Stop IT Incompetence masthead.
Stop IT Incompetence motto.

Government ITIHOS Entry tab.

Booz Allen logo, SEC seal, fake, CISO, Andrew Krug photo over bandit clown photo.

Krug, Andrew



Securities and Exchange Commission (SEC) data breach Chief Information Security Officer (CISO), Nov 2015 – present. Previously worked for IT incompetent Booz Allen Hamilton (BAH, Booz).

No IT education. Only a BA in economics and an MS in management, according to my FOIA request to the SEC. On his LinkedIn page and elsewhere, Krug tries to imply he has an IT education and hide that he doesn't.

$254,286 is Krug's most recent annual salary as of Feb 2019 according to my FOIA request to the SEC and to my FOIA request to the U.S. Office of Personnel Management (OPM). This is outrageous. Most doctors and lawyers don't make that much and, unlike Krug, they are at least qualified; by law they have to be.

Krug was SEC CISO during the SEC data breach in 2016. After that data breach, the SEC sought a "Chief Risk Officer", even though the duties of this new position were exactly what CISO Krug was supposed to be doing. Apparently, the SEC realized Krug was IT incompetent, but decided, as usual, that rather than fire Krug it was just easier to continue to pay Krug's quarter-million-dollar salary and try to hire someone new who was IT competent. According to the SEC Inspector General's annual cybersecurity audits, the SEC's cybersecurity rating actually decreased while Krug was SEC CISO, particularly from 2016 to 2017.

Krug previously worked for IT incompetent Booz but went through the business-government revolving door; see Principles of IT Incompetence (IT Hiring: Government, Business, and the Revolving Door). Booz is a leading provider of IT services to the U.S. Government, particularly defense and intelligence, like the IT incompetent National Security Agency (NSA). Booz has been called the world's largest commercial spy agency, ironically doing so for other countries besides the U.S. Many of Booz's IT employees and former employees are IT incompetent.

The most notorious is high school dropout and traitorous spy Edward Snowden. Others of Booz's IT incompetent employees besides Snowden have been involved in espionage against the U.S., which is not surprising because the incompetent are more likely to be disloyal since they constantly fear for their jobs anyway; see Principles of IT Incompetence (IT Hiring: IT Incompetence Breeds Disloyalty and Corruption).

For even more of Booz's IT incompetent former employees that are now high IT officials, see Booz Hacks Fed IT, Makes It Incompetent, Insecure, Bankrupt, which besides Krug also discusses former Booz employees: SEC data breach CTO Chuck Riddle and DHS Assistant Secretary for Cybersecurity Jeanette Manfra. Incredibly, see also Booz's current CIO, Susan Penfield.

The SEC recently awarded Booz, where Krug previously worked, a $2.5 billion 10-year IT (including cybersecurity) contract even though Booz was responsible for traitorous spy Snowden and had its own data breach, in which it let hackers have thousands of military emails. Being SEC CISO, Krug would have been involved in this IT contract award and, in collusion with former Booz employee Chuck Riddle, SEC data breach CTO, it's obvious Krug was still working for Booz in exchange for a higher-paying job with Booz later. See Booz Hacks Fed IT, Makes It Incompetent, Insecure, Bankrupt.

It was just such IT incompetence at the NSA that caused 9/11, which could and should have been discovered beforehand and stopped. All this makes Booz itself a severe threat to national security.