Connect with us

Hi, what are you looking for?


Management & Strategy

Former eBay CISO Launches Information Sharing Framework For Security Leaders

Startup to Encourage Security Information Sharing Among CISOs

A new information sharing framework is in town, and the former CISO of eBay is at the helm.

Startup to Encourage Security Information Sharing Among CISOs

A new information sharing framework is in town, and the former CISO of eBay is at the helm.

Dave Cullinane, the former chief information security officer of eBay, is the CEO and co-founder of SecurityStarfish, a startup intent on providing CISOs with a central collection point for sharing cyber-attack details and receiving information about real-world attacks. Members will be able to use the information to make plans regarding the defenses in place and protect the organization from future attacks.

There really isn’t a good system in place currently to help organizations share information or learn from each other about various incidents, Cullinane told SecurityWeek. Most times, CISOs hear about various incidents at other organizations, but never learn the details of what exactly happened, so can’t use the lessons learned to avoid being hit by similar attacks, Cullinane said.

The primary objective is to “create actionable intelligence to give CISOs the information they need to effectively protect their organizations from cyber-attacks, ” Cullinane said.

Global corporations need visibility as to what kinds of attacks are happening around the world, Cullinane said. There may be over a thousand pieces of malware being created each day, but only 100 of them may currently be used in attacks against a particular sector. That is actual information the CISO can use to prepare against real attacks, as opposed to “theoretical attacks” that may never actually materialize, Cullinane said.

Members need information that is actually relevant to the business in order to make budgetary decisions about what security measures to invest in and what areas to strengthen, Cullinane said.

Advertisement. Scroll to continue reading.

SecurityStarfish will correlate attack data within industry verticals as well as across sectors to find similar threats, Cullinane said. If there is an attack that began among banks and one module was changed before education organizations were affected, and it continued to morph as it moved from sector to sector, that is a trend that would be visible and helpful to defenders to know about.

They will see that an attack went from sector to sector and modified itself with each move, and the defenders can recognize the patterns and take steps to stop it from moving to other areas, Cullinane said.

Organizations would be submitting anonymized data to SecurityStarfish, Cullinane said. When companies prepare their submissions, they can remove information and details they don’t want to disclose. SecurityStarfish will also scrub the data to ensure all identifying information has been removed, Cullinane said. These measures are important in order to establish SecurityStarfish as a “trusted entity,” he added. This was critical because otherwise, companies wouldn’t be comfortable providing information about the threats they are dealing with, Cullinane said.

“I don’t need to know what particular bank got hit with this attack. I just need to know that a financial institution was hit with this attack,” Cullinane said.

Data submitted to SecurityStarfish would be analyzed using a wide range of tools, including Hadoop, to understand and find correlations within the dataset. SecurityStarfish plans to look at threats across the board, whether it’s malware-based or network intrusion attempts, so long as they are relevant to the members.

There are quite a few information sharing frameworks nowadays, but Cullinane didn’t seem overly concerned about the crowded space.

Earlier this month, SecurityWeek highlighted “Titan”, a new malware intelligence system developed at Georgia Tech Research Institute designed to help organizations share threat intelligence and work together to understand attacks and collaborate on malware analysis and classification.

It’s “good that there are lots of people doing this,” Cullinane said, adding that SecurityStarfish would be different from many of them because it wouldn’t be facilitating information sharing with government agencies.

Cullinane envisions “starting small,” with perhaps about 50 members to begin with. The goal is to limit membership to CISOs and IT professional in various verticals, such as healthcare, energy, and financial services. For the time being, security vendors are not invited to join, he said.

Joining Cullinane as a founder of the company is Gordon Shevlin who serves as COO and executive vice president. Shevlin previously founded SiegeWorks, which was eventually acquired by acquisition by FishNet Security where he served as aexecutive vice president.

Related Reading: Threat Sharing – A Necessary Defense Strategy

Related Reading: Building a Bridge for Information Sharing

Related Reading: Intelligence Sharing Key in Cybersecurity Arms Race, Experts Say

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...