Graeme Payne

OK
About Graeme Payne
Graeme Payne is a consultant, speaker, and coach. He works with boards and senior executives to help them understand and manage cybersecurity and IT risks. He has over 30 years of experience in consulting and IT management in financial services, insurance, healthcare, retail, manufacturing, and utility industries. During the Equifax 2017 Data Breach (which exposed the sensitive information of over 140 million US consumers), he was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identified as “the human error”.
Prior to joining Equifax in 2011, Graeme was a Principal at Ernst & Young and Global Leader of Governance, Risk & Compliance at Wipro Consulting. Over his 30 year career, he has consulted with hundreds of companies on cybersecurity and IT risk programs. Graeme started his career as an accountant and holds many security and IT risk certifications. He grew up and worked in New Zealand before moving to the United States in 1995.
Customers Also Bought Items By
Are you an author?
Author Updates
-
-
Blog postI had an impromptu interview with Rafal Los from the well-known Down the Security Rabbithole podcast while attending the Security Alliance Forum in Dallas, Texas. Check out the Episode (DtSR Episode 363 – That Oh Shit Moment)
3 years ago Read more -
Blog postMy book, The New Era of Cybersecurity Breaches: A Case Study and Lessons Learned, is now available in the Amazon bookstore. Print and e-book versions are available at this time. I hope to add an audiobook shortly. The book describes the new era of data breaches and many lessons learned from large data breaches, including the 2017 Equifax Data Breach. Check out the book at Amazon and let me know your thoughts. Contact me to speak to your board or executive team.
3 years ago Read more -
Blog postI am excited to be a Keynote Speaker at the Atlanta ISACA Geek Week 2019 Conference in late August.
3 years ago Read more -
Blog postLooking forward to presenting “The Human Error” at SecureWorld Atlanta on May 29th. My session is 8.30am on Wednesday 29th: Session Description
SecureWorld Atlanta website
3 years ago Read more -
Blog postPleased to be sharing my story on May 23 at the Atlanta ISC2 Meeting.
https://atl-isc2.org/events.html
3 years ago Read more -
Blog postCheck out a new podcast series on The Equifax Breach. Produced by Spoke Media and sponsored by Carbonite, this series takes an in-depth look at one of the largest data breaches ever. I was interviewed as part of this production and appear on several episodes, especially Episode 3: What Went Wrong.
3 years ago Read more -
Blog postThis is my last article in my patch management series. In previous articles I have described many of the challenges of patch management. In this article, I am wrapping up this series discussing the role of security policies and the importance of implementing robust patch management processes.
All security frameworks refer to the importance of security policies within the organization. Security Policies provide the requirements or expectations for securing certain aspects of the enterp3 years ago Read more -
Blog postSee Previous Issue: Who is responsible for patch management?
In my previous articles I have discussed the importance of patch management and how this is a complex challenge in the modern enterprise. This article will focus on another challenge – knowing what you have in your IT environment. As a friend once told me “you can’t patch, what you don’t know you have”.
The December 2018 US House of Representatives Committee on Oversight and Government Reform Report on the Equ4 years ago Read more -
Blog postSee Previous Issue: Why is Patch Management so Complex?
“At the time of the breach, Equifax’s internal IT management process failed to establish clear lines of accountability for developing IT security policies and executing these policies” – US House of Representatives Committee on Oversight and Government Reform Report: The Equifax Data Breach, December 2018
In my previous article I talked about the complexity of patch management and some steps companies can take to ma4 years ago Read more -
Blog postSee Previous Issue: Is Patch management is as Simple as Forwarding an Email?
In my previous article, I talked about how the Equifax Data Breach congressional testimony of former Chairman & CEO, Mr Richard Smith, identified human error (not forwarding an email regarding the Apache Struts vulnerability), combined with a technical error, as the root cause for the September 2017 Equifax Data Breach.
Patch management – it sounds simple, right? A vulnerability is di4 years ago Read more -
Blog postIt is now a matter of public record that the cause of the Equifax breach that led to disclosure of personally identifiable information of 148 million American citizens was that a system running an open-source software known as Apache Struts was not patched. This allowed hackers to leverage the un-patched systems and extract data from this and other systems for several months without detection.
Since the Equifax Data Breach, several investigations have been announced, and some conclude4 years ago Read more -
Blog postI am excited to launch my new venture – Cybersecurity4Executives. For the majority of my career I have been helping organizations manage IT risks, including cybersecurity. I have consulted with large financial institutions, retailers, healthcare and technology companies. Most recently, I was responsible for IT risk management at Equifax and also CIO for Corporate Systems.
In October 2017 I was terminated from Equifax “for failing the forward an email regarding an Apache Struts v4 years ago Read more -
Blog postOn December 10, 2018 the US House of Representatives Committee on Oversight and Government Reform issued a report on The Equifax Data Breach. The comprehensive 96-page report provides a detailed analysis of the data breach announced by Equifax on September 7, 2017, affecting 148 million consumers.
I testified to the Committee as part of their investigation and parts of my testimony are quoted throughout the report.
The Report concluded that “Equifax should have addressed at le4 years ago Read more
Titles By Graeme Payne
Over the last decade, as companies have continued to march forward on the digitization of everything, the cybersecurity risk profile has continued to change. Since 2005, there have been over 9,000 publicly disclosed data breaches. In the last five years, the financial losses due to cyber-attacks have risen by over 62%. Identifying, mitigating and managing cybersecurity risks in today’s environment is a challenging task.
On July 29, 2017, Equifax discovered criminal hackers had broken into its systems. Graeme Payne was one of the first senior executives to be told about the attack. Six weeks later, Equifax announced that the personal information of over 140 million US consumers had been exposed in one of the largest data breaches of the 21st Century. What followed was a challenging response that drew widespread criticism. Graeme Payne was fired on October 2, the day before former Chairman & CEO Richard Smith testified to Congress that the root cause of the data breach was a human error and a technological failure. Graeme Payne would later be identified as “the human error”.
In The New Era of Cybersecurity Breaches, Graeme Payne describes the new era of cybersecurity breaches, the challenges of managing cybersecurity, and the story of the Equifax Cybersecurity Breach. Graeme tells the story of how Equifax became a valuable target for cybercriminals, the conclusions reached by various investigators regarding the cause of the breach, the challenges faced by Equifax in responding to the breach, and the widespread consequences that continue to have an impact.
The New Era of Cybersecurity Breaches is a must-read for board members, executives, managers and security leaders. This book will help you understand:
- The importance of implementing strong procedural, technical, and people controls to secure your systems.
- Essential lessons in preparing for, and responding to, a major data breach when (not if) one occurs.
- The critical role boards and senior leaders have in your organization’s cybersecurity program.
The lessons learned from major cybersecurity breaches, including the Equifax 2017 Data Breach, can be applied to your company to “test and improve” your cybersecurity posture.