Entrust hires Jordan Avnaim as Chief Information Security Officer

Entrust, a global leader in trusted payments, identities, and data, today announced that it named Jordan Avnaim as its Chief Information Security Officer (CISO). With more than 20 years of experience leading information security functions and influencing change and enterprise digital transformation, Jordan will help scale and mature Entrust’s information security program for both corporate and commercial portfolios.“We are excited to welcome Jordan to the team and are confident his experience and deep understanding of information security, IT security operations and risk leadership will support Entrust’s mission to be an innovative and trusted solutions provider,” said Anudeep Parhar, Chief Operating Officer at Entrust. “Jordan will be instrumental in helping to further build our information security program that will strengthen our security posture.”Entrust’s solutions are at the forefront of the cybersecurity industry and include new solutions to support organizations through their Zero Trust journey and post-quantum cryptography approach. As CISO, Avnaim will play a key role in the company’s advancement of these solutions.Avnaim joins Entrust with experience in a variety of information security and risk leadership roles including most recently at The Capital Group Companies, where he was responsible for leading various information security, technology risk and technology audit functions over his tenure. Previously at Deloitte & Touche, Avnaim led delivery of specialized security and risk consultative services to C-suite executives and clients across the globe. Avnaim’s experience and achievements in these roles have well-positioned him to lead Entrust’s information security program, continue strengthening the company’s security posture, and assist in delivery of exceptional security solutions to Entrust’s clients and customers.“The threat landscape continues to rapidly evolve and companies need to constantly be identifying and initiating new cybersecurity practices, like post-quantum cryptography to prepare for the future,” said Avnaim. “With my passion for cybersecurity and technology risk management, and experience providing consultative services to worldwide clients, I am thrilled to be stepping into this role to support Entrust’s strategy and assist our clients in realizing their cybersecurity objectives.”Avnaim holds both a Master of Engineering in Management of Technology with an Information Security focus and a Bachelor of Engineering in both Computer Engineering and Mathematics from Vanderbilt University. Avnaim is a member of Infragard, FS-ISAC, ISC2, ISACA and is a Certified Information Systems Security Professional (CISSP).Avnaim will also join the Entrust Cybersecurity Institute as an expert member. To access critical insights C-suite leaders need to protect their organizations, tune into the Entrust Cybersecurity Institute Podcast.Entrust’s outgoing CISO Mark Ruchie will remain at Entrust as Vice President, Information Security Advisor, through the first half of 2024, to assist Avnaim and ensure a seamless transition before officially retiring.

Gartner predicts 10% of large enterprises will have a zero-trust program by 2026

Zero trust is top of mind for most organizations as a critical strategy to reduce risk, but few organizations have actually completed zero-trust implementations. Gartner, Inc. predicts that by 2026, 10% of large enterprises will have a mature and measurable zero-trust program in place, up from less than 1% today.Gartner defines zero trust as a security paradigm that explicitly identifies users and devices and grants them just the right amount of access so the business can operate with minimal friction while risks are reduced.“Many organizations established their infrastructure with implicit rather than explicit trust models to ease access and operations for workers and workloads. Attackers abuse this implicit trust in infrastructure to establish malware and then move laterally to achieve their objectives,” said John Watts, VP Analyst at Gartner. “Zero trust is a shift in thinking to address these threats by requiring continuously assessed, explicitly calculated and adaptive trust between users, devices, and resources.”To help organizations complete the scope of their zero-trust implementations, it is critical that chief information security officers (CISOs) and risk management leaders start by developing an effective zero-trust strategy which balances the need for security with the need to run the business.“It means starting with an organization’s strategy and defining a scope for zero-trust programs,” said Watts. “Once the strategy is defined, CISOs and risk management leaders must start with identity - it is foundational to zero trust. They also need to improve not only technology, but the people and processes to build and manage those identities.“However, CISOs and risk management leaders should not assume that zero trust will eliminate cyberthreats. Rather, zero trust reduces risk and limits impacts of an attack.”Gartner analysts predict that through 2026, more than half of cyberattacks will be aimed at areas that zero- trust controls don’t cover and cannot mitigate.“The enterprise attack surface is expanding faster and attackers will quickly consider pivoting and targeting assets and vulnerabilities outside of the scope of zero-trust architectures (ZTAs),” said Jeremy D’Hoinne, VP Analyst at Gartner.” This can take the form of scanning and exploiting of public-facing APIs or targeting employees through social engineering, bullying or exploiting flaws due to employees creating their own “bypass” to avoid stringent zero-trust policies.”Gartner recommends that organizations implement zero trust to improve risk mitigation for the most critical assets first, as this is where the greatest return on risk mitigation will occur. However, zero trust does not solve all security needs. CISOs and risk management leaders must also run a continuous threat exposure management (CTEM) program to better inventory and optimize their exposure to threats beyond the scope of ZTA.Gartner clients can learn more in “Predicts 2023: Zero Trust Moves Past Marketing Hype Into Reality.”Learn how to prepare for any cybersecurity attack in the complimentary Gartner ebook 3 Must-Haves in Your Cybersecurity Incident Response Plan.