Adobe places Arkin in new CSO role, focuses on internal security

Adobe has created its first chief security officer position and placed its software and product security head at its helm.

Adobe has created a new chief security officer role at Adobe and charged senior director of product security Brad Arkin with its responsibilities.

In a blog post on Thursday, Arkin explained that his existing responsibilities overseeing the Adobe Secure Software Engineering team and the Product Security Incident Response team would remain unchanged, but he would also be leading the Engineering Infrastructure Security team. The Engineering Infrastructure Security team is responsible for the security of internal services, such as code signing and build environments, which Adobe's product and engineering teams rely on to get their jobs done.

He will now report to the senior vice president of technology and corporate development Bryan Lamkin and work alongside Adobe's global information technology team, which is led by CIO Gerri Martin-Flickinger.

Arkin has worked through a number of highs and lows during his tenure, including seeing one of Adobe's own internal servers compromised  last year. The attack was conducted on a build server that had access to code signing infrastructure, which did not fall under Arkin's watch at the time. His new responsibilities should mean that these servers now fall under his portfolio.

On the other hand, he has also overseen the implementation of a highly successful sandbox for Adobe Reader — effectively ending the company's bad run of PDF vulnerabilities, at least where users have pathed and upgraded — and the creation of a better "priority level" scheme to help system administrators manage patches and updates.