Kseyaa hires ex-FBI agent for the role of Chief Information Security Officer (CISO)

Kaseya, the IT monitoring firm, has appointed Jason Manar as its new Chief Information Security Officer (CISO), following a significant ransomware attack in July.

The attack, carried out by the REvil ransomware group, targeted Kaseya's Virtual System Administrator (VSA) software, leading to the compromise of at least 50 customers using the on-premise version of the software. The incident affected fewer than 1,500 downstream customers, according to reports.

Prior to the attack, Kaseya did not have a CISO in place. Jason Manar was one of the key figures in the response efforts following the attack, working closely with the company.

Manar, who most recently served as a cyber supervisory special agent within the FBI, brings extensive experience in cyber and counterintelligence to his new role. His responsibilities at the FBI included overseeing these areas in the San Diego office.

In addition to Manar's appointment, Kaseya has also appointed Karen Sandhu as the director of security operations. Sandhu will be responsible for overseeing security in the cloud, IT, and development, as well as assurance in Kaseya's products and services.

The appointment of Manar and Sandhu comes as Forrester states that CISOs who join a company after a cyber incident often thrive in turbulent situations.

Bloomberg reported that Kaseya rarely patched its software or servers and stored customer passwords in clear text on third-party platforms. The report also mentions that the VSA software had multiple exploitable vulnerabilities, which allowed REvil to revisit the company.

Former Kaseya employees have criticized the company's executives for failing to address security concerns, such as outdated code and weak encryption practices. They claim that there were at least two incidents in 2018 and 2019 from GandCrab and Sodinokibi, the former moniker of the REvil group.

Dan Timpson, Kaseya's former CTO, is now responsible for product development, security, and cloud operations, according to Kaseya. Sandhu will work closely with Timpson to ensure the company's information security and compliance, including ensuring global government compliance.

As Kaseya moves forward, Manar and Sandhu will play crucial roles in strengthening the company's security measures and restoring trust with its customers.