author photo
By Bruce Sussman
Thu | Oct 24, 2019 | 7:33 AM PDT

The President in the White House and reporters in The New York Times newsroom are more than a few states apart.

They often are worlds apart.

Now, however, they appear to have something in common: cybersecurity teams that are being downsized.

The announcements by those leaving cybersecurity roles at each organization have stunned many in the InfoSec community. 

Especially because the moves come at a time when hackers and nation-states are known to be targeting world leaders and journalists.

Let's start with the White House cybersecurity surprise. 

White House cybersecurity changes

Senior White House Cybersecurity Director Dimitrios Vastakis tenured his resignation last week, and when he did so, he warned that the White House cybersecurity program is sliding backward and headed for dangerous territory. 

Here are three excerpts of his resignation letter obtained by AXIOS.

"Unfortunately it was decided that the OCISO (Office of the CISO) division was to be absorbed by the Office of the Chief Information Officer (OCIO). This is a significant shift in the properties of senior leadership where business operations and quality of service take precedence over security of the President's network.

It is my express opinion that the remaining incumbent OCISO staff is systematically being targeted for removal... revocation of incentives, reducing the scope of duties, reducing access to programs, revoking access to buildings and revoking positions with strategic and tactical decision making authorities.

They say that history repeats itself. Unfortunately, given all of the changes I've seen in the past three months, I forsee the White House is posturing itself to be electronically compromised once again."

Cybersecurity change at The New York Times

The White House drama unfolded last week. And then this week, The New York Times eliminated its Senior Director of Information Security position.

Runa Sandvik, who held the role, said the Times' reasoning behind the move is that, "...there is no need for a dedicated focus on newsroom and journalistic security."

She tweeted about the decision:


And Sandvik, who has more than 48,000 followers on the social media platform, received a huge response. This included a number of "please come work for us" posts and a healthy dose of InfoSec surprise at this move by The New York Times:








So there you have it. Two organizations that are worlds apart now have something unfortunate in common: they both have smaller cybersecurity teams.