Tag: ciso
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission
Tags: ai, attack, awareness, business, ciso, compliance, corporate, country, cyber, cyberattack, cybersecurity, dora, email, germany, infrastructure, intelligence, network, nis-2, office, organized, phishing, ransomware, regulation, risk, service, skills, supply-chain, threat, trainingCSO Germany: The energy sector is increasingly becoming a target for cybercriminals. Experts and the Federal Office for Information Security (BSI) believe that protection in this area must be significantly increased. How do you assess the current situation?Reiß: The geopolitical tensions we are currently witnessing are leading to an increased threat level. This naturally also affects the heating…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
CISOs are spending big and still losing ground
Tags: cisoSecurity leaders are entering another budget cycle with more money to work with, but many still feel no safer. A new benchmark study from Wiz shows a widening gap between … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/wiz-cybersecurity-spending-priorities-report/
-
A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability
When hiring a CISO, understand the key difference between engineering and holistic security leaders. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/why-an-engineering-focused-ciso-can-be-a-liability
-
Rethinking the CIO-CISO Dynamic in the Age of AI
Enterprises Are Reimagining Org Roles, Risk Management and Skillsets in the AI Race. Organizations are beginning to reimagine how leadership roles should be structured, aligned and empowered as they grapple with regulatory pressures, the unpredictable nature of AI systems, and the need for operational resilience in an increasingly uncertain business climate. First seen on govinfosecurity.com…
-
CISOs Should Be Asking These Quantum Questions Today
Tags: cisoAs quantum quietly moves beyond lab experiment and into production workflows, here’s what enterprise security leaders should be focused on, according to Lineswala. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisos-should-be-asking-these-quantum-questions-today
-
15 years in, zero trust remains elusive, with AI rising to complicate the challenge
Legacy systems that weren’t designed for zero trust principles,Fragmented identity and access tools that make unified enforcement difficult, andCultural and organizational resistance to changing long-standing trust models.Kyle Wickert, field CTO at AlgoSec, says zero trust remains one of the most misunderstood transformations in cybersecurity.”Many organizations still hesitate to pursue it because they associate zero trust…
-
What security leaders should watch for when companies buy or sell a business
In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/05/ma-security-checklist-video/
-
What security leaders should watch for when companies buy or sell a business
In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/05/ma-security-checklist-video/
-
What security leaders should watch for when companies buy or sell a business
In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/05/ma-security-checklist-video/
-
Das CISO-Paradoxon: Innovation ermöglichen und Risiken managen
Tags: ai, api, authentication, ciso, cyberattack, edr, encryption, firewall, governance, infrastructure, least-privilege, risk, siem, soc, update, vulnerability, waf, zero-dayCISOs sollten eng mit anderen Teams zusammenarbeiten.Eine der Hauptaufgaben von CISOs besteht darin, nicht mehr die ‘Abteilung des Neins” zu sein. Sie müssen Wege finden, die schnelle Bereitstellung von Produkten und Dienstleistungen für das Unternehmen zu ermöglichen, ohne gleichzeitig neue Risiken einzuführen.Das ist, kurz gesagt, das Paradoxon. In einem Umfeld, in dem Produktteams ständig neue…
-
From feeds to flows: Using a unified linkage model to operationalize threat intelligence
Tags: access, api, attack, authentication, automation, business, ciso, cloud, compliance, container, control, corporate, credentials, cyber, cybersecurity, data, defense, exploit, finance, firewall, framework, github, government, iam, identity, infrastructure, intelligence, ISO-27001, malicious, metric, mitre, monitoring, network, nist, open-source, phishing, risk, risk-assessment, risk-management, saas, service, siem, soc, software, supply-chain, tactics, threat, tool, update, vulnerability, zero-trustwhat to watch for, but not why it matters or how it moves through your environment.The result is a paradox of abundance: CISOs have more data than ever before, but less operational clarity. Analysts are overwhelmed by indicators disconnected from context or mission relevance.Each feed represents a snapshot of a potential threat, but it does…
-
Sleepless in Security: What’s Actually Keeping CISOs Up at Night
Security headlines distract, but the threats keeping CISOs awake are fundamental gaps and software supply chain risks. Learn why basics and visibility matter most. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/sleepless-in-security-whats-actually-keeping-cisos-up-at-night/
-
Coach or mentor: What you need depends on where you are as a cyber leader
Tags: access, ai, business, ciso, cloud, compliance, control, cyber, cybersecurity, defense, government, jobs, network, programming, risk, risk-management, skills, technologyA good technical base can last decades: While mentees need the most help with aligning to the business, some argue that a technical baseline is equally as important to the role for managing technical staff and enabling business operations, particularly through innovative technologies like cloud and AI.One of those is Cynthia Madden, founder of Artemis…
-
CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap
New data shows 90% of NEDs lack confidence in cybersecurity value. CISOs and CIOs must translate cyber risk into business impact. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cisos-cios-and-boards-bridging-the-cybersecurity-confidence-gap/
-
Interview: Florence Mottay, global CISO, Zalando
Florence Mottay moved from mathematics to software engineering, and is now leading security at Zalando, a high-tech online fashion retailer First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366635298/Interview-Florence-Mottay-global-CISO-Zalando
-
Revolution der Agentic AI verändert Cybersicherheit in 2026
Die prognostizierten Trends wurden vom weltweiten Team der CISO-Advisors von KnowBe4 zusammengestellt, die über jahrzehntelange Erfahrung im Bereich Cybersicherheit verfügen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/revolution-der-agentic-ai-veraendert-cybersicherheit-in-2026/a43035/
-
Vaillant-CISO: “Starten statt Warten”
Tags: business, ciso, compliance, cyber, cyberattack, cyersecurity, dora, germany, group, international, mail, malware, nis-2, phishing, ransomware, resilience, risk, supply-chainRaphael Reiß, CISO bei Vaillant Group: “Ein moderner CISO muss nicht nur technologische Risiken managen.” Vaillant GroupDer Energiesektor gerät zunehmend in den Fokus von Cyberkriminellen. Aus Sicht von Experten und des Bundesamtes für Sicherheit in der Informationstechnik (BSI) muss der Schutz in diesem Bereich massiv erhöht werden. Wie beurteilen Sie die aktuelle Lage in Deutschland?Reiß:…
-
Vaillant-CISO: “Starten statt Warten”
Tags: business, ciso, compliance, cyber, cyberattack, cyersecurity, dora, germany, group, international, mail, malware, nis-2, phishing, ransomware, resilience, risk, supply-chainRaphael Reiß, CISO bei Vaillant Group: “Ein moderner CISO muss nicht nur technologische Risiken managen.” Vaillant GroupDer Energiesektor gerät zunehmend in den Fokus von Cyberkriminellen. Aus Sicht von Experten und des Bundesamtes für Sicherheit in der Informationstechnik (BSI) muss der Schutz in diesem Bereich massiv erhöht werden. Wie beurteilen Sie die aktuelle Lage in Deutschland?Reiß:…
-
Key questions CISOs must ask before adopting AI-enabled cyber solutions
Questions to ask vendors about their AI security offerings: There are several areas where CISOs will want to focus their attention when considering AI-powered cyber solutions, including the following:Shadow AI: Uncovering and addressing shadow AI throughout the organization is a key issue for security leaders today. But so too is ensuring that sanctioned AI-enabled solutions…
-
Key questions CISOs must ask before adopting AI-enabled cyber solutions
Questions to ask vendors about their AI security offerings: There are several areas where CISOs will want to focus their attention when considering AI-powered cyber solutions, including the following:Shadow AI: Uncovering and addressing shadow AI throughout the organization is a key issue for security leaders today. But so too is ensuring that sanctioned AI-enabled solutions…
-
Creative cybersecurity strategies for resource-constrained institutions
In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/dennis-pickett-rti-international-research-institutions-cybersecurity/
-
Creative cybersecurity strategies for resource-constrained institutions
In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/02/dennis-pickett-rti-international-research-institutions-cybersecurity/
-
Key questions CISOs must ask before adopting AI-enabled cyber solutions
Questions to ask vendors about their AI security offerings: There are several areas where CISOs will want to focus their attention when considering AI-powered cyber solutions, including the following:Shadow AI: Uncovering and addressing shadow AI throughout the organization is a key issue for security leaders today. But so too is ensuring that sanctioned AI-enabled solutions…
-
The CISO’s paradox: Enabling innovation while managing risk
Tags: access, attack, authentication, breach, business, ciso, control, data, detection, firewall, governance, identity, infrastructure, jobs, mitigation, risk, service, threat, tool, vulnerability, waf, zero-daySet risk tolerances and guardrails: Teams slow down when they are unsure how to proceed. Take away some of the decision-making and ensure an integration of authentication, authorization and accounting into the development process. For authentication, establish and leverage enterprise identity management solutions rather than allowing the development of accounts written to databases that can…
-
12 signs the CISO-CIO relationship is broken, and steps to fix it
The CIO-CISO relationship matters: The CIO and CISO need to have a strong relationship for either of them to succeed, says MK Palmore, founder and principal adviser for advisory firm Apogee Global RMS and a former director in the Office of the CISO at Google Cloud.”It’s critical that those in these two positions get along…
-
Empathetic policy engineering: The secret to better security behavior and awareness
Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, trainingIn many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…
-
Social data puts user passwords at risk in unexpected ways
Many CISOs already assume that social media creates new openings for password guessing, but new research helps show what that risk looks like in practice. The findings reveal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/28/research-social-media-password-risk/
-
Empathetic policy engineering: The secret to better security behavior and awareness
Tags: awareness, business, ciso, cyberattack, cybersecurity, data, framework, group, phishing, regulation, risk, risk-assessment, strategy, threat, trainingIn many companies, IT security guidelines encounter resistance because employees perceive them as obstructive or impractical. This makes implementation difficult, undermines effectiveness, and strains collaboration between the security department and business units.As a result, instead of being seen as a partner, cybersecurity is often perceived as a hindrance, a fatal security risk. For CISOs, this…