Tag: ciso
-
We’re a Major Player in the 2025 IDC MarketScape for CNAPP. Here’s Why That Matters for Your Cloud Security.
Tags: access, attack, automation, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, governance, iam, identity, incident response, infrastructure, metric, radius, risk, strategy, threat, tool, vulnerability, vulnerability-management“With a strong focus on CNAPP through Tenable Cloud Security and exposure management with Tenable One, Tenable provides visibility and control over hybrid attack surfaces, including on-premises, cloud, and hybrid environments,” according to the report. To successfully tackle your cloud security challenges, you need a partner that understands the landscape and offers you a powerful,…
-
Beyond PQC: Building adaptive security programs for the unknown
In this Help Net Security interview, Jordan Avnaim, CISO at Entrust, discusses how to communicate the quantum computing threat to executive teams using a risk-based approach. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/07/jordan-avnaim-entrust-pqc-trust/
-
ITJobs 5 bittere Wahrheiten
Tags: breach, business, cio, cisco, ciso, cybersecurity, cyersecurity, gartner, germany, jobs, network, risk, risk-management, strategy, trainingViel Geld schützt nicht vor Burnout.Die Nachfrage nach Cybersecurity-Spezialisten ist ähnlich hoch wie deren Gehälter. Laut einem aktuellen, US-zentrischen Benchmark Report von IANS und Artico Search liegt das durchschnittliche Grundgehalt für Führungsrollen im Bereich IT-Security in Nordamerika bei mehr als 150.000 Dollar jährlich. Und auch wenn die Vergütung in Europa und Deutschland generell etwas geringer…
-
ITJobs 5 bittere Wahrheiten
Tags: breach, business, cio, cisco, ciso, cybersecurity, cyersecurity, gartner, germany, jobs, network, risk, risk-management, strategy, trainingViel Geld schützt nicht vor Burnout.Die Nachfrage nach Cybersecurity-Spezialisten ist ähnlich hoch wie deren Gehälter. Laut einem aktuellen, US-zentrischen Benchmark Report von IANS und Artico Search liegt das durchschnittliche Grundgehalt für Führungsrollen im Bereich IT-Security in Nordamerika bei mehr als 150.000 Dollar jährlich. Und auch wenn die Vergütung in Europa und Deutschland generell etwas geringer…
-
Cybersecurity Teams Hit by Lowest Budget Growth in Five Years
IANS found that stagnant budget growth rates have significantly impacted CISOs ability to increase their teams’ headcount First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybersecurity-teams-lowest-budget/
-
Four Areas CISOs Must Assess Before Being AI Ready
Every CISO must assess their organization’s AI readiness from technology and talent to governance and compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/four-areas-cisos-must-assess-before-being-ai-ready/
-
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents
Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need…
-
How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents
Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need…
-
5 hard truths of a career in cybersecurity, and how to navigate them
Tags: access, ai, application-security, attack, awareness, best-practice, breach, business, cio, ciso, conference, control, cyber, cybersecurity, data-breach, finance, firewall, framework, gartner, identity, ISO-27001, jobs, mitigation, network, regulation, risk, risk-assessment, risk-management, skills, strategy, technology, threat, training, wafCybersecurity teams protect systems but neglect people: After all the effort it takes to break into cybersecurity, professionals often end up on teams that don’t feel welcoming or supportive.Jinan Budge, a research director at Forrester who focuses on enabling CISOs and other technical leaders, believes the way most cybersecurity career paths are structured plays a…
-
So verändert KI Ihre GRC-Strategie
Tags: ai, ciso, compliance, cyersecurity, framework, fraud, governance, grc, group, monitoring, nist, risk, risk-management, strategy, tool -
MCP: securing the backbone of Agentic AI
Tags: access, ai, attack, authentication, business, ciso, control, credentials, cyber, data, detection, injection, least-privilege, mfa, monitoring, RedTeam, risk, security-incident, service, supply-chain, trainingFour cornerstones for securing MCP servers: CISOs can largely rely on the proven basic principles of cyber security for MCP they just need to adapt them in a few places. Pure checklists fall short here. Instead, a clear, principles-based approach is required. Four central pillars have proven themselves in practice: Strong authentication and clean credential…
-
6 things keeping CISOs up at night
Tags: access, ai, attack, breach, business, cio, ciso, cloud, compliance, control, cyber, data-breach, deep-fake, email, exploit, infrastructure, jobs, metric, password, phishing, regulation, risk, service, technology, threat, tool, training, vulnerabilityAI’s potential to create a competency crisis: At mental health organization Headspace CISO Jameeka Aaron sees many potential applications for AI but she is balancing enablement with caution. However, Aaron is particularly concerned about the impact of generative AI on the hiring process.While strong developers can leverage AI to their advantage, weaker developers may appear…
-
Black Hat 2025: Latest news and insights
Tags: access, ai, api, attack, ciso, cloud, conference, crowdstrike, cvss, cyber, cybersecurity, data, defense, email, exploit, finance, firmware, flaw, group, hacker, hacking, identity, Internet, LLM, malicious, malware, reverse-engineering, sap, service, threat, tool, training, update, usa, vulnerability, windowsBlack Hat USAAugust 2-7, 2025Las Vegas, NVBlack Hat USA 2025 returns to the Mandalay Bay Convention Center in Las Vegas on August 2-7. The annual event is a perennial magnet for cybersecurity professionals, researchers, vendors and othersThe week kicks off on August 2 with four days of cybersecurity training courses. The courses cover a range…
-
Male-Dominated Cyber Industry Still Holds Space for Women With Resilience
When trying to crack your way into a cyber career, true passion and a bold love of the industry is a must, if you want to set yourself apart from hundreds of other job applicants, according to Weave CISO Jessica Sica. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/male-dominated-cyber-industry-still-holds-space-for-women-with-resilience
-
3 Things CFOs Need to Know About Mitigating Threats
To reposition cybersecurity as a strategic, business-critical investment, CFOs and CISOs play a critical role in articulating the significant ROI that robust security measures can deliver. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/3-things-cfo-mitigating-threats
-
Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture
Tags: ai, attack, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, grc, group, hacker, identity, incident response, intelligence, international, least-privilege, metric, network, phishing, ransomware, risk, risk-assessment, risk-management, soc, strategy, technology, threat, tool, training, updateMisplaced priorities: Investments often favor visibility and compliance over “core capabilities like detection engineering, incident response, and threat containment,” according to Santiago Pontiroli, lead security researcher at cybersecurity vendor Acronis TRU.Delayed adaptation: AI-driven threats demand faster, smarter defenses, but key upgrades (such as behavior-based analytics or automation) are often postponed due to underestimated risk, according…
-
AI is changing the vCISO game
Virtual CISO (vCISO) services have moved from niche to mainstream, with vCISO services adoption 2025 data showing a more than threefold increase in just one year. According to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/31/vciso-services-adoption-2025/
-
Palo Alto Networks to buy CyberArk for $25B as identity security takes center stage
The identity crisis driving this deal: Walk into any CISO’s office these days, and they’ll tell you the same story: hackers don’t need to break down the front door anymore. They just steal legitimate credentials and walk right in.”Today, most breaches originate not from malware or misconfigured ports but from stolen or misused credentials,” Tyagi…
-
Palo Alto Networks eyes $20B CyberArk deal as identity security takes center stage
The identity crisis driving this deal: Walk into any CISO’s office these days, and they’ll tell you the same story: hackers don’t need to break down the front door anymore. They just steal legitimate credentials and walk right in.”Today, most breaches originate not from malware or misconfigured ports but from stolen or misused credentials,” Tyagi…
-
How CISOs can scale down without compromising security
Tags: breach, business, ciso, compliance, control, cybersecurity, data, detection, finance, framework, gartner, governance, intelligence, jobs, metric, open-source, regulation, resilience, risk, soc, strategy, threat, tool, training, vulnerabilityStrategic risk (high, medium, low): What’s the actual exposure if this control fails?Business alignment: Which functions are enabling revenue, customer trust, or compliance?No-brainers: These are redundant tools, shelfware, or “security theatre” controls that look good on paper but deliver no measurable protection.For this assessment, Mahdi brings together a cross-functional team that includes business unit leaders,…
-
Prepping for the quantum threat requires a phased approach to crypto agility
Tags: access, ceo, ciso, computing, crypto, cryptography, cybersecurity, encryption, firmware, government, Hardware, identity, network, nist, open-source, software, supply-chain, threat, tool, vulnerabilityMissing pieces: Michael Smith, field CTO at DigiCert, noted that the industry is “yet to develop a completely PQC-safe TLS protocol.””We have the algorithms for encryption and signatures, but TLS as a protocol doesn’t have a quantum-safe session key exchange and we’re still using Diffie-Hellman variants,” Smith explained. “This is why the US government in…
-
MCP”‘Sicherheit: Das Rückgrat von Agentic AI sichern
Tags: access, ai, api, authentication, ciso, credentials, cyberattack, cyersecurity, firewall, infrastructure, LLM, mfa, risk, toolIm Zuge von Agentic AI sollten sich CISOs mit MCP-Sicherheit auseinandersetzen. Das Model Context Protocol (MCP) wurde erst Ende 2024 vorgestellt, dennoch sind die technologischen Folgen in vielen Architekturen bereits deutlich spürbar. Damit Entwickler nicht jede Schnittstelle mühsam von Hand programmieren müssen, stellt MCP eine einheitliche ‘Sprache” für LL-Agenten bereit. Dadurch können sie Tools, Datenbanken und SaaS”‘Dienste…
-
Intent Over Tactics: A CISO’s Guide to Protecting Your Crown Jewels
A practical guide to protecting your most critical assets when budget, head-count, and political capital are tight. First seen on tldrsec.com Jump to article: tldrsec.com/p/intent-over-tactics-crown-jewels
-
Why CISOs should rethink identity risk through attack paths
Identity-based attack paths are behind most breaches today, yet many organizations can’t actually see how those paths form. The 2025 State of Attack Path Management report … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/30/ciso-attack-path-management-apm/
-
vCISO In Action: Navigating Cybersecurity Leadership Beyond Office Walls
With two decades in the industry, Emily O’Carroll reflects on how the threat landscape has evolved, the difference between in-house and virtual CISO work, and why mentoring and finding personal balance are just as important as managing risk. First seen on crn.com Jump to article: www.crn.com/news/security/2025/vciso-in-action-navigating-cybersecurity-leadership-beyond-office-walls1
-
Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance
CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten.In vielen Unternehmen stoßen IT-Sicherheitsrichtlinien auf Widerstand, da Mitarbeitende sie als hinderlich oder praxisfern empfinden. Dies erschwert die Umsetzung, untergräbt die Wirksamkeit und belastet die Zusammenarbeit zwischen der Sicherheitsabteilung und den Fachbereichen. Statt als Partner wird Cybersecurity oft als Bremser wahrgenommen ein fatales Sicherheitsrisiko. Für CISOs (Chief…
-
The CISO’s challenge: Getting colleagues to understand what you do
Tags: access, authentication, ceo, cio, ciso, cybersecurity, Hardware, jobs, office, risk, saas, technology‘Chief’ in name only adds to the confusion: Like other executive-sounding titles, such as chief marketing officer, chief revenue officer, chief technology officer, and others, CISOs sound like they should be officers of the company with broad decision-making capabilities, but in most cases, they lack any actual power.”There are some CISOs that sort of rise…