Tag: CISO Series

The Future of Attack Surface Management with NetSPI

With rapid development and agile methodologies, attack surfaces are dynamically changing along with code and infrastructure. Continuous monitoring and human-augmented analysis can help protect your organization’s internet-facing assets, argues Nabil […] The post The Future of Attack Surface Management with…

I Don’t Want Insider Risk. You Take It.

We know insider risks represent a major attack surface for any organization, but who should own insider risk management? HR, security, legal? This week’s episode is hosted by me, David […] The post I Don’t Want Insider Risk. You Take…

Revolutionizing SOC Automation with Large Language Models

Automation in the SOC is experiencing a seismic shift, going from basic, rule-based robotic automation to the sophisticated capabilities of large language models. Edward Wu, CEO and founder, Dropzone AI, […] The post Revolutionizing SOC Automation with Large Language Models…

Telling Stories with Security Metrics

We know that storytelling is a key to communicating risk to the business. How do we integrate metrics to help us tell those stories? Check out this post for the […] The post Telling Stories with Security Metrics appeared first…

Getting Visibility into Your Cyber Horizon with OpenText

New AI tools can be a boon for defenders, but they’re also leading to increased phishing, smarter threat actors, and advanced reconnaissance tactics. Paul Reid, global head of threat intelligence, […] The post Getting Visibility into Your Cyber Horizon with…

How to Get the Most for Yourself Through Altruism

When we talk about giving back to the community, there’s an inevitable element of self-interest layered on as well. Sure your blog provides information to others, but it also raises […] The post How to Get the Most for Yourself…

Answering SEC’s Question of Materiality of a Breach

What is the “materiality” of a breach? Jason Clark, chief strategy officer for Cyera, and I discussed trying to answer this amorphous question that the SEC presented to companies and […] The post Answering SEC’s Question of Materiality of a…

Who Owns AI Risk? NOT IT!

As an emerging technology, there are a lot of questions about who owns the risk inherent with new AI and LLM-based tools. But even though this technology offers exciting new […] The post Who Owns AI Risk? NOT IT! appeared…

Securing Identities in the Cloud

How are we securing identity in the cloud? Unlike on-prem, the cloud requires you to cede control to a vendor. So what can we do to keep identities safe? Check […] The post Securing Identities in the Cloud appeared first…

How AI Is Making Data Security Possible

Have we lost sight of data security with defense in depth? Recent trends have seen a focus on applications and roles, but do we need to refocus on the fundamentals? […] The post How AI Is Making Data Security Possible…

From Pentesting to Remediation with NetSPI

There are a lot of common pitfalls in penetration testing, particularly with the remediation phase. It’s important to move away from static processes to more actionable systems, understanding the gaps […] The post From Pentesting to Remediation with NetSPI appeared…

From Pen Testing to Remediation with NetSPI

There are a lot of common pitfalls in penetration testing, particularly with the remediation phase. It’s important to move away from static processes to more actionable systems, understanding the gaps […] The post From Pen Testing to Remediation with NetSPI…

What Makes a Successful CISO?

Every CISO has a unique path to getting the role. But once you’re there, what does it take to be effective? Check out this post for the discussion that is […] The post What Makes a Successful CISO? appeared first…

Where Can We Win Against Ransomware with Halcyon

The current state of ransomware is alarming. It has evolved into a highly lucrative criminal enterprise with minimal risk. This follows the overall ransomware shift towards monetary gain through sophisticated […] The post Where Can We Win Against Ransomware with…

Who You Gonna Call? LEGAL COUNSEL!

When a cybersecurity incident occurs, who should be the first call the CISO makes? And once that call gets made, what is the CISOs role in handling the fallout? This […] The post Who You Gonna Call? LEGAL COUNSEL! appeared…

Unseen Challenges in OT Security with DirectDefense

Compared to IT, operational technology (OT) systems are often misunderstood and mishandled. There’s a reason for this, OT carries a lot of unique challenges, such as the inability to use […] The post Unseen Challenges in OT Security with DirectDefense…

Demystifying SOC 2 and ISO 27001

ISO 27001 and SOC 2 remain two of the most prominent industry compliance standards. These standards are crucial for establishing customer trust and maintaining security best practices, said Faisal Khan, […] The post Demystifying SOC 2 and ISO 27001 appeared…

Recruiting From the Help Desk

Working the help desk seems like a great place to get entry-level cyber security skills. So why is it so often overlooked or even looked down upon? Check out this […] The post Recruiting From the Help Desk appeared first…

Getting Your Copilot Pilot Out of Pilot

Every organization wants to achieve the productivity benefits of generative AI. But privacy and security concerns mean that very few organizations have been able to move these systems into production, […] The post Getting Your Copilot Pilot Out of Pilot…

You Can’t Leak What You Don’t Collect

Data minimization in the US is changing from a potential policy goal to a regulatory imperative. Maryland’s new Online Data Privacy Act requires any service collecting data to meet the […] The post You Can’t Leak What You Don’t Collect…

Capture the CISO Finals – Season 2

Welcome to the finals of Capture the CISO Season 2! Our host is Rich Stroffolino and our judges are Alexandra Landegger, executive director and CISO, Collins Aerospace, and Edward Contreras, EVP […] The post Capture the CISO Finals – Season 2…

Where Are Secure Web Gateways Falling Short?

Are secure web gateways still an effective tool in the enterprise? The browser has changed a lot in the last decade, are Secure Web Gateways – SWGs still keeping up? […] The post Where Are Secure Web Gateways Falling Short?…

Understanding the Zero-Trust Landscape

Lots of vendors claim to offer zero-trust solutions. But is that framework even applicable to some product categories? Check out this post for the discussion that is the basis of […] The post Understanding the Zero-Trust Landscape appeared first on…

Scaling Least Privilege for the Cloud

Scaling least privilege in the cloud remains challenging. Throwing more people at the problem isn’t feasible, so how are you managing it? Check out this post for the discussion that […] The post Scaling Least Privilege for the Cloud appeared…

Capture the CISO S2E3: BugProve, Egress, and Zenity

Welcome to episode three of Capture the CISO Season 2! Our host is Rich Stroffolino and our judges are Christina Shannon, CIO, KIK Consumer Products and Dan Walsh, CISO, Paxos. Our contestants: […] The post Capture the CISO S2E3: BugProve, Egress, and Zenity…