Tag: CISO

What Is the Board’s Role in Cyber-Risk Management in OT Environments?
Summary: Boards of directors are increasingly challenged with managing cyber-risks within operational technology (OT) environments, particularly in high-risk sectors. The article discusses the crucial need for specialized leadership and strategic approaches to improve OT cybersecurity governance and resilience. It emphasizes the importance of collaboration between IT and OT, as well as the development of comprehensive cybersecurity programs tailored to the unique threats faced by OT systems.…
Read More
CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard
Summary: The evolving roles of Chief Information Security Officers (CISOs) at major firms like Deloitte and AuditBoard are discussed, highlighting their unique non-technical backgrounds and perspectives on cybersecurity. The conversation emphasizes the importance of blending technical skills with business acumen, teamwork, and mentorship in addressing compliance and emerging threats.…
Read More
Deepwatch Acquires Dassana to Boost Cyber Resilience With AI
Summary: Deepwatch has acquired Dassana, a startup specializing in security intelligence solutions, to enhance its cyber resilience platform with AI-powered risk and threat exposure management. The integration will provide real-time insights into security postures, improving tools for automation, compliance reporting, and proactive security management. This acquisition aligns with Deepwatch’s mission to democratize AI capabilities for organizations of all sizes, enabling better protection against cyber threats.…
Read More
Summary: Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) can capitalize on the rising need for cybersecurity by offering virtual Chief Information Security Officer (vCISO) services. However, they face challenges in structuring, pricing, and selling these services effectively, which is addressed in the Ultimate Guide to Structuring and Selling vCISO Services.…
Read More
MirrorTab Raises .5M Seed Round to Take on Browser-Based Attacks
Summary: MirrorTab, a San Francisco startup, has raised .5 million in seed funding to enhance its technology that neutralizes web-based attacks at the browser level. This funding round highlights growing interest in “browser isolation” technologies designed to protect users from online threats. The company’s innovative approach sanitizes browser sessions before they reach users’ devices, effectively minimizing potential attack surfaces.…
Read More
CISO’s Expert Guide To CTEM And Why It Matters
Summary: The evolving nature of cyber threats necessitates a proactive defense strategy like Continuous Threat Exposure Management (CTEM), which builds on existing security frameworks. A new guide details the effectiveness of CTEM compared to traditional Vulnerability Management and Attack Surface Management approaches through real-world scenarios. The report emphasizes CTEM’s ability to continuously monitor and respond to threats while aligning security efforts with business priorities.…
Read More
This Security Firm’s ‘Bias’ Is Also Its Superpower
Summary: The founders of Credible Security, an independent security consultancy, highlight the advantages of diverse backgrounds in cybersecurity, emphasizing that leadership qualities like empathy and communication matter more than technical skills. Their varied experiences enhance their approach to developing trust and security strategies for B2B cloud service providers.…
Read More
Feds Sanction Russian Hosting Provider for Supporting LockBit Attacks
Summary: The US, alongside Australia and the UK, has sanctioned Zservers, a Russia-based bulletproof hosting service, for facilitating LockBit ransomware attacks. This action is part of ongoing international efforts to dismantle the LockBit cybercriminal organization and disrupt its operations. The sanctions aim to impede ransomware activities by targeting the infrastructure that enables such attacks.…
Read More
How to Steer AI Adoption: A CISO Guide
Summary: Chief Information Security Officers (CISOs) are increasingly engaged with AI teams, but they lack resources to define their roles effectively. The CLEAR framework provides security leaders with a strategic approach to support AI adoption through asset inventory, proactive learning, policy enforcement, application of use cases, and leveraging existing frameworks.…
Read More
Analyst Burnout Is an Advanced Persistent Threat
Summary: The cybersecurity industry is facing a critical crisis due to the burnout of security analysts and leadership. With an alarming number of professionals contemplating leaving the field, the focus must shift from merely hiring new talent to supporting and empowering existing personnel. To sustain effective cybersecurity defense, organizations must prioritize the welfare of their defenders and harness their expertise alongside technological advancements.…
Read More
SolarWinds to Go Private for .4B
Summary: SolarWinds has announced its acquisition by Turn/River Capital for .4 billion, leading to its status as a privately held company. This comes in the aftermath of the significant cyberattack in 2020, which still influences the cybersecurity landscape. The Securities and Exchange Commission has taken action against SolarWinds for its failures related to the attack, indicating ongoing scrutiny of cybersecurity practices in the industry.…
Read More
Hacker Conversations: David Kennedy – an Atypical Typical Hacker
Summary: David Kennedy, an accomplished hacker and CEO of TrustedSec, uniquely embodies the hacker ethos, shaped by his ADHD and military experiences. His unconventional learning style emphasizes hands-on problem-solving over traditional methods, leading him to a successful career in cybersecurity. Despite his challenging beginnings, Kennedy maintains a strong ethical compass and believes in the importance of creativity and fun in his work.…
Read More
How attackers abuse S3 Bucket Namesquatting — And How to Stop Them
Summary: AWS S3 bucket namesquatting is a significant security risk stemming from predictable naming structures that can be exploited by malicious actors. This article outlines the potential consequences of such vulnerabilities, including unauthorized access and traffic redirection, while emphasizing mitigation strategies. Varonis offers solutions to prevent and remediate S3 bucket namesquatting and related security issues in the AWS environment.…
Read More
CISO Forum Webinar: Defenders on the Frontline – Incident Response and Threat Intel Under the Microscope 
Summary: SecurityWeek will organize the second session of the CISO Forum 2025 Outlook webinar on February 5th, focusing on incident response and threat intelligence. The panelists will discuss strategies for aligning cyber resilience plans with business objectives amid evolving cyber threats. Attendees can expect insights on various risks including ransomware, nation-state attacks, and identity-related threats.…
Read More
Cyber Insights 2025: The CISO Outlook
Summary: SecurityWeek’s Cyber Insights 2025 highlights the evolving role of the Chief Information Security Officer (CISO) in a complex landscape marked by increasing regulatory demands, the advent of artificial intelligence, and rising social engineering threats. As cyber threats become more sophisticated, the CISO must blend technical expertise with business acumen, improving their communication with both technical teams and executive leadership.…
Read More
SOC Analysts – Reimagining Their Role Using AI
Summary: SOC analysts face overwhelming challenges due to excessive alert volumes, manual triage, and heightened cyber threats, often leading to burnout and inefficiencies. Meanwhile, cybercriminals utilize AI to enhance their attack strategies, intensifying the urgency for effective defenses. The landscape is changing, with modern SOCs evolving through AI-powered tools that streamline alert triage and allow analysts to concentrate on real threats.…
Read More
DeepSeek: China’s open source AI fuels national security paradox | VentureBeat
Summary: DeepSeek has introduced its R1 model for cybersecurity, utilizing pure reinforcement learning and drastically reducing costs compared to competitors like OpenAI. While the model’s open-source nature is attractive, concerns regarding bias, security vulnerabilities, and the influence of Chinese regulations on data privacy are mounting. Experts warn that the model could reshape industry standards, but serious national security implications must be considered.…
Read More