Four Things CISOs Should Do Now To Protect From Being Scapegoated
InformationWeek, Wednesday, November 8,2023
On Oct. 30, the Securities and Exchange Commission (SEC) charged SolarWinds and its former Chief Information Security Officer - Timothy G. Brown - in a 68-page complaint alleging that the company and its then security head defrauded investors and customers through 'misstatements, omissions and schemes that concealed both the company's poor cybersecurity practices and its heightened - and increasing - cybersecurity risks.'
Well, that's disturbing, said Contrast Security CISO David Lindner. Unfortunately, it's not the first time that a cybersecurity leader has faced accountability for the security posture of their organization, and it won't be the last, Dave suggests.
According to court testimony and documents, the team of former Uber Chief Security Officer Joe Sullivan had referred the culpable attackers to Uber's bug bounty program in order to funnel payments to the crooks, as if they were 'white hat' researchers responsibly reporting security vulnerabilities.