CISO MAG, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “Cybersecurity Person of the Year” in its December 2019 issue.
KrebsOnSecurity is grateful for the unexpected honor. But I can definitely think of quite a few people who are far more deserving of this title. In fact, if I’m eligible for any kind of recognition, perhaps “Bad News Harbinger of the Year” would be more apt.
As in years past, 2019 featured quite a few big breaches and more than a little public speaking. Almost without fail at each engagement multiple C-level folks will approach after my talk, hand me their business cards and say something like, “I hope you never have to use this, but if you do please call me first.”
I’ve taken that advice to heart, and now endeavor wherever possible to give a heads up to CISOs/CSOs about a breach before reaching out to the public relations folks. I fully realize that in many cases the person in that role will refer me to the PR department eventually or perhaps immediately.
But on balance, my experience so far is that an initial outreach to the top security person in the organization often results in that inquiry being taken far more seriously. And including this person in my initial outreach makes it much more likely that this individual ends up being on the phone when the company returns my call.
Too often, these conversations are led by the breached organization’s general counsel, which strikes me as an unnecessarily confrontational and strategically misguided approach. Especially if this is also their playbook for responding to random security researchers trying to let the company know about a dangerous security vulnerability, data breach or leak.
At least when there is a C-level security person on the phone when that call comes in I can be relatively sure I’m not going to get snowed on the technical details. While this may be a distant concern for the organization in the throes of responding to a data security incident, the truth is that the first report is usually what gets repeated in the media — whether or not it is wholly accurate or fair.
This year’s CISO MAG awards also honor the contributions of Rik Ferguson, vice president security research at Trend Micro, and Troy Hunt, an expert on web security and author of the data breach search website Have I Been Pwned? More at cisomag.com.
Congratulations, Brian! Well deserved!
Congratulations on the award and recognition; you have definitely earned it! So many of us appreciate your efforts.
Well deserved sir! Congratulations.
Congratulations!!
Hi Brian,
You graciously think of others that may be more deserving of the award, but I can’t. Well done and fully deserved.
Well deserved! You provide a service I very much appreciate.
congratulations Brian, well deserved.
Hi Brian. You deserve it totally. Have been doing such a great job for a long time. Congratulations.
congratulations Brian you are the go to guy…thanks for keeping us informed.
Congrats!
Ditto to all the nice words above.
Well deserved, and we hope you keep at it.
Congrats Brian. As a fellow Northern Virginian, I’ve been reading your blogs and articles since the “dead tree” edition of the Post. Keep up the great work and impressive career.
You have been my cybersecurity person of the year EVERY year for the past several! Congratulations and thank you for your work!!
hi Brian- wonderful to hear… I might add your articles and research have proven to be a truly trusted source for many years for myself.
thank you for your continued hard work that you have put forth in helping all of us fight cyber crime !
Scott Schober
http://www.ScottSchober.com
Well Deserved and appreciated. Thank you for doing all that you do, including answering your reader’s questions.
Cheers
Mark Price
Congratulations Brian!
OUTSTANDING; congratulations, sir!
(And every best wish for the holidays and new year.)
Congratulations Brain! Your articles are really well written, and it really gets me through the days as well as keep me updated on what’s happening around the world.
Thank you so much!
Congratulations to you.
Thank you very for your excellent reports and information.
Congratulations Brian! Excellent work.
Congratulations,
Bravo! Well Deserved!
Well deserved. Your pieces are always a good read, informative, and full of hard technical details.
Congratulations. (and thank you)
Congrats! You are one of my top go-to resources for my own learning and for knowledge sharing to others.
Congrats Brian.
If you have the ear of C-level folks, please tell them:
– stop saying “we take your privacy and security seriously”
– stop the post-breach pablum of “deflect, defend and deny”
– share the details of breaches so that everyone can learn from them. Withholding breach details might hide sham security, but it really helps the crooks.
Congratulations! And thanks for the service, good advice, and valuable information!
Yep, I can also think of many that are more deserving….Ha! Just kidding. How does the security guy down in the trench get your call or heads-up then? Not all of us get to go and rub elbows, sniff fermented grape juice, complain about EOs, IOs, and assorted activities in order to present a card to your highness!
Congrats Mr. Krebs! Well deserved, indeed.
In the second to last paragraph:
“While this may a distant concern…”
Missing the ‘be’
Congratulations on this well deserved honor!
It is nice to see that your expertise and experience have been recognized nationally.
Congratulations Brian. I have noticed topics you have covered sometimes show up in other security oriented articles. Proper attribution does occur in some, not in others. A testament to how highly regarded your efforts are by others.
An honor you deserve. Thanks for all you do to keep the world safe.