Target has promoted Rich Agostino to CISO, following the departure of Brad Maiorino, who moves to Booz Allen Hamilton's U.S. commercial business. Maiorino, whom Target hired from General Motors to mitigate a major cybersecurity breach in June 2014, hired Agostino from General Electric as his vice president of information security in September 2014.
Target Rich Agostino, new CISO at Target.
"Rich came to Target in 2014 after spending more than 10 years in information security, technology risk and audit at GE," a Target spokeswoman tells CIO.com via email. "He’s been a member of Brad’s leadership team for more than two years and played a major role in the advancement of Target’s information security program."
The CISO change comes as cybersecurity continues to be a thorn in the side of many IT departments. The Target 2014 breach created a snowball effect as several large corporations, including Home Depot, Sony and Anthem, were penetrated by various attackers using malware and other tactics.
Target Outgoing Target CISO Brad Maiorino. Maiorino moves to Booz Allen.
Insider attacks are also proliferating. Booz Allen was a victim of perhaps the most notorious insider hack in U.S. history in 2013 when former employee Edward Snowden stole and released a trove of classified documents about the government's secret surveillance programs. Earlier this week, WikiLeaks published 8,700 documents it says come from the CIA's Center for Cyber Intelligence, Information about purported CIA cyberattacks.
Such attacks have stoked security experts’ worst fears: It takes only one vulnerability exploited by an enterprising hacker or corporate insider.
That reality has generated a glut of new business for consultants such as KPMG, Deloitte and, of course, Booz Allen. Maiorino, who starts his new role on March 13, will work to scale Booz Allen's U.S. commercial business. Led by executive vice president Bill Phelps, the unit provides to Fortune 50 companies consulting and technology solutions that blends cyber threat intelligence and data analytics with security operations. Its clients include large commercial and investment banks, utilities, oil and gas companies, major retailers, auto manufacturers and large pharmaceutical manufacturers.
Maiorino's experience transforming cybersecurity in CISO roles at Target, General Motors and General Electric over the past 20 years qualify him for the role, according to Booz Allen President and CEO Horacio Rozanski. “We are thrilled that Brad will bring his extensive experience and leadership to our team,” Rozanski says.
You've been 'Targeted'
Maiorino's role as Target's first CISO stands out because it required him to get the retailer's defenses in order in the face of mounting criticism from federal regulators and consumers after it discovered that the data of 40 million credit and debit cards and personal data on about 70 million customers had been taken in late 2013. The perpetrators slipped malware into Target's network via an HVAC company in a sophisticated breach that cost Target millions of dollars and the CEO and CIO lost their jobs.
Sign up for CIO Asia eNewsletters.