Nick Gicinto
Nick Gicinto is an executive security leader and veteran of the Central Intelligence Agency (CIA), Tesla, and Uber as an insider threat, intelligence and security specialist. He is currently the CISO and Professor of Practice in Cybersecurity at William Jewell College.
Nick was recruited into the CIA and spent 10 years in the Agency amassing five promotions and 14 exceptional performance awards as an Operations Officer. His role as an OO was to collect foreign intelligence to brief senior U.S. policymakers, including use in the U.S. President’s Daily Briefing. During his CIA tenure, Nick focused on state-actor level threats and worked both counterintelligence and counterterrorism operations in the U.S. and abroad.
After leaving the CIA, Nick joined Uber’s Threat Operations team helping the company build a global intelligence capability in 40+ countries designed to keep Uber’s riders and drivers safe in addition to investigating leaks of intellectual property. He was recruited by Tesla to build the Global Security Response team, focusing on insider threat and investigations into leaked/stolen intellectual property. GSR’s investigations lead to multiple civil lawsuits vs. competitors and former employees, as well as law enforcement referrals and convictions.
Nick later moved to RiskIQ (now a Microsoft portfolio company) as a Vice President to build the Incident, Investigation, and Intelligence (i3) team, RiskIQ’s managed intelligence services (MIS) capability tied to its cybersecurity SAAS product. After growing the team to close to 40 members, Nick joined Chainlink Lab’s as the VP of Security Intelligence, helping the web3 company develop its world class security program from scratch.
Nick has formed two security consulting LLCs, one which he uses to provide security training for Christian missionaries, and another which he integrated into another security company where he served as Executive Vice President until joining William Jewell College. He also serves as an Adjunct Professor of Cybersecurity in SET University's Masters in Cybersecurity program, located in Ukraine.
Nick holds a BA in Political Science from William Jewell College, and a MS in Defense & Strategic Studies from Missouri State University.
Sessions
Companies who are not prepared for the evolving technology and capabilities of deepfakes risk compromising their security, IP, and corporate funds as threat actors expose a vulnerability in security practices. According to Business Insider, the employee of a Hong Kong multinational company recently remitted the equivalent of about $25.6 million — but it turned out to be a deepfake, according to local police. Deepfake social engineering has already occurred in multiple cases leading to CEO dismissals and embarrassment for the company. With the upcoming 2024 election, experts are expecting usage of deepfake technology to increase exponentially. Threat actors will undoubtedly gain access to this technology at lower and lower cost, making the threat to businesses even more prevalent.
In this talk, we will outline the ways companies can ensure they do not fall victim to these types of attacks by implementing low or no tech strategies including training and awareness, but also a process of “trust but verify” to ensure procedures are in place which prevent employees from taking unilateral action based on a deepfake interaction. Ironically, this incredibly advanced AI threat can be defeated with a no-technology solution.
Panel Discussion: Insider Threats remain one of the largest existential threats to companies and organizations. According to IDWatchdog, 60% of data breaches in companies are caused by insider threats. While much of the focus on mitigating threats is largely based in technological solutions, this panel will discuss the value of positively shaping corporate culture and the role that plays in tandem with or sometimes in place of technological solutions, many of which can be costly and raise privacy concerns for employees. How do corporate leaders find the balance? How do security leaders advocate for non-security related changes which may fall more in line with HR initiatives? We’ve assembled a panel with experience building insider threat programs at some of the most exciting companies in the world, as well as experience in the US intelligence community and in academia.