JumpCloud Hires New CISO
IT management platform JumpCloud has appointed Roland Palmer as its new Chief Information Security Officer and Vice President of Security. Palmer will be responsible for leading the company's global security strategy as it continues to scale.
This appointment follows a significant security incident for JumpCloud in mid-2023. In June of that year, the company discovered it was the target of a sophisticated spear-phishing campaign. The breach was later attributed to a nation-state actor, specifically North Korean hackers, by cybersecurity firms and confirmed by JumpCloud's then-CISO, Bob Phan. The attackers gained access to an internal orchestration system and used it to target a small number of customers. The incident response involved a forced rotation of all administrator API keys to mitigate the threat, a move that impacted customers by requiring them to regenerate and reconfigure their keys. The attack vector was ultimately identified as a data injection into the company's commands framework. Palmer's hiring comes as JumpCloud is in a phase of rapid expansion, having recently acquired several companies to bolster its platform. These acquisitions include privileged access management (PAM) provider VaultOne, identity security firm Stack Identity, and MSP MacSolution.
