Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CISO

SEC's Cybersecurity Regulations, Part III: The Relationship Between the CISO & The Board

Cybersecurity is a top risk for corporate directors to understand and navigate. The implications of cyber events for a company are many and growing: instantly damaged reputations that erode years of credibility and trust with customers and investors, impaired profitability from customer attrition and increased operating costs, lost intellectual property, fines and litigation, and harm to a company’s people and culture.

A CISO's perspective: Why I've read the Elastic Global Threat Report

It’s that time of year again. Fall leaves are turning colors, families are gearing up for the holidays, and many vendors are releasing different reports during cybersecurity month. Our researchers at Elastic Security Labs released the 2023 Global Threat Report last week after months of analysis on more than 1 billion data points. As the CISO of Elastic, my team and I leveraged last year’s report findings and predictions to strategize for the changing threat landscape.

Why Are CISOs Struggling with Governance, Risk, and Compliance Reporting?

This article was originally published in Cybersecurity Insiders. In our increasingly digitally connected world, cybersecurity risks are at an all time high and only growing. With this in mind, businesses are beginning to embrace and understand, if they didn’t before, just how essential a healthy governance, risk, and compliance (GRC) program is to their organization’s overall success.

Securing Web Applications: A CISO's Checklist for Tech Leaders

As a CISO, securing web applications and ensuring their resilience against evolving cyber threats is a non-negotiable priority. Verizon’s Data Breach Investigations Report 2023 cites web applications as the top attack vector by a long shot (in both breaches and incidents). Here’s a simplified checklist for securing web applications that will help you improve your organization’s security posture and the integrity of your technology.

9 in 10 CISOs Report at Least One Disruptive Cyberattack in the Last Year

A new report sheds light on whether CISOs have been the victim of a cyber attacks, if they're every paid a ransom, their greatest cyber concerns, and much more. While most of the reports I cover on this blog are typically surveys of those "in the trenches," we do like to cover analysis of c-suite perspectives. The CISO Report from Splunk provides some interesting insight into experienced cyber attacks and their impact.

A CISO Explains 4 Steps that Make it Easy to Stay Safe Online

To secure our world, Cybersecurity Awareness Month encourages four steps that make it easy to stay safe online. As a CISO, my team and I advocate for these practices constantly within our organization. If you are a security practitioner looking to bolster cybersecurity awareness, here’s a brief look at how we explain these steps to help make staying safe online easier. Before we dive in, making cybersecurity practices relatable and clear is key to the adoption at any organization.

The CISO's Guide to AppSec Innovation

Threat actors operate by an ironclad rule: If it’s important to businesses, it’s important to them. And they certainly understand the crucial business role of applications. Applications are now the number one attack vector, while software supply chain attacks increased 650 percent in a year. Clearly, if you don’t already have a modern application security program that can support today’s digital world, you need to build one.

Five hopes and fears every CISO has for AI

For almost a century, artificial intelligence (AI) has been depicted in our media. Starting with Fritz Lang’s 1927 film, “Metropolis,” and through major blockbusters like The Terminator series, “2001: A Space Odyssey,” and “Her,” these movies have all included or focused on AI’s potential impact.

Uplevel to Next-Generation Vulnerability Management with our CISO Guide

Vulnerability management is difficult and not getting any easier. CISOs and security teams struggle to keep their organizations safe from cyber security threats that come from software flaws. A big part of the challenge is the growing number of vulnerabilities that need to be fixed and the lack of resources available to remediate them.