New CISO appointments 2023 – Source: www.csoonline.com

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.

Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Andrew Flynn, regional executive editor.

New CISO appointments, June 2023

Hoxhunt appoints Petri Kuivala as chief information security officer advisor

Cybersecurity behavior change software company Hoxhunt has named Petri Kuivala chief information security officer (CISO) advisor. Kuivala will work closely with the CISOs and security teams of current and prospective customers of the Finladn-based company to evaluate human-centered security vulnerabilities and help devise risk mitigation strategies. Kuivala has held positions as vice president of general IT and UX at NXP Semiconductors and as a security executive at Nokia, serving as the company’s CISO and CSO for more than a decade. He was also a senior director of global security at Microsoft.

Brown & Brown name Barry Hensley chief security officer and Rob Burch chief information security officer

Insurance provider Brown & Brown has appointed Barry Hensley as its first chief security officer and Rob Burch as chief information security officer. Hensley is a global cybersecurity leader who served as the chief threat intel officer and senior vice president for Secureworks and is the former director of the US Army’s Global Network Operations and Security Center. Burch was formerly senior vice president and chief information security officer for Fidelity National Financial.

Josh Lemos becomes CISO at GitLab

DevSecOps platform GitLab has named 20-year cybersecurity veteran Josh Lemos as CISO. Lemos joins GitLab from his post as CISO at Block (formerly known as Square), and previously held senior security executive roles at Cylance and ServiceNow.

Scott Putnam appointed CISO at New Charter Technologies

Managed IT Services provider New Charter has appointed Scott Putnam as its chief information security officer. Putnam, a founding partner of New Charter, previously served as president for managed security service providers Cyber74 and Digital Umbrella and as president of Apex Technology Management, an IT managed services provider. A 30-year veteran of the IT and cybersecurity industry Putnam is also co-author of “Cyber SWAT: Hackers are only part of the problem.”

New CISO appointments, May 2023

Former Twitter CISO Lea Kissner named CISO of Lacework

Cloud security company Lacework has appointed Lea Kissner as its new chief information security officer. The former Twitter CISO will be responsible for leading the development and implementation of Lacework’s overall security strategy and programs. Kissner has worked in cybersecurity for more than 20 years including as chief privacy officer at Humu and global lead of privacy technology at Google.

Maria Milosavljevic to become chief information security officer at ANZ

Former Services Australia CISO and chief data officer Maria Milosavljevic has been appointed CISO of ANZ Banking Group, replacing Lynwen Connick, who will retire in October. Milosavljevic is currently the chief data integration officer at the Australian Department of Defence. Milosavljevic will be responsible for ensuring ANZ’s information security strategy continues to address the challenging cyber security landscape and supports the bank’s digital transformation. She will begin working at ANZ on Monday, August 28.

Lee Buttke named CISO of AgileBlue

AgileBlue, an autonomous cyber security operations center (SOC) and security orchestration and automated response (SOAR) platform, has named Lee Buttke as its new chief information security officer. Buttke will also take a position as managing director at AgileBlue. Buttke has held positions as director of risk, security, and privacy at Online Business Systems and director at penetration testing firm NetSPI and is the former president of software and professional services provider Truonix.

Security and compliance automation platform Drata appoints Matt Hilary as vice president of security and CISO

Matt Hilary has been named vice president of security and CISO at Security and compliance automation platform Drata. Hilary was formerly senior vice president systems and security and CISO at Lumio and previously held CISO and lead security roles at Weave and Workfront, Instructure, Adobe, MX, and Amazon Web Services.

Bill O’Hern named CISO of Travelers

Former AT&T chief security officer Bill O’Hern has been appointed as a senior vice president and CISO of insurance firm Travelers. O’Hern spent more than 20 years in security-related roles at AT&T and was previously general manager for the Midwest US region at Handex Environmental.

Earl Duby appointed CISO at Auxiom

Earl Duby has been named the first-ever CISO of Michigan-based managed service provider Auxiom. A CSO50 Award winner, Duby was formerly CISO of Lear Corp. and has two decades of experience in cybersecurity, including leadership roles at GE, Affina Group, and Federal Mogul.

New CISO appointments, April 2023

UK appoints Anne Keast-Butler as first female GCHQ director

The UK government has appointed Anne Keast-Butler as the new director of intelligence, security, and cyber agency Government Communications Headquarters (GCHQ). Keast-Butler was appointed following a cross-government recruitment process and will succeed Sir Jeremy Fleming, who is stepping down after six years in the role. Keast-Butler, currently serving as deputy director general at domestic counterintelligence and security agency MI5, will become the first female director of GCHQ. She will take up her post in May.

Bryce Carter becomes first CISO of Arlington, Texas

Bryce Carter has been appointed as the first chief information security officer for the city of Arlington, Texas. Mr. Carter was previously a senior information security analyst for Bellingham, Washington, and has served in senior security-related roles in Miami County, Kansas, and at companies including Clover Security Advisors, United Release, and FlyPage. In a statement, Mr. Carter said he intends to “communicate security in a way that everyone can understand” and will focus on creating an enterprise-wide security program, reducing outsourcing of security.

Brian Contos appointed chief strategy officer at Sevco Security

Cyber asset attack surface management (CAASM) company Sevco Security has appointed Brian Contos as its chief strategy officer. Mr. Contos is a 25-year veteran of the security industry, having served previously as CISO at Verodin “Enemy at the Water Cooler” and a co-author of “Physical & Logical Security Convergence.” Mr. Contos said he believes security “needs a disruptive approach. Sevco Security fundamentally changes how organizations get value from their existing security and IT operations investments by having the most accurate and timely asset intelligence.”

James Hill named CISO of cloud infrastructure software developer CYTRACOM

James Hill has been appointed as CISO of CYTRACOM. Mr. Hill has 20 years of experience in “business development, cybersecurity, people development, and technical expertise,” according to a statement. His role at the company will be to ensure CYTRACOM and its employees are working securely, minimizing exposure and risk with an effective and sustainable cybersecurity strategy and program.

IntelePeer appoints Gary Starling as new CISO

Communications Automation provider IntelePeer has named Gary Starling as CISO. Mr. Starling recently served as vice president of IT and security at IntelePeer and led the company’s compliance program. Mr. Startling was previously interim CIO, assistant vice chancellor of IT infrastructure, and CISO, at the University of Denver. He also served as director of global IT, networks and security for EchoStar/Hughes Network Systems and was an avionics communications systems specialist in the US Air Force and as telecommunications specialist, tech control for NORAD. He has been tasked with streamlining IT and security solutions across IntelePeer’s business units, steering the company to develop a high-performance security team in opposition to new and emerging threats.

New CISO appointments, March 2023

Andrea Simpson named CISO of Howard University

Ms. Simpson, a highly regarded expert in cybersecurity, has more than 20 years of professional experience in the industry. She has held the CISO role with the Federal Communications Commission, where she directed the pilot program for government-issued laptop deployment for the agency’s telework initiative as part of its pandemic response plan, and AmeriCorps. Simpson says working at Howard will help her create a space for young adults to gain hands-on cyber experience.

Meredith Griffanti appointed as global head of cybersecurity and data privacy communications at FTI

Ms. Griffanti, who is based in New York, will oversee the growth of FTI Consulting’s cybersecurity communications capabilities. She most recently served as Americas co-leader of cybersecurity and data privacy communications at the business consulting firm, specializing in crisis communications during incident response and cybersecurity preparedness planning. Ms. Griffanti will focus on partnering with leaders and teams globally to further strengthen the firm’s holistic cybersecurity communications capabilities and enhance new levels of collaboration to support clients.

Sebastian Welsh appointed CISO of energy technology company SwitchDin

Mr. Welsh becomes the first CISO at SwitchDin and will work to establish security frameworks for emerging technologies. With 17 years of experience as a leader specializing in building a whole-of-enterprise defense model within businesses, he held roles as the head of security at Canva and staff security engineer at Google before joining SwitchDin.

Joshua Reedy becomes new CISO at New Zealand technology services firm Kordia

Mr. Reedy will take responsibility for Kordia’s Group’s internal cyber security posture, integrating best practices and leading a team of security specialists. He was previously security services manager at Vodaphone, where he oversaw security operations, design, and delivery and led internal offensive security teams.

David Dunn named CISO at global risk and financial advisory service provider Kroll

Mr. Dunn, who had served as deputy CISO at Kroll since 2016, is tasked with continuing to strengthen the firm’s security program to address the evolving and complex threat landscape. With more than 25 years of experience, he was previously a member of the US Secret Service Electronic Crimes Task Force — where he was a lead investigator on an international stolen credit cards scam involving millions of dollars — and is also a 19-year veteran of the Seattle Police Department.

Jaya Baloo named CSO at cloud threat detection provider Rapid7

Ms. Baloo will be tasked with strengthening Rapid7’s internal security program and furthering the company’s mission to deliver greater access to cybersecurity across industries. With more than 20 years of cybersecurity experience, she has previously held roles at Avast and was CISO at Dutch telecom firm KPN. Ms. Baloo is a member of the advisory boards of The Netherlands National Cyber Security Centre and the EU Quantum Flagship’s Strategic Advisory Board.

New CISO appointments, February 2023

Doug Clare appointed as head of cyber strategy for ISS Corporate Solutions

Mr. Clare will assume overall responsibility for ICS’ cyber solutions strategy, including evolving its cyber risk-related offerings and client experience. He will also lead the cyber-risk product and client teams tasked with enhancing and expanding ICS’ risk monitoring and broader suite of related products. He has more than 25 years of experience at Fair Isaac (FICO) and served most recently as FICO’s vice president of fraud, compliance, and authentication solutions.

Keith Anderson named CISO of JetBlue

Mr. Anderson will oversee JetBlue’s information security and will oversee the airline’s strategies, policies and procedures designed to minimize information security risk and proactively detect and address new threats. He previously served as CISO at Warner Bros. Discovery and held security leadership roles at AT&T, Goldman Sachs, and Citi. Mr. Anderson holds a master’s degree in cybersecurity from New York University and a master’s degree in management information systems from Stevens Institute of Technology.

Melissa Knight appointed as CISO of Tego Cyber

Cybersecurity software-as-a-service provider Tego Cyber has named Melissa Knight as chief information security officer. Ms. Knight has been as CISO and cybersecurity executive for 20 years, working in government and commercial sectors. She has held leadership roles with the US Department of Defense and US Department of Energy’s National Nuclear Security Administration security operations teams. She has also worked at Sands Corp., Herjavec Group, and Brier & Thorn.

Mike Housch named CISO of banking digital transformation solutions provider Q2 Holdings