Tag: ciso
-
Cyber Career Opportunities: Weighing Certifications vs. Degrees
Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cyber-career-opportunities-certifications-degrees
-
Can Security Culture Be Taught? AWS Says Yes
Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/can-security-culture-be-taught-aws-says-yes
-
CISO Conversations: How IT and OT Security Worlds Are Converging
Dark Reading’s Kelly Jackson Higgins interviews Carmine Valente, Deputy CISO at Con Edison, about his role at the New York-based electric utility and the state of IT and OT security. Valente highlights current threats like ransomware and supply chain attacks, as well as the impact of AI on both defense and threats. First seen on…
-
Majority of CISOs Lack Full Visibility Over APIs
New research by Salt Security has revealed that the majority of CISOs do not have full visibility over their API environments, despite recognition of the growing API attack surface. The 2025 Salt Security CISO Report found that while 73% of CISOs rank API security as a high or critical priority for the next 12 months, only…
-
How to Advance from SOC Manager to CISO?
Making the move from managing a security operations center (SOC) to being a chief information security officer (CISO) is a significant career leap. Not only do you need a solid foundation of tech knowledge but also leadership skills and business smarts. This article will guide you through the practical steps and skills you’ll need to…
-
The CISO code of conduct: Ditch the ego, lead for real
Where do we go from here?: To put a stop to this rising issue, we need to stop pretending this is someone else’s problem. We stop excusing toxic behavior just because someone carries the right title. And we stop treating leadership like it’s an untouchable domain reserved for those with the loudest voices or the…
-
The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity
Tags: cisoThe way we manage certificates must transform. For CISOs, this is not a future problem; the time to re-architect digital trust is now. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/the-expiring-trust-model-cisos-must-rethink-pki-in-the-era-of-short-lived-certificates-and-machine-identity/
-
From hardcoded credentials to auth gone wrong: Old bugs continue to break modern systems
Tags: ai, automation, ciso, credentials, endpoint, infrastructure, network, router, threat, tool, training, update, usa, vulnerabilityWhy are we still here?: For all the industry talk about development practices, threat modelling, and DevSecOps, the same root causes keep surfacing with surprising regularity. “Developing code without vulnerabilities, weaknesses, and shortcomings is hard,” Sampson said. “Despite advances in tooling, doing a quick fix that you promise to revisit later has less friction than…
-
World Health Organization CISO on securing global health emergencies
In this Help Net Security interview, Flavio Aggio, CISO at the World Health Organization (WHO), explains how the organization prepares for and responds to cyber threats during … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/21/flavio-aggio-world-health-organization-health-emergencies-cybersecurity/
-
Threat actors scanning for apps incorporating vulnerable Spring Boot tool
Tags: access, attack, authentication, ciso, compliance, country, credentials, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, finance, flaw, governance, group, hacker, incident response, infrastructure, Internet, kev, nist, organized, password, risk, technology, threat, tool, vulnerability, zero-day/health endpoints, commonly used to detect internet-exposed Spring Boot deployments. If vulnerable implementations of apps, including TeleMessage SGNL, are found, they could be exploited to steal sensitive data in heap memory, including plaintext usernames and passwords. The hole is serious enough that it was added this week to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited…
-
AI-powered attacks rise as CISOs prioritize AI security risks
Security executives are concerned about flaws in AI agents but also eager to see them replace humans in some roles, according to a new report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-security-risks-agents-report/753345/
-
AI-powered attacks creep upward as CISOs prioritize AI security risks
Security executives are concerned about flaws in AI agents but also eager to see them replace humans in some roles, according to a new report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-security-risks-agents-report/753345/
-
SquareX Collaborates With Top Fortune 500 CISOs To Launch The Browser Security Field Manual At Black Hat
Palo Alto, California, July 17th, 2025, CyberNewsWire SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune…
-
SquareX Collaborates with Top Fortune 500 CISOs to Launch The Browser Security Field Manual at Black Hat
Tags: cisoPalo Alto, California, 17th July 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/squarex-collaborates-with-top-fortune-500-cisos-to-launch-the-browser-security-field-manual-at-black-hat/
-
How AI is changing the GRC strategy
Tags: access, ai, best-practice, breach, business, ciso, compliance, control, data, detection, finance, framework, fraud, governance, grc, guide, law, monitoring, network, nist, privacy, regulation, risk, risk-analysis, risk-management, strategy, threat, toolAdapting existing frameworks with AI risk controls: AI risks include data safety, misuse of AI tools, privacy considerations, shadow AI, bias and ethical considerations, hallucinations and validating results, legal and reputational issues, and model governance to name a few.AI-related risks should be established as a distinct category within the organization’s risk portfolio by integrating into…
-
Why silent authentication is the smarter way to secure BYOD
In this Help Net Security video, Andy Ulrich, CISO at Vonage, explains how silent authentication offers a smarter, seamless solution to the security and productivity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/17/silent-authentication-byod-video/
-
Securing the Budget: Demonstrating Cybersecurity’s Return
By tying security investments to measurable outcomes, like reduced breach likelihood and financial impact, CISOs can align internal stakeholders and justify spending based on real-world risk. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/securing-budget-cybersecurity-return
-
Why ‘AI Fatigue’ Is Risky to Cyber Leaders and Their Teams
The flood of new artificial intelligence tools, including those to help cybersecurity teams, can overwhelm healthcare CISOs and their security staff, fueling AI fatigue that in itself can create additional cyber risk, said Drew Henderson and Jon Hilton, practice leaders at consulting firm LBMC. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/ai-fatigue-risky-to-cyber-leaders-their-teams-i-5484
-
AI poisoning and the CISO’s crisis of trust
Tags: access, ai, breach, ceo, ciso, compliance, control, cybersecurity, data, defense, detection, disinformation, exploit, framework, healthcare, identity, infosec, injection, LLM, monitoring, network, privacy, RedTeam, resilience, risk, russia, saas, threat, tool, trainingFoundation models began parroting Kremlin-aligned propaganda after ingesting material seeded by a large-scale Russian network known as the “Pravda Network.”A high-profile AI-generated reading list published by two American news outlets included 10 hallucinated book titles mistakenly attributed to real authors.Researchers showed that imperceptible perturbations in training images could trigger misclassification. Researchers in the healthcare domain demonstrated…
-
Securing vehicles as they become platforms for code and data
In this Help Net Security interview, Robert Knoblauch, CISO at Element Fleet Management, discusses how the rise of connected vehicles and digital operations is reshaping fleet … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/15/robert-knoblauch-element-fleet-management-operations-security/
-
8 tough trade-offs every CISO must navigate
Tags: access, ai, attack, business, ciso, cloud, compliance, computer, cyber, cybersecurity, ddos, defense, detection, framework, group, healthcare, incident response, jobs, malicious, mfa, regulation, resilience, risk, service, technology, threat, tool, vulnerability2. Weighing security investments when the budget forces choices: Closely related to the trade-off around risk is what CISOs must navigate when it comes to security investments.”For most CISOs, when they have to make tough choices, 99% of the time it’s due to budget constraints that force them to weight risks versus rewards,” says John…
-
The Rise of Agentic AI: A New Frontier for API Security
The shift to agentic AI isn’t just a technical challenge, it’s a leadership opportunity for CISOs to redefine their role from control enforcer to strategic enabler. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/the-rise-of-agentic-ai-a-new-frontier-for-api-security/
-
C-suites step up on OT cybersecurity, and it’s paying off
There has been a significant increase in the global trend of corporations planning to integrate cybersecurity under the CISO or other executives, according to Fortinet. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/10/ot-security-maturity-2025/
-
Survey: 52% of Firms Now Put CISO in Charge of OT Security
Fortinet Report Says OT Defenses Are Maturing, Aided by AI Tools. Fortinet’s 2025 OT cybersecurity report reveals a shift in risk ownership to the CISO’s office, with increasing maturity, AI-driven defense and rising regulatory pressure shaping how organizations defend operational technology environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/survey-52-firms-now-put-ciso-in-charge-ot-security-a-28918
-
How CISOs are training the next generation of cyber leaders
Leading versus managing: A former US Army officer, Hensley sees leadership development not just to build continuity, but as a reflection of organizational health. “I look forward to the day that somebody fills my shoes,” he says. “You know you’re successful when you’ve worked yourself out of a job.”He believes great leaders are shaped by…
-
How talent-strapped CISOs can tap former federal government cyber pros
Tags: cio, ciso, cyber, cybersecurity, government, jobs, risk, service, skills, software, switch, technology, threat, vulnerability, vulnerability-managementLuring federal talent to the private sector: In the past, the federal government represented a stable career path. Many highly skilled people spent their entire careers within the federal government. But the current shakeup makes some of that talent, trusted and honed by federal agencies, available to industry CISOs.Federal workers may look to state and…
-
How talent-strapped CISOs can tap former federal government cyber pros
Tags: cio, ciso, cyber, cybersecurity, government, jobs, risk, service, skills, software, switch, technology, threat, vulnerability, vulnerability-managementLuring federal talent to the private sector: In the past, the federal government represented a stable career path. Many highly skilled people spent their entire careers within the federal government. But the current shakeup makes some of that talent, trusted and honed by federal agencies, available to industry CISOs.Federal workers may look to state and…
-
CISOs urged to fix API risk before regulation forces their hand
Most organizations are exposing sensitive data through APIs without security controls in place, and they may not even realize it, according to Raidiam. Their report, API … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/08/report-enterprise-api-security-risks/