What’s the Future Path for CISOs?

May 7, 2024 at 04:39PM The CISO role is changing, with many aspiring to become CIOs or CTOs. Renee Guttmann-Stark mentors such transitions, though she herself prefers focusing on cybersecurity. Some CISOs, like Jamil Farschi of Equifax, are moving into CTO roles. Challenges persist, including job vacancies and handling relentless cyber attacks. The rise of … Read more

What’s the Future Path for CISOs?

May 7, 2024 at 04:24PM Renee Guttmann-Stark, a former CISO, acknowledges the trend of CISOs transitioning to CTO roles, citing examples like Jamil Farschi’s promotion. Challenges facing CISOs include job vacancies, insurance issues, and tool procurement. Guttmann-Stark advocates for AI deployment in automating tasks. She also emphasizes the importance of CISOs gaining proficiency in AI … Read more

4 Security Tips From PCI DSS 4.0 Anyone Can Use

March 11, 2024 at 04:36PM Compliance is crucial for security professionals, with many standards evolving to resemble security best practices. PCI DSS 4.0, applicable to all businesses accepting credit card payments, introduces new requirements such as preventing malicious scripts, enhancing network security controls, securing systems and software, and ensuring robust logging and monitoring. These updates … Read more

7 Lessons Learned From Designing a DEF CON CTF

January 11, 2024 at 09:19AM Capture the Flag (CTF) events offer an engaging and educational platform for cybersecurity professionals to enhance their hacking skills and gain practical knowledge. CTF design requires careful consideration of technical challenges, operational complexity, and the need for engaging storytelling. Lessons learned include the importance of software development approaches, operational rigor, … Read more

Black Hat Europe 2023 Closes on Record-Breaking Event in London

December 20, 2023 at 04:59PM Black Hat Europe 2023, held in London from December 4 to 7, saw over 3,600 attendees from 118 countries. The event showcased the latest in information security through 40 Briefings, four days of technical Trainings, 50 Sponsored Sessions, and 54 in-person tool demos. Top sponsors included Axonius, Bionic, KnowBe4, and … Read more

Humans Are Notoriously Bad at Assessing Risk

November 22, 2023 at 07:12AM Risk assessment can be subjective and biased due to human emotions, which can lead to an inaccurate representation of reality and a weaker security posture. To remove subjectivity, security professionals should follow seven steps: identify critical resources and data, understand potential financial impact, enumerate relevant threats, map risks to resources, … Read more

Threat Intel: To Share or Not to Share is Not the Question

November 16, 2023 at 08:39AM The discipline of cyber threat intelligence is centered around sharing information to strengthen security defenses. However, a recent poll revealed that only a small percentage of security professionals in the financial services industry are confident in their organization’s level of cyber threat intelligence sharing. Regulatory compliance requirements and the concept … Read more

Tines Report Finds More than Half of Security Professionals Likely To Switch Jobs Next Year

October 24, 2023 at 05:10PM Tines, a leader in secure workflows, released the 2023 Voice of the SOC report which highlights job satisfaction and workloads among security operation center teams. The report reveals that 63% of surveyed security professionals are experiencing burnout due to cyberattacks and limited resources. Automation is seen as a solution, with … Read more

Security Pros Warn that EU’s Vulnerability Disclosure Rule is Risky

October 13, 2023 at 03:48PM The European Union (EU) is considering a rule that would require software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation. However, many IT security professionals are concerned about the potential abuse of this rule. They argue that the 24-hour window is too short and could … Read more