Sony finally hires new IT security chief

Resume of new CISO packed with exec jobs at DoJ, DHS, Microsoft; little experience with internal security

Sony has finally hired someone as chief of security with the background to understand there is a connection between the existence of locks, barn doors and escaped horses.

Usually big companies lock the barn door after all the livestock are gone; Sony never really bothered, even after a series of attacks on Sony sites that began April 20, with a hack that took down the Playstation Network for more than three weeks.

Then there was the attack on Sony Online Entertainment Qriocity and 14 or 15 other attacks on various other Sony sites or networks, most due to Sony's decision to fix internal systems to protect its internal data, not external ones to protect its sites or customers, inability to accept responsibility for its own culpability, internal communication problems that kept it from identifying common problems, or the cost-cutting and layoffs in IT security just before the long series of hacks.

Sony lost half its stock value as the number of attacks increased and it became clear just how sketchy its idea of security really was, not to mention its minimalist approach to protecting the information of its customers.

Early on internal risk assessors published an estimate that the attacks would cost Sony an acceptable $171 million in lost business and new expenses, plus whatever would be awarded to plaintiffs in lawsuits that had not yet been filed because the lawyers putting the suits together couldn't agree on how many times to include the words "stupid" and "careless."

Today, September 6, four months, 17 days after the first attack, Sony announced it has hired a new chief security officer: Philip R. Reitinger, whose title will be Senior VP and chief information-security officer.

Reitinger is a former U.S. Dept. of Homeland Security, worked in cybersecurity for Microsoft and at the Depts. of Defense and Justice.

(Insert your own joke here about the reputations of Microsoft, the DoD and FBI on cybersecurity.)

There's no real indication so far how good he is at tightening up internal security or improving public perception of a giant company whose flaccid precautions ruined its reputation globally.

He has all the attributes big companies look for when recruiting high-level executives, however:

Financial News Network doesn't exactly endorse the choice, but does say Sony's stock price has a "potential upside of 34.4%" based on the difference between what people are willing to pay for it and analysts say it's worth.

A lot of that gap is probably due to perception that Sony is a leaky boat.

From Sony's demonstrably internally-focused point of view, Reitinger will have succeeded if he raises confidence enough to buoy the stock price along with it; after that, any improvements in actually security are just gravy.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon