CSO of the Year: John South, Heartland Payment Systems

Outside of Heartland, South has been instrumental in promoting information sharing around threat intelligence, something he believes is paramount if the good guys stand a fighting chance. He sits on the board of directors at the Financial Services – Information Sharing and Analysis Center (FS-ISAC). In 2009, he helped create a subgroup, known as the Payments Processing Information Sharing Council (PPISC). South also believes in enforcement. In 2003, he helped stand up the U.S. Secret Service North Texas Electronic Crimes Task Force, and is a founding member of the region's FBI InfraGard program.

“John has provided his mentorship to me, personally, and to countless individuals who have benefited directly from his experience,” says David Bentz, assistant director of Group Services, a Fort Worth, Texas-based security services and consulting firm. Besides being “scary smart,” Bentz, a retired Secret Service agent in Dallas, adds that South is a “man of character and dedication.”

In a Q&A, SC Magazine asked South to comment on current and future trends, and to define his technology and project roadmap at Heartland.

SC Magazine: How would you describe today's security threat landscape?

John South: Today's security threat landscape is the most dynamic and aggressive we have ever seen. We have focused threat actors, some with nation-state protection, attacking more targets than ever. Whether it's criminals monetizing their attack strategies or nation-states attacking our critical infrastructures and intellectual property, the financial and tactical rewards are enabling them to invest in building powerful capabilities. They are actively developing new techniques and tactics to affect their strategies, and are easily luring new members into their ranks. Most importantly, cyber criminals know what targets they want to hit and when they will hit them.

SC: What is your biggest gripe with the way security is done these days?

JS: Information sharing is still having growing pains. There are some important agencies and corporations dedicated to tracking malicious activity and terminating it, but in some notable industries, it is still difficult to disseminate actionable intelligence on potential attacks to the large number of businesses, particularly smaller businesses. As a result, companies and individuals continue to be breached every day.

The information sharing movement can only get traction if it gets federal attention, funding and resources that would enable the intelligence agencies, federal law enforcement and the carriers to establish a comprehensive program for defending and alerting our infrastructure, companies large and small, and even individuals when they are threatened. A second and equally critical requirement is that the Department of State takes diplomatic action against those nations that harbor these criminals or conduct nation-state attacks themselves.

SC: Are we getting anything right? Said another way, are the adversaries beatable?

JS: Absolutely. We are seeing much more information sharing across government agencies (though there is plenty of room for expansion) and among corporations. Businesses are getting the message that security issues can no longer be their dirty little secret or their competitive advantage. 

SC: Are the adversaries beatable? That's more complex. Today, the adversaries have a definitive advantage of time, target selection and the great tool of the internet to attack virtually anybody at any time. In particular, social media networks are enabling them to enlist the aid of other groups to assist in their attacks, providing an almost inexhaustible supply of labor. In many cases, these groups and recruits have either direct nation-state protection or at least a nation-state that supports their actions.