Exec admits security talk cost his job

Summary:The former chief information security officer (CISO) for the US state of Pennsylvania, Bob Maley, today confirmed rumours at the AusCERT 2010 security conference in Queensland that he was put out of a job for disclosing information about a security incident at another conference earlier in the year.

The former chief information security officer (CISO) for the US state of Pennsylvania, Bob Maley, today confirmed rumours at the AusCERT 2010 security conference in Queensland that he was put out of a job for disclosing information about a security incident at another conference earlier in the year.

Bob Maley

Bob Maley(Credit: Munir Kotadia/ZDNet Australia)

In March, the SC Magazine website reported Maley as being let go following an appearance at the RSA Conference in the United States.

The website confirmed with a spokesperson for the Pennsylvania governor that Maley was indeed removed from the position, but that it would not disclose the reason as it was a personnel issue.

Speaking at the AusCERT 2010 conference in Queensland today, Maley confirmed the rumour that it was due to revealing a government security incident at the RSA Conference.

Maley again described the incident today; it involved a hacker who owned a driving school in Philadelphia using a proxy server in Russia to mask his identity and then exploit a system bug so he could schedule exams for his students.

"It embarrassed the Commonwealth of Pennsylvania that the [web] application was not so secure," he said.

With time for one question post Maley's presentation, Intelligent Business Research Services (IBRS) security analyst James Turner asked about Maley's dismissal and whether other CISO's should be allowed to talk about their security incidents in the public more openly. "I'd be interested in your take on other CISO's talking about attacks on their organisation," he asked.

"I believe in it because I believe that sharing of information amongst our peers is one way that we stay in the game. [But] I'm not 100 per cent sure if it's going to happen," Maley answered.

For the private sector it was a little more easier, he said, but for the government it was not, as the talk could effect upcoming elections.

"I've had the opportunity to meet a lot of CISOs in the private sector and they view it a little bit more differently ... their core constituents are their stock holders. So they do have a responsibility to their stock holders, but in the government the core people, I believe, should be the citizens. The problem is it's not, it's the government."

Ben Grubb is attending AusCERT 2010 on the Gold Coast as a guest of AusCERT.

Topics: CXO, IT Employment, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.