A CISO’s Guide to Avoiding Jail After a Breach

July 5, 2024 at 08:35AM While serving on the Commission on Enhancing National Cybersecurity, Joe Sullivan, a former Uber CSO, faced legal challenges for mishandling a data breach. The government’s effort to enforce good corporate behavior has led to an increase in legal actions against security leaders. To avoid trouble, it’s recommended that security leaders … Read more

Hacker Conversations: Chris Evans, Hacker and CISO

July 1, 2024 at 12:24PM Chris Evans, CISO of HackerOne, challenges common perceptions of hackers. He defines a hacker as someone who creatively overcomes limitations and believes computer hacking is about improving life. He argues that most hackers naturally use their skills for good and emphasizes the positive impact of hacking on society. Evans also … Read more

Aim Security Closes $18M Series A to Secure Generative AI Enterprise Adoption

June 17, 2024 at 03:56PM Aim Security, an AI security company based in Tel Aviv, has secured $18 million in Series A funding, led by Canaan Partners and YL Ventures. The company, founded by cybersecurity experts, aims to address the security challenges presented by AI adoption in enterprise organizations, particularly in highly regulated industries like … Read more

Aim Security Raises $18M to Secure Customers’ Implementation of AI Apps

June 17, 2024 at 10:14AM Tel Aviv-based Aim Security, founded by IDF Unit 8200 alumni Matan Getz and Adir Gruss, has raised $18 million in a Series A funding led by Canaan Partners. The company aims to address the security risks associated with generative AI applications, offering expert support to companies looking to implement AI … Read more

US senator claims UnitedHealth’s CEO, board appointed ‘unqualified’ CISO

May 31, 2024 at 05:34PM Senator Ron Wyden criticized UnitedHealth Group’s CEO for appointing an allegedly unqualified CISO, whom he believes contributed to the company’s recent ransomware attack. Wyden called for an investigation into the company’s failures, citing issues with its CISO’s background, lack of security measures, and a history of negligence. He urged the … Read more

The SEC’s SolarWinds Case: What CISOs Should Do Now

May 24, 2024 at 09:59AM In October 2023, the SEC filed a landmark lawsuit against SolarWinds Corp. and its CISO, Timothy Brown, over alleged false statements about cybersecurity. CISOs should enhance communication with financial teams, ensure all statements are rigorously reviewed, maintain top-notch security policies, collaborate with assurance providers, and seek legal counsel amidst evolving … Read more

CISOs Grapple With IBM’s Unexpected Cybersecurity Software Exit

May 17, 2024 at 06:31PM IBM has agreed to sell its QRadar SaaS portfolio to Palo Alto Networks, impacting CISOs’ procurement plans and vendor relationships. This deal, expected to close by September, includes a partnership for IBM Consulting to become a preferred MSSP for Palo Alto Networks customers. Customers now face decisions about migration paths … Read more

What’s the Future Path for CISOs?

May 7, 2024 at 04:39PM The CISO role is changing, with many aspiring to become CIOs or CTOs. Renee Guttmann-Stark mentors such transitions, though she herself prefers focusing on cybersecurity. Some CISOs, like Jamil Farschi of Equifax, are moving into CTO roles. Challenges persist, including job vacancies and handling relentless cyber attacks. The rise of … Read more

What’s the Future Path for CISOs?

May 7, 2024 at 04:24PM Renee Guttmann-Stark, a former CISO, acknowledges the trend of CISOs transitioning to CTO roles, citing examples like Jamil Farschi’s promotion. Challenges facing CISOs include job vacancies, insurance issues, and tool procurement. Guttmann-Stark advocates for AI deployment in automating tasks. She also emphasizes the importance of CISOs gaining proficiency in AI … Read more

Spies Among Us: Insider Threats in Open Source Environments

May 7, 2024 at 10:51AM A critical vulnerability in XZ Utils raised comparisons to the SolarWinds hack and highlighted the power of the open source community in averting a disaster. However, it also raised questions about security and trust within the ecosystem. The incident suggests the need for stricter security measures and consideration of internal … Read more