CISO MAG, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “Cybersecurity Person of the Year” in its December 2019 issue.
KrebsOnSecurity is grateful for the unexpected honor. But I can definitely think of quite a few people who are far more deserving of this title. In fact, if I’m eligible for any kind of recognition, perhaps “Bad News Harbinger of the Year” would be more apt.
As in years past, 2019 featured quite a few big breaches and more than a little public speaking. Almost without fail at each engagement multiple C-level folks will approach after my talk, hand me their business cards and say something like, “I hope you never have to use this, but if you do please call me first.”
I’ve taken that advice to heart, and now endeavor wherever possible to give a heads up to CISOs/CSOs about a breach before reaching out to the public relations folks. I fully realize that in many cases the person in that role will refer me to the PR department eventually or perhaps immediately.
But on balance, my experience so far is that an initial outreach to the top security person in the organization often results in that inquiry being taken far more seriously. And including this person in my initial outreach makes it much more likely that this individual ends up being on the phone when the company returns my call.
Too often, these conversations are led by the breached organization’s general counsel, which strikes me as an unnecessarily confrontational and strategically misguided approach. Especially if this is also their playbook for responding to random security researchers trying to let the company know about a dangerous security vulnerability, data breach or leak.
At least when there is a C-level security person on the phone when that call comes in I can be relatively sure I’m not going to get snowed on the technical details. While this may be a distant concern for the organization in the throes of responding to a data security incident, the truth is that the first report is usually what gets repeated in the media — whether or not it is wholly accurate or fair.
This year’s CISO MAG awards also honor the contributions of Rik Ferguson, vice president security research at Trend Micro, and Troy Hunt, an expert on web security and author of the data breach search website Have I Been Pwned? More at cisomag.com.
Well deserved indeed! I’ve lost count of the number of times family and friends have thanked me for sharing info you’ve reported. They take me seriously because so often what I’ve shared subsequently makes the local and/or national news. Keep fighting the good fight!!
Nice work. Well earned award.
Congratulations Brian, well deserved!
Congrats on the recognition! Thank you also for sharing that insight about how organizations respond to notifications; it’s truly useful to hear strategies that are more and less helpful. Rock on!
Congratulations Brian. Well deserved.
✔k ✔ u✔d✔o✔ s✔
Congratulations on your CISO magazine recognition/award! My students are huge fans of your blog. Do you ever waive your speaking fees for universities? We are a graduate school of Middlebury College (in Vermont) but located in beautiful Monterey, California where we’ll be holding our 2nd annual Threat Financing Forum. This year’s theme: Cyber-Enabled Financial Crime. We would love to have you as our Keynote. We expect about 250 attendees (our auditorium capacity). Dates are March 16th-18th. We don’t have a budget for an honorarium, but we could cover airfare and hotel for you and a guest. Think about it: the beautiful central coast of California in mid March, just when you’ve had enough of the East Coast winter.
Here is a promo of highlights from last year’s forum:
https://vimeo.com/371957313
– Mo Ruehsen
mruehsen@miis.edu
cell 831-383-9344
Moyara, there is a webpage on his site which details information about speaking: https://krebsonsecurity.com/cpm/. It mentions:
“to contact him for speaking requests please email Jasmine Mansfield at Jasmine@allamericanentertainment.com“.
I’m not sure if he would see your comment if it gets buried, but I’d reach out there just in case as well.
Yes, Brian congratulations; very well deserved.
Congratulations! I can’t think of a better recipient.
I’m happy for you sir. Congrats!
Huzzahs
What took them so long?
Congratulations, Brian!
Nice recognition for all your dedicated hard work. You deserve so much more! Many thanks for all you do!
Well deserved IMHO. I see that you’re in good company, too. Congratulations!
Congratulations. I think it is deserved because knowing about the problems that you report is the first step in realizing that security is needed because it has just failed to some degree.
When I attempt to mention computer related security to the clueless and un-informed I often suggest check your website to see examples of what happens when security is inadequate.
Congrats, Brian — as many others have noted the award is well-deserved and -earned from your in-depth investigative reporting that shines much-needed light onto dark corners of the Internet for both the IT professional and the average user!
Congratulations for this well-deserved honor and recognition!
You help so many people, around the world, every day; we, your readers, are grateful.
Now, if we could just get rid of that Russian twit who steals your name for his fraudulent purposes, your fans would be even happier. Wishing you all the best over the holidays, and during the new year.
Great job, Brian! As others have mentioned, this award is very well-deserved. I enjoy reading your blog to catch up on the latest security news and breaches. I like your style and wish you many more years of success.
Congratulations, my friend! So well deserved for sure. Thanks for keeping this world safer and for keeping us all aware. A good “heads-up” is always in order and appreciated. Kudos from Oklahoma!
Congratulations! I’m just a cybersecurity hobbyist, but of the various cybersecurity blogs that I follow, yours is the one with the most insightful information.
Congratulations well done you deserve for your great work.
Very well deserved Mr. Krebs! Your work helps hold many people and organizations accountable in this very volatile cybersecurity world we live in. I’m sure many incidents were made less severe and others avoided altogether as a result of your efforts.
From your columns I also learn a great deal about cybersecurity and how to protect my family in cyberspace.
Keep up the great work!
Congrats!!
Sometimes people get what they deserve … you’ve earned this recognition, and much more. You’ve learned the technological fine points and used your journalistic background and skills to present the ‘case’ in a compelling fashion.
You have come a long way from WaPo technology columnist.
Good for you!!
Peter
Well Deserved – Congratulations
Well deserved Brian.
Congratulations, Brian!
Our Editorial team at CISO MAG picked you as the Cybersecurity Person of the Year.
Story: https://www.cisomag.com/brian-krebs-cybersecurity-person-of-the-year/
We also considered others like Troy Hunt and Rik Ferguson. But we unanimously felt that you are were the ONE because of your assiduous dedication and daily contribution to the world of cybersecurity.
Thanks for informing us daily, Brian!
Brian Pereira
Editor
CISO MAG
http://www.cisomag.com
Congratulations. I enjoy reading your posts. If you are ever in Croatia, we can have a beer:)
Cool!
Well deserved Brian, I am an avid reader of your blog posts which help me be a better Infosec person, congratulations.