Tag: training
-
A scorecard for cyber and risk culture
Tags: access, automation, awareness, breach, business, compliance, control, credentials, cyber, finance, governance, identity, jobs, metric, mitigation, phishing, risk, service, strategy, tool, trainingWhen someone asks for an exception.When a change goes in late.When an alert fires at 2 a.m.When a junior analyst spots something odd and wonders if it’s worth escalating.When an executive wants speed, and the team wants safety. Ownership means people act like the risk is partly theirs. They don’t outsource judgment to “security.” They…
-
How CISOs can build a resilient workforce
Tags: ai, automation, ciso, communications, cyber, cybersecurity, data, infrastructure, jobs, monitoring, network, risk, service, skills, soc, software, strategy, technology, threat, tool, trainingBurnout leads to job dissatisfaction: Burnout is an ongoing concern for many CISOs and their teams, especially when unpredictable events can trigger workload spikes, burnout can escalate fast. “It’s something that can overwhelm pretty quickly,” Ford says.Industry surveys continue to flash red on persistent burnout that leads to job dissatisfaction. The ISC2 study found almost…
-
Microsoft boss on AI content: ‘Nobody wants anything that is sloppy’
Sometimes the ‘S’ word slips through even the best media training First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/microsoft_boss_on_ai_content/
-
Former Air Force officer arrested for conspiring with hacker to provide flight training to Chinese military
Gerald Eddie Brown, 65, was arrested in Jeffersonville, Indiana on Thursday after spending nearly three years living in China and allegedly providing combat aircraft training to pilots in the Chinese Air Force. First seen on therecord.media Jump to article: therecord.media/former-air-force-officer-arrested-for-working-with-hacker-flight-training-china
-
SMBs Struggle to Translate Cybersecurity Investment into Real-World Resilience, Study Finds
Small and medium-sized businesses (SMBs) continue to face significant cyber risk despite growing investment in cybersecurity tools and training, according to new research from privacy company Proton AG. The company’s SMB Cybersecurity Report 2026, based on a survey of 3,000 business leaders across six global markets, including the UK, found that one in four SMBs…
-
US artificial intelligence developers accuse Chinese firms of stealing their data
Artificial intelligence developers are accusing Chinese firms of stealing their intellectual property following a spate of ‘distillation attacks’, despite their own alleged theft of training data First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639367/US-artificial-intelligence-developers-accuse-Chinese-firms-of-stealing-their-data
-
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
Tags: access, attack, authentication, awareness, ciso, control, cybersecurity, defense, detection, intelligence, jobs, monitoring, risk, soc, threat, tool, trainingThe evidence is already in: This isn’t a theoretical complaint, it shows up in research on how real SOCs work. A study by the University of Oxford based on surveys and interviews with SOC practitioners found they “confirmed the high” false-positive rates of tools in use, and that many “false positives” are actually benign triggers…
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Poisoning AI Training Data
All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot dogs.” Every word is a lie. I claimed (without evidence) that competitive hot-dog-eating is a popular hobby among tech reporters and based my…
-
Anthropic Facing Allegations from Musk Over Large”‘Scale Data Misuse
Tech billionaire Elon Musk has publicly condemned the artificial intelligence firm Anthropic, accusing the company of massive data theft and hypocrisy. This confrontation follows Anthropic’s recent claims that competing Chinese artificial intelligence models unlawfully extracted training data from its flagship Claude model. The Distillation Controversy Earlier this week, Anthropic published a report accusing Chinese AI…
-
TDL 016 – Speed, Risk, and Responsibility in the Age of AI – Rafael Ramirez
Tags: access, ai, antivirus, automation, awareness, business, ciso, cloud, control, country, cyber, data, defense, detection, dns, firewall, governance, government, hacker, ibm, incident response, intelligence, Internet, law, linkedin, login, mfa, microsoft, network, risk, saas, service, skills, software, startup, strategy, technology, threat, tool, training, update, vulnerability, windows, zero-trustSummary In a recent episode of The Defenders Log, host David Redekop sat down with cyber security expert Rafael Ramirez to navigate the rapidly shifting landscape of AI security. As we move deeper into 2026, the duo explored how artificial intelligence has evolved from simple chatbots into powerful, autonomous “agentic” systems. The Double-Edged Sword of…
-
Must-Have Investments for Security-Aware Productive Teams
Explore must-have investments that boost team security, productivity, and collaboration with the right tools, training, and infrastructure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/must-have-investments-for-security-aware-productive-teams/
-
NDSS 2025 Try to Poison My Deep Learning Data? Nowhere To Hide Your Trajectory Spectrum!
Session 12D: ML Backdoors Authors, Creators & Presenters: Yansong Gao (The University of Western Australia), Huaibing Peng (Nanjing University of Science and Technology), Hua Ma (CSIRO’s Data61), Zhi Zhang (The University of Western Australia), Shuo Wang (Shanghai Jiao Tong University), Rayne Holland (CSIRO’s Data61), Anmin Fu (Nanjing University of Science and Technology), Minhui Xue (CSIRO’s…
-
How synthetic data can help solve AI’s data crisis
As AI demand outpaces the availability of high-quality training data, synthetic data offers a path forward. We unpack how synthetic datasets help teams overcome data scarcity to build production-ready AI. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-synthetic-data-can-help-solve-ais-data-crisis/
-
HackerOne ‘updating’ Ts&Cs after bug hunters question if they’re training AI
CEO lauds security researchers, insists they’re not ‘inputs’ First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/hackerone_ai_policy/
-
A new approach for GenAI risk protection
Solution 1: GenAI enterprise model: Implement enterprise licenses for approved GenAI solutions (such as ChatGPT Enterprise or Microsoft CoPilot 365, which is integrated into existing O365 tenants). Enterprise GenAI solutions typically include a robust set of built-in security tools that allow organizations to secure their data and implement DLP controls within the enterprise GenAI solution…
-
The new paradigm for raising up secure software engineers
Tags: ai, application-security, awareness, ceo, ciso, compliance, control, cyber, data, governance, login, risk, skills, software, threat, tool, training, vulnerabilityThreat modeling as a core competency: This system-level thinking should also elevate the need for greater developer fluency in threat modeling, says Yasar. He notes that threat modeling has historically been difficult for product security and engineering teams to operationalize at scale. One of the longstanding barriers to practical threat modeling was the knowledge required…
-
Next Gen Spotlights: Trailblazing A Mindful, People-First Approach to Cyber QA with Cyber Innovations Ltd.
Cyber Innovations is a UK-based cyber company specialising in human-centred cyber resilience. Cyber Innovations have developed research-backed training, tools and frameworks designed to help organisations respond more effectively to cyber incidents, while reducing cognitive overload, limiting human error and minimising longer-term impacts on staff wellbeing. Cyber Innovation’s early work, particularly the development of CyGamBIT, was…
-
CISO Julie Chatman offers insights for you to take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…
-
CISO Julie Chatman offers insights for you to take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…
-
Finding a common language around risk
Tags: ceo, cio, ciso, corporate, cyber, cybersecurity, defense, framework, governance, guide, intelligence, lessons-learned, metric, monitoring, phishing, ransomware, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, training, updateBuilding one culture from three languages: The Organizational Risk Culture Standard (ORCS) offers something most frameworks miss: it treats culture as the foundation, not the afterthought. You can’t bolt culture onto existing processes and call it done. Culture is how people actually think about risk when no one is watching. It’s the shared beliefs that…
-
CISO Julie Chatman wants to help you take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…
-
NDSS 2025 Diffence: Fencing Membership Privacy With Diffusion Models
Session 12C: Membership Inference Authors, Creators & Presenters: PAPER Yuefeng Peng (University of Massachusetts Amherst), Ali Naseh (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst) Deep learning models, while achieving remarkable performances across various tasks, are vulnerable to membership inference attacks (MIAs), wherein adversaries identify if a specific data point was part of…
-
NDSS 2025 Diffence: Fencing Membership Privacy With Diffusion Models
Session 12C: Membership Inference Authors, Creators & Presenters: PAPER Yuefeng Peng (University of Massachusetts Amherst), Ali Naseh (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst) Deep learning models, while achieving remarkable performances across various tasks, are vulnerable to membership inference attacks (MIAs), wherein adversaries identify if a specific data point was part of…
-
NDSS 2025 Density Boosts Everything
Tags: ai, attack, conference, cybersecurity, detection, Internet, malware, military, network, resilience, strategy, trainingSession 12B: Malware Authors, Creators & Presenters: Jianwen Tian (Academy of Military Sciences), Wei Kong (Zhejiang Sci-Tech University), Debin Gao (Singapore Management University), Tong Wang (Academy of Military Sciences), Taotao Gu (Academy of Military Sciences), Kefan Qiu (Beijing Institute of Technology), Zhi Wang (Nankai University), Xiaohui Kuang (Academy of Military Sciences) PAPER Density Boosts Everything:…