Tag: ciso
-
West Virginia Gives CISO Greater Authority to Lead Statewide Cybersecurity Program
What happened West Virginia approved legislation that gives the state’s chief information security officer greater authority to lead and standardize cybersecurity efforts across state government. Gov. Patrick Morrisey signed the measure on Thursday. The law directs the state’s Cybersecurity Office, led by Leroy Amos within the Office of Technology, to develop statewide cybersecurity policies and…The…
-
Gen AI Stalls, Shadow AI Rises: A CISO Concern
Going Beyond the Copilot Pilot – A CISO’s Perspective. With 60% of businesses piloting M365 Copilot but only 6% scaling, this webinar explores why gen AI deployments stall, and what CISOs and IT leaders must know to roll out secure, compliant, and effective AI productivity tools. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/gen-ai-stalls-shadow-ai-rises-ciso-concern-a-31339
-
12 cyber industry trends revealed at RSAC 2026
Tags: access, ai, application-security, authentication, awareness, business, ciso, cloud, control, cyber, cybersecurity, data, deep-fake, defense, detection, edr, endpoint, firewall, gartner, governance, identity, infrastructure, insurance, metric, microsoft, monitoring, mssp, phishing, programming, risk, risk-management, service, siem, skills, soc, software, startup, technology, threat, tool, trainingLegacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud…
-
Security Bosses Are All-In on AI. Here’s Why
CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real world, as well as its future promise. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/security-bosses-all-in-ai
-
Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities
More than eight in 10 security leaders in the sector say they’ve rolled out an AI governance framework to some degree, a new survey found. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/retail-hospitality-ai-cybersecurity-cisos-survey/816460/
-
IMO Health: 5 Reasons security culture starts with trust
I recently had the opportunity to sit down with Lori Kevin, VP of Security and Compliance at IMO Health, for another installment of the Strategic CISOs conversations series. We covered a topic that many security leaders care about right now: how to build a security culture where people understand, engage with, and apply security principles…The…
-
Trust, friction, and ROI: A CISO’s take on making security work for the business
In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/john-orourke-ppg-security-as-business-strategy/
-
Block the Prompt, Not the Work: The End of “Doctor No”
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say “No.”No to ChatGPT.No to DeepSeek.No to the file-sharing tool the product team swears by.For years, this looked like security. But in 2026, “Doctor No”…
-
9 ways CISOs can combat AI hallucinations
Tags: access, ai, breach, ciso, compliance, control, corporate, cybersecurity, data, defense, encryption, flaw, framework, GDPR, governance, identity, metric, penetration-testing, regulation, risk, soc, tool, trainingTreat AI outputs as drafts, not finished products: One of the biggest risks is over-trusting AI, according to security experts. Coté says her organization changed its policy so AI-generated content cannot go straight into compliance documentation without a human review.”The moment your team starts treating an AI-generated answer as a finished work product, you have…
-
How to Categorize AI Agents and Prioritize Risk
AI agent risk isn’t equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-to-categorize-ai-agents-and-prioritize-risk/
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
The external pressures redefining cybersecurity risk
Tags: access, ai, attack, breach, business, ciso, control, cyber, cyberattack, cybersecurity, data, deep-fake, defense, email, governance, guide, incident response, injection, network, nist, resilience, risk, risk-management, supply-chain, technology, threat, toolAI is accelerating both the attackers and your defenses, but governance is often missing : What I see generative AI doing in cybersecurity is accelerating what attackers can do and lowering the cost of entry for new criminal gangs. Cyberattacks are more potent because the technology makes it easier to target victims, create deepfake videos or…
-
6 key takeaways from RSA Conference 2026
Tags: ai, api, attack, ceo, cio, ciso, compliance, conference, control, cyber, cybersecurity, data, framework, google, governance, government, identity, infrastructure, injection, intelligence, jobs, LLM, office, RedTeam, regulation, risk, saas, service, technology, threat, tool, trainingSecuring the AI stack: Yes, but the threat surface has grown: The first technical priority I offered for CISOs in my conference preview was securing the AI stack, RAG workflows, LLM data pipelines, vector databases, and model APIs, on the basis that prompt injection, training data poisoning, and model inversion attacks were no longer theoretical.The…
-
The art of making technical risk make sense to executives
In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/ciso-communication-to-the-board-video/
-
RSAC 2026: Fraud Becomes a CISO-Level Security Threat
I sat down with the CEO of Bolster AI at RSAC 2026 to talk about the changing fraud landscape. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/rsac-2026-fraud-becomes-a-ciso-level-security-threat/
-
CISO Spotlight: Dimitris Georgiou on Building Security that Serves People First
Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he studied the convergence of educational technology with computer science as part of his psychology MA finding, to his disbelief, that systems were perilously insecure. Since then, he’s always worked in and around cybersecurity. He’s had roles as a computer […]…
-
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded.This year’s findings reveal…
-
8 steps CISOs can take to empower their teams
Once when we were rolling out a well-known EDR tool, I knew the settings weren’t tight enough, nor were the received updates applied fast enough. So I asked two people to own this, come up with suggestions for tightening the screws, and guarantee a successful rollout on multiple OSes in parallel. The phased approach took…
-
Why Healthcare Faces Rising Risks From Shadow AI
Zscaler’s Ravi Monga on Managing AI Risks in Clinical Environments. Healthcare organizations are increasingly adopting AI for efficiency and patient care, but governance is lagging behind. Zscaler’s Healthcare CISO Ravi Monga explains why visibility into AI usage, including shadow AI, has become the sector’s most urgent cybersecurity challenge. First seen on govinfosecurity.com Jump to article:…
-
The CISO’s guide to responding to shadow AI
Tags: ai, breach, business, ciso, cybersecurity, data, governance, guide, mitigation, privacy, risk, strategy, technology, tool, training, updateUnderstand why AI is being used: If CISOs want to manage shadow AI effectively, they need to understand why it keeps popping up. The immediate reaction may be to shut down the use of shadow AI, but there must be more to the response than that.”Our focus is understanding why they’re using it, educating them…
-
Why Misaligned Incentives Are the CISO’s Biggest Problem
Jim DuBois, Former Microsoft CIO and CISO, on Incentives, AI and Cyber’s Future. As AI reshapes cybersecurity, aligning security and innovation teams is more critical than ever. Former Microsoft CIO and CISO Jim DuBois says misaligned incentives create conflict, and fixing that is what lets organizations move fast without compromising security. First seen on govinfosecurity.com…
-
Why CISOs Need to Start Taking AI Third-Party Risk Seriously
Keyrock CISO David Cass on Managing Agentic AI Risk in Financial Services. As financial institutions accelerate AI adoption, traditional governance models are falling short. David Cass, CISO at Keyrock, explains why organizations must rethink accountability, asset visibility and identity controls to manage emerging risks from LLMs and agentic AI systems. First seen on govinfosecurity.com Jump…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
6 key trends reshaping the IAM market
Tags: access, ai, attack, authentication, ciso, compliance, corporate, cyber, cybersecurity, data, dora, finance, framework, governance, government, Hardware, iam, identity, mfa, mobile, network, nis-2, passkey, password, PCI, phone, regulation, saas, service, startup, strategy, technologyPasswordless authentication on the rise: Passwords have long been the weakest link in most security architectures.Many mobile phones and laptops already use biometrics for authentication, and the user experience is typically far better than typing a long and complex password into an interface.The growing uptake of passwordless authentication (FIDO2/passkeys, biometrics) is redefining the scope of…
-
6 key trends reshaping the IAM market
Tags: access, ai, attack, authentication, ciso, compliance, corporate, cyber, cybersecurity, data, dora, finance, framework, governance, government, Hardware, iam, identity, mfa, mobile, network, nis-2, passkey, password, PCI, phone, regulation, saas, service, startup, strategy, technologyPasswordless authentication on the rise: Passwords have long been the weakest link in most security architectures.Many mobile phones and laptops already use biometrics for authentication, and the user experience is typically far better than typing a long and complex password into an interface.The growing uptake of passwordless authentication (FIDO2/passkeys, biometrics) is redefining the scope of…
-
6 key trends reshaping the IAM market
Tags: access, ai, attack, authentication, ciso, compliance, corporate, cyber, cybersecurity, data, dora, finance, framework, governance, government, Hardware, iam, identity, mfa, mobile, network, nis-2, passkey, password, PCI, phone, regulation, saas, service, startup, strategy, technologyPasswordless authentication on the rise: Passwords have long been the weakest link in most security architectures.Many mobile phones and laptops already use biometrics for authentication, and the user experience is typically far better than typing a long and complex password into an interface.The growing uptake of passwordless authentication (FIDO2/passkeys, biometrics) is redefining the scope of…
-
6 key trends reshaping the IAM market
Tags: access, ai, attack, authentication, ciso, compliance, corporate, cyber, cybersecurity, data, dora, finance, framework, governance, government, Hardware, iam, identity, mfa, mobile, network, nis-2, passkey, password, PCI, phone, regulation, saas, service, startup, strategy, technologyPasswordless authentication on the rise: Passwords have long been the weakest link in most security architectures.Many mobile phones and laptops already use biometrics for authentication, and the user experience is typically far better than typing a long and complex password into an interface.The growing uptake of passwordless authentication (FIDO2/passkeys, biometrics) is redefining the scope of…
-
EU AI Act Compliance Guide for CISOs GRC Leaders – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/eu-ai-act-compliance-guide-for-cisos-grc-leaders-kovrr/