Tag: ciso
-
US gov shutdown leaves IT projects hanging, security defenders a skeleton crew
Tags: cisoThe longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register First seen on theregister.com Jump to article: www.theregister.com/2025/10/01/us_government_shutdown_it_seccurity/
-
US gov shutdown leaves IT projects hanging, security defenders a skeleton crew
Tags: cisoThe longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register First seen on theregister.com Jump to article: www.theregister.com/2025/10/01/us_government_shutdown_it_seccurity/
-
Building a mature automotive cybersecurity program beyond checklists
In this Help Net Security interview, Robert Sullivan, CIO CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/robert-sullivan-agero-automotive-cybersecurity-strategies/
-
Building a mature automotive cybersecurity program beyond checklists
In this Help Net Security interview, Robert Sullivan, CIO CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/robert-sullivan-agero-automotive-cybersecurity-strategies/
-
From Spend to Strategy: A CISO’s View
Armis CISO Curtis Simpson on Spend Justification, AI Risks, Real-Time Visibility. Curtis Simpson, CISO at Armis, shares how CISOs can frame spend in terms executives value, the underestimated risks of AI and which technology trends will truly reshape enterprise security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/from-spend-to-strategy-cisos-view-a-29606
-
Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI
Join Picus Security, SANS, Hacker Valley, and leading CISOs at The BAS Summit 2025 to learn how AI is redefining Breach and Attack Simulation (BAS) and why it’s becoming the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/webinar-picus-security-the-state-of-bas-2025/
-
As Hardware, API and Network Vulnerabilities Rise, Defenders Rethink Strategies
Bugcrowd’s latest research reveals a surge in hardware, API, and network vulnerabilities, fueled in part by the rapid adoption of AI-assisted development. Critical flaws and broken access control remain top concerns, while experts warn that agentic AI will intensify risks if not governed with strong privilege and monitoring controls. The report also highlights the evolving…
-
As Hardware, API and Network Vulnerabilities Rise, Defenders Rethink Strategies
Bugcrowd’s latest research reveals a surge in hardware, API, and network vulnerabilities, fueled in part by the rapid adoption of AI-assisted development. Critical flaws and broken access control remain top concerns, while experts warn that agentic AI will intensify risks if not governed with strong privilege and monitoring controls. The report also highlights the evolving…
-
How to restructure your security program to modernize defense
Restructuring the security program when technology and skills change: When revamping the security programs, CISOs can have in mind Venables’ four-phase framework, which is flexible enough to fit almost any organization. Companies can start where they are, make the changes they want, and then return to complete the remaining tasks.Restructuring the security program should be…
-
Cyber risk quantification helps CISOs secure executive support
In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/vivien-bilquez-zurich-resilience-solutions-cyber-resilience-priorities/
-
KI-Gefahren rücken Integritätsschutz in den Mittelpunkt
Tags: ai, ciso, cloud, compliance, cyberattack, data, data-breach, DSGVO, exploit, governance, injection, LLM, ml, risk, tool, training, updateData Poisoning gefährdet die Integrität von KI-Modellen.Für CISOs reduziert KI selten die Komplexität, sondern füllt vielmehr ihre ohnehin schon volle Agenda. Neben den traditionellen Sicherheitsprioritäten müssen sie sich nun auch mit neuen KI-bedingten Risiken auseinandersetzen, etwa wenn KI-Lösungen unkontrolliert für geschäftliche Zwecke genutzt, Modelle manipuliert und neue Vorschriften nicht eingehalten werden. Eine der drängendsten Herausforderungen…
-
Coherence: Insider risk strategy’s new core principle
Malicious action “, deliberate harm from within, often rooted in disaffection, misalignment, or ideological fractureHuman error “, unintentional harm caused by confusion, fatigue, or misjudgment under pressureThese two paths look different but demand the same thing: a system that knows how to detect misalignment early and how to keep people inside the mission before risk…
-
The CISO’s guide to stronger board communication
In this Help Net Security video, Alisdair Faulkner, CEO of Darwinium, explores how the role of the CISO has changed over the past decade. Faulkner shares insights on how CISOs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/ciso-board-communication-video/
-
The CISO’s guide to stronger board communication
In this Help Net Security video, Alisdair Faulkner, CEO of Darwinium, explores how the role of the CISO has changed over the past decade. Faulkner shares insights on how CISOs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/ciso-board-communication-video/
-
The CISO’s guide to stronger board communication
In this Help Net Security video, Alisdair Faulkner, CEO of Darwinium, explores how the role of the CISO has changed over the past decade. Faulkner shares insights on how CISOs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/29/ciso-board-communication-video/
-
Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions
Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions.Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. But none of that proves what matters most to a CISO:The…
-
Resilienz als Prinzip Netzwerksicherheit für kommende Disruptionen
Widerstandsfähigkeit beginnt mit strategischem Fernzugriff. Verschiedene Störungen, wie Pandemien, geopolitische Krisen oder Naturkatastrophen, sind für Führungskräfte längst keine Ausnahmen mehr, sondern Teil der Realität. Entsprechend müssen sie planen. Für CISOs steht dabei eine zentrale Frage im Fokus: ‘Ist unsere Infrastruktur so gestaltet, dass sie auch unter schwierigen Bedingungen den sicheren Geschäftsbetrieb gewährleistet?” Zwei Ansätze dominieren…
-
Qantas cutting CEO pay signals new era of cyber accountability
Tags: ai, attack, breach, ceo, ciso, cyber, cybersecurity, data, data-breach, finance, governance, incident, incident response, malicious, privacy, ransomware, riskWhat should CISOs and CEOs do now?: CISOs, who have historically borne the brunt of breaches and malicious cyber incidents, should take heed of this emerging trend. “Be aware of the environment and expectations today, and where they’re headed,” Redgraves’ Tully says. “Try to get out in front of that. You need to work with…
-
CISO Spotlight: AJ Debole on the Business-Tech Divide, Breach Readiness, and AI Risks
Tags: ai, breach, business, ciso, corporate, cyber, defense, government, healthcare, law, oracle, ransomware, riskAJ Debole is Field CISO at Oracle, but her journey began far from the corporate boardroom. After starting out in law and government, she moved into healthcare and cyber defense, where she led teams through ransomware crises. In this spotlight, she explores the next wave of challenges aligning security with business incentives, taming AI […]…
-
Mit ShadowV2 wird DDoS zu einem Cloud-nativen Abo-Dienst
DDos-Attacken sind mittlerweile als Auftragsmodell verfügbar, wie eine aktuelle Analyse zeigt.Laut einer Darktrace-Analyse nutzt eine ShadowV2-Bot-Kampagne falsch konfigurierte Docker-Container auf AWS und rüstet sie für DDoS-as-a-Service-Angriffe auf.Was ShadowV2 dabei besonders macht, ist die professionelle Ausstattung mit APIs, Dashboards, Betreiber-Logins und sogar animierten Benutzeroberflächen. ‘Dies ist eine weitere Erinnerung daran, dass Cyberkriminalität kein Nebenjob mehr ist,…
-
AI coding assistants amplify deeper cybersecurity risks
Tags: access, ai, api, application-security, attack, authentication, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, data-breach, detection, fintech, flaw, governance, injection, leak, LLM, metric, open-source, programming, radius, risk, risk-management, service, software, startup, strategy, threat, tool, training, vulnerability‘Shadow’ engineers and vibe coding compound risks: Ashwin Mithra, global head of information security at continuous software development firm Cloudbees, notes that part of the problem is that non-technical teams are using AI to build apps, scripts, and dashboards.”These shadow engineers don’t realize they’re part of the software development life cycle, and often bypass critical…
-
5 questions CISOs should ask vendors
2. Will it reduce my workload, add value or improve operations?: A common starting point is to ask questions about how a new tool will reduce workload, minimize risk, improve resilience or simplify operations.Basu wants to know whether the product can consolidate capabilities instead of adding yet another point solution. “Without that, each tool only…
-
5 questions CISOs should ask vendors
2. Will it reduce my workload, add value or improve operations?: A common starting point is to ask questions about how a new tool will reduce workload, minimize risk, improve resilience or simplify operations.Basu wants to know whether the product can consolidate capabilities instead of adding yet another point solution. “Without that, each tool only…
-
From FBI to CISO: Unconventional Paths to Cybersecurity Success
Cybersecurity leader Jason Manar shares insights on diverse career paths, essential skills, and practical advice for entering and thriving in the high-stress yet rewarding field of cybersecurity. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/fbi-ciso-unconventional-paths-cybersecurity-success
-
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation
Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon’s CEO recently boasted that headcount is “going down all the time.” What was once a sign of corporate distress has…
-
The CISO’s guide to rolling out generative AI at scale
Tags: access, ai, best-practice, chatgpt, ciso, communications, governance, guide, jobs, lessons-learned, network, privacy, risk, technology, tool, trainingSet the stage for success Before launch, host an organization-wide lunch and learn to introduce the platform, explain the rollout’s goals, and connect the initiative to real work. This is not a marketing event; it’s an operational alignment session. Bring the vendor in to walk through the platform, show what it does, and answer questions.…
-
The CISO’s guide to rolling out generative AI at scale
Tags: access, ai, best-practice, chatgpt, ciso, communications, governance, guide, jobs, lessons-learned, network, privacy, risk, technology, tool, trainingSet the stage for success Before launch, host an organization-wide lunch and learn to introduce the platform, explain the rollout’s goals, and connect the initiative to real work. This is not a marketing event; it’s an operational alignment session. Bring the vendor in to walk through the platform, show what it does, and answer questions.…
-
Anton’s Security Blog Quarterly Q3 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, edr, google, governance, guide, metric, office, RedTeam, risk, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify). Gemini for docs based on this blog Top 10 posts with the most…