Equifax CISO Jamil Farshchi Reflects on Breach, RecoveryThree Years After Landmark Breach, Security Transformation Nears Completion
He’d worked at NASA and Visa, served as Time Warner’s first CISO and stepped in at The Home Depot after it was hacked in 2014. But nothing quite prepared Jamil Farshchi for the spotlight he’d face when he took over as CISO at Equifax after the massive 2017 data breach that cost the former CSO and CEO their jobs. Farshchi discusses why he took the job and how the Equifax security organization has rebounded.
It was Sept. 7, 2017, when Equifax announced its breach, which resulted in the theft of personally identifiable information for 145 million Americans. The breach led to Congressional probes and dozens of lawsuits and formal investigations by state attorneys general. It also led to the departure of the company's CEO, as well as its top two information security personnel. Plus, it cost Equifax millions of dollars and an inestimable reputational hit. So why did Farshchi accept the CISO role in 2018?
“The predominant factor is the same reason I got into security to begin with,” Farshchi says. “It’s an extraordinarily dynamic field. There are always new challenges around the corner. And this was a really phenomenal opportunity.”
In an exclusive video interview with Information Security Media Group, Farshchi opens up on the Equifax breach recovery, discussing:
- The unique challenge of this CISO role;
- The three acts of security transformation;
- The biggest challenges and lessons learned.
As CISO at the credit reporting firm Equifax, Farshchi is responsible for ensuring the security of the company’s digital assets as well as transforming its cybersecurity program. Previously, he served as CISO at The Home Depot following a major data breach and was the first CISO at Time Warner Inc. Before taking on his role at Time Warner, Farshchi was the vice president of global information security at Visa and served as the CISO at the Los Alamos National Laboratory, with responsibility for defending some of the United States’ most sensitive national security and nuclear weapon assets. He has also served in a variety of risk, operational and technology leadership roles at Sitel Corp., NextWave Wireless and the National Aeronautics and Space Administration.