Tag: ciso
-
CISOs rethink the security organization for the AI era
Jill Knesek, CISO, BlackLine BlackLineEchoing Oleksak, Knesek says she feels strongly about utilizing traditional security and having the right controls in place. Getting foundational security right will get you a long way, she says.’Then, as you learn about more sophisticated attacks “¦ we’ll have to pivot our tooling and capabilities to those risks.” For now,…
-
Descope Gets $35M for AI Agent Identity Controls, Governance
Identity Security Vendor to Expand AI Governance Tools Including MCP Server Defense. Descope raised $35 million to expand its agentic identity hub and MCP authorization capabilities. As enterprises adopt AI, CISOs demand granular governance, auditing and secure identity frameworks for nonhuman agents. Descope aims to lead this emerging space. First seen on govinfosecurity.com Jump to…
-
Descope Gets $35M for AI Agent Identity Controls, Governance
Identity Security Vendor to Expand AI Governance Tools Including MCP Server Defense. Descope raised $35 million to expand its agentic identity hub and MCP authorization capabilities. As enterprises adopt AI, CISOs demand granular governance, auditing and secure identity frameworks for nonhuman agents. Descope aims to lead this emerging space. First seen on govinfosecurity.com Jump to…
-
Cybersecurity at Risk: CISA 2015 Lapses Amid Government Shutdown
The expiration of CISA 2015 weakens cyber defenses, limiting info-sharing protections and raising risks for CISOs and security leaders. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/cisa-2015-lapses-government-shutdown/
-
Neue Phishing-Variante greift Gmail-Nutzer an
Tags: access, adobe, awareness, cio, ciso, cyberattack, hacker, intelligence, mail, malware, phishing, ransomware, risk, spear-phishing, threat, tool, zero-trustHacker haben gefälschte PDF-Dateien an Gmail-Nutzer verschickt, die täuschend echt wirken. Forscher des Sicherheitsunternehmens Varonis haben eine raffinierte Phishing-Methode entdeckt, die auf Gmail-Nutzer zielt. Dabei kommt eine Malware zum Einsatz, die sich nicht nur als PDF-Anhang tarnt, sondern die Opfer automatisch dazu auffordert, diesen zu öffnen.’Der Dateityp .PDF ist im privaten und geschäftlichen Bereich allgegenwärtig…
-
US gov shutdown leaves IT projects hanging, security defenders a skeleton crew
Tags: cisoThe longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register First seen on theregister.com Jump to article: www.theregister.com/2025/10/01/us_government_shutdown_it_seccurity/
-
US gov shutdown leaves IT projects hanging, security defenders a skeleton crew
Tags: cisoThe longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register First seen on theregister.com Jump to article: www.theregister.com/2025/10/01/us_government_shutdown_it_seccurity/
-
Building a mature automotive cybersecurity program beyond checklists
In this Help Net Security interview, Robert Sullivan, CIO CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/robert-sullivan-agero-automotive-cybersecurity-strategies/
-
Building a mature automotive cybersecurity program beyond checklists
In this Help Net Security interview, Robert Sullivan, CIO CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/robert-sullivan-agero-automotive-cybersecurity-strategies/
-
From Spend to Strategy: A CISO’s View
Armis CISO Curtis Simpson on Spend Justification, AI Risks, Real-Time Visibility. Curtis Simpson, CISO at Armis, shares how CISOs can frame spend in terms executives value, the underestimated risks of AI and which technology trends will truly reshape enterprise security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/from-spend-to-strategy-cisos-view-a-29606
-
Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI
Join Picus Security, SANS, Hacker Valley, and leading CISOs at The BAS Summit 2025 to learn how AI is redefining Breach and Attack Simulation (BAS) and why it’s becoming the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/webinar-picus-security-the-state-of-bas-2025/
-
How to restructure your security program to modernize defense
Restructuring the security program when technology and skills change: When revamping the security programs, CISOs can have in mind Venables’ four-phase framework, which is flexible enough to fit almost any organization. Companies can start where they are, make the changes they want, and then return to complete the remaining tasks.Restructuring the security program should be…
-
As Hardware, API and Network Vulnerabilities Rise, Defenders Rethink Strategies
Bugcrowd’s latest research reveals a surge in hardware, API, and network vulnerabilities, fueled in part by the rapid adoption of AI-assisted development. Critical flaws and broken access control remain top concerns, while experts warn that agentic AI will intensify risks if not governed with strong privilege and monitoring controls. The report also highlights the evolving…
-
As Hardware, API and Network Vulnerabilities Rise, Defenders Rethink Strategies
Bugcrowd’s latest research reveals a surge in hardware, API, and network vulnerabilities, fueled in part by the rapid adoption of AI-assisted development. Critical flaws and broken access control remain top concerns, while experts warn that agentic AI will intensify risks if not governed with strong privilege and monitoring controls. The report also highlights the evolving…
-
Cyber risk quantification helps CISOs secure executive support
In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/vivien-bilquez-zurich-resilience-solutions-cyber-resilience-priorities/
-
KI-Gefahren rücken Integritätsschutz in den Mittelpunkt
Tags: ai, ciso, cloud, compliance, cyberattack, data, data-breach, DSGVO, exploit, governance, injection, LLM, ml, risk, tool, training, updateData Poisoning gefährdet die Integrität von KI-Modellen.Für CISOs reduziert KI selten die Komplexität, sondern füllt vielmehr ihre ohnehin schon volle Agenda. Neben den traditionellen Sicherheitsprioritäten müssen sie sich nun auch mit neuen KI-bedingten Risiken auseinandersetzen, etwa wenn KI-Lösungen unkontrolliert für geschäftliche Zwecke genutzt, Modelle manipuliert und neue Vorschriften nicht eingehalten werden. Eine der drängendsten Herausforderungen…
-
Coherence: Insider risk strategy’s new core principle
Malicious action “, deliberate harm from within, often rooted in disaffection, misalignment, or ideological fractureHuman error “, unintentional harm caused by confusion, fatigue, or misjudgment under pressureThese two paths look different but demand the same thing: a system that knows how to detect misalignment early and how to keep people inside the mission before risk…
-
The CISO’s guide to stronger board communication
In this Help Net Security video, Alisdair Faulkner, CEO of Darwinium, explores how the role of the CISO has changed over the past decade. Faulkner shares insights on how CISOs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/ciso-board-communication-video/
-
The CISO’s guide to stronger board communication
In this Help Net Security video, Alisdair Faulkner, CEO of Darwinium, explores how the role of the CISO has changed over the past decade. Faulkner shares insights on how CISOs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/ciso-board-communication-video/
-
The CISO’s guide to stronger board communication
In this Help Net Security video, Alisdair Faulkner, CEO of Darwinium, explores how the role of the CISO has changed over the past decade. Faulkner shares insights on how CISOs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/ciso-board-communication-video/
-
Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions
Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions.Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. But none of that proves what matters most to a CISO:The…
-
Resilienz als Prinzip Netzwerksicherheit für kommende Disruptionen
Widerstandsfähigkeit beginnt mit strategischem Fernzugriff. Verschiedene Störungen, wie Pandemien, geopolitische Krisen oder Naturkatastrophen, sind für Führungskräfte längst keine Ausnahmen mehr, sondern Teil der Realität. Entsprechend müssen sie planen. Für CISOs steht dabei eine zentrale Frage im Fokus: ‘Ist unsere Infrastruktur so gestaltet, dass sie auch unter schwierigen Bedingungen den sicheren Geschäftsbetrieb gewährleistet?” Zwei Ansätze dominieren…
-
Qantas cutting CEO pay signals new era of cyber accountability
Tags: ai, attack, breach, ceo, ciso, cyber, cybersecurity, data, data-breach, finance, governance, incident, incident response, malicious, privacy, ransomware, riskWhat should CISOs and CEOs do now?: CISOs, who have historically borne the brunt of breaches and malicious cyber incidents, should take heed of this emerging trend. “Be aware of the environment and expectations today, and where they’re headed,” Redgraves’ Tully says. “Try to get out in front of that. You need to work with…
-
CISO Spotlight: AJ Debole on the Business-Tech Divide, Breach Readiness, and AI Risks
Tags: ai, breach, business, ciso, corporate, cyber, defense, government, healthcare, law, oracle, ransomware, riskAJ Debole is Field CISO at Oracle, but her journey began far from the corporate boardroom. After starting out in law and government, she moved into healthcare and cyber defense, where she led teams through ransomware crises. In this spotlight, she explores the next wave of challenges aligning security with business incentives, taming AI […]…
-
Mit ShadowV2 wird DDoS zu einem Cloud-nativen Abo-Dienst
DDos-Attacken sind mittlerweile als Auftragsmodell verfügbar, wie eine aktuelle Analyse zeigt.Laut einer Darktrace-Analyse nutzt eine ShadowV2-Bot-Kampagne falsch konfigurierte Docker-Container auf AWS und rüstet sie für DDoS-as-a-Service-Angriffe auf.Was ShadowV2 dabei besonders macht, ist die professionelle Ausstattung mit APIs, Dashboards, Betreiber-Logins und sogar animierten Benutzeroberflächen. ‘Dies ist eine weitere Erinnerung daran, dass Cyberkriminalität kein Nebenjob mehr ist,…
-
AI coding assistants amplify deeper cybersecurity risks
Tags: access, ai, api, application-security, attack, authentication, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, data-breach, detection, fintech, flaw, governance, injection, leak, LLM, metric, open-source, programming, radius, risk, risk-management, service, software, startup, strategy, threat, tool, training, vulnerability‘Shadow’ engineers and vibe coding compound risks: Ashwin Mithra, global head of information security at continuous software development firm Cloudbees, notes that part of the problem is that non-technical teams are using AI to build apps, scripts, and dashboards.”These shadow engineers don’t realize they’re part of the software development life cycle, and often bypass critical…