RSA Names New Security Chief

RSA confirmed Schwartz’s appointment in an e-mail Friday.

Schwartz stepped up to head security at RSA after holding a similar position at NetWitness -- a company EMC acquired in April -- where he was responsible for the alignment of product strategy and operational threat management needs of government and commercial organizations.

“In this multi-faceted role, Eddie will work in conjunction with EMC's Global Security Office to help ensure the highest levels of information assurance at RSA. Eddie also will contribute to product strategy, marketing, and technical evangelism for RSA,” the company said in a statement.

Schwartz, who will report to David Martin, EMC’s vice president and chief security officer and Tom Corn, chief strategy officer, is taking on the newly created role of vice president and divisional chief security officer at RSA.

id
unit-1659132512259
type
Sponsored post

Prior to his position at NetWitness, Schwartz served as chief technology officer of ManTech Security Technologies; senior vice president of operations of Guardent, now a part of Verisign; and executive vice president of operations for Predictive Systems, acquired by INS. He also held the role of chief information security officer at Nationwide Insurance, and worked as a senior computer scientist for CSC, and as a foreign service officer with the U.S. Department of State.

Schwartz’s promotion first appeared to be confirmed on Twitter Wednesday .

Security blogger Martin McKeaay tweeted “Good luck to @eddieschwartz. Only job more public and challenging at the moment would be CSO of Sony.”

To which Schwartz responded ‘I am UP for it!”

While a new role at RSA, one of Schwartz’s job duties will almost certainly be to secure RSA’s products to, prevent the recurrence of another major cyber attack according to The New York Times.

NetWitness played a crucial role in the detection and remediation of a malicious hack in March against RSA’s SecureID two-factor authentication tokens, which allow users to securely access to corporate VNP networks from remote locations. During the attack, hackers appeared to have obtained critical information that would enable them to circumvent the two-factor authentication solution’s security defenses, reducing its effectiveness in a broader attack.

RSA Chairman Art Coviello said at the time that it didn’t appear that any customers had been affected by the breach.

Meanwhile, RSA kept details of the hack under wraps for months, not revealing what information exactly was taken or how it could potentially affect customers.

More than two months after the RSA breach, weapons manufacturer Lockheed Martin reported that it had become the victim of a “significant and tenacious” cyber attack, which forced the company to shut down its networks and reissue SecureID tokens to its affected workers while mandating a password reset for its more than 120,000 employees.

The Lockheed Martin breach was followed by similar attacks on defense contractors Northrop Grumman and L3 Communications, both of which involved compromised SecureID tokens.

The series of attacks prompted RSA to offer to reissue SecureID tokens for customers protecting intellectual property . However, several channel partners contended that the remediation efforts came a little too late, and were likely insufficient to re-establish trust in the security of RSA’s two-factor authentication products.