Vulnerabilities / Threats
12/20/2012
10:58 AM
50%
50%

BestBuy.Com Chief Leaves For Symantec

Former Starbucks CIO and 2011 InformationWeek Chief of The Year Stephen Gillett heads to Silicon Valley.

After less than nine months on the job as head of Best Buy's online operation, Stephen Gillett has left the struggling retailer to take a senior position at Symantec, which is in the midst of its own reorganization as it tries to adapt to changes in the security software market.

Symantec named Gillett executive VP and COO on Wednesday. His responsibilities will include oversight of the company's IT, marketing, and communications operations. "Stephen is the perfect fit for the direction we are taking Symantec," said Steve Bennett, Symantec chairman and CEO, in a statement. "He has been deeply involved in the transformation of a number of high-profile companies at the executive level and is highly respected in the CIO community worldwide."

Gillett has been on Symantec's board since January, and will relinquish that position. He is a former CIO of Starbucks, and was named InformationWeek's Chief of The Year for 2011.

[ Where is Symantec headed next? Read Symantec Security Has Become Forgotten Child, Critics Say. ]

His departure from Best Buy was unexpected and seen as somewhat of a surprise, given that he was brought in as recently as March to bolster and add credibility to Best Buy's e-commerce efforts. Best Buy has been struggling to convert visits to its website into sales. It's also challenged by the fact that consumers are increasingly using its stores to check out the latest gadgets, while making actual purchases online at discounters like Amazon.

Gillett's departure marks the latest high-level exit at Best Buy. CEO Brian Dunn left in April after allegations of an inappropriate relationship with a female employee. He was replaced by former Vivendi Universal Games CEO Hubert Joly. Joly recently brought in his own team of senior executives, a fact that some observers believe contributed to Gillett's departure.

"I will miss the wonderful teams at Best Buy," Gillett tweeted on Wednesday. "Our time together was short, but our friendships and experiences lifelong. Thank you."

Gillett will have his work cut out at Symantec. The company's stock was downgraded earlier this month by Standpoint Research, amid concerns about increased competition. Microsoft is beefing up free security software for Windows PCs, as well as enterprise offerings like EndPoint. Symantec is expected to unveil a new strategic plan in January.

"Great companies are defined by their market position, customer base, brand awareness, the quality of their products and by the type of industry they're involved in," said Gillett, in a statement. "Symantec is strong in all of these areas. I look forward to working with everyone at Symantec to help the company achieve its full potential." Gillett did not immediately respond to a request for further comment.

Tech spending is looking up, but IT must focus more on customers and less on internal systems. Also in the new, all-digital Outlook 2013 issue of InformationWeek: Five painless rules for encryption. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1449
Published: 2014-12-25
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVE-2014-2217
Published: 2014-12-25
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2014-7300
Published: 2014-12-25
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.