I have always been a fan of the good work done by the CVSS folks. I have an obvious reason to like CVSS, of course: namely, to cheer on a former co-worker, Mike “Shifty” Schiffman, who was of the first version’s authors.
Chief Information Security Officer
Andrew Jaquith is the Chief Information Security Officer for Scotiabank US. Andrew’s 25-year career as a CISO, CTO, executive, and cyber practitioner spans startups (with two successful exits), Fortune 100s, and global financial services firms. He founded Markerbench, a boutique consultancy specializing in cybersecurity. Through 2023, he served as the CISO of Covington & Burling LLP. He has served as a Managing Director in technology risk and cybersecurity for Goldman Sachs and JP Morgan Chase, respectively. He serves as a Board Advisor to SecurityScorecard, as an Advisor to Anetac, and as a member of the Technical Advisory Board of Panaseer. Andrew graduated from Yale University.
Prior to Scotiabank, Andrew was most recently the CISO of Covington & Burling LLP, a $1.5B AMLAW 50 firm with 14 offices in the US, EMEA, Asia Pacific and China. At Covington, Andrew was responsible for cyber and physical security globally. During his tenure, his focus areas included shrinking the firm’s external perimeter, implementing new security tools, expanding and upskilling the security team, de-risking Active Directory, shifting security services to the cloud, and speeding up the firm’s IT operating tempo to reduce risk.
Andrew’s prior experience includes serving as the CISO of QOMPLX, Inc, a cyber-security startup focused on critical enterprise infrastructure. He was the global Cyber Security Operational Risk Officer for JP Morgan Chase, and was a Managing Director for Technology Risk Measurement and Analytics at Goldman Sachs. Andy’s earlier roles include as Chief Technology Officer (CTO) of the managed security services provider SilverSky. He has held senior security analyst roles at Forrester Research and Yankee Group, and was a co-founder of @stake, a pioneering cyber-security consultancy. Andrew wrote the best-selling and definitive book on security metrics (“Security Metrics: Replacing Fear, Uncertainty and Doubt”), used by a generation of risk professionals to connect security to the corner office.
Andrew graduated from Yale University with a BA in Economics and Political Science. He lives with his family in New York.
This website does not reflect the opinions of my current or prior employers. All views expressed on this site are my own.
For technical details about how this website was made, see the Colophon.
While I would not call this a trend, I have noticed that lots of security companies like to put together impressive-looking charts, graphs and reports that purport to compare various metrics by country. Here are two recent examples:
At security conferences and events, I have noticed that the distribution of operating systems seems to differ somewhat from what I read in the papers. As my last post showed, the Internet Identity Workshop skewed decidedly in the Mac direction.
I thought it would be fun to put together a quick poll asking the members of the securitymetrics.org mailing what operating systems they used. I sent out a note asking the membership to respond to two simple questions:
This week, I am attending two security shows: the Internet Identity Workshop (IIW) in Mountain View, and the CardTech show in San Francisco. Both of these venues offer contrasting views of the portable identity market, an area I cover professionally for Yankee Group. As many people who know me can personally testify, I like to count things. Here a few statistics that will probably interest only me:
The bloggiste at Layer 8 just declared Security Metrics to be “That Good”. I have no idea who shrdlu actually is. But whomever she is, she deserves a hearty thank-you and an offer of a beer should we ever meet in person. Here is a snippet of what she said:
Alex Hutton was one of the editorial reviewers for several chapters of Security Metrics, and offered some excellent feedback during the writing stages. Now that the book has shipped, as a way of saying “thank-you” my publisher Addison-Wesley hooked him up with a copy.