Tag: ciso
-
Mind the overconfidence gap: CISOs and staff don’t see eye to eye on security posture
Tags: ai, attack, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, grc, group, hacker, identity, incident response, intelligence, international, least-privilege, metric, network, phishing, ransomware, risk, risk-assessment, risk-management, soc, strategy, technology, threat, tool, training, updateMisplaced priorities: Investments often favor visibility and compliance over “core capabilities like detection engineering, incident response, and threat containment,” according to Santiago Pontiroli, lead security researcher at cybersecurity vendor Acronis TRU.Delayed adaptation: AI-driven threats demand faster, smarter defenses, but key upgrades (such as behavior-based analytics or automation) are often postponed due to underestimated risk, according…
-
AI is changing the vCISO game
Virtual CISO (vCISO) services have moved from niche to mainstream, with vCISO services adoption 2025 data showing a more than threefold increase in just one year. According to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/31/vciso-services-adoption-2025/
-
Palo Alto Networks to buy CyberArk for $25B as identity security takes center stage
The identity crisis driving this deal: Walk into any CISO’s office these days, and they’ll tell you the same story: hackers don’t need to break down the front door anymore. They just steal legitimate credentials and walk right in.”Today, most breaches originate not from malware or misconfigured ports but from stolen or misused credentials,” Tyagi…
-
Palo Alto Networks eyes $20B CyberArk deal as identity security takes center stage
The identity crisis driving this deal: Walk into any CISO’s office these days, and they’ll tell you the same story: hackers don’t need to break down the front door anymore. They just steal legitimate credentials and walk right in.”Today, most breaches originate not from malware or misconfigured ports but from stolen or misused credentials,” Tyagi…
-
How CISOs can scale down without compromising security
Tags: breach, business, ciso, compliance, control, cybersecurity, data, detection, finance, framework, gartner, governance, intelligence, jobs, metric, open-source, regulation, resilience, risk, soc, strategy, threat, tool, training, vulnerabilityStrategic risk (high, medium, low): What’s the actual exposure if this control fails?Business alignment: Which functions are enabling revenue, customer trust, or compliance?No-brainers: These are redundant tools, shelfware, or “security theatre” controls that look good on paper but deliver no measurable protection.For this assessment, Mahdi brings together a cross-functional team that includes business unit leaders,…
-
Prepping for the quantum threat requires a phased approach to crypto agility
Tags: access, ceo, ciso, computing, crypto, cryptography, cybersecurity, encryption, firmware, government, Hardware, identity, network, nist, open-source, software, supply-chain, threat, tool, vulnerabilityMissing pieces: Michael Smith, field CTO at DigiCert, noted that the industry is “yet to develop a completely PQC-safe TLS protocol.””We have the algorithms for encryption and signatures, but TLS as a protocol doesn’t have a quantum-safe session key exchange and we’re still using Diffie-Hellman variants,” Smith explained. “This is why the US government in…
-
MCP”‘Sicherheit: Das Rückgrat von Agentic AI sichern
Tags: access, ai, api, authentication, ciso, credentials, cyberattack, cyersecurity, firewall, infrastructure, LLM, mfa, risk, toolIm Zuge von Agentic AI sollten sich CISOs mit MCP-Sicherheit auseinandersetzen. Das Model Context Protocol (MCP) wurde erst Ende 2024 vorgestellt, dennoch sind die technologischen Folgen in vielen Architekturen bereits deutlich spürbar. Damit Entwickler nicht jede Schnittstelle mühsam von Hand programmieren müssen, stellt MCP eine einheitliche ‘Sprache” für LL-Agenten bereit. Dadurch können sie Tools, Datenbanken und SaaS”‘Dienste…
-
Intent Over Tactics: A CISO’s Guide to Protecting Your Crown Jewels
A practical guide to protecting your most critical assets when budget, head-count, and political capital are tight. First seen on tldrsec.com Jump to article: tldrsec.com/p/intent-over-tactics-crown-jewels
-
Why CISOs should rethink identity risk through attack paths
Identity-based attack paths are behind most breaches today, yet many organizations can’t actually see how those paths form. The 2025 State of Attack Path Management report … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/30/ciso-attack-path-management-apm/
-
vCISO In Action: Navigating Cybersecurity Leadership Beyond Office Walls
With two decades in the industry, Emily O’Carroll reflects on how the threat landscape has evolved, the difference between in-house and virtual CISO work, and why mentoring and finding personal balance are just as important as managing risk. First seen on crn.com Jump to article: www.crn.com/news/security/2025/vciso-in-action-navigating-cybersecurity-leadership-beyond-office-walls1
-
Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance
CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten.In vielen Unternehmen stoßen IT-Sicherheitsrichtlinien auf Widerstand, da Mitarbeitende sie als hinderlich oder praxisfern empfinden. Dies erschwert die Umsetzung, untergräbt die Wirksamkeit und belastet die Zusammenarbeit zwischen der Sicherheitsabteilung und den Fachbereichen. Statt als Partner wird Cybersecurity oft als Bremser wahrgenommen ein fatales Sicherheitsrisiko. Für CISOs (Chief…
-
The CISO’s challenge: Getting colleagues to understand what you do
Tags: access, authentication, ceo, cio, ciso, cybersecurity, Hardware, jobs, office, risk, saas, technology‘Chief’ in name only adds to the confusion: Like other executive-sounding titles, such as chief marketing officer, chief revenue officer, chief technology officer, and others, CISOs sound like they should be officers of the company with broad decision-making capabilities, but in most cases, they lack any actual power.”There are some CISOs that sort of rise…
-
Cyber Career Opportunities: Weighing Certifications vs. Degrees
Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cyber-career-opportunities-certifications-degrees
-
Can Security Culture Be Taught? AWS Says Yes
Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/can-security-culture-be-taught-aws-says-yes
-
CISO Conversations: How IT and OT Security Worlds Are Converging
Dark Reading’s Kelly Jackson Higgins interviews Carmine Valente, Deputy CISO at Con Edison, about his role at the New York-based electric utility and the state of IT and OT security. Valente highlights current threats like ransomware and supply chain attacks, as well as the impact of AI on both defense and threats. First seen on…
-
Majority of CISOs Lack Full Visibility Over APIs
New research by Salt Security has revealed that the majority of CISOs do not have full visibility over their API environments, despite recognition of the growing API attack surface. The 2025 Salt Security CISO Report found that while 73% of CISOs rank API security as a high or critical priority for the next 12 months, only…
-
How to Advance from SOC Manager to CISO?
Making the move from managing a security operations center (SOC) to being a chief information security officer (CISO) is a significant career leap. Not only do you need a solid foundation of tech knowledge but also leadership skills and business smarts. This article will guide you through the practical steps and skills you’ll need to…
-
The CISO code of conduct: Ditch the ego, lead for real
Where do we go from here?: To put a stop to this rising issue, we need to stop pretending this is someone else’s problem. We stop excusing toxic behavior just because someone carries the right title. And we stop treating leadership like it’s an untouchable domain reserved for those with the loudest voices or the…
-
The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity
Tags: cisoThe way we manage certificates must transform. For CISOs, this is not a future problem; the time to re-architect digital trust is now. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/the-expiring-trust-model-cisos-must-rethink-pki-in-the-era-of-short-lived-certificates-and-machine-identity/
-
From hardcoded credentials to auth gone wrong: Old bugs continue to break modern systems
Tags: ai, automation, ciso, credentials, endpoint, infrastructure, network, router, threat, tool, training, update, usa, vulnerabilityWhy are we still here?: For all the industry talk about development practices, threat modelling, and DevSecOps, the same root causes keep surfacing with surprising regularity. “Developing code without vulnerabilities, weaknesses, and shortcomings is hard,” Sampson said. “Despite advances in tooling, doing a quick fix that you promise to revisit later has less friction than…
-
World Health Organization CISO on securing global health emergencies
In this Help Net Security interview, Flavio Aggio, CISO at the World Health Organization (WHO), explains how the organization prepares for and responds to cyber threats during … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/21/flavio-aggio-world-health-organization-health-emergencies-cybersecurity/
-
Threat actors scanning for apps incorporating vulnerable Spring Boot tool
Tags: access, attack, authentication, ciso, compliance, country, credentials, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, finance, flaw, governance, group, hacker, incident response, infrastructure, Internet, kev, nist, organized, password, risk, technology, threat, tool, vulnerability, zero-day/health endpoints, commonly used to detect internet-exposed Spring Boot deployments. If vulnerable implementations of apps, including TeleMessage SGNL, are found, they could be exploited to steal sensitive data in heap memory, including plaintext usernames and passwords. The hole is serious enough that it was added this week to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited…
-
AI-powered attacks rise as CISOs prioritize AI security risks
Security executives are concerned about flaws in AI agents but also eager to see them replace humans in some roles, according to a new report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-security-risks-agents-report/753345/
-
AI-powered attacks creep upward as CISOs prioritize AI security risks
Security executives are concerned about flaws in AI agents but also eager to see them replace humans in some roles, according to a new report. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-security-risks-agents-report/753345/
-
SquareX Collaborates With Top Fortune 500 CISOs To Launch The Browser Security Field Manual At Black Hat
Palo Alto, California, July 17th, 2025, CyberNewsWire SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune…
-
SquareX Collaborates with Top Fortune 500 CISOs to Launch The Browser Security Field Manual at Black Hat
Tags: cisoPalo Alto, California, 17th July 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/squarex-collaborates-with-top-fortune-500-cisos-to-launch-the-browser-security-field-manual-at-black-hat/