Bank of America to Further Ramp up Security With New CISO

Bank of America has named Patrick Gorman, a veteran government and corporate technology executive, as its new chief information security officer.

Gorman was most recently a senior executive advisor at Booz Allen Hamilton, a consulting firm hired by Bank of America after whistleblower Web site WikiLeaks late last year said it planned release thousands of insider documents leaked to it by a former bank worker.

Gorman will be responsible for overseeing the bank's overall information security strategy and will report to CTO Marc Gordon, according to a Bank of America statement on Thursday.

Gorman had earlier served as associate director of national intelligence and acting CIO at the U.S. Office of the Director of National Intelligence. In that role, Gorman oversaw the U.S. intelligence community's incident response center and shared responsibility for an effort to improve information sharing among agencies via technology integration.

Gorman also worked in multiple U.S. Air Force units -- Electronic Security Command, Intelligence and the Special Operations Command. During his 10 year Air Force stint, Gorman also worked with the National Security Agency's cryptologic support group, the statement said.

Gorman's experience is sure to come handy in his new role at the Bank of America.

The bank has been in major damage control mode since WikiLeaks founder Julian Assange disclosed last November that the site held more than 5GB of internal data, including tens of thousands of sensitive internal documents, from an unnamed major U.S. bank.

Assange still hasn't named the bank in question, but has said the documents would soon be accessible on the WikiLeaks site. Many experts have speculated that the documents belong to Bank of America.

In fact, in an 2009 interview with the IDG News Service, Assange said WikiLeaks had obtained some 5GB of data that had been stored on the hard drive of an Bank of America executive.

The bank has since taken a series of measures to try and identify the source of the leak -- and what documents are involved.

In January, the New York Times reported that the bank had assembled a 15- to 20-person team to come up with a damage control plan in the event Wikileaks followed through on its promise.

The team headed by Bruce Thompson, Bank of America's chief risk officer was tasked with conducting a broad internal investigation to determine what internal documents might have been leaked. The bank hired Booz Allen to help in the effort.

In February, WikiLeaks released a document that appeared to show that the bank had hired three intelligence firms to help develop a strategic plan of attack against WikiLeaks.

And last month, a loose affiliation of hackers that supports the WikiLeaks cause called Anonymous released email and documents purportedly obtained from an ex-Bank of American employee who it said who claims to be able to prove mortgage fraud.

It remains unclear whether the documents released by Anonymous are the same ones Assange claimed were obtained by WikiLeaks.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Subscribe to the Security Watch Newsletter

Comments