Steve Katz, CISO. PHOTO: Cybercrime Magazine.

Backstory Of The World’s First Chief Information Security Officer

Steve Katz pioneered the CISO position Sponsored by King & Union

Steve Morgan, Editor-in-Chief

Northport, N.Y. – Oct. 13, 2020

The chief information security officer (CISO) role dates back to 1994, when financial services giant Citigroup (then Citicorp, ranked 17th on the Fortune 500 at the time) set up a specialized cybersecurity office after suffering a series of cyberattacks from Russian hackers.

Steve Katz was anointed CISO.

“I was running information security at JPMorgan at the time, and the rumor on Wall Street was that Citicorp had been hacked,” recalls Katz, who recently visited Cybercrime Magazine’s production studio in Northport, N.Y., a few miles from his home on Long Island.

“You know we had the hack so you have a blank check to set up anything you want,” Katz was told by his new bosses, who were tapped by the CEO and board at Citicorp to shore up their digital defenses. “We want to make sure it doesn’t happen again. We want you to build the best information security department anywhere on the globe.”

Katz learned a shocking detail after he signed on for the new gig. “They were going to announce the hack a month after I got started.” Talk about being thrown under the bus.

“Your reputation is over,” exclaimed Katz’ wife, after the Citicorp hack was announced to the media. Major newspapers and broadcast TV couldn’t help but mention the name of the big bank’s new CISO. “I got into the office that day and my phone didn’t stop ringing. Yea, Katz, you just killed your career,” the first-ever CISO remembers vividly.


Cybercrime TV: Steve Katz, The World’s First CISO

A cybersecurity history lesson


Katz’ six-year tenure as Citicorp’s CISO from 1995 to 2001, and his involvement in the cybersecurity community afterwards, is chronicled in a new short film produced by Cybersecurity Ventures, and sponsored by Alexandria, Va. based King & Union, developers of the Avalon security analysis and reporting platform.

There are definitely similarities between what security leaders were up against in the 1990s and today, informs John Cassidy, founder and CEO at King & Union, who was being trained on an early firewall system in 1995 at around the time Katz was named CISO. But the present-day cyber threat poses far more danger than it did back in the dial-up internet day.

“The size, complexity and scale of what CISOs and security teams are facing today dwarfs what was happening in 1994 and 1995,” says King. A big part of that is due to the advancement of the internet, the advent of cloud computing, the proliferation of mobile devices in the workplace, and intensified cyber activities being carried out by hostile nation-states, according to King.

A quarter-century after the first CISO emerged, nearly every one of the largest U.S. companies has a cybersecurity leader — and a lot of them know Katz.

“Steve Katz is potentially the longest-tenured information security executive in the world,” says Jason Witty, managing director, Global CISO at JPMorgan Chase & Co. “The amount of change he has both witnessed and driven for our industry is truly incredible. Steve also serves as a leadership mentor and advisor to many current and future CISOs.”

Many of today’s Fortune 500 IT and security leaders keep in touch with the iconic CISO.

“I met Steve twenty years ago on my first day as a CISO and I’ve been working with him ever since,” says Jim Routh, CISO at MassMutual. “Steve is a consummate gentleman who shares pearls of practical wisdom with any cybersecurity leader who takes the time to reach out to him based on his extensive expertise.”


Cybercrime Radio: John Cassidy, Founder and CEO at King & Union

How cybersecurity has changed over the past 25 years


Katz is also followed in academia, where our future cyber fighters and one-day CISOs are being groomed.

“The best security leaders are the ones who can build bridges between technology, business and policy, and Steve Katz has exemplified this throughout his pioneering career and lasting impact in the field,” says Dr. Dena Haritos Tsamitis, director of Carnegie Mellon University’s Information Networking Institute.

Katz, now 78, remains on the cutting edge of cyber and is involved with both the vendor and service provider communities. He’s an executive advisor to Deloitte on security and privacy, owner of Security Risk Solutions, LLC, and recently became a board member at Illusive Networks, an Israeli cybersecurity startup specializing in defense and deception.

Watch the five-minute video to learn more about the world’s first CISO.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.


Sponsored by King & Union

Headquartered in Alexandria, VA and founded in 2017, King & Union is outsmarting cyber adversaries by uniting security professionals and amplifying the power of the cybersecurity analyst.

The founders of King & Union grew up in Security Operations Centers (SOCs). They are security analysts, developers and engineers, and formed King & Union to address their own frustrations with security operations inefficiencies.

King & Union is the developer of Avalon, the first enterprise platform built to integrate link analysis, collaboration, and reporting. Streamline your investigative process to spend less time on manual processes and administrative tasks – and more time on security.



Send this to a friend