Life-post breach: How a security incident impacted one cybersecurity CEO

’Twas the night before Christmas, when all through the house, not a creature was stirring, not even a mouse…but don’t get too comfortable, because this isn’t your traditional Christmas tale.

Howard Ting was at home on Christmas Day 2024, playing with his kids, when he received a phone call from the CSO of Cyberhaven, alerting him to a security professional’s worst nightmare: an employees’ account had been compromised and used to upload a malicious version of its Chrome extension to select accounts.

“It was an incredible roller-coaster of emotions,” Ting, Cyberhaven’s CEO at the time, told IT Brew. Cyberhaven had just wrapped up a “phenomenal year,” in his words: its valuation grew from $150 million to $1 billion, and it had added several marquee customers while concluding a series D funding round.

“I was on the highest of highs, and then less than two days later, I’m in the depths of, ‘Wow, could this kill our company?’” Ting, now the CEO of identity governance company Opal Security, recalled.

I remember it like it was yesterday. In a December 2024 blog post—penned by Ting and published two days after the incident was discovered—the company confirmed the cyberattack occurred on Christmas Eve after a threat actor compromised a Cyberhaven employee account through a phishing attack.

“The attacker was able to basically harvest the tokens or credentials of that developer and get access to our Chrome Store account,” Ting said. “With access to our Chrome Store account, through APIs, they were able to update a malicious version of the extension to our account, which then subsequently got published and deployed to some of our customers.”

Ting said the developer discovered and reported the incident early on Christmas Day, triggering the company to jump into incident-response mode. While Cyberhaven’s CSO took the lead on the investigation, Ting recalled several decisions he had to make in his role as CEO.

“How much do you disclose? How quickly do you disclose?” Ting said. “Do you disclose proactively to all your customers, even the ones that were not impacted? How much detail do you reveal?”

Needless to say, Ting’s holiday looked a little different than he expected: “ It was rough. I didn’t have Christmas dinner with my family until the 30th that year.”

The aftermath. According to the blog post, only “Chrome-based browsers that auto-updated” in a short window of time between Dec. 25 and Dec. 26 were impacted. Cyberhaven notified both impacted and unimpacted customers of the incident and removed the compromised extension from the Chrome Web Store.

While the industry has become attuned to CISOs facing the brunt of scrutiny after a security incident, BreachRx co-founder and CEO Anderson Lunsford said there have been multiple cases where CEOs and other C-suite executives are thrusted into the spotlight or held accountable for their role in the response.

“It’s not just how the security team performs, but how the entire executive leadership performs,” he said. In Ting’s case, the event resulted in burnout and an emotional load for him and his team.

“It’s not just the chief security officers that pay that price,” Ting said. “I would say it’s everyone around it that has ownership for the problem, that has ownership for the solution, and the breach in the first place.”

After the incident, Ting wasn’t focused on how it would impact his career, but rather on how it would affect the broader company and its employees. Ting said a number of customers were impressed with how the company handled the crisis and communicated with them. However, not every stakeholder was as receptive.

“There were some deals and some customers that basically were in the pipeline, that said, ‘Look, we can’t buy from a company that has an incident, period, just full stop,’” he said.

“In the grand scheme of things…it made the company a much more secure, stronger brand, and I think we built more trust with our buyers because we sell to security buyers,” Ting added. “We’re a cybersecurity company, and so for them to see how we responded, they also respected that.”

Ting left Cyberhaven in 2025 for reasons unrelated to the security incident, landing at Opal Security later that year. He said the incident reinforced his commitment to the cybersecurity industry and his role in helping companies bolster their defenses to current threats.

“There’s so much more to do here and I want to continue on this side of the cyber battle,” he said.

Hear ye, hear ye. Looking back on his own experience, Ting said he wishes the industry would move past the misconception that vendors are solely worried about their own fate during security crises, rather than protecting customers. He also encouraged the industry to address the looming anxiety from CISOs of being held personally liable in security events at their companies.

“I wonder if there’s enough there for our cyber professionals and cyber leaders to make sure that we’re not scaring off great talent and disincentivizing them from doing their work to help our community be more secure,” Ting said.

Are you an IT pro who served as a CISO at a company when it experienced a security incident? Email [email protected] or ask Brianna for her Signal.