Your search keyword '"CISO"' showing total 33 results

1. 4 cybersecurity trends to watch in 2025.

Author

Jones, David and Kapko, Matt

Subjects

DATA privacy, INFORMATION technology, CHIEF risk officers, MULTI-factor authentication, BLACK swan theory, RANSOMWARE

Abstract

The article "4 cybersecurity trends to watch in 2025" highlights the challenges and trends in the cybersecurity industry. It discusses the proliferation of single points of failure in IT systems, the evolving regulatory landscape impacting CISOs, and ongoing attacks on U.S. telecom networks. The role of the CISO is also evolving, with increased focus on risk mitigation and compliance. The article emphasizes the need for businesses to address vulnerabilities and adapt to the changing cybersecurity landscape. [Extracted from the article]

Published

2025

2. T-Mobile undeterred as telecom sector reels from attack campaign.

Author

Kapko, Matt

Subjects

INFRASTRUCTURE (Economics), TELECOMMUNICATION systems, MULTI-factor authentication, 4G networks, TELECOMMUNICATION

Abstract

T-Mobile has faced multiple cybersecurity breaches, including a significant data breach in 2021 that exposed personal data of millions. Despite this, T-Mobile successfully prevented a recent attack by a threat group linked to China, known as Salt Typhoon, from accessing sensitive customer data. T-Mobile's Chief Security Officer credited their revamped internal cybersecurity efforts for deterring the attacker. The company has made significant investments in cybersecurity, including implementing multifactor authentication to prevent credential theft, showcasing a commitment to improving cybersecurity measures. [Extracted from the article]

Published

2024

3. Who should be in the room when purchasing cyber insurance?

Author

Hedberg, Peter

Subjects

CYBERTERRORISM, ELECTRONIC commerce, RANSOMWARE, INFORMATION technology, INFORMATION superhighway

Abstract

The article emphasizes that cybersecurity should take the lead when evaluating cyber insurance policies. Topics include the importance of strong security controls and an incident-response plan in mitigating risks and improving insurability, the growing trend of organizations enhancing their security measures to meet insurer requirements, and the crucial role of the Chief Information Security Officer (CISO) in evaluating and selecting cyber insurance policies.

Published

2024

4. UnitedHealth Group names new CISO 8 months after massive ransomware attack.

Author

Kapko, Matt

Subjects

INTERNET security, DATA protection

Abstract

The article focuses on UnitedHealth Group's appointment of a new Chief Information Security Officer following a major ransomware attack, with topics including cybersecurity leadership, improved data protection measures, and strategies for incident response.

Published

2024

5. CISOs are gaining influence among corporate leadership.

Author

Jones, David

Subjects

LEADERSHIP, INTERNET security, CHIEF executive officers, EXECUTIVES, INVESTMENTS

Abstract

The article offers information on the increasing influence of Chief Information Security Officers (CISOs) within corporate leadership as organizations prioritize cybersecurity risk management. Topics include the growing participation of CISOs in strategic technology discussions; the trend of CISOs reporting directly to CEOs; and the evolving role of cybersecurity in shaping companies' technology investments and compliance with regulatory requirements.

Published

2024

6. Majority of global CISOs want to split roles as regulatory burdens grow.

Author

Jones, David

Subjects

CHIEF information officers, COMPUTER hackers, COMPUTER security, COMPUTER crimes, COMPUTER networks

Abstract

The article offers information on the growing consensus among Chief Information Security Officers (CISOs) that their roles should be divided into two separate positions due to increasing regulatory and financial responsibilities. Topics include insights from a recent Trellix and Vanson Bourne report indicating that a majority of CISOs advocate for a technical security role and a compliance-focused position, as well as concerns about heightened personal liability from regulatory changes.

Published

2024

7. CISOs, C-suite remain at odds over corporate cyber resilience.

Author

Jones, David

Subjects

INFORMATION technology, SENIOR leadership teams, INTERNET security, EXECUTIVES

Abstract

The article focuses on the challenges security and IT (information technology) executives encounter in conveying cyber resilience strategies to C-suite leadership, following the SEC's (U.S. Securities and Exchange Commission) vote on incident disclosure. It highlights a significant perception gap, with technology leaders viewing cybersecurity as a critical risk, while business executives prioritize other concerns, resulting in limited CISO involvement in strategic planning.

Published

2024

8. Microsoft names deputy CISOs, flushes dead accounts as part of internal security overhaul.

Author

Jones, David

Subjects

INTERNET security, CORPORATE reorganizations, CHIEF information officers, INTERNAL security

Abstract

The article reports on the launch of a Cybersecurity Governance Council by Microsoft as part of a restructuring of its internal security culture following a report from the federal Cyber Safety Review. Topics include duty of the council, the naming of 13 deputy chief information security officers (CISOs) by Microsoft that will be responsible for specific product segments within the company, and internal changes detailed by Microsoft to reduce risk in its cloud and production environment.

Published

2024

9. Kevin Mandia's 5 question confidence test for CISOs.

Author

Kapko, Matt

Subjects

CHIEF information officers, SECURITY management, DIGITAL currency, EXECUTIVES

Abstract

The article presents the discussion on Kevin Mandia's advice to CEOs and boards on evaluating the effectiveness of their Chief Information Security Officers (CISOs), emphasizing the importance of having a security-minded CISO for a strong security program. Topics include Mandia's perspective on the challenges of cybersecurity, the asymmetric nature of cyberthreats; and the five questions he developed to help executives gauge their CISO's capabilities.

Published

2024

10. 3 tips to building a robust AI security strategy.

Author

Chuvakin, Anton

Subjects

ARTIFICIAL intelligence, INTERNET security, DATA encryption, RISK assessment, SECURITY management

Abstract

The article focuses on building a comprehensive Artificial Intelligence (AI) security strategy. Topics include implementing guardrails with human oversight and technical controls, prioritizing security architecture and technical measures to protect AI, and developing a robust cyber strategy to address evolving threats.

Published

2024

11. 3 CIO lessons for maximizing cybersecurity investments.

Author

Wilkinson, Lindsey

Subjects

CHIEF information officers, INTERNET security, RATE of return, SENIOR leadership teams, ORGANIZATIONAL change

Abstract

The article focuses on three critical lessons for CIOs (Chief Information Officer) to maximize cybersecurity investments, emphasizing the importance of taking stock of existing assets, identifying gaps, and clearly demonstrating the value of investments. It highlights how, despite increasing awareness of cybersecurity risks, tech leaders must still effectively communicate the Return on Investment of their investments to the C-suite to secure necessary resources and drive organizational change.

Published

2024

12. Microsoft Deputy CISO recounts responding to the CrowdStrike outage.

Author

Kapko, Matt

Subjects

COMPUTER software, INTERNET security, SUPPLY chains

Abstract

The article focuses on Microsoft Deputy CISO Ann Johnson's experience responding to a major information technology (IT) outage caused by a CrowdStrike software update. Topics include the collective industry effort to resolve the crisis, the importance of collaboration across competitors during such events, and Johnson's reflections on the resilience and power of the cybersecurity community in overcoming adversity.

Published

2024

13. Are cybersecurity professionals OK?

Author

Kapko, Matt

Subjects

PROFESSIONAL employees, INTERNET security, JOB stress, PSYCHOLOGICAL burnout, MENTAL health, PSYCHOLOGICAL adaptation, CYBERTERRORISM

Abstract

The article offers a look at the personal tools of the job of cybersecurity professionals. Topics discussed include stress and burnout brought by cybersecurity work, the need for cybersecurity professionals to separate their personal lives from their job, coping mechanisms such as personal therapy and seeking mental health assistance, and maintaining the right balance with a reflective perspective to deal with the psychologically impact of cyberattacks.

Published

2024

14. SolarWinds legal ruling expected to narrow, but maintain SEC oversight on cyber transparency.

Author

Jones, David

Subjects

FRAUD, INTERNET security, PUBLIC companies

Abstract

The article reports that a federal court's decision to dismiss most civil fraud charges against SolarWinds could influence the U.S. Securities and Exchange Commission (SEC's) approach to regulating cyber risk disclosures. Topics include the implications for SolarWinds and its CISO, the potential limitations on SEC enforcement, and the broader impact on cybersecurity transparency requirements for public companies.

Published

2024

15. CrowdStrike CEO's quick apology stands out in an industry rife with deflection.

Author

Kapko, Matt

Subjects

INTERNET security, SUPPLY chains, COMPUTER security

Abstract

The article discusses CrowdStrike Chief Executive Officer George Kurtz's rare and heartfelt apology for a software update that caused a global IT outage. Topics include the unusual transparency and apology from CrowdStrike executives in response to a major industry crisis; the significant damage to the company's reputation and the broader impact on the global economy; and the potential lessons for the cybersecurity industry regarding accountability and crisis management.

Published

2024

16. What does your CEO need to know about cybersecurity?

Author

Miller, Jen A.

Subjects

CHIEF executive officers, INTERNET security, CYBERTERRORISM, CORPORATE governance, NATIONAL security

Abstract

The article focuses on the heightened accountability of CEOs (chief executive officers) in cybersecurity, emphasizing their evolving role in mitigating risks and ensuring resilience against cyber threats. It underscores the shift where CEOs are expected to integrate cybersecurity into business strategy and face legal repercussions for breaches, reflecting broader implications for corporate governance and national security.

Published

2024

17. Snowflake allows admins to enforce MFA as breach investigations conclude.

Author

Kapko, Matt

Subjects

MULTI-factor authentication, CYBERTERRORISM, DATA warehousing, INTERNET security

Abstract

The article focuses on a cloud-based data warehousing company, Snowflake's recent security policy changes regarding multifactor authentication (MFA) following targeted attacks on customer environments. It highlights Snowflake's decision to give administrators greater control over MFA enforcement without making it mandatory, reflecting a strategic response to recent incidents.

Published

2024

18. As CISOs grapple with the C-suite, job satisfaction takes a hit.

Author

Poremba, Sue

Subjects

JOB satisfaction, INTERNET security, CHIEF information officers, CYBERTERRORISM, WAGES

Abstract

The article focuses on the critical issue of job satisfaction among Chief Information Security Officers (CISOs), highlighting its direct correlation with their access to organizational leadership. It discusses how despite lucrative salaries, many CISOs are considering job changes due to feeling scapegoated for cyber incidents and compliance failures. It emphasizes the importance of integrating CISOs into board-level discussions to enhance organizational cybersecurity resilience.

Published

2024

19. Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation.

Author

Jones, David

Subjects

INTERNET security, GOVERNMENT agencies, ADMINISTRATIVE law

Abstract

The article focuses on the implications of the U.S. Supreme Court's decision to overturn the Chevron doctrine on cybersecurity regulation. Topics include potential legal challenges to recent cybersecurity measures, impacts on the Cyber Incident Reporting for Critical Infrastructure Act, and the need for federal agencies to seek more explicit authority from Congress when creating future cybersecurity regulations.

Published

2024

20. What we know about the Snowflake customer attacks.

Author

Kapko, Matt

Subjects

CYBERTERRORISM, MALWARE, DATA warehousing, IDENTIFICATION documents

Abstract

The article focuses on a wave of cyberattacks targeting a cloud-based data warehousing platform, Snowflake customer environments over the past two months. It is reported that these attacks have affected at least 100 confirmed Snowflake customers, with approximately 165 businesses potentially exposed. It is further noted that the attacks involve stolen credentials obtained from malware infections on non-Snowflake systems rather than vulnerabilities within Snowflake's own systems.

Published

2024

21. Few CFOs control cybersecurity budgets.

Author

Sadovi, Maura Webber

Subjects

INTERNET security, CYBERTERRORISM, CHIEF financial officers, EXECUTIVES, BUDGET

Abstract

The article delves into the dynamics of cybersecurity budget allocation within companies, highlighting the roles of different executives, particularly CFOs (chief financial officer) and tech executives. It reveals that while cybersecurity budgets often fall under the purview of tech executives, there's a growing argument for CFOs to take a more active role due to the financial implications of cyberattacks.

Published

2024

22. White House wants to harmonize the breadth of cybersecurity regulations.

Author

Jones, David

Subjects

INTERNET security, PRIVATE sector, DISCLOSURE, RECIPROCITY (International law)

Abstract

The article reports that the Joe Biden administration unveiled a plan to harmonize various cybersecurity regulations across federal, state, and international levels to enhance cyber resilience in the private sector and critical infrastructure. Topics include simplifying the reporting process to reduce duplicate disclosure requirements, developing a pilot reciprocity framework to streamline administrative burdens, and seeking legislative support to address regulatory redundancies.

Published

2024

23. CISOs under pressure from boards to downplay cyber risk: study.

Author

Jones, David

Subjects

LAW enforcement, INFORMATION technology, INTERNET security, CORPORATE directors, DATA security failures

Abstract

The article focuses on the pressure that Chief Information Security Officers (CISOs) and Information Technology (IT) security leaders face from corporate boards to downplay cyber risk severity. Topics include the tension between corporate executives and security operations, regulatory requirements for disclosing cyber incidents, and differing views on board pressure and alignment between CISOs and company executives.

Published

2024

24. Popular LLMs are insecure, UK AI Safety Institute warns.

Author

Wilkinson, Lindsey

Subjects

LANGUAGE models, INTERNET security, BUSINESS enterprises, VENDORS (Real property), ARTIFICIAL intelligence

Abstract

The article reports that large language models (LLMs) lack effective built-in safeguards against basic jailbreaks and can produce harmful outputs even without dedicated attempts to bypass their protections, according to research from the UK AI Safety Institute. Topics include the rising security concerns as AI becomes more prevalent in enterprise technology, the need for internal safeguards alongside vendor-embedded safety measures, and government-led initiatives to enhance AI safety testing.

Published

2024

25. Cybersecurity leaders expect their SOC budgets to grow, KPMG finds.

Author

Sadovi, Maura Webber

Subjects

INTERNET security, BREACH of contract

Abstract

The article presents the discussion on cybersecurity leaders reported their security operations center was hit by a recent cyberattack that led to a security breach including security leaders spend SOC money showing the allocations of the SOC budget spread across center's activities.

Published

2024

26. What is success in cybersecurity? Failing less.

Author

Kapko, Matt

Subjects

INTERNET security, INVESTMENTS, CYBERTERRORISM, BUSINESS enterprises, ASSOCIATIONS, institutions, etc.

Abstract

The article delves into the concept of success in cybersecurity, emphasizing the importance of mitigating risks and minimizing the impact of incidents rather than striving for complete prevention. It discusses the evolving nature of cyber threats and the need for organizations to focus on response strategies, investments in defense, and demonstrating the value of cybersecurity efforts to the broader business.

Published

2024

27. The art of threat modeling: 3 frameworks to know.

Author

Dupre, William

Subjects

COMPUTER network security, CYBERTERRORISM, COMPUTER operating systems, COMPUTER simulation, SIMULATION methods & models

Abstract

The author discusses security threats that could impact systems of organizations and explores threat modeling that may be used to identify exposures and mitigations in a system. He tackles the concept of threat modeling. He explains how to use the three threat models, which includes STRIDE and LINDDUN. He offers tips when considering who to involve in threat modeling.

Published

2024

28. Cybersecurity jobs pay well, but gender disparities persist.

Author

Kapko, Matt

Subjects

INTERNET security, MINIMUM wage, EMPLOYEE seniority, LABOR supply, GENDER wage gap

Abstract

The article focuses on the financial landscape of U.S. cybersecurity jobs, highlighting significant pay disparities between genders despite strong average annual salaries. Topics include the average annual base salary of 147,138, U.S. dollars the variations in salaries across different seniority levels, and the lasting gender pay gaps persisting in the cybersecurity sector.

Published

2024

29. CISO role shows significant gains amid corporate recognition of cyber risk.

Author

Jones, David

Subjects

INTERNET security, SECURITY management, CORPORATE governance, RISK assessment, BUSINESS enterprises

Abstract

The article highlights the rising importance of Chief Information Security Officers (CISOs) and senior cybersecurity executives within companies, as revealed by a report from Moody's Ratings. It discusses the increasing direct reporting of cybersecurity managers to top-level company executives, particularly CEOs, and the greater scrutiny faced by CISOs following recent high-profile cyberattacks.

Published

2024

30. How CISO salaries are faring as businesses ask more of security.

Author

Poremba, Sue

Subjects

CHIEF information officers, WAGES, INTERNET security, ORGANIZATIONAL transparency, COMPENSATION (Law)

Abstract

The article focuses on the salaries of Chief Information Security Officers (CISOs), highlighting their significant compensation packages, often surpassing six figures, and the increasing importance of their role within organizations due to cybersecurity risks. Topics include the impact of technical skills on salary, the influence of salary transparency laws on compensation trends, and the ongoing challenge of recognizing the value of security in relation to compensation.

Published

2024

31. AWS CISO: Generative AI is just a tool, 'not a magic wand'.

Author

Kapko, Matt

Subjects

GENERATIVE artificial intelligence, LEADERSHIP, SECURITY management

Abstract

The article discusses Amazon Web Services Chief Information Security Officer Chris Betz's perspective on generative Artificial Intelligence (AI) in cybersecurity, emphasizing its role as a tool rather than a magical solution. Topics include security tools, cloud technology use, and leadership strategies in navigating the potential of generative AI in the industry.

Published

2024

32. Why Okta is overhauling its priorities, culture around security.

Author

Kapko, Matt

Subjects

INTERNET security, CYBERTERRORISM, CLIENTS, RESOURCE management

Abstract

The article focuses on Okta's decision to overhaul its priorities and culture around security due to a series of attacks targeting both the company and its customers' environments since 2022. It reports that Okta executives have paused product development and redirected resources to prioritize security following a significant attack on its support portal in September, which exposed all of its customer support system clients, guiding the company's path forward.

Published

2024

33. Okta, with a bruised reputation, rethinks security from the top down.

Author

Kapko, Matt

Subjects

SECURITY systems, CYBERTERRORISM, INTERNET security, SECURITY personnel, COMPUTER hackers

Abstract

The article discusses Okta's efforts to revamp its security measures and rebuild its reputation following a series of cyberattacks, with Okta's Chief Security Officer, David Bradbury, acknowledging shortcomings in their previous security approach. Topics include Okta's security enhancements, challenges in balancing security and identity services, and the company's commitment to improved internal defenses and customer security.

Published

2024