Tag: ciso
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
Building cyber talent through competition, residency, and real-world immersion
In this Help Net Security interview, Chrisma Jackson, Director of Cybersecurity Mission Computing Center and CISO at Sandia National Laboratories, reflects on where the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/22/chrisma-jackson-sandia-national-laboratories-recruiting-cybersecurity-professionals/
-
Kirsten Davies Confirmed as Pentagon CIO
Former Unilever CISO to Lead Department of Defense IT. A former Unilever executive is officially the next U.S. Department of Defense CIO. The Pentagon CIO is the principal technology advisor to Pentagon leadership and manages the department’s information management and IT, and many other critical systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/kirsten-davies-confirmed-as-pentagon-cio-a-30353
-
CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a…
-
AI Agents are Manthe-Middle Attacks
After 25 years defending against man-in-the-middle attacks, a security veteran explains why most AI agents replicate the same architectural risks”, creating compliance gaps, opaque decision-making, and zero-trust violations CISOs can’t ignore. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ai-agents-are-man-in-the-middle-attacks/
-
AI isn’t one system, and your threat model shouldn’t be either
In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/19/naor-penso-cerebras-systems-threat-modeling-al-optimized-infrastructure/
-
AI Agents are Manthe-Middle Attacks
After 25 years defending against man-in-the-middle attacks, a security veteran explains why most AI agents replicate the same architectural risks”, creating compliance gaps, opaque decision-making, and zero-trust violations CISOs can’t ignore. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ai-agents-are-man-in-the-middle-attacks/
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
Der Raspberry-Pi-Weckruf für CISOs
Tags: access, authentication, ceo, ciso, control, cyberattack, dns, firewall, group, hacker, Hardware, infrastructure, linux, monitoring, office, risk, switch, tool, voip, vpnKleines Device, große Wirkung.Mitte Dezember wurde eine Fähre in Besitz der Mediterranean Shipping Company über Stunden in einem französischen Hafen festgesetzt, wie Bloomberg berichtete. Der Grund: Es bestand der Verdacht, dass russische Cyberkriminelle versucht haben, das Netzwerk des Schiffs zu hacken mit einem Raspberry Pi. Dieser war demnach mit einem Mobilfunkmodem gekoppelt, das den Fernzugriff…
-
The Biggest Cyber Stories of the Year: What 2025 Taught Us
Tags: access, attack, authentication, awareness, banking, breach, business, ciso, cloud, compliance, container, control, cyber, cyberattack, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, government, healthcare, iam, identity, incident, incident response, Internet, law, metric, mfa, monitoring, network, privacy, regulation, resilience, risk, service, software, strategy, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-day, zero-trustThe Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk. Data Security…
-
How CISOs Can Beat the Ransomware Blame Game
CISOs are often blamed after ransomware attacks, yet most breaches stem from organizational gaps, budget tradeoffs, and staffing shortages. This analysis explores why known risks remain unfixed and how security leaders can break the cycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/how-cisos-can-beat-the-ransomware-blame-game/
-
How CISOs Can Beat the Ransomware Blame Game
CISOs are often blamed after ransomware attacks, yet most breaches stem from organizational gaps, budget tradeoffs, and staffing shortages. This analysis explores why known risks remain unfixed and how security leaders can break the cycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/how-cisos-can-beat-the-ransomware-blame-game/
-
How CISOs Can Beat the Ransomware Blame Game
CISOs are often blamed after ransomware attacks, yet most breaches stem from organizational gaps, budget tradeoffs, and staffing shortages. This analysis explores why known risks remain unfixed and how security leaders can break the cycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/how-cisos-can-beat-the-ransomware-blame-game/
-
2026 Cyber Predictions: Accelerating AI, Data Sovereignty, and Architecture Rationalization
2026 marks a critical turning point for cybersecurity leaders as AI-driven threats, data sovereignty mandates, and hybrid infrastructure risks reshape the CISO agenda. Discover the strategic priorities that will define tomorrow’s security posture. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/2026-cyber-predictions-accelerating-ai-data-sovereignty-and-architecture-rationalization/
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
The soft underbelly of space isn’t in orbit, it’s on the ground
Tags: cisoIn this Help Net Security interview, Äystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/oystein-thorvaldsen-ksat-space-ground-stations-security/
-
‘I Quit!’ – When CISOs Need to Take Charge of Their Careers
Security Needs to Document Risks and Push Back Against Retroactive Accountability A recent CISO resignation letter exposes a structural flaw in how organizations manage cyber risk. It shows what happens when risk is accepted quietly and accountability is enforced retroactively, and it’s a cautionary tale about why CISOs need to actively manage their careers. First…
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
-
Bedrohungsbewusstes Identity Access Management – Wie CIOs und CISOs Angriffe früh stoppen können
First seen on security-insider.de Jump to article: www.security-insider.de/wie-cios-und-cisos-angriffe-frueh-stoppen-koennen-a-5b7c92db6b62084febfb47c53cf7b07d/
-
Ro’s CISO on managing data flows in telehealth
In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/16/scott-bachand-ro-telehealth-security/
-
The Future of Network Security Policy Management in a Zero Trust World
Zero Trust has become the strategic anchor for modern cybersecurity. Every board is asking for it, every vendor claims to support it, and every CISO is under pressure to make… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/the-future-of-network-security-policy-management-in-a-zero-trust-world/
-
Demystifying risk in AI
Tags: access, ai, best-practice, bsi, business, ciso, cloud, compliance, control, corporate, csf, cyber, cybersecurity, data, framework, google, governance, group, infrastructure, intelligence, ISO-27001, LLM, mitre, ml, monitoring, nist, PCI, risk, risk-management, strategy, technology, threat, training, vulnerabilityThe data that is inserted in a request.This data is evaluated by a training model that involves an entire architecture.The result of the information that will be delivered From an information security point of view. That is the point that we, information security professionals, must judge in the scope of evaluation from the perspective of…
-
How Cyber Insurance MGAs Shape Policies for Evolving Cyber Risks
Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-cyber-insurance-mga-shape-cyber-risk-policy
-
Think Like an Attacker: Cybersecurity Tips From Cato Networks’ CISO
Etay Mayor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cybersecurity-tips-cato-networks-ciso

