Tag: ciso
-
The “Analog Panic Button”: What The Pitt Gets Right (and Wrong) About Hospital Cyber Resilience
When ransomware hits a hospital, shutting everything down isn’t resilience. Learn how healthcare CISOs prevent hospital-wide outages with identity security, network segmentation validation, and CTEM. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-analog-panic-button-what-the-pitt-gets-right-and-wrong-about-hospital-cyber-resilience/
-
How to Bring Zero Trust to the Data Stream Blog – Menlo Security
Zero Trust isn’t complete until it reaches the file. Learn why CISOs are adopting CDR to eliminate zero-day risks and secure content across every channel. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-bring-zero-trust-to-the-data-stream-blog-menlo-security/
-
How the CISO’s Role is Evolving From Technologist to Chief Educator
Today’s CISO is a strategic leader responsible for risk communication, security culture, education, and executive alignment. Technical expertise remains essential, but influence, clarity, and leadership now define success. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-the-cisos-role-is-evolving-from-technologist-to-chief-educator/
-
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
Tags: access, attack, authentication, awareness, ciso, control, cybersecurity, defense, detection, intelligence, jobs, monitoring, risk, soc, threat, tool, trainingThe evidence is already in: This isn’t a theoretical complaint, it shows up in research on how real SOCs work. A study by the University of Oxford based on surveys and interviews with SOC practitioners found they “confirmed the high” false-positive rates of tools in use, and that many “false positives” are actually benign triggers…
-
Compliance ohne Vollzeit-CISO und teure Zertifizierung – Minimum Viable Security für KMU: Schutz mit minimalen Ressourcen
First seen on security-insider.de Jump to article: www.security-insider.de/minimum-viable-security-kmu-compliance-ohne-ciso-a-b46c5899900fbb26d7929ca29fc6bd48/
-
It’s an East-West, North-South Thing: ColorTokens and Netskope Have You Covered from All Directions
If you’re a security architect or CISO, these famous words of Lt. General Lewis “Chesty” Puller may hold visceral meaning for you: “We’ve been looking for the enemy for some time now. We’ve finally found him. We’re surrounded.” You, too, are surrounded by a smart and aggressive adversary who is constantly probing your defenses, seeking……
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
Boards don’t need cyber metrics, they need risk signals
Tags: access, advisory, ai, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, framework, governance, intelligence, metric, phishing, riskThe seduction of counting: Even when metrics are not too technical and align with business impact, another problem emerges: What gets counted can crowd out what matters.Wendy Nather, a longtime CISO who is now an advisor at EPSD, cautions against equating measurement with understanding. “When you are reporting to the board, there are some things…
-
The Coming Regulatory Wave for AI Agents Their APIs
Tags: access, ai, api, attack, ciso, compliance, control, corporate, data, endpoint, finance, framework, governance, guide, infrastructure, leak, monitoring, regulation, risk, toolFor the past two years, the adoption of Generative AI has felt like a gold rush. Organizations raced to integrate Large Language Models and build autonomous agents to assist employees. They often bypassed standard governance processes in the name of speed and innovation. That era of unrestricted experimentation is rapidly drawing to a close. A…
-
In the AI era, CISOs worry about data leaks and doubt tech will solve skills gaps
CISOs see AI as necessary but insufficient and fraught with risks, a new report found. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/in-the-ai-era-cisos-worry-about-data-leaks-and-doubt-tech-will-solve-skill/812964/
-
Identity-First AI Security: Why CISOs Must Add Intent to the Equation
AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/identity-first-ai-security-why-cisos-must-add-intent-to-the-equation/
-
Why CISOs should prioritize continuous controls monitoring in 2026
In a recent roundup of strategic initiatives for CISOs, I argued that continuous assurance is the 2026 operating model. Across all ten initiatives, the pattern was clear. Security is no longer being evaluated by effort, it’s being evaluated by outcomes. Boards, customers, and regulators are no longer asking what tools you deployed or how busy…The…
-
It’s time to rethink CISO reporting lines
Tags: ai, business, ceo, cio, ciso, control, cyber, data, governance, infrastructure, jobs, risk, threat, vulnerabilityWhat’s in a reporting line?: Aaron Painter, CEO of security vendor Nametag, contends that reporting structures often mean less than the respect the CISO is granted.Painter is “less dogmatic about where the CISO reports and more focused on whether they actually have a seat at the table,” he says.”Org charts matter far less than influence,”…
-
Anthropic’s Claude Code Security rollout is an industry wakeup call
Anchors security posture to the model: However, those assurances didn’t make all concerns evaporate. “The moment those vibe coders plug a foundation model into their CI pipeline, their entire security posture is no longer anchored only to the company’s code,” I-Gentic AI CEO Zahra Timsah pointed out.”It is anchored to the current behavior of that model.…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
Moving From Anomalies to Connections in Fraud Defense
Shared Network Intelligence Adds Ecosystem Visibility to AI Models. Fraudsters collaborate, but most banks still detect fraud alone. This imbalance has defined fraud prevention for years. Now CISOs and fraud practitioners are rethinking their approach using network intelligence signals. Network intelligence shifts the lens by focusing on relationships across banks. First seen on govinfosecurity.com Jump…
-
The hidden security cost of treating labs like data centers
In this Help Net Security interview, Rich Kellen, VP, CISO at IFF, explains why security teams should not treat OT labs like IT environments. He discusses how compromise can … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/rich-kellen-iff-ot-lab-cybersecurity/
-
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/22/week-in-review-firmware-level-android-backdoor-found-on-tablets-dell-zero-day-exploited-since-2024/
-
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness.EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential…
-
TDL 016 – Speed, Risk, and Responsibility in the Age of AI – Rafael Ramirez
Tags: access, ai, antivirus, automation, awareness, business, ciso, cloud, control, country, cyber, data, defense, detection, dns, firewall, governance, government, hacker, ibm, incident response, intelligence, Internet, law, linkedin, login, mfa, microsoft, network, risk, saas, service, skills, software, startup, strategy, technology, threat, tool, training, update, vulnerability, windows, zero-trustSummary In a recent episode of The Defenders Log, host David Redekop sat down with cyber security expert Rafael Ramirez to navigate the rapidly shifting landscape of AI security. As we move deeper into 2026, the duo explored how artificial intelligence has evolved from simple chatbots into powerful, autonomous “agentic” systems. The Double-Edged Sword of…
-
How Enterprise CISOs Design Their Cyber Risk Management Strategy
Tags: ai, business, ciso, cyber, cybersecurity, finance, regulation, risk, risk-management, strategy<div cla For today’s CISOs, enterprise cyber risk management is no longer a technical exercise. It’s a leadership mandate that sits at the intersection of security, business risk, regulation, and executive accountability. Aligning proactive cybersecurity risk management strategies with the business’s overall risk posture is an ongoing, necessary process. A lack of alignment between cybersecurity…
-
PayPal launches latest struggle to get rid of SMS for MFA
Tags: authentication, ceo, ciso, communications, compliance, cybersecurity, email, finance, fraud, government, group, login, mfa, mobile, nfc, passkey, password, phishing, risk, service, strategy, switch, updateMuddled effort, mixed messages Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says he’s “always found it odd” that PayPal still supports SMS as its primary secondary authentication factor.”Everyone in financial services and government has abandoned it for not being sufficiently secure and are moving to even phishing-resistant authentication, such as passkeys, Yubikeys,” he…
-
The CISO view of fraud risk across the retail payment ecosystem
In this Help Net Security interview, Paul Suarez, VP and CISO at Casey’s, explains how his team manages patching and upgrades for fuel payment systems with long hardware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/20/paul-suarez-caseys-convenience-store-payment-fraud/
-
10 Passwordless-Optionen für Unternehmen
Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen. Wir zeigen Ihnen zehn. Passwörter sind seit Jahrzehnten der Authentifizierungsstandard für Computersysteme, obwohl sie sich immer wieder aufs Neue als anfällig für diverse Cyberangriffsformen erwiesen haben und kompromittierte Benutzerkonten auf regelmäßiger Basis zum Einfallstor für kriminelle Hacker werden. Ein Mittel für CISOs, um diesem Problem…
-
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal entities but can be exploited to bypass Data Loss Prevention (DLP) policies, as seen in…
-
Identität ist der Zugangsweg, Daten sind das Ziel
Tags: cisoZu der Arbeit an einem modernen PC-Arbeitsplatz gehört heute der Umgang mit mehreren persönlichen Benutzerkonten genauso selbstverständlich dazu wie Maus und Tastatur. In Unternehmen stehen CISOs und IT-Mitarbeiter deshalb vor der Aufgabe, immer mehr Benutzeridentitäten verwalten und umfassend absichern zu müssen. Doch damit nicht genug: Sie sind auch dafür verantwortlich, Ordnung in rasant wachsende Datenmengen……
-
Cybersicherheit braucht Reife und keine Checklisten
Wenn CISOs stärkere Programme, bessere Widerstandsfähigkeit und eine sicherere Zukunft wollen, müssen sie ihren Ansatz weiterentwickeln.Cybersicherheit wird oft wie ein Spiel behandelt. Unternehmen jagen schnellen Erfolgen hinterher, haken Compliance-Listen ab oder klopfen sich nach einem einzigen erfolgreichen Audit selbst auf die Schulter. Auf dem Papier mag das produktiv aussehen, aber in Wirklichkeit schafft es ein…