As I sit in the 2024 Seattle Convene conference this week and listen to speaker after speaker talk about their successful security awareness training programs, one thing is perfectly clear. They all prefer carrots and fewer sticks. A question human risk managers frequently ask me is what role negative consequences should play in a successful security awareness training program?

Security testing? Ain’t nobody got time for that. Or budget. Or the necessary skills to align coding practices with organizational and regulatory compliance efforts. Developers are too busy racing against themselves and the expected development velocity of modern development teams. Mistakes are bound to happen.

Earlier this month, I was thrilled to join forces with the team at Dark Reading for a webinar on the future of AI in security operations. Titled CISO Perspectives: How to make AI an accelerator, not a blocker, the webinar allowed me to take a deep dive into the future role of AI in security with some of the most knowledgeable CISOs on the subject, Mandy Andress of Elastic and Matt Hillary of Drata.

The healthcare industry's digital transformation has brought unprecedented advancements in patient care. However, it has also introduced new vulnerabilities that put sensitive patient data at risk. Cybersecurity is no longer an option but a critical component of delivering safe and effective care. Threat actors have no compunction about taking advantage of this increased threat surface.

This summer ARMO is proud to announce a batch of new features designed to enhance your cloud security posture. We developed groundbreaking capabilities for in-depth vulnerability scanning, simplified vulnerability management with SBOM view, and streamlined network policy generation for two popular CNIs, Calico and Cilium.. We invite you to explore these new features and discover how they can add to your organization’s security. Let’s go.

On April 19, 2024, Datadog’s US5 website (app.us5.datadoghq.com) started experiencing elevated error rates, though they were low enough that most of our users didn’t notice them. For the next few days, we worked around the clock responding to multiple episodes of this mysterious attack, which gradually unfolded as we investigated. We also implemented several measures to reduce the impact on our customers.

There is no doubt that we now live in an AI-driven, automation-powered world. Across industries and markets, leaders and professionals are achieving the utility of AI in their processes. The same applies to Governance, Risk, and Compliance (GRC) management, but when one looks at the actual implementation, the data shows that there's still a long way to go. According to one recent report, only 21% of GRC leaders use AI to perform GRC activities.

Phishing is an email-borne malicious technique aimed at learning the sensitive credentials of users or spreading malware. This practice has been on the list of the top cyber threats to individuals and businesses for years. According to the latest Phishing Activity Trends Report by APWG, the total number of phishing attacks identified in Q1 2024 exceeded 963,000.

One of the most challenging aspects of working in cybersecurity can be the deceptively simple act of finding the best job that suits your skillset and best fits the employer's expectations. Whether it is an entry-level position, a lateral move, or a career advancement, there is more to finding a rewarding position than just relying on the heavily publicized skills shortage.

In part one of our series on PCI DSS 4.0, we covered the updates in the latest version 4.0.1 and how to operationalize those changes. In this blog we are going to dig deeper into Requirement 11.6, how to interpret the nuance and automate the current guidance. Guidance that will become a mandate in March, 2025. Let’s start with what Requirement 11.6 is and why it’s so important.