Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

A year ago, Equifax got hit with a data breach of historic scale: the Social Security numbers for nearly 150 million people. Jamil Farshchi’s job as the credit-rating firm’s new chief information security officer (CISO) is to rebuild Equifax’s defenses.

The state of play: Farshchi says Equifax has “taken a stand” on cybersecurity and is spending whatever it needs to, with "basically...an open checkbook." But key to the turnaround, or to any security regimen, he said, is something any company can do for free: have the CISO report directly to the CEO and the board of directors.

  • Why it matters (to most consumers): Americans who still feel burned by the credit bureau worry this kind of attack might happen again. Any steps the company can take to prevent such a disaster are worth pursuing.
  • Why it matters (to Equifax): The breach spurred talks of regulation on a federal and state level. The firm largely seems to have dodged that bullet for now, but a second breach could bring on more oversight.
  • Why it matters (to other companies): Studies differ, but somewhere around a third or more of CISOs do not report to CEOs or boards of directors. Instead, they report to chief information officers or other executives further down the chain. These firms could consider a reorganization of their own.

He's done this before: Farshchi came aboard Equifax in February. He says reworking the organizational chart happened between the breach and his arrival, after poor organizational structure impacted how the breach was handled. It's his second time righting the ship for a company after a historic breach, after a role at Home Depot in 2015, back when 50 million users still counted as historic.

The pitch: Giving the CISO the ear of the CEO can not only bolster requests for resources and changes to procedure, Farshchi said, but also change a company’s culture. It strengthens how other employees view the importance of security and increases the chance other top executives will seek out a security opinion when making other decisions.

After the fact: Farshchi says a CISO’s role changes dramatically after a breach. “Before a breach, your success is dependent on convincing a people about the value of security. I don’t have to do that."

  • He said he's had broad approval to increase staff, and a big pool of applicants to choose from — adding that many of the most talented candidates are drawn to companies that have awakened to the depth of the problem.

An age-old question: The debate over the CISO’s org-chart standing dates back at least a decade, but the post’s place in corporate hierarchies remains far from a given.

  • Alberto Yépez, managing director of Trident Capital Cybersecurity, described a number of hurdles CISOs face in a blog post last year: CEOs and CISOs "sport substantially different backgrounds, mindsets and business objectives."

Yes, but: That argument represents the conventional wisdom — CISOs get shut out of board rooms because it seems like they speak a different language. Farshchi argues that doesn’t wash. "Legal people speak in jargon," he said. "If there is an inability for a business to understand technology on a high level, it’s incumbent on them to learn it."

Go deeper

Ina Fried, author of Login
1 hour ago - Technology

Scoop: Google is investigating the actions of another top AI ethicist

Google CEO Sundar Pichai. Photo by Mateusz Wlodarczyk/NurPhoto via Getty Images

Google is investigating recent actions by Margaret Mitchell, who helps lead the company's ethical AI team, Axios has confirmed.

Why it matters: The probe follows the forced exit of Timnit Gebru, a prominent researcher also on the AI ethics team at Google whose ouster ignited a firestorm among Google employees.

3 hours ago - Politics & Policy

Scoop: Joe Biden's COVID-19 bubble

Photo illustration: Aïda Amer/Axios. Photo: Joe Raedle/Getty Images

The incoming administration is planning extraordinary steps to protect its most prized commodity, Joe Biden, including requiring daily employee COVID tests and N95 masks at all times, according to new guidance sent to some incoming employees Tuesday.

Why it matters: The president-elect is 78 years old and therefore a high risk for the virus and its worst effects, despite having received the vaccine. While President Trump's team was nonchalant about COVID protocols — leading to several super-spreader episodes — the new rules will apply to all White House aides in "high proximity to principals."

Justice Department drops insider trading inquiry against Sen. Richard Burr

Sen. Richard Burr (R-N.C.) walking through the Senate Subway in the U.S. Capitol in December 2020. Photo: Stefani Reynolds/Getty Images

The Department of Justice told Sen. Richard Burr (R-N.C.) on Tuesday that it will not move forward with insider trading charges against him.

Why it matters: The decision, first reported by the New York Times, effectively ends the DOJ's investigation into the senator's stock sell-off that occurred after multiple lawmakers were briefed about the coronavirus' potential economic toll. Burr subsequently stepped down as chair of the Senate Intelligence Committee.