I’m shocked that Target and JPMC did not have a Chief Information Security Officer on staff during their breaches.  I do not believe that these individuals would have prevented a breach altogether, but at least their would’ve been a prior appointed individual to take control of the situation and already have a rapport with executives to take necessary incident response actions. Many of our VISO clients’ Executives and even Board members have a relationship with our appointed VISO Vala Secure staffers.  We preach to our executives it isn’t IF you get breached, but WHEN.  The goal is to minimize exposure in a breach scenario as well as respond properly.