December 10, 2019

CISO MAG, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “Cybersecurity Person of the Year” in its December 2019 issue.

KrebsOnSecurity is grateful for the unexpected honor. But I can definitely think of quite a few people who are far more deserving of this title. In fact, if I’m eligible for any kind of recognition, perhaps “Bad News Harbinger of the Year” would be more apt.

As in years past, 2019 featured quite a few big breaches and more than a little public speaking. Almost without fail at each engagement multiple C-level folks will approach after my talk, hand me their business cards and say something like, “I hope you never have to use this, but if you do please call me first.”

I’ve taken that advice to heart, and now endeavor wherever possible to give a heads up to CISOs/CSOs about a breach before reaching out to the public relations folks. I fully realize that in many cases the person in that role will refer me to the PR department eventually or perhaps immediately.

But on balance, my experience so far is that an initial outreach to the top security person in the organization often results in that inquiry being taken far more seriously. And including this person in my initial outreach makes it much more likely that this individual ends up being on the phone when the company returns my call.

Too often, these conversations are led by the breached organization’s general counsel, which strikes me as an unnecessarily confrontational and strategically misguided approach. Especially if this is also their playbook for responding to random security researchers trying to let the company know about a dangerous security vulnerability, data breach or leak.

At least when there is a C-level security person on the phone when that call comes in I can be relatively sure I’m not going to get snowed on the technical details. While this may be a distant concern for the organization in the throes of responding to a data security incident, the truth is that the first report is usually what gets repeated in the media — whether or not it is wholly accurate or fair.

This year’s CISO MAG awards also honor the contributions of Rik Ferguson, vice president security research at Trend Micro, and Troy Hunt, an expert on web security and author of the data breach search website Have I Been Pwned? More at

This entry was posted on Tuesday 10th of December 2019 11:46 AM

83 thoughts on “CISO MAG Honors KrebsOnSecurity

  1. The Best Coast

    Well deserved indeed! I’ve lost count of the number of times family and friends have thanked me for sharing info you’ve reported. They take me seriously because so often what I’ve shared subsequently makes the local and/or national news. Keep fighting the good fight!!

  2. Beth

    Congrats on the recognition! Thank you also for sharing that insight about how organizations respond to notifications; it’s truly useful to hear strategies that are more and less helpful. Rock on!

  3. Moyara Ruehsen

    Congratulations on your CISO magazine recognition/award! My students are huge fans of your blog. Do you ever waive your speaking fees for universities? We are a graduate school of Middlebury College (in Vermont) but located in beautiful Monterey, California where we’ll be holding our 2nd annual Threat Financing Forum. This year’s theme: Cyber-Enabled Financial Crime. We would love to have you as our Keynote. We expect about 250 attendees (our auditorium capacity). Dates are March 16th-18th. We don’t have a budget for an honorarium, but we could cover airfare and hotel for you and a guest. Think about it: the beautiful central coast of California in mid March, just when you’ve had enough of the East Coast winter.

    Here is a promo of highlights from last year’s forum:

    – Mo Ruehsen
    cell 831-383-9344

  4. Bill Lamb

    Congratulations! I can’t think of a better recipient.

  5. dcmargo54

    Congratulations, Brian!

    Nice recognition for all your dedicated hard work. You deserve so much more! Many thanks for all you do!

  6. Peter in FtL

    Well deserved IMHO. I see that you’re in good company, too. Congratulations!

  7. Russ

    Congratulations. I think it is deserved because knowing about the problems that you report is the first step in realizing that security is needed because it has just failed to some degree.

    When I attempt to mention computer related security to the clueless and un-informed I often suggest check your website to see examples of what happens when security is inadequate.

  8. JimV

    Congrats, Brian — as many others have noted the award is well-deserved and -earned from your in-depth investigative reporting that shines much-needed light onto dark corners of the Internet for both the IT professional and the average user!

  9. patricia cravener

    Congratulations for this well-deserved honor and recognition!
    You help so many people, around the world, every day; we, your readers, are grateful.
    Now, if we could just get rid of that Russian twit who steals your name for his fraudulent purposes, your fans would be even happier. Wishing you all the best over the holidays, and during the new year.

  10. Karen Spring

    Great job, Brian! As others have mentioned, this award is very well-deserved. I enjoy reading your blog to catch up on the latest security news and breaches. I like your style and wish you many more years of success.

  11. Elaine Dodd

    Congratulations, my friend! So well deserved for sure. Thanks for keeping this world safer and for keeping us all aware. A good “heads-up” is always in order and appreciated. Kudos from Oklahoma!

  12. Ken Sims

    Congratulations! I’m just a cybersecurity hobbyist, but of the various cybersecurity blogs that I follow, yours is the one with the most insightful information.

  13. jj zern

    Congratulations well done you deserve for your great work.

  14. Mark Frankford

    Very well deserved Mr. Krebs! Your work helps hold many people and organizations accountable in this very volatile cybersecurity world we live in. I’m sure many incidents were made less severe and others avoided altogether as a result of your efforts.

    From your columns I also learn a great deal about cybersecurity and how to protect my family in cyberspace.

    Keep up the great work!

  15. Peter Sullivan

    Sometimes people get what they deserve … you’ve earned this recognition, and much more. You’ve learned the technological fine points and used your journalistic background and skills to present the ‘case’ in a compelling fashion.
    You have come a long way from WaPo technology columnist.
    Good for you!!

  16. Brian Pereira

    Congratulations, Brian!

    Our Editorial team at CISO MAG picked you as the Cybersecurity Person of the Year.


    We also considered others like Troy Hunt and Rik Ferguson. But we unanimously felt that you are were the ONE because of your assiduous dedication and daily contribution to the world of cybersecurity.

    Thanks for informing us daily, Brian!

    Brian Pereira

  17. Zvone

    Congratulations. I enjoy reading your posts. If you are ever in Croatia, we can have a beer:)

  18. Matthew Parkes

    Well deserved Brian, I am an avid reader of your blog posts which help me be a better Infosec person, congratulations.

Comments are closed.