CISO out of a job following RSA Conference appearance

Pennsylvania CISO Bob Maley is out of a job, days after he joined a group of other state IT security chiefs on an RSA Conference panel and reportedly offered candid remarks about a recent data breach.

Gary Tuma, a spokesman for Pennsylvania Governor Endell, told SCMagazineUS.com that Maley was no longer employed by the state. He would not say whether he was fired.

"Beyond that, it's a personnel issue and we don't discuss it," he said.

Maley's final day in his $90,661-a-year post was Monday. A call placed to Maley's cell phone went directly to voicemail.

During the panel at the RSA Conference last week in San Francisco, entitled "The Front Lines: Cyber Security in the States", Maley was scheduled to join CISOs from California, Colorado and Nevada.

According to the conference agenda, the discussion was to centre "on the challenges they face, the evolving nature of their state cybersecurity programs, and how government and industry are working together to make a difference. This session is very interactive featuring earnest discussion about how state CISOs manage their crucial role in cybersecurity."

But Maley may have gotten too earnest, according to reports. According to "The Public Eye with Eric Chabow" blog, Maley offered frank details on a recent intrusion of the Pennsylvania Department of Transportation site where residents can schedule driver's license tests.

"We saw thousands of hits on our Department of Transportation driver license exam scheduling site coming out of Russia, the same thing over and over, scheduling driver license exams," he said during the panel, according to Chabow's blog. "It was encrypted traffic, and we were trying to figure out what the heck was going on. Were they trying to test our systems? What exactly were they up to? The answer was, we really didn't know."

Maley told the audience that the hacker, who owned a driving school in Philadelphia, used a proxy server in Russia to mask his identity and then exploited a system bug so he could schedule exams for his students. Normally, the waiting list for available slots is up to six weeks.

Tuma said Maley's duties would be handled by other members of the security team. No replacement has been announced.

Maley was instrumental in developing a statewide strategy for preventing data-leakage incidents after some 500,000 state records were compromised in 2007.

See original article on scmagazineus.com