Mastercard vs. Nike is just the opening salvo in the fight for IT security talent


What’s more important: the loss or theft of information about running shoe purchases, or the credit card details involved in all kinds of other transactions?

That probably isn’t a fair question, but I couldn’t help thinking it when I read the recent news about a legal battle involving Nike and Mastercard over IT security talent. According to a story published in the Wall Street Journal, Mastercard is suing the footwear and athletic apparel maker over allegations its former chief information security officer (CISO) not only left to join Nike but began taking some of his best and brightest with him:

MasterCard is asking for an injunction to stop Nike from recruiting its employees. The company is also seeking at least $5 million in monetary damage due to existing breaches. ‘Despite MasterCard’s requests to cease, Nike continued, with the assistance of the former employees to solicit and hire seven more information security employees from MasterCard in a span of just six months,’ said a MasterCard spokesman in an email.

Of course, after major incidents involving Target, TJ Maxx, Home Depot and other major retailers, it’s no surprise Nike, which owns and operates its own stores, would be interested in the CISO of Mastercard and those who worked with him to help protect critical financial data. With the Sony Pictures Entertainment hacking attack, possible state-sponsored attacks on Canada’s government and other data breaches, the ever-fierce war for IT security talent may soon be divided upon vertical market lines.

Beyond the deep pockets necessary to pay such CISOs and their staff handsomely, I suspect what will ultimately motivate security talent to stay or leave an organization will be similar to that of almost any other employee, and it comes down to a single question: “Are the problems to be solved worth solving, and can I learn and develop myself by solving them?”

Right now, given how many retailers consumer-oriented companies are proving to be a major target for cyber-attacks, those recruiting in that space may have a considerable advantage. However, with wearables and the Internet of Things potentially introducing ever-greater risk vectors into everyday life, there will be no shortage of opportunities for security professionals to consider.

As a result, non-compete, non-disclosure and non-solicitation clauses may look like the answer to some organizations today, but employees that don’t want to feel trapped may decide to bypass the firms that insist on them. Ultimately, the challenge here is to ensure that the “tribal knowledge” around a given organization’s security posture is the No. 1 thing business leaders strive to retain. That’s easier said than done, but figuring out the right approach should take precedence over mere investment in IT security technologies. As Nike might say, just do it.


  1. Shame this. I understand MasterCard’s frustration, about losing staff on whom their systems depend, but this is too big an issue to fight over. The techniques and skills necessary to protect data and the net are not something to consider proprietary. We all lose if these are in jealously guarded silos. Sharing will produce a much more comprehensive and well developed set of skills than trying to keep the information private. Imagine what it would be like if during a time of war our industries refused to share technology and skills. We would lose the war. We would lose the security war in the same way.

    • The giant problem is that firms are inundated with applications from talented people, but aren’t hiring. And then they get upset that their employees, to whom they’ve not treated them too well over the years, end up leaving. Employers need to start treating the labour pool far better than they are, and professionalism needs to start with the recruitment process.

  2. Information security employees are a dime a dozen. Any reasonably advertised position will easily garner hundreds of great applicants. With most of the applications being ignored. Employers need to step up to the plate if they are facing talent shortages and start hiring. Instead of fixating on details not relevant to the positions in question.

  3. “the ever-fierce war for IT security talent may soon be divided upon vertical market lines”

    There is no ‘ever fierce war for IT security talent’. What we see in the contemporary market is the employers ignoring the applications of most qualified applicants and not providing feedback to those who do take time out of their lives to apply. Employers looking for talent not only need to pay appropriately, but need to consider the talent pool with good faith and with the utmost in professionalism.


Please enter your comment!
Please enter your name here