Tag: ciso
-
Anton’s Security Blog Quarterly Q2 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, google, governance, guide, metric, office, RedTeam, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”, “Šwow, this…
-
Between Buzz and Reality: The CTEM Conversation We All Need
I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three cybersecurity leaders who don’t just talk security, they live it.Let me introduce them.Alex Delay, CISO at IDB Bank, knows what it means to defend a highly…
-
Unstructured Data Management: Closing the Gap Between Risk and Response
Unstructured Data Management: Closing the Gap Between Risk and Response madhav Tue, 06/24/2025 – 05:44 The world is producing data at an exponential rate. With generative AI driving 90% of all newly created content, organizations are overwhelmed by an ever-growing data estate. More than 181 zettabytes of data now exist globally”, and 80% of it…
-
Iranian cyber threats overhyped, but CISOs can’t afford to let down their guard
DDoS attacks are the biggest threat: Perhaps Iran’s most prominent cyber tool is distributed denial of service (DDoS), usually in conjunction with so-called hacktivist groups.Hours after the US strikes against Iran’s nuclear sites, the Center for Internet Security (CIS) and other watchdogs confirmed that an Iranian-aligned hacktivist group called “313 Team” claimed responsibility for a…
-
Why work-life balance in cybersecurity must start with executive support
In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/24/stacy-wallace-arizona-department-of-revenue-cybersecurity-work-life-balance/
-
Why work-life balance in cybersecurity must start with executive support
In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/24/stacy-wallace-arizona-department-of-revenue-cybersecurity-work-life-balance/
-
8 effektive MulticloudTipps
Tags: access, best-practice, business, ciso, cloud, compliance, detection, google, governance, group, identity, infrastructure, intelligence, least-privilege, malware, risk, service, siem, skills, strategy, technology, threat, toolMit dem falschen Ansatz kann Multicloud-Security zu einem riskanten Balanceakt ausarten.Eine wachsende Zahl von Unternehmen setzt inzwischen auf eine Multicloud-Strategie in erster Linie, um Workloads genau dort auszuführen, wo es für den jeweiligen Anwendungsfall am günstigsten ist. Und zwar ohne zusätzliche Komplexitäten zu schaffen. Das kann diverse Vorteile realisieren, zum Beispiel in Zusammenhang mit Compliance…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
A CISO’s AI Playbook
In a market where security budgets flatten while threats accelerate, improving analyst throughput is fiscal stewardship. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ciso-ai-playbook
-
10 tough cybersecurity questions every CISO must answer
2. How can we achieve the right security balance for our company’s risk tolerance?: To play that consultative role, CISOs also need to ask and answer that question, says Vandy Hamidi, CISO of public accounting and advisory firm BPM.”My role is to reduce risk in a way that enables the business to operate confidently while…
-
How CISOs can justify security investments in financial terms
In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/john-verry-cbiz-cyber-risk-business-terms/
-
AWS CISO stumps for security as an AI enabler
AI’s rapid development underscores the need for secure foundations,;Amy Herzog said Tuesday during the company’s annual cybersecurity conference. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/amy-herzog-amazon-ciso-reinforce/751181/
-
Is Your CISO Ready to Flee?
Tags: cisoCompanies with $1 billion in revenue or less might want to give a heads-up to HR to kickstart the search for a new CISO, because according to a study from IANS Research, your current CISO might be out the door within a year. The 363 CISOs in SMBs surveyed for the 2025 Small and.. First…
-
Is Your CISO Ready to Flee?
Tags: cisoCompanies with $1 billion in revenue or less might want to give a heads-up to HR to kickstart the search for a new CISO, because according to a study from IANS Research, your current CISO might be out the door within a year. The 363 CISOs in SMBs surveyed for the 2025 Small and.. First…
-
How to conduct an effective post-incident review
Tags: breach, business, ciso, compliance, credentials, cyber, cybersecurity, detection, email, finance, governance, group, incident, incident response, lessons-learned, phishing, risk, service, software, tool, training, update, vulnerabilityPerform a root-cause analysis: Your post-incident review must include a root-cause analysis, Taylor says. “Identifying the underlying issues that caused the incident is essential for avoiding future cyber incidents,” he says.The post-incident review team should examine the root causes of the incident, whether they are technical, procedural, or human-related, and implement corrective actions and preventive…
-
Strategies to secure long-life IoT devices
In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/20/rob-ter-linden-signify-iot-devices-network-security/
-
CISOs flag gaps in GenAI strategy, skills, and infrastructure
95% of C-suite leaders say that GenAI is driving a new level of innovation in their organizations, according to NTT DATA. While CEOs and business leaders are committed to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/20/cisos-genai-adoption/
-
AI Index 2025: What’s changing and why it matters
Stanford recently released its AI Index 2025, and it’s packed with insights on how AI is changing. For CISOs, it’s a solid check-in on where things stand. It covers what the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/20/ai-index-2025/
-
Third-party risk management is broken, but not beyond repair
Getting to the root of the problem: The surge of TPRM tools has automated much of what was once a manual, resource-intensive process. These platforms were developed to simplify the creation, distribution, and completion of security questionnaires, addressing the operational burden organizations often face when conducting third-party risk audits. While they’ve brought much-needed efficiency, they’ve…
-
AI is changing cybersecurity roles, and entry-level jobs are at risk
Will humans remain essential in cybersecurity, or is AI set to take over? According to Wipro, many CISOs are leveraging AI to improve threat detection and response times and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/18/ai-humans-cybersecurity/
-
Why a Layered Approach Is Essential for Cybersecurity and Zero Trust
Today’s cybersecurity landscape is complex and unforgiving. Remote work, Saas, AI Agents, cloud migration, and ever-evolving cyber threats have exposed the limitations of relying on standalone security measures. To reduce risk, CISOs and IT leaders must embrace a layered cybersecurity… Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/why-a-layered-approach-is-essential-for-cybersecurity-and-zero-trust/
-
Private 5G: New Possibilities, and Potential Pitfalls
While ushering in great operational value for organizations, private 5G networks add yet another layer to CISOs’ responsibilities. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/securing-private-5g-networks-new-challenges-for-cisos
-
8 tips for mastering multicloud security
Tags: access, attack, automation, business, ciso, cloud, compliance, conference, control, cybersecurity, data, detection, framework, google, governance, identity, intelligence, least-privilege, malware, microsoft, monitoring, okta, resilience, risk, service, siem, skills, software, strategy, technology, threat, tool, training, vulnerability2. Create unified security governance: A unified security governance model should be established, spanning all cloud environments and supported by centralized identity management, visibility, automation, and policy enforcement, advises Nigel Gibbons, director and senior advisor at security services firm NCC Group.This approach, Gibbons says, minimizes complexity and silos by creating consistent security controls across cloud…
-
Hackers love events. Why aren’t more CISOs paying attention?
When CISOs think about risk, they usually think about cloud platforms, laptops, and data centers. But live events like conferences, trade shows, product launches, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/17/cybersecurity-at-live-events/
-
CISOs brace for a surge in domain-based cyber threats
Cybersecurity threats are growing more complex, and domain-based attacks are at the center of this shift. CSC’s CISO Outlook 2025 report, based on a survey of 300 security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/17/domain-based-cyber-threats/