Home Depot Breach 43M loss posting on LinkedIn

I just read an article on LinkedIn about the negative impact caused by the recent Home Depot breach. Here are my thoughts about how all the 2014 breaches should change some C level and Information Security paradigms. These could cause a major C suite thought shift and maybe even a large paradigm thought shift in how our profession thinks about the skills and talents really needed by Information Security professionals.

Note – I know this opinion will not resonate well with some CISO’s – Major IT departments continue to hire CISO’s that have little to no security background. Hackers and blackhats are associated with organized crime and IMO until we put more of an emphasis on the word SECURITY in the CISO title and until CISOs stop walking a tightrope by always trying to compromise and keep the business happy by letting the business need trump the security need (“ok, don’t patch that extremely vulnerable system I understand your business need not to” ) the crooks will continue to win.

Also, it appears that too many companies are basing their CISO hiring decisions on the candidate’s business acumen. Wouldn’t it be better to focus on how well the candidate knows how to fight and deter criminals?
I’m not saying CISO’s don’t need to understand the business I am saying that a stronger focus should be on how much the CISO knows about criminals and crime fighting. I also realize that thought would take a major paradigm shift in the thinking of the C suite.

About mclaukl

Kevin L. McLaughlin began his career as a Special Agent for the Department of Army. He was responsible for investigating Felony crimes around the globe. He has had many careers over the years, including being a Police Officer in Kissimmee Florida, an Investigator for Mastercard/Visa, a Middle School teacher, a Director at Kennedy Space Center (where he worked with Fred Hayes, James Lovell, Armstrong, Sheppard, etc.), the President of his own company, an IT Manager and Senior Information Security manager with the Procter & Gamble (P&G) company (fortune 35), a CISO at the University of Cincinnati and a Senior Information System Security Manager for the Whirlpool Corporation (fortune 125). Kevin has also been an adjunct since 1992. While at P&G Kevin created one of P&G’s augmentation outsourcing teams in India. Kevin designed and implemented this India team and it won a global Gold Service award from Atos-Origin and has acted as a model for countless corporate relationships since. Over the years Kevin has: created an Information Security program conducted Information Security Strategic planning designed Information Security solutions, investigated over 700 Cyber cases and operated a Global Security Operations Center. • Education - MS in Computer Science Education, BS in Management of Information Systems - currently a PhD in Cyber Security, University of Fairfax • Professional Certifications - CISM, CISSP, PMP, ITIL Master Certified, GIAC Security Leadership Certificate (GSLC), CRISC. Kevin also holds Certificates in the Advanced Principles of Information Security and in Advanced Information Security Research Methods from Jones International University.
Aside | This entry was posted in Uncategorized and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s