Krug, Andrew
Securities and Exchange Commission (SEC) data breach Chief
Information Security Officer (CISO), Nov 2015 – present.
Previously worked for IT incompetent Booz Allen Hamilton (BAH,
Booz).
No IT education. Only a BA in economics and an MS in
management, according to my FOIA request to the SEC. On his
LinkedIn page and elsewhere, Krug tries to imply he has an IT
education and hide that he doesn't.
$254,286 is Krug's most recent annual salary as of Feb
2019 according to my FOIA request to the SEC and to my FOIA
request to the U.S. Office of Personnel Management (OPM).
This is outrageous. Most doctors and lawyers don't make that
much and, unlike Krug, they are at least qualified; by law
they have to be.
Krug was SEC CISO during the SEC data breach in 2016. After
that data breach, the SEC sought a "Chief Risk Officer", even
though the duties of this new position were exactly what CISO
Krug was supposed to be doing. Apparently, the SEC realized
Krug was IT incompetent, but decided, as usual, that rather
than fire Krug it was just easier to continue to pay Krug's
quarter-million-dollar salary and try to hire someone new who
was IT competent. According to the SEC Inspector General's
annual cybersecurity audits, the SEC's cybersecurity rating
actually
decreased while Krug was SEC CISO,
particularly from 2016 to 2017.
Krug previously worked for IT incompetent Booz but went
through the business-government revolving door; see
Principles
of IT Incompetence (IT Hiring: Government, Business, and the
Revolving Door). Booz is a leading provider of IT
services to the U.S. Government, particularly defense and
intelligence, like the IT incompetent National Security Agency
(NSA). Booz has been called the world's largest commercial
spy agency, ironically doing so for other countries besides
the U.S. Many of Booz's IT employees and former employees are
IT incompetent.
The most notorious is high school dropout and traitorous
spy
Edward Snowden.
Others of Booz's IT incompetent employees besides Snowden have
been involved in espionage against the U.S., which is not
surprising because the incompetent are more likely to be
disloyal since they constantly fear for their jobs anyway; see
Principles
of IT Incompetence (IT Hiring: IT Incompetence Breeds
Disloyalty and Corruption).
For even more of Booz's IT incompetent former employees that
are now high IT officials, see
Booz
Hacks Fed IT, Makes It Incompetent, Insecure, Bankrupt,
which besides Krug also discusses former Booz employees: SEC
data breach CTO
Chuck
Riddle and DHS Assistant Secretary for
Cybersecurity
Jeanette Manfra.
Incredibly, see also Booz's current CIO,
Susan
Penfield.
The SEC recently awarded Booz, where Krug previously worked, a
$2.5 billion 10-year IT (including cybersecurity) contract
even though Booz was responsible for traitorous spy Snowden
and had its own data breach, in which it let hackers have
thousands of military emails. Being SEC CISO, Krug would have
been involved in this IT contract award and, in collusion with
former Booz employee
Chuck Riddle, SEC data breach
CTO, it's obvious Krug was still working for Booz in exchange
for a higher-paying job with Booz later. See
Booz
Hacks Fed IT, Makes It Incompetent, Insecure,
Bankrupt.
It was just such
IT
incompetence at the NSA that caused 9/11, which could and
should have been discovered beforehand and stopped. All this
makes Booz itself a severe threat to national
security.