Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/11/2007
02:49 PM
50%
50%

A Day In The Life Of Cigna's CISO: 7 Things You Didn't Know

I recently visited Cigna chief information security officer Craig Shumard at his company's offices in suburban Connecticut. On a clear, sunny day that slowly melted away the last vestiges of winter -- mostly scattered mounds of snow encrusted with rock and dirt -- across the rolling hills of the employee benefits provider's campus, I got to see firsthand how the security chief at a big-time company operates and interacts with his staff. It was impressive, to say the least.

I recently visited Cigna chief information security officer Craig Shumard at his company's offices in suburban Connecticut. On a clear, sunny day that slowly melted away the last vestiges of winter -- mostly scattered mounds of snow encrusted with rock and dirt -- across the rolling hills of the employee benefits provider's campus, I got to see firsthand how the security chief at a big-time company operates and interacts with his staff. It was impressive, to say the least.You can all read about that in detail in next week's issue of InformationWeek. Now I'd like to share with you the things I learned about Shumard and his company that won't appear in next week's story. Think of these as "extras" that I saved just for this blog, much the way a movie company will add all sorts of extra features when it releases a movie on DVD.

1) Shumard, who looks like he played football back in the day, is a big fan of the Philadelphia Eagles, although not as fanatical as this guy.

2) When he's not rooting for his beloved Eagles, Shumard devotes a significant amount of his downtime to his work as an amateur genealogist. He's recorded about 23,000 names in a data base he created to track family members dating back to the 1700s. Among these relatives are five veterans of the American Revolutionary War and 24 who fought in the Civil War (on the "right side," he adds).

3) Along the way, Shumard learned that the mountain in Texas known as Shumard Peak and the Shumard oak tree are named for relatives. "A Shumard was also on the Enola Gay," he says, referring to the airplane that dropped the first atomic bomb, during World War II. That would be Sgt. Robert H. Shumard, assistant engineer.

4) There are three Craig Shumards living in North America. One is a doctor in Nebraska, while the other works as a movie control technician out in Hollywood, on films including Daredevil and X2. "Everyone with the name Shumard is related," he says. "It's a just a question of how."

5) Cigna's Bloomfield facilities resemble a multilevel suburban shopping mall, right down to the vendor who'd temporarily set up folding tables on the ground floor to sell New York Yankees memorabilia, including baseball cards and autographed photos. I guess the local Red Sox fans didn't object.

6) The campus grounds include a golf course designed by Arnold Palmer. One Cigna employee this past winter spied a local bobcat prowling across the greens. Shumard's never taken the time to test the links, though. Maybe he doesn't like bobcats.

7) Shumard's father worked as a store manager for Sears Roebuck and was re-assigned to a new store every three years, ending his career at a location in Philadelphia's western suburbs. The succession of moves "forced me to learn to adapt to my surroundings," says Shumard, who grew roots in that community and has lived there ever since.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22152
PUBLISHED: 2021-05-13
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.
CVE-2021-22153
PUBLISHED: 2021-05-13
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with t...
CVE-2021-22154
PUBLISHED: 2021-05-13
An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.
CVE-2021-20331
PUBLISHED: 2021-05-13
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "i...
CVE-2021-31215
PUBLISHED: 2021-05-13
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.