Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Pennsylvania CISO Bob Maley is out of a job, days after he joined a group of other state IT security chiefs on an RSA Conference panel and reportedly offered candid remarks about a recent data breach.Gary Tuma, a spokesman for Pennsylvania Governor Endell, told SCMagazineUS.com that Maley was no longer employed by the state. He would not say whether he was fired. "Beyond that, it's a personnel issue and we don't discuss it," he said.Maley's final day in his $90,661-a-year post was Monday. A call placed to Maley's cell phone went directly to voicemail.During the panel at the RSA Conference last week in San Francisco, entitled "The Front Lines: Cyber Security in the States", Maley was scheduled to join CISOs from California, Colorado and Nevada.According to the conference agenda, the discussion was to centre "on the challenges they face, the evolving nature of their state cybersecurity programs, and how government and industry are working together to make a difference. This session is very interactive featuring earnest discussion about how state CISOs manage their crucial role in cybersecurity."But Maley may have gotten too earnest, according to reports. According to "The Public Eye with Eric Chabow" blog, Maley offered frank details on a recent intrusion of the Pennsylvania Department of Transportation site where residents can schedule driver's license tests."We saw thousands of hits on our Department of Transportation driver license exam scheduling site coming out of Russia, the same thing over and over, scheduling driver license exams," he said during the panel, according to Chabow's blog. "It was encrypted traffic, and we were trying to figure out what the heck was going on. Were they trying to test our systems? What exactly were they up to? The answer was, we really didn't know."Maley told the audience that the hacker, who owned a driving school in Philadelphia, used a proxy server in Russia to mask his identity and then exploited a system bug so he could schedule exams for his students. Normally, the waiting list for available slots is up to six weeks.Tuma said Maley's duties would be handled by other members of the security team. No replacement has been announced.Maley was instrumental in developing a statewide strategy for preventing data-leakage incidents after some 500,000 state records were compromised in 2007.
See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.