Tag: ciso
-
The Crowded Battle: Key Insights from the 2025 State of Pentesting Report
In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex…
-
4 ways to safeguard CISO communications from legal liabilities
Tags: ciso, communications, corporate, cyber, data, defense, governance, government, incident, jobs, law, privacy, regulation, risk, vulnerabilityPay attention to the medium: CISOs also need to pay attention to what they say based on the medium in which they are communicating. Pay attention to “how we communicate, who we’re communicating with, what platforms we’re communicating on, and whether it’s oral or written,” Angela Mauceri, corporate director and assistant general counsel for cyber…
-
Immer mehr Entwicklerteams sind für Anwendungssicherheit verantwortlich
Obwohl der DevSecOps-Reifegrad weiterhin im Fokus steht, basieren laut CISOs nur 39 Prozent der Geschäftsprozesse auf sicheren Anwendungen. Checkmarx, Anbieter im Bereich Cloud-native Application Security, hat seine jährliche Studie »A CISO’s Guide to Steering AppSec in the Age of DevSecOps« vorgestellt [1]. Aufsetzend auf eine Umfrage unter 200 Chief Information Security Officers (CISOs) aus… First…
-
We’re Answering Your Exposure Management Questions
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this Exposure Management Academy FAQ, we help CISOs understand exposure management, look at how advanced you might be and outline how to structure a program. You can read the entire Exposure Management…
-
SolarWinds security chief on the risks and rewards of being a CISO
At the RSA Conference in San Francisco this year, Tim Brown talked about the protection CISOs need, Russia’s continued attempts to launch attacks and how companies can navigate the treacherous waters of cyber incidents. First seen on therecord.media Jump to article: therecord.media/solarwinds-security-chief-tim-brown-interview
-
Why CTEM is the Winning Bet for CISOs in 2025
Continuous Threat Exposure Management (CTEM) has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today’s cybersecurity programs by continuously aligning security efforts with real-world risk.At the heart of CTEM is the integration of Adversarial Exposure Validation (AEV), an advanced, offensive First…
-
#Infosec2025: How CISOs Can Stay Ahead of Evolving Cloud Threats
Security experts tell Infosecurity about the cloud attack trends in the past year, and how CISOs can mitigate evolving techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosec2025-cisos-evolving-cloud/
-
Fairfax County, Va., CISO Michael Dent on Leadership
What’s on the minds of top local government chief information security officers? In this interview, Michael Dent shares current security and technology priorities, career tips and more. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/fairfax-county-va-ciso-michael-dent-on-leadership/
-
Why Context is King in Cyber Risk Quantification: Key Webinar Takeaways
In cybersecurity, the most complex problems often do not have neat solutions. But in a recent conversation with veteran CISO Ed Amoroso and Balbix CEO and Founder Gaurav Banga, one thing was clear: we’re past the point where “we tried our best” is enough. Accountability, quantification, and context are now table stakes for any organization……
-
From hype to harm: 78% of CISOs see AI attacks already
AI attacks are keeping most practitioners up at night, says Darktrace, and with good reason First seen on theregister.com Jump to article: www.theregister.com/2025/05/16/cisos-report-ai-attacks/
-
A Unified Approach to Exposure Management: Introducing Tenable One Connectors and Customized Risk Dashboards
Unified visibility and context are the keys to an effective exposure management program. Learn how the new Tenable One connectors and unified dashboards give you a comprehensive view of your attack surface, help you streamline decision-making and empower your teams to uncover hidden risks, prioritize critical exposures and respond to threats with confidence. In 2022,…
-
How One Leaked Credential Can Expose a Threat Actor
The Power of One: From Leaked Credential to Campaign Attribution Attribution has always been the elusive prize in threat intelligence. The question every CISO wants answered after an attack: “Who did this?” Historically, attribution required heavy resources, deep visibility, and sometimes even luck. But in today’s world of digital risk intelligence, one leaked credential can……
-
Entwicklerteams sind immer stärker für die Anwendungssicherheit verantwortlich
Checkmarx hat seine jährliche Studie ‘A CISO’s Guide to Steering AppSec in the Age of DevSecOps” vorgestellt. Aufsetzend auf eine Umfrage unter 200 Chief Information Security Officers (CISOs) aus verschiedenen Branchen und Regionen weltweit identifiziert die Studie zentrale Faktoren, die den Trend zu einer engeren Zusammenarbeit zwischen Entwickler- und Sicherheitsteams vorantreiben. Die wichtigste Erkenntnis ist,…
-
Cyber Defenders Save the Country of Berylia – Once Again!
CISO Joe Carson on How NATO’s Locked Shields Sharpens Defenders for the Next Attack. Each year, the tiny northern Atlantic Ocean island country of Berylia comes under a massive cyberattack. It’s all part of one of the world’s largest red team-blue team exercises called Locked Shields, which has attracted thousands of cyber professionals including Joe…
-
Southwest Airlines CISO on tackling cyber risks in the aviation industry
In this Help Net Security interview, Carrie Mills, VP and CISO, Southwest Airlines talks about the cybersecurity challenges facing the aviation industry. She explains how … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/14/carrie-mills-southwest-airlines-aviation-industry-cybersecurity-challenges/
-
4 critical leadership priorities for CISOs in the AI era
1. Guide the C-suite As businesses rush to implement AI effectively, CISOs can play an important role in guiding the C-suite on a variety of matters, starting with vetting AI use cases, Alexander says. “These are conversations with technologists, security, and the business. You can’t just jump into the AI game without really understanding what…
-
Nachfolge unklar – Microsoft macht Ann Johnson zum CISO für Europa vorübergehend
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-stellvertretender-ciso-europa-cybersicherheit-a-4b4795bfa7ec8369cad1fa1992452eab/
-
CISA’s alert pivot reflects a new era of decentralized cyber threat communication
Tags: access, cisa, ciso, communications, cyber, cybersecurity, email, exploit, incident response, intelligence, kev, monitoring, risk, strategy, threat, tool, update, vulnerabilityFrom centralized alerts to multi-channel intelligence: CISA’s shift means enterprises must now adopt a more proactive approach to gathering threat intelligence. While the agency isn’t reducing the volume of information shared, the distribution model now demands a more decentralized, digitally savvy strategy from recipients.This change empowers organizations to refine how they consume alerts, Varkey said.…
-
CISO Survey Surfaces Shift in Application Security Responsibilities
A global survey of 200 CISOs suggests responsibility for application security is shifting more toward the teams building and deploying software. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/ciso-survey-surfaces-shift-in-application-security-responsibilities/
-
IAM 2025: Diese 10 Trends entscheiden über Ihre Sicherheitsstrategie
Tags: access, ai, api, authentication, best-practice, cio, ciso, cloud, compliance, conference, credentials, crypto, cryptography, detection, dora, framework, governance, iam, identity, iot, kritis, login, mfa, nis-2, resilience, risk, risk-analysis, service, strategy, threat, tool, zero-trustDie Kernaussage der EIC Conference 2025: IAM ist ein ganzheitlicher Architekturansatz und kein Toolset. Identity & Access Management (IAM) ist nicht länger eine Frage der Tool-Auswahl, sondern der Architektur. Diese Kernaussage prägte die European Identity and Cloud Conference 2025, die vom 6. bis 9. Mai in Berlin stattfand. Mit über 1.500 Teilnehmern, 300 Rednern und…
-
Author’s QA: It’s high time for CISOs to start leading strategically, or risk being scapegoated
The cybersecurity landscape has never moved faster, and the people tasked with defending it have never felt more exposed. Related: How real people are really using GenAI Today’s Chief Information Security Officers (CISOs) operate in a pressure cooker: responsible… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/authors-qa-its-high-time-for-cisos-to-start-leading-strategically-or-risk-being-scapegoated/
-
CIO des Jahres 2025 jetzt mitmachen und bis Ende Mai bewerben
So sehen Siegerinnen und Sieger aus. Die Gewinnerinnen und Gewinner des vergangenen Jahres jubeln über ihre CIO-des-Jahres-Awards. Machen auch Sie mit und bewerben Sie sich dann stehen Sie vielleicht im Oktober 2025 auf der großen Gala-Bühne und dürfen sich über die renommierteste IT-Auszeichnung Deutschlands freuen. cio.de / Tobias TschepeDie heiße Phase für die Bewerbung um…
-
CISOs must speak business to earn executive trust
In this Help Net Security interview, Pritesh Parekh, VP, CISO at PagerDuty talks about how CISOs can change perceptions of their role, build influence across the organization, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/13/pritesh-parekh-pagerduty-cisos-business-leaders-conversations/
-
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.
Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, updateReal-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
-
73% of CISOs admit security incidents due to unknown or unmanaged assets
Business continuity (42% of respondents)Competitiveness (39%)Customer trust and brand reputation (39%)Supplier relationships (39%)Employee productivity (38%)Financial performance (38%)Despite the obvious dangers, the survey shows that enterprises are doing too little. Forty-three percent of companies employ special tools for proactive risk management of their attack surface. The majority (58%) admitted they have not implemented processes for continuous…