Tag: ciso
-
Agentic AI already hinting at cybersecurity’s pending identity crisis
Agentic AI’s identity crisis: Authentication and agentic experts interviewed, three of whom estimate that less than 5% of enterprises experimenting with autonomous agents have deployed agentic identity systems, say the reasons for this lack of security hardening are varied.First, many of these efforts are effectively shadow IT, where a line of business (LOB) executive has…
-
Der Aufstieg des Chief Trust Officers: Wo passt der CISO hinein?
Tags: ai, ceo, cio, ciso, compliance, cyersecurity, finance, governance, grc, office, risk, risk-management, soc, software, vulnerabilityDer Chief Trust Officer steht für einen Wandel von der Verteidigung von Systemen hin zur Sicherung der Glaubwürdigkeit.Immer mehr Unternehmen heben Vertrauen als Unterscheidungsmerkmal für ihr Geschäft hervor. Durch Datenschutzverletzungen, Bedenken hinsichtlich der Produktsicherheit und Unsicherheiten in Bezug auf künstliche Intelligenz hat das Vertrauen der Kunden in den vergangenen Jahren stark gelitten.Wie aus dem Edelman…
-
Preparing Healthcare Workers for Secure, Responsible AI Use
Preparing a healthcare workforce to responsibly engage with AI tools without over relying on automation or undermining human oversight will require awareness training akin to phishing exercises, said Skip Sorrels, field CTO and CISO at security firm Claroty. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/preparing-healthcare-workers-for-secure-responsible-ai-use-i-5510
-
Building cyber talent through competition, residency, and real-world immersion
In this Help Net Security interview, Chrisma Jackson, Director of Cybersecurity Mission Computing Center and CISO at Sandia National Laboratories, reflects on where the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/22/chrisma-jackson-sandia-national-laboratories-recruiting-cybersecurity-professionals/
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
Kirsten Davies Confirmed as Pentagon CIO
Former Unilever CISO to Lead Department of Defense IT. A former Unilever executive is officially the next U.S. Department of Defense CIO. The Pentagon CIO is the principal technology advisor to Pentagon leadership and manages the department’s information management and IT, and many other critical systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/kirsten-davies-confirmed-as-pentagon-cio-a-30353
-
CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a…
-
AI Agents are Manthe-Middle Attacks
After 25 years defending against man-in-the-middle attacks, a security veteran explains why most AI agents replicate the same architectural risks”, creating compliance gaps, opaque decision-making, and zero-trust violations CISOs can’t ignore. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ai-agents-are-man-in-the-middle-attacks/
-
AI isn’t one system, and your threat model shouldn’t be either
In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/19/naor-penso-cerebras-systems-threat-modeling-al-optimized-infrastructure/
-
AI Agents are Manthe-Middle Attacks
After 25 years defending against man-in-the-middle attacks, a security veteran explains why most AI agents replicate the same architectural risks”, creating compliance gaps, opaque decision-making, and zero-trust violations CISOs can’t ignore. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ai-agents-are-man-in-the-middle-attacks/
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
The innovative CISO’s bucket list: Human-led transformation at the core
Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, toolBuilding a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
-
Der Raspberry-Pi-Weckruf für CISOs
Tags: access, authentication, ceo, ciso, control, cyberattack, dns, firewall, group, hacker, Hardware, infrastructure, linux, monitoring, office, risk, switch, tool, voip, vpnKleines Device, große Wirkung.Mitte Dezember wurde eine Fähre in Besitz der Mediterranean Shipping Company über Stunden in einem französischen Hafen festgesetzt, wie Bloomberg berichtete. Der Grund: Es bestand der Verdacht, dass russische Cyberkriminelle versucht haben, das Netzwerk des Schiffs zu hacken mit einem Raspberry Pi. Dieser war demnach mit einem Mobilfunkmodem gekoppelt, das den Fernzugriff…
-
The Biggest Cyber Stories of the Year: What 2025 Taught Us
Tags: access, attack, authentication, awareness, banking, breach, business, ciso, cloud, compliance, container, control, cyber, cyberattack, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, government, healthcare, iam, identity, incident, incident response, Internet, law, metric, mfa, monitoring, network, privacy, regulation, resilience, risk, service, software, strategy, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-day, zero-trustThe Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk. Data Security…
-
How CISOs Can Beat the Ransomware Blame Game
CISOs are often blamed after ransomware attacks, yet most breaches stem from organizational gaps, budget tradeoffs, and staffing shortages. This analysis explores why known risks remain unfixed and how security leaders can break the cycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/how-cisos-can-beat-the-ransomware-blame-game/
-
How CISOs Can Beat the Ransomware Blame Game
CISOs are often blamed after ransomware attacks, yet most breaches stem from organizational gaps, budget tradeoffs, and staffing shortages. This analysis explores why known risks remain unfixed and how security leaders can break the cycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/how-cisos-can-beat-the-ransomware-blame-game/
-
How CISOs Can Beat the Ransomware Blame Game
CISOs are often blamed after ransomware attacks, yet most breaches stem from organizational gaps, budget tradeoffs, and staffing shortages. This analysis explores why known risks remain unfixed and how security leaders can break the cycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/how-cisos-can-beat-the-ransomware-blame-game/
-
2026 Cyber Predictions: Accelerating AI, Data Sovereignty, and Architecture Rationalization
2026 marks a critical turning point for cybersecurity leaders as AI-driven threats, data sovereignty mandates, and hybrid infrastructure risks reshape the CISO agenda. Discover the strategic priorities that will define tomorrow’s security posture. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/2026-cyber-predictions-accelerating-ai-data-sovereignty-and-architecture-rationalization/
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
The soft underbelly of space isn’t in orbit, it’s on the ground
Tags: cisoIn this Help Net Security interview, Äystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/oystein-thorvaldsen-ksat-space-ground-stations-security/
-
‘I Quit!’ – When CISOs Need to Take Charge of Their Careers
Security Needs to Document Risks and Push Back Against Retroactive Accountability A recent CISO resignation letter exposes a structural flaw in how organizations manage cyber risk. It shows what happens when risk is accepted quietly and accountability is enforced retroactively, and it’s a cautionary tale about why CISOs need to actively manage their careers. First…
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
-
Bedrohungsbewusstes Identity Access Management – Wie CIOs und CISOs Angriffe früh stoppen können
First seen on security-insider.de Jump to article: www.security-insider.de/wie-cios-und-cisos-angriffe-frueh-stoppen-koennen-a-5b7c92db6b62084febfb47c53cf7b07d/
-
Ro’s CISO on managing data flows in telehealth
In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/16/scott-bachand-ro-telehealth-security/
-
The Future of Network Security Policy Management in a Zero Trust World
Zero Trust has become the strategic anchor for modern cybersecurity. Every board is asking for it, every vendor claims to support it, and every CISO is under pressure to make… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/the-future-of-network-security-policy-management-in-a-zero-trust-world/