CyberEdBoard Roundtable - Crisis of Conscience – The Future of Cybersecurity Leadership,  The Board, Regulation and Ethics

Speakers: 

• General Gregory Touhill, Director, CERT Division at the Software Engineering Institute

• Jamil Farshchi, EVP, Chief Information Security Officer,  Equifax

• Brian Berkey, Assistant Professor in the Department of Legal Studies and Business Ethics, Wharton School of the University of Pennsylvania

• Peter A. Halprin, Partner, Pasich LLP

In a 200 page disclosure, Peiter “Mudge” Zatko made multiple claims to Congress and federal regulatory agencies that Twitter is a mismanaged organization that suffers “egregious deficiencies” in their cybersecurity posturing. He alleged Twitter’s executive leadership misled regulators and the public about their handling of user data. Zatko, who was head of security at Twitter until January 2022, alleges many of the company’s senior most leaders have been covering up Twitter’s vulnerabilities by misleading regulators and their own board of directors about cyber vulnerabilities including many that could open a door for foreign intelligence spying and manipulation.

In addition to this current fiasco, we see in an upcoming landmark trial where Uber’s previous security officer must answer for questionable practices in where a data breach was attempted to be covered up and ransom paid through the company’s bug bounty program. In an unprecedented case, this is the first in where a security officer is facing criminal charges in regards to a breach at an organization.

This raises numerous concerns in the cybersecurity industry and ecosystem as a whole.

• What are cybersecurity executive’s options if they realize their organization’s leadership integrity is compromised?

• What is the importance of communicating and demonstrating cybersecurity hygiene and posturing to executive leadership and the board?

• Who should executives report negligent cybersecurity practices to?

In this exclusive CyberEdBoard session we gather industry experts to uncloak and investigate the ethical implications and quandaries that this case example elicits for CISOs and senior cybersecurity leaders.