Tag: ciso
-
The unified linkage model: A new lens for understanding cyber risk
Tags: access, api, attack, breach, ciso, cloud, compliance, credentials, cve, cyber, cybersecurity, data, defense, exploit, flaw, framework, identity, incident response, infrastructure, intelligence, malicious, mitre, network, nist, okta, open-source, radius, resilience, risk, risk-analysis, saas, sbom, software, supply-chain, threat, update, vpn, vulnerability, zero-day, zero-trustMissed systemic risk: Organizations secure individual components but miss how vulnerabilities propagate through dependencies (e.g., Log4j embedded in third-party apps).Ineffective prioritization: Without a linkage structure, teams patch high-severity CVEs on isolated systems while leaving lower-scored flaws on critical trust pathways.Slow incident response: When a zero-day emerges, teams scramble to locate vulnerable components. Without pre-existing linkage…
-
AI-powered bug hunting shakes up bounty industry, for better or worse
Tags: access, ai, authentication, automation, bug-bounty, business, ciso, cloud, control, credentials, data, detection, exploit, flaw, guide, identity, infrastructure, injection, intelligence, risk, risk-management, sql, strategy, supply-chain, threat, tool, vulnerabilityFirehose of ‘false positives’: Gunter Ollmann, CTO at Cobalt.io, warns that AI is exacerbating the existing problem that comes from vendors getting swamped with often low-quality bug submissions.Security researchers turning to AI is creating a “firehose of noise, false positives, and duplicates,” according to Ollmann.”The future of security testing isn’t about managing a crowd of…
-
AI-powered bug hunting shakes up bounty industry, for better or worse
Tags: access, ai, authentication, automation, bug-bounty, business, ciso, cloud, control, credentials, data, detection, exploit, flaw, guide, identity, infrastructure, injection, intelligence, risk, risk-management, sql, strategy, supply-chain, threat, tool, vulnerabilityFirehose of ‘false positives’: Gunter Ollmann, CTO at Cobalt.io, warns that AI is exacerbating the existing problem that comes from vendors getting swamped with often low-quality bug submissions.Security researchers turning to AI is creating a “firehose of noise, false positives, and duplicates,” according to Ollmann.”The future of security testing isn’t about managing a crowd of…
-
You can’t audit how AI thinks, but you can audit what it does
In this Help Net Security interview, Wade Bicknell, Head, IT Security Operations, CFA Institute, discusses how CISOs can use AI while maintaining security and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/31/wade-bicknell-cfa-institute-ciso-ai-security-governance/
-
Building Cyber Resilience Across Canada’s Skies
NAV Canada CISO Tom Bornais on Keeping IT and OT Systems Running. With threats targeting aviation infrastructure, NAV Canada CISO Tom Bornais explained how his team focuses on building resilience rather than chasing perfection. He outlined why internal alignment, incident simulation and supply chain security are critical to defending IT and OT systems. First seen…
-
The secret to audit success? Think like your auditor
Tags: cisoIn this Help Net Security video, Doug Kersten, CISO at Appfire, shares practical, experience-driven advice on how CISOs can avoid the most common mistakes when preparing for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/31/ciso-audit-preparation-video/
-
Strengthening security with a converged security and networking platform
created new security risks. Products are designed with different fundamental security assumptions. Each has a separate security policy and requires a specially trained administrator, making it difficult to coordinate security policies and use products together. The result is a fragmented security infrastructure with inconsistent rules and poor visibility. Conflicting policies and uneven enforcement create the…
-
Strengthening security with a converged security and networking platform
created new security risks. Products are designed with different fundamental security assumptions. Each has a separate security policy and requires a specially trained administrator, making it difficult to coordinate security policies and use products together. The result is a fragmented security infrastructure with inconsistent rules and poor visibility. Conflicting policies and uneven enforcement create the…
-
Human-Centered Leadership Strengthens OT Security
OTsec Canada Chairman on Balancing Wellness, Collaboration and Compliance. Organizations defending critical infrastructure must shift from compliance-focused strategies to holistic resilience. Ahead of the OTsec Canada Summit, Énergir CISO Martin Laberge outlines why people-first leadership and national coordination are essential for OT security resilience. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/human-centered-leadership-strengthens-ot-security-a-29886
-
Human-Centered Leadership Strengthens OT Security
OTsec Canada Chairman on Balancing Wellness, Collaboration and Compliance. Organizations defending critical infrastructure must shift from compliance-focused strategies to holistic resilience. Ahead of the OTsec Canada Summit, Énergir CISO Martin Laberge outlines why people-first leadership and national coordination are essential for OT security resilience. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/human-centered-leadership-strengthens-ot-security-a-29886
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
Tips for CISOs switching between industries
Understand and demonstrate achieved results: Making the jump into a new industry isn’t about matching past job titles but about proving you can create impact in a new context. DiMarco says the key is to demonstrate relevance early.”When I pitch a candidate, I explain what they did, how they did it, and what their impact…
-
Old threats, new consequences: 90% of cyber claims stem from email and remote access
Tags: access, ai, attack, awareness, cisco, ciso, citrix, cloud, communications, control, credentials, cve, cyber, cybersecurity, data, defense, detection, email, encryption, finance, fraud, hacker, insurance, mail, malicious, microsoft, network, phishing, phone, ransomware, risk, sophos, tactics, threat, tool, update, vpn, vulnerability2025 InsurSec Rankings Report, email and remote access remain the most prominent cyber threat vectors, accounting for 90% of cyber insurance claims in 2024.And, no surprise, larger companies continue to get hit hardest. But, interestingly, the virtual private networks (VPNs) many rely on are anything but secure, despite assumptions to the contrary.”We know from our…
-
How the City of Toronto embeds security across governance and operations
In this Help Net Security interview, Andree Noel, Deputy CISO at City of Toronto, discusses how the municipality strengthens its cyber defense by embedding security into … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/30/andree-noel-city-of-toronto-municipal-cyber-defense/
-
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof.When a new exploit drops, scanners scour…
-
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof.When a new exploit drops, scanners scour…
-
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof.When a new exploit drops, scanners scour…
-
The CISO’s Guide to Model Context Protocol (MCP)
As engineering teams race to adopt the Model Context Protocol (MCP) to harness the power of agentic AI, a more cautious conversation dominates security leaders’ mindshare. While the potential for innovation is clear, the primary question for CISOs and CIOs is more fundamental: how are we going to manage the growing risk? The answer is..…
-
The CISO’s Guide to Model Context Protocol (MCP)
As engineering teams race to adopt the Model Context Protocol (MCP) to harness the power of agentic AI, a more cautious conversation dominates security leaders’ mindshare. While the potential for innovation is clear, the primary question for CISOs and CIOs is more fundamental: how are we going to manage the growing risk? The answer is..…
-
Early reporting helps credit unions stop fraudulent transfers faster
In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/29/carl-scaffidi-vystar-credit-unions-payment-security/
-
Early reporting helps credit unions stop fraudulent transfers faster
In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/29/carl-scaffidi-vystar-credit-unions-payment-security/
-
Atroposia malware kit lowers the bar for cybercrime, and raises the stakes for enterprise defenders
Tags: apt, authentication, automation, ciso, credentials, crime, cybercrime, defense, detection, dns, endpoint, infrastructure, mail, malicious, malware, mfa, monitoring, rat, service, spam, threat, tool, update, vulnerabilityRAT toolkits proliferating: Atroposia is one of a growing number of RAT tools targeting enterprises; Varonis has also recently discovered SpamGPT and MatrixPDF, a spam-as-a-service platform and malicious PDF builder, respectively.Shipley noted that these types of packages which identify additional avenues to maintain persistence have been around for some time; Mirai, which goes back to…
-
From Chef to CISO: An Empathy-First Approach to Cybersecurity Leadership
Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/chef-ciso-empathy-first-cybersecurity-leadership
-
How evolving regulations are redefining CISO responsibility
Tags: attack, awareness, breach, ciso, communications, compliance, credentials, cyber, cyberattack, cybersecurity, data, data-breach, governance, identity, incident response, intelligence, iot, nis-2, phone, regulation, resilience, risk, risk-management, sbom, service, software, threat, tool, vulnerabilityIncreasing attacks on IoT and OT device vulnerabilities Cyberattacks are increasingly driven by software vulnerabilities embedded in OT and IoT devices. The 2025 Verizon Data Breach Investigations Report noted that 20% of breaches were vulnerability-based, which is a close second to credential abuse, accounting for 22% of breaches. Year over year, breaches resulting from software…
-
Volvo’s recent security breach: 5 tips to speed incident response while preserving forensic integrity
Tags: access, automation, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, endpoint, finance, framework, gartner, GDPR, guide, incident, incident response, insurance, metric, mitigation, nist, resilience, risk, risk-management, saas, security-incident, siem, soar, supply-chain, vulnerabilityIdentify and catalog your evidence sources in advance (endpoints, memory, logs, cloud assets)Stage scripts or agents that can snapshot memory and archive logs immediately when an IR trigger firesMake forensic collection part of containment, not something you tack on afterwardModern approaches and even NIST’s updated guidance emphasize that evidence gathering should begin during, not after,…
-
Volvo’s recent security breach: 5 tips to speed incident response while preserving forensic integrity
Tags: access, automation, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, endpoint, finance, framework, gartner, GDPR, guide, incident, incident response, insurance, metric, mitigation, nist, resilience, risk, risk-management, saas, security-incident, siem, soar, supply-chain, vulnerabilityIdentify and catalog your evidence sources in advance (endpoints, memory, logs, cloud assets)Stage scripts or agents that can snapshot memory and archive logs immediately when an IR trigger firesMake forensic collection part of containment, not something you tack on afterwardModern approaches and even NIST’s updated guidance emphasize that evidence gathering should begin during, not after,…
-
Cybersicherheit ist größte Herausforderung für die Finanzbranche
Cyberangriffe stellen viele Banken und Versicherungen vor große Probleme.Systemkritische Branchen wie die Finanzindustrie geraten immer häufiger ins Visier von Cyberkriminellen. Die Anzahl der Cyberangriffe hat sich in diesem Bereich im Vergleich zum Jahr 2021 versechsfacht. Das geht aus einer aktuellen Umfrage des Beratungs- und Softwarehauses PPI hervor, für die hierzulande 50 Banken und 53 Versicherungen…

