Industrial cybersecurity firm Claroty announced on Monday that Jennifer Leggio has taken the reins as Chief Marketing Officer at the New York-based company.
Leggio joins Claroty from threat intelligence firm Flashpoint where she served as Chief Marketing Officer. She previously held leadership positions at companies including Digital Shadows, Cisco, Sourcefire, and Fortinet.
Claroty’s ICS security platform continuously monitors operational technology (OT) networks in search of potential threats. The product enables organizations to control remote employee and third-party access to critical systems, and helps them create a detailed inventory of industrial network assets and identify configuration issues.
In her new role, Leggio is tasked with scaling the company’s customer acquisition, branding, and communications, as it continues to experience rapid revenue growth and strong demand for its operational technology (OT) security solutions around the world.
As an industry thought leader with deep roots in the security community, Leggio has criticized companies and researchers over marketing-led breaches of the coordinated vulnerability disclosure process.
In a 2018 talk at the Hack in the Box Conference in Amsterdam, Leggio proposed the introduction of an ethics or standards desk overseeing marketing decisions just as some newspapers have a standards desk overseeing the more contentious news stories.
She has called for “a shift in culture and a shift in mindset, making sure that business leaders understand that their sales teams, their marketing teams, their finance teams, their legal teams and so on, are all responsible for making sure that there is an ethical delivery in the message.”
Headquartered in New York and launched as a startup from the Team8 foundry, Claroty was founded in 2014 and emerged from stealth mode in 2016. The company has raised nearly $100 million in funding.
“I am incredibly proud and excited to be part of Claroty’s mission to protect the world’s critical infrastructures against increasingly frequent and complex cyberattacks, and bring that protection to even more organizations worldwide,” said Leggio.
Jennifer Leggio Joins Claroty as Chief Marketing Officer
Industrial cybersecurity firm Claroty announced that Jennifer Leggio has taken the role of Chief Marketing Officer (CMO) at the company.
Leadership, Security, and Support at the Clinton White House (Video)
Presented at SecurityWeek's 2018 ICS Cyber Security Conference How would you handle leadership in this the most stressful Chief Information Officer (CIO) job in the World – being the CIO at The White House? Colonel Gelhardt answers this question, and talks about the leadership and mentorship he used and how you can use the same skills in the civilian world. If he can do it so can you! Speaker: Colonel Mark Gelhardt - Former CIO for President Clinton
Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks By Injecting Ladder Logic Code into PLCs
Presented first at SecurityWeek's 2017 ICS Cyber Security Conference, this presentation explains how to inject specially-crafted ladder logic code into a Siemens S7-1200 PLC. The code uses memory copy operations to generate frequency-modulated RF signals slightly below the AM band (340kHz-420kHz), with the modulation representing encoded reconnaissance data. The signal can then be picked up by a nearby antenna and decoded using a low-cost Software-Defined Radio (SDR) and a PC. The receiving equipment can be located just outside the facility
The Growing Threat of Drones
Drones are an increasing threat to industrial sites, enabling various attacks (cyber and physical) that historically were only possible in close proximity to a facility or device.
Cisco to Acquire OT Cybersecurity Firm Sentryo
Cisco on Thursday announced that it has agreed to acquire privately-held operational technology (OT) cybersecurity firm Sentryo for an undisclosed sum. Founded in 2014 and headquartered in Lyon, France, Sentryo, provides device visibility and security solutions for industrial control system (ICS) networks and OT assets. “Sentryo’s industrial IoT/OT technology solution helps companies like those in the energy, manufacturing, oil and gas and transportation sectors ensure the resilience of their industrial networks and protect against cybersecurity attacks,” said Rob Salvagno, VP Global Corporate Development at
Ransomware Attack Costs Aluminum Giant Norsk Hydro Tens of Millions of Dollars
(Eduard Kovacs - SecurityWeek) - Norwegian aluminum giant Norsk Hydro lost $35-41 million in the first quarter of 2019 as a result of the ransomware attack and expects additional losses of $23-29 million in the second quarter. A piece of file-encrypting ransomware named LockerGoga started infecting Norsk Hydro systems on March 18. The attack caused disruptions at several of the company’s plants, forcing workers to rely on manual processes. Hydro has been highly transparent regarding the impact of the incident. It claimed
NIST Working on IIoT Security Guide for Energy Companies
(Eduard Kovacs - SecurityWeek) - The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems. A draft of the project was published on Monday and the NCCoE is hoping to get some feedback until June 5 that would help it “refine the challenge and scope.” Industrial IoT Security Guide From NIST Designed to
Hackers Behind Triton ICS Malware Hit Additional Critical Infrastructure Facility
Triton Hackers Focus on Maintaining Access to Compromised Systems, Report Says (SecurityWeek - Eduard Kovacs) - The tools and techniques used by the threat group behind the notorious Triton malware show that the hackers are focused on maintaining access to compromised systems, according to FireEye. The existence of Triton, also known as Trisis and HatMan, came to light in 2017 after the malware had caused disruptions at an oil and gas plant in Saudi Arabia. FireEye’s Mandiant was called in to investigate the
Active vs. Passive Network Monitoring: No Longer an Either-Or Proposition
The Opportunity for OT Security Teams to Fill the Gaps in Their Visibility Has Never Been Better (SecurityWeek - Galina Antova) - Most experienced security professionals have heard the axiom, “You can’t protect what you can’t see.” It’s admittedly a truism for cybersecurity… obviously the more you know and understand about your environment, the better equipped you are to detect and investigate suspicious behavior. But it also leads to a classic security conundrum: how do you implement discovery and monitoring in
Tripwire Launches Industrial Cybersecurity Assessment Services
(Eduard Kovacs - SecurityWeek) Belden-owned Tripwire on Monday announced the availability of two new assessment services designed to help enterprises and industrial organizations find potentially dangerous vulnerabilities in their systems. One of the new services, Industrial Cybersecurity Assessment, provides experts who can discover vulnerabilities in industrial control system (ICS) environments and determine if they can actually be exploited and if they pose a significant risk. As part of the service, Tripwire employees review data from automated scanners, proprietary tools and manual reviews. Each