology Service and Security (EOTSS) to provide secure and quality digital information, services and tools to constituents and service providers. Nunnelly, currently the executive director of MassIT, has been named as secretary of EOTSS and CIO for the Commonwealth.
Commonwealth of Massachusetts
Mark Nunnelly, Massachusetts EOTSS
Through EOTSS, Nunnelly will have oversight on all IT activities of state agencies. EOTSS will focus on centralizing IT infrastructure services across the executive department and review and update policies and procedures governing state cybersecurity, digital platforms and data management.
“Establishing the Executive Office of Technology Service and Security will allow state government to streamline state services, improve cybersecurity and better serve our constituents,” said Governor Baker in a press release. “We look forward to developing this secretariat to support the Commonwealth’s focus on providing modern, secure and stable technologies.”
“The rate and pace of change have forced all large organizations to rethink their digital service approach from a security, service and structure perspective,” said Nunnelly in a press release. “This reorganization will help equip the many talented IT professionals across the State with the right structure, tools, and platform to secure our information and provide better service to our constituents. We look forward to working with leaders from across the executive branch in making progress against these imperatives.”
August 1, 2017: Diane E. McCracken promoted to executive VP and chief security officer at Customers Bank
McCracken will have executive oversight of all security operations, including cyber, information, application and physical security as well as business continuity and disaster recovery at Customers Bank, a community-based, full-service bank with assets of approximately $10.9 billion
“Security is a top priority for Customers Bank, and managing risks effectively and proactively requires executive-level commitment and attention,” said COO Richard Ehst in a press release. “By elevating the CSO to an executive role, we are able to take a more strategic approach to our security operations that includes unprecedented visibility across all areas of the bank, with results that will benefit each and every one of our customers. Diane’s knowledge of Customers Bank and her vast successes in information technology and security make her an ideal fit for this role.”
McCracken has more than 18 years of experience as a technologist with a specialty in information technology. She began her career in information security in 2004 as an analyst with Sovereign Bank. She joined Customers Bank in 2011 as the Information Security Leader and has held various roles since then, including launching the Bank’s first mobile app in 2012, leading the vendor management practice, and building the bank’s cybersecurity programs. She was promoted to Chief Security Officer in September 2015.