Jamil FarshchiCISO, Equifax
There's a lot of folks who look for the 'silver bullet' or gravitate toward emerging technologies. But I've seen it time and time again that the way to truly differentiate, the way to truly manage risk, is to really focus on those fundamentals.
After helping Home Depot recover from its 2014 security breach, Farshchi was brought on at Equifax to improve security after the notorious breach of 2017.
Farshchi has been commended by colleagues as a humble and supportive leader invested in building up the people around him.
Equifax is still shouldering breach-related costs and improving security. Breach recovery is a years-long process, and security must be practiced every day, so Farshchi is just getting started at Equifax.
When a breach occurs, a CISO is not solely to blame, though sometimes new leadership is in order. Following a breach that affected more than 148 million consumers, Equifax brought on Farshchi to transform its companywide security.
In most industries, a smudge on a resume acts against a candidate. For a CISO, breach experience can be critical, said Sam Olyaei, principal research analyst at Gartner, in an interview with CIO Dive.
Farshchi earned considerable credibility as Home Depot's first CISO, brought on after the home improvement company suffered a data breach that exposed 50 million customers' personal data in 2014.
Moving to Equifax to perform a similar recovery, Farshchi's experience puts him in a narrow group of top CISOs who handled major incident fallout, such as Brad Maiorino, former CISO of Target, who turned the retailer around after a massive data breach, said Ahmad Douglas, SVP of Global Security Infrastructure at Equifax, in an interview with CIO Dive.
No organization wants to be breached, but it can make the job of a CISO easier. They will be given the tools, authority and awareness they need to get the job done instead of clamoring for resources, according to Olyaei.
More than just experience
One of Farshchi's first major initiatives at Equifax was creating a fusion center that physically and culturally combined previously disparate teams for 24/7 year-round monitoring.
Cyberattacks cut across the human, physical and cyber realms, so having a team colocated and cross-functional across IT and physical and cybersecurity helps a business see into its systems, Douglas said.
For executives pushing the boundaries and setting industry best practices, great leadership demands more. Farshchi has consistently been one of the leaders setting these standards and pushing them out into the larger security community, Douglas said.
Los Alamos National Laboratory
2009 – Aug 2011
VP Global Information Security
Aug 2011 – Aug 2014
Time Warner Inc.
Aug 2014 – Mar 2015
The Home Depot
Apr 2015 – Feb 2018
Feb 2018 – Present
Farshchi is working with the board of directors to come up with a language and taxonomy that expresses risk in an accessible way for traditional business leaders, Douglas said. He's also on a trust rebuilding mission, meeting with customers on their turf to understand concerns, build a stronger relationship and reestablish credibility.
When Douglas first started working with Farshchi at Los Alamos National Laboratory, he was skeptical of Farshchi's claim that the only reason infosec existed was to create business value by applying security to business objectives.
Asking for a hard equation for value that didn't rely on "value creation" or "synergy" — the watered down terms often favored by the business side — Douglas was surprised as an engineer to see Farshchi come up with one.
A people person
Farshchi and Douglas worked together at Los Alamos, Visa and Equifax, and throughout that time Farshchi demonstrated collaborative and humble leadership, working to build up the people and team around him.
Douglas attributes some of his success to Farshchi frequently taking the time to mentor him throughout his career, help him apply engineering principles to business objectives, and support him through an MBA program.
And there are dozens of other people who have similarly benefited from Farshchi's investment in the people he works with, according to Douglas.
"He's so passionate about developing people and in investing in them and taking them as far as they want to go," Douglas said. "That level of foresight and desire to invest in people, even when he's already made it and he doesn't need anything, he just does it because he believes in it."
"I think that tells you — award or no award — controls and business and all the stuff aside, I think he's a spectacular human being."
Equifax taps Home Depot's CISO to retool securityBy Alex Hickey • Feb. 13, 2018
Equifax breach, 1 year later: Unabating corporate cybersecurity negligence undercuts consumersBy Naomi Eide • Sept. 7, 2018