The Public Eye with Eric Chabrow

LinkedIn: We Have a 'Security Czar'

Company Says India Technology Center Head Oversees IT Security
LinkedIn: We Have a 'Security Czar'

LinkedIn contends it had on staff world-class security experts when nearly 6.5 million members' hashed passwords were pilfered, although the social media company has neither a chief information officer nor chief information security officer [see LinkedIn Has Neither CIO Nor CISO].

See Also: Unlocking IAM - Balancing Frictionless Registration & Data Integrity

LinkedIn, in a statement posted on its website, says its security team includes former Yahoo CISO Ganesh Krishan, who LinkedIn describes as the company's "security czar." According to Krishan's LinkedIn profile, he heads the company's India Technology Center, and reports to Senior Vice President for Operations David Henke. Among the expertise Krishan profile states he has includes building security infrastructure at scale, security operations, Web security, information security, fraud analysis and mitigation and risk management, all key skills of a CISO.

LinkedIn disclosed Krishan's role at the company nearly a week after the breach was unveiled. Shortly after the breach, in an e-mail exchange I had with LinkedIn's public relations staff, representatives initially said the social media company had neither a CIO nor CISO but that Henke and Kevin Scott, senior vice president of engineering, were responsible for IT security. Hours later, I received another message saying only Henke was in charge of security. LinkedIn's PR staff made no mention of Krishan as its IT security chief.

In its statement, the social media company said:

"LinkedIn historically has limited C-level titles only to its chief executive officer and chief financial officer, so while Krishnan does not formally have the title of chief information security officer, that is the role he has played at the company since his hiring in 2010."
Do titles matter? Not really, but responsibilities do, as well as focus. Arguments have been made that Henke is in charge of operations, and for a social media company, that's like being a CIO. Perhaps so. Similarly, much of Krishnan's background involves security. Yet Krishan, as head of LinkedIn's India Technology Center, helps oversee product development, according to his profile.

True, products need to be secured, and Krishan's expertise should help LinkedIn do just that. But that's not the same as being focused on information security for the entire social media company as his sole responsibility.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.