More than nine months after being targeted by a ransomware attack, Colonial Pipeline has named its first chief information security officer (CISO) following a thorough search to fill the role.

Adam Tice

Adam Tice

Adam Tice “will oversee and be responsible for Colonial Pipeline’s information and data security program,” the company announced Tuesday. Tice brings to Colonial “a proven track record addressing the most complex and sensitive security issues in post-breach environments,” the company stated. He joins Colonial from Silicon Valley Bank, where he led security operations, detection and response, threat intelligence, and investigations.

Prior to joining Silicon Valley Bank, Tice served as senior vice president of cyber operations at Equifax from November 2017 to February 2021. In early 2017, the credit reporting agency suffered a massive data breach that compromised the personal data of approximately 147 million people and resulted in Equifax paying more than $1 billion to beef up its cybersecurity efforts.

At Equifax, Tice “helped to build and cultivate a team of more than 130 security professionals while working to help mature and enhance the organization’s security program,” Colonial stated.

Earlier in his career, Tice worked as a consultant at cybersecurity consulting firm Mandiant and at defense contractor Lockheed Martin.

In May 2021, Colonial was targeted by a ransomware attack, prompting the shutdown of its 5,500-mile pipeline that carries roughly half of the fuel supply for the United States’ East Coast. In an interview with the Wall Street Journal, Chief Executive Joseph Blount said he paid a $4.4 million ransom because he couldn’t be sure what extent the hackers breached the company’s network and, thus, how long it would take to restore the pipeline.

The Department of Justice in June announced it seized $2.3 million in cryptocurrency believed to be tied to Colonial Pipeline’s payment to the hacker group DarkSide.

“The investment in a new CISO position is part of Colonial’s commitment to elevate cybersecurity practices across the enterprise,” Kevin Feeney, senior director of communications for Colonial Pipeline, told Compliance Week. “Both physical and cybersecurity remain top priorities for Colonial Pipeline, and Tice and his team will have access to the appropriate resources and personnel they require to continue building a best-in-class program at the company.”

Tice will report directly to Blount on an interim basis as Colonial’s technology group is evaluated and structured for organizational effectiveness, Feeney said. Tice will be part of the company’s cyber steering committee and have an open line of communication with Blount and the board to ensure Colonial’s leadership has the right level of visibility into cybersecurity risks.

“A key priority for Tice in this role will be to continue to strengthen Colonial’s relationships with industry and government partners, with an eye toward collaboration on key initiatives such as threat intelligence sharing and public-private sector partnerships,” Feeney added. “As Tice settles into his new role and the culture at Colonial, he will be focused on developing and implementing a long-term strategy to continue to mature the company’s cybersecurity program.”