Global News & Analysis

78% of Enterprises Don’t Have High Confidence in Their Security Controls

A newly released survey conducted by the Ponemon Institute and commissioned by Cymulate quantifies the impact of threat and business evolutions on a company's security posture. The State of Breach and Attack Simulation and the Need for Continuous Security Validation report underscores the need for security leaders to continuously assess their security performance in the face of the exponential growth of threats and business evolutions.

The report shows 60% of enterprises make changes daily or weekly to their security controls and 67% say that it is important to validate that changes applied to the security controls have not created security gaps.

Nevertheless, 43% of companies do not test their security controls or only when an incident occurs, and an additional 14% test less than once a year. In contrast 38% of companies that are vigilant in testing were more confident in the effectiveness of their security controls.

The survey also found that in response to the COVID-19 pandemic and transition to support working from home, 62% of responding companies acquired new security technologies and 59% had to relax some of their security policies; only 38% actually tested the security that protected the new attack paths created by employees working from home.

12 New Security Executives Announced 
Security executives on the move! Which industry leaders have recently begun new roles? Visit SecurityMagazine.com for the complete articles.

Paul Trombino — New Director of the Iowa Department of Homeland Security and Emergency Management

Paul Trombino was recently appointed Director of the Iowa Department of Homeland Security and Emergency Management. Prior to this role, Trombino served as interim director of the Department of Administrative Services and as the Governor’s Chief Operating Officer.

Previously, Trombino was director of the Iowa Department of Transportation for more than 5 years and worked for 17 years at the Wisconsin Department of Transportation, where he served at different times as Bureau Director, Operations Director and Civil Engineering Supervisor of the Highway Division. From 2015 to 2016, he served as President of the American Association of State Highway and Transportation Official (AASHTO). Congratulations! Image courtesy of Trombino

Noah Beddome — Opendoor’s New Chief Information Security Officer

Noah Beddome joined Opendoor as Chief Information Security Officer (CISO). Beddome is responsible for protecting the data and technology infrastructure that is core to the organization. He oversees Opendoor’s information security program and IT and will help to maintain trust with customers by ensuring the integrity of data systems.

Beddome has more than a decade of experience working in information security in enterprise and government environments. Most recently, he served as VP of Security Engineering and interim CISO for Datadog, a cloud monitoring and security platforms serving companies across the globe. The teams he managed secure vast amounts of data processed by large cloud companies. Congratulations! Image courtesy of Beddome

Jack Bennett — Kroll’s New Managing Director, Cyber Risk Practice

John (Jack) Bennett joins Kroll, a division of Duff & Phelps, after leading the FBI Los Angeles Field Division, the third largest FBI field division, having managed a variety of complex investigations throughout his career.

Bennett’s career accolades span investigative and intelligence support to all Southeast Asia and Oceania Region Legal Attaché offices, deployment of the FBI’s crisis management protocols and capabilities for northern California, policy development for the FBI’s Insider Threat and Damage Assessment programs, and responsibility for the Cyber Branch in the San Francisco Division, where he was embedded with EUROPOL’s European Cyber Crime Center. Congratulations! Image courtesy of Kroll

John deCraen — Kroll’s New Associate Managing Director, Cyber Risk Practice

John deCraen joins Kroll after working with Alvarez & Marsal, where he was the original member of the Forensic Technology Services practice and founding member of Global Cyber Risk Services practice.

deCraen brings extensive digital forensics and incident response experience with an emphasis on complex eDiscovery engagements, having worked with several AmLaw100 and Global Fortune 500 firms in cybercrime investigations, bankruptcies and insider fraud. His achievements include representing a U.S. State Secretary of State in an exhaustive cyber security controls examination of that state’s electoral systems. Congratulations! Image courtesy of Kroll

Steve Bergman — Kroll’s New Managing Director, Cyber Risk Practice

Steve Bergman is a recognized technology leader and change agent known for innovative business approaches, responsive cyber strategies and fostering impactful partnerships. He joins Kroll from RSA, where he led the firm’s Global Services Advisory as they engaged with RSA's largest and most strategic customers in business risk mitigation and cyber security strategies.

He is the recipient of the CIO 100 Award for Innovation and Growth for his contribution in leading high-impact teams solving complex enterprise challenges and was previously solicited by the White House to lead the Ready.gov initiative for its high-profile citizen preparedness campaign immediately following the attacks of 9/11. Congratulations! Image courtesy of Kroll

Avril Haines — New U.S. Director of National Intelligence

Avril Haines was appointed Director of National Intelligence by U.S. President Joe Biden. Haines is the first woman to lead the U.S. Intelligence Community and will oversee the nation's 18 intelligence agencies.

Haines previously served as Deputy National Security Advisor to President Obama, was the Deputy Director of the Central Intelligence Agency, and served as the Legal Adviser to the National Security Council (NSC). Before joining the NSC, she led the Treaty office at the Department of State, was the Deputy Chief Counsel for the United States Senate Committee on Foreign Relations, worked for The Hague Conference on Private International Law, and served as a law clerk for Judge Danny Boggs on the U.S. Court of Appeals for the Sixth Circuit. Congratulations! Image courtesy of the White House

Brian Nicholls — University of Utah’s New Special Assistant to the Chief Safety Officer

Brian Nicholls has been named Special Assistant to the CSO at the University of Utah. Nicholls will coordinate community engagement initiatives with organizations across campus, as well as implement new response protocols developed by the Racist and Bias Incident Response Team. Nicholls will work closely with Student Affairs and the Office for Equity, Diversity, and Inclusion (EDI) to evaluate and improve university safety efforts comprehensively.

Nicholls is a long-time University of Utah community member, having been involved for over 20 years. He earned both a bachelor’s degree in communication and a juris doctorate from the University of Utah and worked in the Office of Equal Opportunity and Affirmative Action for the past 10 years, most recently as associate director. Congratulations! Image courtesy of The University of Utah

Casey Jessmon — Ungerboeck’s New CISO

Casey Jessmon was named CISO for Ungerboeck, where he will continue to foster and invest in a culture of security. He will be involved in evaluating and recommending the latest tools and technologies to ensure that Ungerboeck can be proactive and well prepared in their approach with security.
Jessmon joins Ungerboeck with more than 10 years of experience in operational information security and has a proven record of accomplishment in leadership roles prior to joining the team. Jessmon was the Business Information Security Officer at Equifax Workforce Solutions and he also served as the Director of Information Security Operations at Mastercard where he managed a global team responsible for building and protecting the Information Security Infrastructure. In addition, he has held various IT and security roles at Nestle Purina and Boeing. Congratulations! Image courtesy of Jessmon

David Rose — Denison University’s New Director of Campus Safety

David Rose joined Denison University as Director of Campus Safety. Rose, a retired captain of The Ohio State University police division, brings more than 30 years of campus safety experience to his position. Rose will continue to grow and strengthen Denison’s campus community safety model.

Rose was selected from a national search process, during which many were impressed with his wealth of knowledge, his experience in leading a team, commitment to ongoing professional development, crisis management experience, and his ability to build relationships on and off-campus. Congratulations! Image courtesy of Rose

Marlon Lynch — Michigan State University’s New Chief of Police

Michigan State University has chosen Marlon Lynch to serve as the university’s next Chief of Police. Lynch, an MSU alum who has worked in law enforcement for nearly 25 years, will also hold the title of Vice President for Public Safety. In the role, Lynch will lead the university’s 120-member police department, including community engagement, cybersecurity, emergency management, parking enforcement and traffic engineering. His emphasis will be on community policing and enhancing diversity, equity and inclusion efforts.

Lynch previously served as Chief Safety Officer for the University of Utah in Salt Lake City. In this position, he oversaw more than 180 individuals in police, health system security, and emergency management and community services. Congratulations! Image courtesy of Lynch

Laura Deaner — Northwestern Mutual’s New CISO

Laura Deaner was appointed to CISO at Northwestern Mutual, where she will lead the Enterprise Information Risk & Cybersecurity team and be responsible for spearheading Northwestern Mutual's information security strategy.
Deaner has more than 21 years of experience working in cybersecurity for multi-national Fortune 500 companies to build effective and robust information security programs by aligning deep technical expertise with executive business vision and support. Her expertise includes risk management, data security, regulatory compliance, incident response, data integrity and information security in multiple industries, including financial services and media. Congratulations! Image courtesy of Deaner

Brad Austin — New York’s Livingston County’s New Director of Emergency Management

Brad Austin has been appointed New York's Livingston County Director of Emergency Management. He replaces Kevin Niedermaier, the County's first full-time Director of Emergency Management, who retired in December after 25 years of service. Austin has been active in fire and emergency services for 28 years. He previously served as a dispatcher for the Livingston County Sheriff’s Office and the North Greece Fire District.

Most recently, he was employed by Jensen Hughes, an international company that specializes in fire and emergency management for health care facilities. Fire and safety education is very important to Austin as he has been a New York State Fire Instructor for the past five years. He holds a Bachelor of Science degree in Criminal Justice from the State University of New York at Brockport. Congratulations! Image courtesy of Austin