Tag: ciso
-
Has CISO become the least desirable role in business?
Tags: advisory, ai, business, cio, ciso, control, corporate, cybersecurity, data, dora, finance, governance, international, jobs, network, office, regulation, resilience, risk, sap, skills, startup, threatGeorge Gerchow, CSO, Bedrock Security George Gerchow / Bedrock Security”I’ll never report to a CTO or CFO again. I have to have seat at the table,” he says emphatically. Otherwise, he says, you become frustrated “because you’re not in control of your own destiny. You’re parsing everything to this other person who’s a leader in…
-
Skills gaps send CISOs in search of managed security providers
Tags: access, awareness, business, ciso, compliance, control, cyber, cybersecurity, detection, governance, group, infrastructure, intelligence, jobs, monitoring, msp, mssp, network, penetration-testing, risk, risk-assessment, service, skills, strategy, threat, tool, training, update, vulnerabilitySecurity operations centers (SOCs)Cloud platform managementSIEM and log monitoringFramework-based cybersecurity management functionsThreat intelligence feeds and analysisVulnerability scanning and patch managementEndpoint detection and response (EDR)Firewall and network security managementCompliance tracking and audit support”MSPs already have the infrastructure and staff in place to deliver these services efficiently, and at scale,” Richard Tubb, who runs the MSP community…
-
Cybersecurity in the supply chain: strategies for managing fourth-party risks
Tags: access, breach, business, ciso, compliance, control, cyber, cybersecurity, data, exploit, framework, governance, intelligence, ISO-27001, law, mitigation, monitoring, nist, risk, risk-management, saas, service, soc, software, strategy, supply-chain, threat, tool, vulnerabilitySet clear data boundaries: The reality is that any organization consuming third-party software-as-a-service offerings and services has extremely limited control over the partners that their third parties are working with, says Curtis Simpson, CISO at Armis.”This is why it’s critically important to understand the sub-processors involved in the delivery of contracted SaaS offerings and services,…
-
Exabeam Expands its Nova Platform With an AI Agent for CISOs
First seen on scworld.com Jump to article: www.scworld.com/news/exabeam-expands-its-nova-platform-with-an-ai-agent-for-cisos
-
Healthcare CISOs must secure more than what’s regulated
In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/03/henry-jiang-ensora-health-healthcare-devsecops-strategy/
-
How cybersecurity leaders can defend against the spur of AI-driven NHI
Tags: access, ai, attack, automation, breach, business, ciso, cloud, credentials, cybersecurity, data, data-breach, email, exploit, framework, gartner, governance, group, guide, identity, infrastructure, least-privilege, LLM, login, monitoring, password, phishing, RedTeam, risk, sans, service, software, technology, tool, vulnerabilityVisibility Yageo Group had so many problematic machine identities that information security operations manager Terrick Taylor says he is almost embarrassed to say this, even though the group has now automated the monitoring of both human and non-human identities and has a process for managing identity lifecycles. “Last time I looked at the portal, there…
-
How FinTechs are turning GRC into a strategic enabler
In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has matured in response to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/02/alexander-clemm-riverty-fintechs-grc-landscape/
-
CISOs must rethink defense playbooks as cybercriminals move faster, smarter
Tags: access, automation, breach, business, cisco, ciso, crowdstrike, cybercrime, cybersecurity, data, defense, finance, incident response, Intruder, okta, ransomware, siem, technology, threatThreat actor containment: Increasingly ‘surgical’ and best with a plan: Even after an intruder has been identified, today’s rapid pace of adversary activity is also straining cybersecurity teams’ ability to contain intruders before they can cause damage.”If I’m a CISO, if I’m responsible for detecting and remediating that incident before it progresses to becoming a…
-
Federal Reserve System CISO on aligning cyber risk management with transparency, trust
In this Help Net Security interview, Tammy Hornsby-Fink, CISO at Federal Reserve System, shares how the Fed approaches cyber risk with a scenario-based, intelligence-driven … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/tammy-hornsby-fink-federal-reserve-system-cyber-risk/
-
How cybercriminals are weaponizing AI and what CISOs should do about it
In a recent case tracked by Flashpoint, a finance worker at a global firm joined a video call that seemed normal. By the end of it, $25 million was gone. Everyone on the call … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/01/defending-ai-powered-cybercrime/
-
Escaping SOC Burnout: State of Security 2025
Michael Fanning, CISO at Splunk, shares insights on cybersecurity challenges highlighted in the Splunk State of Security report. Key issues include analyst burnout and alert fatigue, which persist over time. Fanning discusses how AI can improve efficiency and support analysts, emphasizing the need for better prioritization and event correlation in security operations to enhance effectiveness..…
-
How to Chart an Exposure Management Leadership Path for You, Your Boss and Your Organization
Tags: access, attack, automation, breach, business, ciso, cloud, container, cybersecurity, data, defense, exploit, identity, incident response, iot, jobs, kubernetes, ransom, regulation, risk, security-incident, service, soc, threat, tool, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we share some tips on how to lead the move to exposure management. You can read the entire Exposure Management Academy series here. For years, organizations poured resources into reactive…
-
Third-party breaches double, creating ripple effects across industries
Supply chain risks remain top-of-mind for the vast majority of CISOs and cybersecurity leaders, according to SecurityScorecard. Their findings reveal that the way most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/30/supply-chain-cyber-risks/
-
Microsoft-Lücke ermöglicht E-Mail-Versand ohne Authentifizierung
Tags: access, authentication, ciso, cyberattack, data, defense, dkim, dmarc, exploit, framework, hacker, infrastructure, mail, microsoft, phishing, powershell, qr, risk, tool, usa, vulnerability, zero-dayDrucker und Scanner werden dank einer Schwachstelle in der Microsoft 365 Direct Send-Funktion zunehmend zu Mitteln für Hacker, um Phishing-Angriffe durchzuführen.Das Forensik-Team von Varonis hat eine Schwachstelle entdeckt, die es internen Geräten wie Druckern ermöglicht, E-Mails ohne Authentifizierung zu versenden. Dem Bericht zufolgewurde die Lücke bereits genutzt, um mehr als 70 Unternehmen, vorwiegend in den…
-
Cisco warns of critical API vulnerabilities in ISE and ISE-PIC
Tags: access, ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisco, ciso, cloud, communications, control, credentials, data, defense, email, endpoint, exploit, firewall, flaw, framework, guide, Hardware, incident response, malicious, microsoft, mobile, network, penetration-testing, programming, risk, router, saas, sans, service, software, threat, update, vpn, vulnerability, wafroot user.The fault behind both vulnerabilities: Holes in application programming interfaces (APIs).”Take this vulnerability seriously,” said Moses Frost, senior course instructor on cloud penetration testing at the SANS Institute. “In my experience assessing networks, I have found through testing that many lack essential patches and security hardening on their core network devices. I have seen Cisco…
-
Stellar Cyber Expands Features in Coverage Analyzer for MSSPs, CISOs
First seen on scworld.com Jump to article: www.scworld.com/news/stellar-cyber-expands-features-in-coverage-analyzer-for-mssps-cisos
-
Pressure is mounting to cut jobs in favor of AI. Here’s why you shouldn’t.
Tags: access, ai, application-security, automation, breach, business, ciso, crowdstrike, cybersecurity, jobs, strategyShort-term savings, long-term consequences: Other experts expressed skepticism that CrowdStrike’s planned job cut are directly related to greater use of AI since the vendor has heavily relied on machine learning and similar technologies since its founding.”CrowdStrike’s layoffs are likely very little to do with AI; it is just sold as that,” Jaco Vermeulen of boutique…
-
How Virtual CISO Enhancements Will Help MSPs Grow Operations
Why Cynomi’s Embrace of AI-Driven Security Tools Will Drive MSP and MSSP Efficiency. Cynomi’s recent Series B funding round will deepen AI features, expand its Solution Showcase and enable managed service providers to deliver cybersecurity at scale. CEO David Primor says the company is building the operating system for MSP and MSSP cyber operations. First…
-
AI Agents Used in Cybersecurity Need Safeguards Too
Tags: ai, best-practice, ciso, cloud, cybersecurity, defense, google, intelligence, office, trainingGoogle’s Anton Chuvakin Calls for Layered Defenses When Deploying AI Tools. According to Anton Chuvakin, security advisor at Google Cloud’s Office of the CISO, relying solely on artificial intelligence model training or adversarial testing is not enough. Effective AI defense demands a defense-in-depth approach and proven best practices for autonomous actions. First seen on govinfosecurity.com…
-
Why Data-Centric Security Matters Now
Forcepoint’s Ronan Murphy on Data-Centric Security in the AI Era. Technologies such as AI and cloud are accelerating digital transformation programs across all industries, leaving CISOs with a stark choice: Hit the brakes on innovation or secure the data that’s fueling it. Forcepoint’s Ronan Murphy shares ways to navigate this changing security landscape. First seen…
-
CrowdStrike is cutting jobs in favor of AI. Here’s why you shouldn’t.
Tags: access, ai, application-security, automation, breach, business, ciso, crowdstrike, cybersecurity, jobs, strategyShort-term savings, long-term consequences: Other experts expressed skepticism that CrowdStrike’s planned job cut are directly related to greater use of AI since the vendor has heavily relied on machine learning and similar technologies since its founding.”CrowdStrike’s layoffs are likely very little to do with AI; it is just sold as that,” Jaco Vermeulen of boutique…
-
How to make your multicloud security more effective
Tags: ai, automation, ciso, cloud, container, control, data, infrastructure, LLM, risk, risk-analysis, software, technology, threat, toolIs it time to repatriate to the data center?: Perhaps. Some organizations, such as Zoom, have moved workloads to on-premises because it provides more predictable performance for real-time needs of their apps. John Qian, who once worked there and now is the CISO for security vendor Aviatrix, tells CSO that Zoom uses all three of…
-
Building cyber resilience in always-on industrial environments
In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/26/tim-sattler-jungheinrich-industrial-environments-cybersecurity/
-
Bankers Association’s Attack on Cybersecurity Transparency
Tags: attack, awareness, banking, breach, ciso, control, cybersecurity, data, extortion, finance, group, incident response, infrastructure, insurance, law, malicious, ransomware, riskA coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within four days of detection. This rule was established to ensure shareholders are properly…
-
LLMs hype versus reality: What CISOs should focus on
Tags: ai, attack, backdoor, breach, business, chatgpt, ciso, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, finance, governance, LLM, malware, monitoring, network, open-source, risk, risk-management, sans, service, software, supply-chain, technology, threat, tool, vulnerabilitynot using AI even though there is a lot of over-hype and promise about its capability. That said, organizations that don’t use AI will get left behind. The risk of using AI is where all the FUD is.”In terms of applying controls, rinse, wash, and repeat the processes you followed when adopting cloud, BYOD, and…
-
From posture to prioritization: The shift toward unified runtime platforms
In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/25/rinki-sethi-upwind-security-unified-runtime-platforms/