Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I
‎10-23-2019 01:27 PM
‎10-23-2019 01:27 PM

Newspaper Dumps CISO

In 2016, the New York Times hired former hacker Runa Sandvik as their Chief Information Security Officer for the newsroom and journalism operations. Last July the paper published  a Times Insider profile on Ms. Sandvik

On October 22 Ms. Sandvik tweeted that the NYT eliminated her role at the paper, saying the paper "stated there is no need for a dedicated focus on newsroom and journalistic security."

 

So, one of the most high visibility news organizations in the USA, if not the world, is not worried about implementing two factor authentication, or training the news staff on phishing attacks, or implementing safeguards to protect the confidentiality of reporters' news sources. 

 

Yeah, as a profession, I think we may need to add the Rodney Dangerfield Mantra to our credo.

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
3 Replies
denbesten
Community Champion
‎10-23-2019 05:20 PM
‎10-23-2019 05:20 PM

Somehow, I suspect there is much more to the story than a sudden dislike for MFA or phishing-training, especially given that two-ish months ago, The New York Times hired a CISO, Erinmichelle Perri.

 

Realizing that there are (at least) two sides to every story, I went looking for the NYT perspective.  Strangely, I found it on Fox News:

 

Fox News writes:

"Information Security is critically important to The News York Times, which is why we recently hired our first chief information security officer," the [Times] spokesperson stated. "While we don’t comment on specific personnel decisions, the restructuring of our InfoSec group that was announced yesterday is fully consistent with strengthening The Times’s data security protections in the newsroom and across the organization."

Incidentally, Runa Sandvik's title was "Senior Director of Information Security", not CISO.  

Reply
Steve-Wilme
Advocate II
‎10-24-2019 05:39 AM
‎10-24-2019 05:39 AM

And in an even more serious case, more purges:

 

https://arstechnica.com/information-technology/2019/10/white-house-guts-infosec-team-posturing-itsel...

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos
Flyslinger2
Community Champion
‎10-24-2019 08:47 AM
‎10-24-2019 08:47 AM

Money is the issue.  Newspapers are hemorrhaging money.  If your aren't the advertising wing of the publication you are a financial liability. Add in the fact that security isn't a problem until you are hit then why pay for a CISO.  They are willing to take the risk in the short term to gain stock value and market share.

 

It's all about money.

 

 

Reply
0 Kudos