[funsec] Sony Just Hired a Chief Information Security Officer (CISO)

Jeffrey Walton noloader at gmail.com
Thu Sep 8 17:05:08 CDT 2011


On Thu, Sep 8, 2011 at 4:01 PM,  <Valdis.Kletnieks at vt.edu> wrote:
> On Thu, 08 Sep 2011 01:40:23 EDT, Jeffrey Walton said:
>> Philip Reitinger, former director of the United States National
>> Cyber-Security Center, a division of the Department of Homeland
>> Security, will be joining Sony as a chief information security
>> officer, Sony said Sept. 6.
>
> Horses and barn doors...
>
>> Security experts and industry watchers criticized Sony for not having
>> had a CISO prior to the breaches. "How can a worldwide company with
>> billions in revenue and an even larger market cap not have a CISO? It
>> boggles the mind," Phil Blank, an analyst in the security, risk and
>> fraud practice area at Javelin Strategy & Research, wrote on the
>> market research firm's blog in May.
>
> "If you spend more on coffee than you spend on IT security, then you will
> be hacked. What's more, you deserve to be hacked."  -- Richard Clarke
>
> Anybody want to guess what Sony's coffee/itsec ratio was?
Its amazing a company with chronic security problems was able to
operate without a CISO for so long (cf,
http://attrition.org/security/rants/sony_aka_sownage.html).



More information about the funsec mailing list