This seems like an astonishingly poor plan when basically any business worth phishing payroll or trying to knock over Accounts Payable has a real and urgent security problem; never mind one that actually deals in information people care about(and probably is worth phishing).
Sufficiently small companies might not be able to justify a distinct director-level information security position; but an entity of the Times’ size should probably be seriously considering one even if they were something of purely economic interest, manufacturing OEM mufflers or something.
Given the Assange indictment they may be reassessing how encouraging they want to be of leakers. (Assange is garbage but using the espionage act against journalists is too.)
Alternatively (and this is speculation) she wouldn’t be the first competent woman in publishing whose position mysteriously disappeared despite excellent performance.
Regarding the abruptness or suddenness of her firing, in corporate America people at the director level and above are often terminated “effective immediately,” even in the cases of voluntary resignations That’s not suspicious, and it doesn’t mean anything. The exceptions I’ve seen are retirements that are announced in advance.
I think this story omits a key piece of information. The NYT just created a CISO in August, and they are just now reorganizing.
They haven’t lost focus on security— a CISO means they’ve added increased focus. Plus, a CISO has a seat at the table when it comes to allocating the budget.
So the true story probably is “CISO and newsroom security director disagree on fundamental direction, director was let go during re-org.”