Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


The Modern CISO Role Needs to Evolve. Here's Why.

The role of information security in modern enterprises is evolving like never before. Security will need to improve third-party oversight as organizations increasingly depend on outsourcing models for scale flexibility, efficiency, and cost savings. It will also need to do a better job of balancing security requirements (e.g., regulatory compliance, risk management) against business objectives (e.g., user experience, network performance, reducing costs).

CISO's Corner: Cyber Defense Lessons for OT and Supply Chain Infrastructure

2022 has been busy in the cyber world. While there were signals in 2021 with the increased in activity in threat actors targeting OT environments with ransomware, the conflict in Ukraine prompted many businesses to press harder in asking more questions about their own resilience with operational technologies (OT) and supply chain infrastructure.

What to look for in a vCISO as a service

“Approximately 64% of global CISOs were hired from another company” according to the 2021 MH Global CISO Research Report. The reasons are because of talent shortages, the role is still new to some companies, and companies have not created a succession plan to support internal promotions. To overcome these challenges, companies can look to Virtual Chief Information Security Officer (vCISO) or a vCISO as a service provider.

Next CISO headache: Vendor cyber insurance

Cyber insurance coverage? Through the roof these days. Also, coverage is not that easy to get. The many breaches and the dollar judgements handed down make cyber insurance another costly operating investment. A mid-sized client of mine, as an example, pays $1 million in annual cyber insurance costs just to do business with its commercial and government customers. The issue adds another twist to the topic of third-party risk.

A CISO's Guide for Measuring your Security

Measuring risk is key to business continuity. A growing attack surface will present many businesses with challenges of how to manage their enterprise assets and maintain a robust cyber security posture. An expanding remote workforce, increasing levels of data and the continuous rollout of evolutionary solutions can all present hackers with potential entry points to exploit if security measures are not in place.

'Hackad' hacker: CISOs have more to worry about than a zero day exploit

When I look at IT security I can clearly see how it has changed, being today much more mature now than it’s ever been. Governments are working on policies and legislation forcing companies to prioritize IT security. As a result, the entire bug bounty community has bloomed in a way that I could never imagine, security researchers are now working together with companies to identify and mitigate vulnerabilities in a way that we have never done before.

vCISOs Explained: The Benefits and Drawbacks

An increasing number of modern security conscious companies have Chief Information Security Officers (CISOs) on the payroll to help them manage their environment from increasingly sophisticated cyber threats. Unfortunately, many other organizations are not currently able to employ a full time CISO. This can be related to a series of contributing factors including a lack of necessary budget, competing priorities, or unfilled vacancies due to a shortage of qualified candidates.

Hello CISO - Episode 4: Employee Surveillance vs. Enterprise Security

How do you balance data collection at work with workers’ inalienable right to privacy? It's a fine line to walk, but if you always err on the side of employee privacy, it's hard to go wrong. In this episode of Hello CISO, Troy breaks down how to systematize that balance – and how to uncover the hidden costs of data collection. Hello CISO is a new series aimed at Chief Information Security Officers, IT security teams, and all other members of an organization responsible for maintaining the safety and integrity of the business and its operations.