Security executives on the move and in the news

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape.

Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.

CSO’s Movers & Shakers is where you can keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Michael Nadeau, senior editor.

October 12, 2018: Anil Varghese joins Exeter Finance as senior VP and CISO

Varghese has over two decades of global experience in the information security arena, including stints at American Express and Sony. He most recently served as the CISO for Service King. Varghese will be a member of the IT leadership team reporting to CIO Michele Rodgers.

Varghese has had direct responsibility for setting strategic direction on IT risk, security, compliance, and privacy issues. He has been engaged to support sensitive M&A due diligence initiatives and fostered key relationships. Varghese has also served as a thought leader and security evangelist for PayPal and other companies.

A sitting board member of Digital Accelerator at SMU, Varghese is an active member of the information security/assurance community, including roles as a presenter/speaker to ISSA, CISO Roundtable, InfraGard, ISACA and the FBI.

October 12, 2018: ICF names Crystal Jones as first global data protection officer

Jones, who also serves as assistant general counsel and director, oversees ICF’s Global Data Protection and ePrivacy program. As data protection officer (DPO), Jones ensures that ICF follows data protection best practices and maintains compliance with regulatory frameworks across the globe, from the European Union’s General Data Protection Regulation (GDPR) to California’s recent landmark privacy legislation.

As both a controller and processor handling large amounts of client, employee and individual personal data across the world, ICF has adapted in design and practice to meet the requirements of these shifting frameworks. Jones has worked to align the company’s internal practices and procedures with globally recognized data protection laws and regulations.

October 11, 2018: Delaware Department of Technology announces Solomon Adote as state CSO

Adote will be responsible for enhancing and improving the state’s cyber security strategy, including the design and execution of the Delaware Information Security Program and the Continuity of Government and Disaster Recovery Program.

“Cyber security is more important now than ever and we are excited to welcome Solomon back to lead our efforts,” said CIO James Collins in a press release. “He brings a great blend of organizational and tactical information security experience that will be invaluable as our enterprise digital government strategy evolves.”

Adote brings experience designing comprehensive information security programs and deploying some of the industry’s leading technologies. He has also developed hybrid-managed and in-house security operations centers (SOCs) and led the architecture and implementation of secure computing environments for both public and private clouds.

Most recently, he led FMC, Inc.’s, global IT cyber security team for six years. There, Adote was responsible for the security of a complex, 90-site international manufacturing and corporate network. His team covered all aspects of cyber security —from network security, application security, incident response, identity and access lifecycle management, to internet and remote access. Adote has also worked as an IT security technical lead at QVC, Inc., the third largest e-commerce company in North America, where he secured a dynamic Payment Card Industry (PCI) compliant credit card processing environment with a web presence in multiple countries.

October 11, 2018: TLDR hires FBI veteran Jon Fisher as director of security

At TLDR, a global advisory firm for tokenization projects, Fisher joins a team of seasoned security experts, military officials, and FBI cyber agents in delivering enterprise-level security techniques to leading institutions, exchanges, and projects. His years of physical and cyber security experience will further drive TLDR’s overall mission to protect investors and businesses within the blockchain industry against hackers and token theft.

Andre McGregor, partner and global head of security at TLDR, said in a press release, “As investment continues to flood into the emerging blockchain industry, hackers have put a bullseye on blockchain companies who haven’t paid adequate attention to security. We are excited to have Jon join us in our mission to meet this industry-wide challenge. … Jon’s more than 15 years of experience will be an invaluable resource for our clients.”

Fisher boasts extensive experience at the highest level of security management from prior positions at the Metropolitan Police Department in Washington, DC, and three branches of the U.S. military. As a supervisory special agent in the FBI Cyber Division and an FBI Cyber Division liaison to the National Security Agency, Fisher led efforts on a variety of investigations including state-sponsored computer intrusions and transnational organized crime rings.

“The excitement surrounding the blockchain industry right now is palpable thanks to the unprecedented pace of innovation, but with this race to innovate comes a heightened need for security,” said Fisher in a press release. “TLDR is not only tackling the cybersecurity problems of today but looking to the future to anticipate preventative security and custody solutions for clients. I’m confident that my expertise will bolster TLDR in its mission to help educate and empower organizations to remain vigilant against security threats.”

October 10, 2018: Justin Dolly named COO and CSO at SecureAuth

Dolly is a former SecureAuth board member and has extensive experience in advanced information, infrastructure, web, application, and product security, as well as in risk management, network engineering, and design. Dolly comes to SecureAuth from Malwarebytes where he served as CSO and CIO.

October 2, 2018: AutoGrid announces Omprakesh Moolchandani as its first CISO

Moolchandani joined the AutoGrid executive team on October 1 and will play an important role on leadership team at AutoGrid, a provider of security solutions to the energy sector. “Our customers care deeply about the safety and security of their data,” said Dr. Amit Narayan, CEO, in a press release. “We take cybersecurity very seriously, and Om’s appointment and this new position intensify that focus.”

Cybersecurity ranks as the utility industry’s most pressing concern, with more than 80 percent of respondents in Utility Dive’s 2018 State of the Electric Utility Survey listing it as important or very important.

Moolchandani comes to AutoGrid from General Electric’s industrial internet of things unit, Predix, where he served as senior director for cybersecurity. Before GE, Om headed cybersecurity for cloud security company CipherCloud and for several Australian financial and industrial companies.

Moolchandani holds master’s and bachelor’s degrees in computer applications from University of Technology of Madhya Pradesh, a certificate in business strategy from Harvard Business School, and a certificate in IoT business from the MIT Sloan School of Management. Om is a lifetime member of ISACA, the worldwide information systems association

October 1, 2018: County of San Bernardino hires Robert Pittman as CISO

Pittman previously served as CISO for the County of Los Angeles. Prior to that, he was  as their Chief Information Security Officer (CISO).  Prior to that, he was the county’s first assistant CISO for six years. There, Pittman built and grew an enterprise information security program from the bottom up, established a security culture, and designed a sustainable security foundation.

As CISO for the largest geographical county in the nation at the County of San Bernardino, Pittman plans to use his experiences and insight gained to better secure the county’s 44 departments or business units and 22,000 employees.

Pittman was given the 2016 Local Government Cybersecurity Leadership and Innovation award by the Center for Digital Government for advancements to the County’s information security program, the 2014 Cyber Security Leadership in Local Government award by the State of California and the Office of the Attorney General, and 2012 CISO of the Year award by the Info Security Products Guide.

September 11, 2018. Richard Bejtlich joins Corelight as principal security strategist

Bejtlich, an early proponent of the open source Bro Network Security Monitor that is at the heart of the Corelight Sensor network visibility tool, will work with the company’s executive team to help align product development with enterprise needs. He will also communicate the value of Bro data and network security monitoring for countering adversaries.

“Richard has inspired a generation of defenders through his books, blog posts, presentations, and personal example. Corelight is the network visibility company and Richard is the network visibility guru – so this feels like a perfect match,” said Greg Bell, CEO of Corelight, in a press release. “We are thrilled to have him join the Corelight team.”

Bejtlich has spent years championing the importance of network security monitoring and the critical role real-time data plays in assessment, detection, and response processes. His first book, The Tao of Network Security Monitoring: Beyond Intrusion Detection (Addison-Wesley Professional, 2004), includes a chapter devoted to Bro and he has also frequently blogged about the technology.

“After years of protecting networks with Bro, joining the Corelight team feels like the natural next step,” said Bejtlich in a press release. “Other tools offer glimpses of network visibility, but Bro is like the Hubble telescope. I look forward to working with my new team – many of whom I consider security mentors – to help all organizations harness the power of Bro and Corelight to defend their networks.”

Bejtlich was previously Mandiant’s CSO when FireEye acquired Mandiant in 2013. Prior to Mandiant, Bejtlich worked as director of incident response at General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT).

September 27, 2018: Adnan Dakhwe joins security startup Vera as head of security and compliance

For more than a decade, Dakhwe has built and maintained security, compliance, risk and privacy programs. With a passion for security, technology, innovation and entrepreneurship, he has deep experience in security strategy, risk management, cybersecurity, architecture, product security, governance, business continuity and disaster recovery across cloud, hybrid and on-premise environments.

Prior to Vera, Dakhwe served as a manager for MuleSoft’s Global Information and Compliance group. Adnan has served is various leadership roles at a Fortune 100 retailer, one of the largest global consulting organization and a marquee healthcare organization.

For the last six years, Dakhwe has served on the board of directors of ISACA (San Francisco and then Silicon Valley). He is an active advisor of SecureWorld and a researcher for the Cloud Security Alliance.

September 24, 2018: Santander UK appoints Emma Leith as CISO

In the newly created role, Leith will be responsible for the delivery of security and privacy services across Santander UK, in line with the continued commitment to protect Santander’s systems, information and customers from the growing cyber risk.

Leith joins from Barclays International, where she was director of cyber strategy and programme. Prior to this, she was CISO for the Corporate Functions and Commodity Trading Division at BP Oil International and has over 13 years’ experience in leading cybersecurity and privacy agendas across a variety of industry sectors including financial services, oil and gas, telecoms and government.

This article originally appeared on