Architecture, CISO, Information Security and Risk

CISO workshop slides

Notice Bored

AUGUST 5, 2022

A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. including security-relevant aspects ( e.g. being a trusted partner). Security Response : the example metrics suggest the classical (outdated!)

CISO

CISO Risk Artificial Intelligence Marketing

5 Benefits of Hiring a Virtual Chief Information Security Officer (vCISO)

Security Boulevard

SEPTEMBER 9, 2022

But hiring a full-time chief information security officer (CISO) is not always possible for organizations – nor is it always needed. Read on to learn why you might want to consider a virtual CISO (vCISO), and the benefits that come with that decision.

Information Security

Information Security CISO Risk Cybersecurity

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

What constitutes “smarter security?” Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy. However, security – the often overlooked and undervalued visitor – is struggling to communicate across the table.

Risk

Risk Cybersecurity Technology CISO

People Skills Outweigh Technical Prowess in the Best Security Leaders

SecureWorld News

OCTOBER 5, 2023

Michael Gregg, the CISO for the State of North Dakota, speaks across the country, including keynoting at SecureWorld Detroit on Sep. It's no wonder after he speaks he has a line of folks waiting to learn more from him, or just to shake his hand and say thanks for his information sharing. 19 and at SecureWorld Dallas on Oct.

CISO

CISO Risk Government Cybersecurity

How Zero Trust helps CIOs and CTOs in Corporate Environments

CyberSecurity Insiders

JUNE 11, 2023

Zero Trust is a cybersecurity framework that can greatly support Chief Information Security Officers (CISOs) and Chief Technology Officers (CTOs) in their roles of securing organizational systems and data. This approach significantly reduces the risk of lateral movement and unauthorized access within the network.

CISO

CISO Technology Architecture Cybersecurity

Five considerations for cloud migration, from the House of Representatives CISO

SC Magazine

MAY 18, 2021

Companies transitioning to the cloud have to think of cybersecurity as more than firewalls, access controls and incident response, and define goals of security that go beyond confidentiality, integrity and availability, said Randy Vickers, chief information security officer for the U.S. Security risk review.

Cloud Migration

Cloud Migration CISO Firewall DNS

Analytics Insight Announces ‘The 10 Most Influential CISOs to Watch in 2021’

CyberSecurity Insiders

OCTOBER 7, 2021

. & HYDERABAD, India–( BUSINESS WIRE )–Analytics Insight has named ‘ The 10 Most Influential CISOs to Watch in 2021 ’ in its October magazine issue. The issue is focusing on trailblazing leaders who are remodelling their security strategy and staying abreast with the latest trends. He holds a Ph.D He holds a Ph.D

CISO

CISO Computers and Electronics Information Security Technology

Nurturing Our Cyber Talent

IT Security Guru

SEPTEMBER 25, 2023

The IT Security Guru caught up with Tarnveer Singh a CISO and finalist in the Security Serious Unsung Heroes Awards 2023 for his thoughts on how to get more professionals involved in the cybersecurity industry: There are many ways we can inspire new cybersecurity professionals to join our industry.

CISO

CISO Identity Theft Cybercrime Cybersecurity

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

“Our team quickly triaged the report and determined the risk to partners to be minimal,” said Patrick Beggs , ConnectWise’s chief information security officer. “Nevertheless, the mitigation was simple and presented no risk to partner experience, so we put it into the then-stable 22.8

Phishing

Phishing Architecture Passwords Accountability

SPOTLIGHT: Women in Cybersecurity

McAfee

NOVEMBER 3, 2020

Forrester also predicts that the number of women CISOs at Fortune 500 companies will rise to 20 percent in 2019 , compared with 13 percent in 2017. This is consistent with new research from Boardroom Insiders which states that 20 percent of Fortune 500 global chief information officers (CIOs) are now women — the largest percentage ever.

Cybersecurity

Cybersecurity Architecture Cloud Migration Retail

New SEI CERT chief and first ever federal CISO: old cybersecurity models have ‘been overcome’

SC Magazine

APRIL 30, 2021

Gregory Touhill, former federal chief information security officer and deputy assistant Homeland Security secretary for cyber security operations, seen here at a House Foreign Affairs Committee hearing in 2015 in Washington, DC. chief information security officer. Photo by Mark Wilson/Getty Images).

CISO

CISO Cybersecurity Artificial Intelligence Government

“Left of Boom” Cybersecurity: Proactive Cybersecurity in a Time of Increasing Threats and Attacks

Cisco Security

OCTOBER 18, 2021

About 15 years ago, the idiom began to be applied to cybersecurity, where the risk management continuum values the investment in protection to mitigate the negative consequences of a cyber incident. We can never eliminate risk entirely, but we can manage it effectively with “Left of Boom” processes and procedures.

Cybersecurity

Cybersecurity CISO Insurance Risk

Firms with exposed IoT have a higher concentration of other security problems

SC Magazine

JANUARY 29, 2021

For example, companies with exposed IoT are more than 50% more likely to have email security issues, according to a new report and blog post from the Cyentia Institute and RiskRecon. But what does that correlation mean for chief information security officers? So, how can CISOs operationalize that kind of information?

IoT

IoT Internet Internet CISO

Quantum Computing: A Looming Threat to Organizations and Nation States

SecureWorld News

SEPTEMBER 7, 2023

As for the panel presentation at SecureWorld Denver , it features Edgar Acosta, Experienced Cybersecurity Professional (former CISO at DCP Midstream ); Craig Hurter, Sr. Director of Information Security, State of Colorado Governor's Office of Information Technology; and Toby Zimmerer, Sr.

Encryption

Encryption Technology Risk Architecture

How Security Can Better Support Software Engineering Teams

Lenny Zeltser

OCTOBER 5, 2023

As the CISO at a tech company, my responsibilities include empowering our software engineering teams to maintain a strong security posture of our products. While everyone agrees that security is important, the different incentives of security and engineering teams can make it harder to collaborate.

Engineering

Engineering Software Risk CISO

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Cedric Leighton is founder and president of Cedric Leighton Associates, a strategic risk and leadership management consultancy. Since founding Cedric Leighton Associates, he has become an internationally known strategic risk expert. Leighton is also a founding partner of CYFORIX, specializing in the field of cyber risk.

Computers and Electronics

Computers and Electronics Technology Education Information Security

Cybersecurity Culture: How Princeton University's Security Team Created It

SecureWorld News

MAY 19, 2020

When David Sherry became Chief Information Security Officer at Princeton University, he says cybersecurity was done well. "I I don't want you to think security at Princeton was some sort of vast wasteland. In many ways, leading a security mission out of a university is like securing a city.

Cybersecurity

Cybersecurity CISO Risk Education

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

This vulnerability management policy defines the requirements for the [eSecurity Planet] IT and security teams to protect company resources from unacceptable risk from unknown and known vulnerabilities. Broader is always better to control risks, but can be more costly.] Vulnerability Management Policy & Procedure A.

Penetration Testing

Penetration Testing Risk Firmware Software

What do customers really want (and need) from security?

Cisco Security

JUNE 29, 2022

Learn more about security resilience for the hybrid work era. In addition to unparalleled infrastructure and expertise, our open, cloud-native architecture allows you to integrate with a wide range of third-party security and technology solutions for more seamless threat defense. Safeguard your future with Cisco .

Technology

Technology CISO Architecture Internet

Holes in Linux Kernel Could Pose Problems for Red Hat, Ubuntu, Other Distros

eSecurity Planet

JULY 23, 2021

The Linux file system interface is implemented as a layered architecture, separating the user interface layer from the file system implementation and from the drivers that manipulate the storage devices,” Bharat Jogi, senior manager of vulnerabilities and signatures for Qualys, wrote in a blog post.

Accountability

Accountability Big data CISO Architecture

Safety first: Will insurance companies stall or accelerate cybersecurity progress?

SC Magazine

FEBRUARY 8, 2021

He referenced an insurer’s role in designing pressure relief valves for the steam engines powering Philadelphia in the 1800s: “They said if you wanted to have insurance, you have to have this piece of architecture on your system.” In so doing, “they drove security or solutions to avoid large insurance claims.”. billion in premium.

Insurance

Insurance Cyber Insurance Cybersecurity Government

Why do CISOs Keep Quitting on Florida?

SecureWorld News

AUGUST 25, 2021

Chief Information Security Officers (CISO) have the luxury of being an incredibly hot commodity, so they can pretty much pick and choose where they work, as they are almost guaranteed to have a job waiting for them somewhere. And this is increasing cyber risk. Cybersecurity officials struggle in Florida.

CISO

CISO Cybersecurity Government Technology

Strong medical device security awareness stifled by inventory, knowledge gaps

SC Magazine

JULY 1, 2021

But even advanced tools can’t tell you who owns it – or what it means to the organization in terms of risk.”. In 2019, the College of Healthcare Information Management Executives (CHIME) outlined the biggest health IT security gaps facing provider organizations, in response to Sen. The goal is to secure the patient journey.

Security Awareness

Security Awareness IoT Risk Healthcare

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

JULY 22, 2021

It also feeds into the larger argument for adopting a zero-trust architecture , a methodology that essentially assumes that no user or devices trying to connect to the network can be trusted until they’re authenticated and verified. IoT device security has also been the target of a broad federal effort in recent months.

IoT

IoT Risk Architecture Manufacturing

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

.” These are very powerful functions for debugging tools, and also useful for executing malicious code without being trapped by the usual security controls. As long as the adb tools is being used in a secured environment, it presents little risk. He is currently Global CISO for the ATCO Group of companies.

Cryptocurrency

Cryptocurrency IoT Mobile Advertising

State auditor’s office clashes with file transfer service provider after breach

SC Magazine

FEBRUARY 2, 2021

The attack also demonstrates not only the critical importance of securing sensitive data on the move, but also the potential risks of using legacy applications that are nearing end of life. Our latest release of FTA has addressed all known vulnerabilities at this time,” said Frank Balonis, Accellion’s CISO, in a statement.

Government

Government CISO Media Encryption

How to Hire a Cybersecurity Professional

Spinone

OCTOBER 19, 2018

The average US salary for a cybersecurity specialist is currently $82,000 and salaries for top chief information security officers (CISOs) have reached as high as $420,000 , and are expected to continue to grow.

Cybersecurity

Cybersecurity Engineering CISO Architecture

Securing the Unsecured: State of Cybersecurity 2019 – Part I

McAfee

OCTOBER 8, 2019

The biggest challenge is information security extension in a multi-cloud world. Yet few security operations teams are prepared for that. Machine learning will be throughout the information security technology stack soon. The harder thing here is that information security teams must adjust to ALL of this at ONCE.

Digital transformation

Digital transformation Cybersecurity IoT Technology

What’s It Like for a New CISO?

Lenny Zeltser

FEBRUARY 13, 2020

As of this writing, I’ve spent six months in the role of Chief Information Security Officer (CISO) at Axonius , a rapidly growing technology company. Our IT infrastructure is consistent zero-trust architecture principles , so it made sense to treat identity as the focal point of many security decisions.

CISO

CISO Information Security Architecture Technology

BSides Buffalo 2023 – Brent Patterson – Creative Hacking With Blender

Security Boulevard

SEPTEMBER 9, 2023

Many thanks to BSides Buffalo for publishing their presenter’s outstanding BSides Buffalo security content on the organizations’ YouTube channel. Permalink The post BSides Buffalo 2023 – Brent Patterson – Creative Hacking With Blender appeared first on Security Boulevard.

Hacking

Hacking Architecture CISO Education

BSides Cheltenham 2023 – Sadi Zane – Attacking And Defending On-Premises And Cloud-Based Kubernetes Services

Security Boulevard

SEPTEMBER 1, 2023

Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Cheltenham 2023 – Sadi Zane – Attacking And Defending On-Premises And Cloud-Based Kubernetes Services appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

BSides Buffalo 2023 – Magno Logan – Hacking GitHub Actions – Abusing GitHub And Azure For Fun And Profit

Security Boulevard

SEPTEMBER 14, 2023

Many thanks to BSides Buffalo for publishing their presenter’s outstanding BSides Buffalo security content on the organizations’ YouTube channel. Permalink The post BSides Buffalo 2023 – Magno Logan – Hacking GitHub Actions – Abusing GitHub And Azure For Fun And Profit appeared first on Security Boulevard.

Hacking

Hacking Architecture CISO Education

BSides Buffalo 2023 – Dr. Catherine J Ullman – Defending Beyond Defense

Security Boulevard

SEPTEMBER 8, 2023

Many thanks to BSides Buffalo for publishing their presenter’s outstanding BSides Buffalo security content on the organizations’ YouTube channel. Permalink The post BSides Buffalo 2023 – Dr. Catherine J Ullman – Defending Beyond Defense appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

The Last Watchdog

FEBRUARY 26, 2023

Of the numerous security frameworks available to help companies protect against cyber-threats, many consider ISO 27001 to be the gold standard. These updates address the growing risk to application security (AppSec), and so they’re critically important for organizations to understand and implement in their IT systems ASAP.

Cyber threats

Cyber threats Software Risk CISO

BSides Cheltenham 2023 – Simon Gurney – Making Your Own Cool Conference Badges!

Security Boulevard

AUGUST 27, 2023

Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel. appeared first on Security Boulevard. Permalink The post BSides Cheltenham 2023 – Simon Gurney – Making Your Own Cool Conference Badges!

Architecture

Architecture CISO Education Risk

BSides Cheltenham 2023 – Cristian Cornea – Bypassing Anti-Virus Using BadUSB

Security Boulevard

AUGUST 25, 2023

Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Cheltenham 2023 – Cristian Cornea – Bypassing Anti-Virus Using BadUSB appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

How Smart Organizations Mitigate Cyber Risks in a World of Unknown Unknowns

CyberSecurity Insiders

JUNE 25, 2021

By Shay Siksik, VP Customer Operations and CISO, XM Cyber. We call these things “unknown unknowns” — and they are the most challenging to deal with from the perspective of risk management and cybersecurity. It’s easy, relatively speaking, to prepare defenses against risks that are well understood.

Cyber Risk

Cyber Risk Risk Penetration Testing Cybersecurity

BSides Buffalo 2023 – Richard Smith – Enriching Your SOC Investigations With Insights From Active Directory

Security Boulevard

SEPTEMBER 15, 2023

Many thanks to BSides Buffalo for publishing their presenter’s outstanding BSides Buffalo security content on the organizations’ YouTube channel. Permalink The post BSides Buffalo 2023 – Richard Smith – Enriching Your SOC Investigations With Insights From Active Directory appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

BSides Buffalo 2023 – Destiney M. Plaza – I Spy With My Hacker Eye – How Hackers Use Public Info To Crack Your Creds

Security Boulevard

SEPTEMBER 14, 2023

Many thanks to BSides Buffalo for publishing their presenter’s outstanding BSides Buffalo security content on the organizations’ YouTube channel. Plaza – I Spy With My Hacker Eye – How Hackers Use Public Info To Crack Your Creds appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

BSides Buffalo 2023 – Jeff Hoge – Mitigating (Radio)Active Directory

Security Boulevard

SEPTEMBER 12, 2023

Many thanks to BSides Buffalo for publishing their presenter’s outstanding BSides Buffalo security content on the organizations’ YouTube channel. Permalink The post BSides Buffalo 2023 – Jeff Hoge – Mitigating (Radio)Active Directory appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

BSides Buffalo 2023 – Jonathan D. Lawrence – Digital Possibilities For Research And Communication In The Humanities

Security Boulevard

SEPTEMBER 10, 2023

Many thanks to BSides Buffalo for publishing their presenter’s outstanding BSides Buffalo security content on the organizations’ YouTube channel. Lawrence – Digital Possibilities For Research And Communication In The Humanities appeared first on Security Boulevard. Permalink The post BSides Buffalo 2023 – Jonathan D.

Architecture

Architecture CISO Education Risk

BSides Buffalo 2023 – Zack Glick – How to Read a Breach Notification

Security Boulevard

SEPTEMBER 8, 2023

Many thanks to BSides Buffalo for publishing their presenter’s outstanding BSides Buffalo security content on the organizations’ YouTube channel. Permalink The post BSides Buffalo 2023 – Zack Glick – How to Read a Breach Notification appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

BSides Cheltenham 2023 – BSides Cheltenham Organizers – Closing Remarks

Security Boulevard

SEPTEMBER 6, 2023

Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Cheltenham 2023 – BSides Cheltenham Organizers – Closing Remarks appeared first on Security Boulevard.

Architecture

Architecture CISO Education Risk

BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition

Security Boulevard

SEPTEMBER 1, 2023

Many thanks to BSides Cheltenham for publishing their presenter’s outstanding BSides Cheltenham 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition appeared first on Security Boulevard.

Firmware

Firmware Architecture CISO Education

CISO workshop slides

5 Benefits of Hiring a Virtual Chief Information Security Officer (vCISO)

Trending Sources

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

People Skills Outweigh Technical Prowess in the Best Security Leaders

How Zero Trust helps CIOs and CTOs in Corporate Environments

Five considerations for cloud migration, from the House of Representatives CISO

Analytics Insight Announces ‘The 10 Most Influential CISOs to Watch in 2021’

Nurturing Our Cyber Talent

ConnectWise Quietly Patches Flaw That Helps Phishers

SPOTLIGHT: Women in Cybersecurity

New SEI CERT chief and first ever federal CISO: old cybersecurity models have ‘been overcome’

“Left of Boom” Cybersecurity: Proactive Cybersecurity in a Time of Increasing Threats and Attacks

Firms with exposed IoT have a higher concentration of other security problems

Quantum Computing: A Looming Threat to Organizations and Nation States

How Security Can Better Support Software Engineering Teams

Meet the 2021 SC Awards judges

Cybersecurity Culture: How Princeton University's Security Team Created It

Vulnerability Management Policy Template

What do customers really want (and need) from security?

Holes in Linux Kernel Could Pose Problems for Red Hat, Ubuntu, Other Distros

Safety first: Will insurance companies stall or accelerate cybersecurity progress?

Why do CISOs Keep Quitting on Florida?

Strong medical device security awareness stifled by inventory, knowledge gaps

IoT Devices a Huge Risk to Enterprises

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

State auditor’s office clashes with file transfer service provider after breach

How to Hire a Cybersecurity Professional

Securing the Unsecured: State of Cybersecurity 2019 – Part I

What’s It Like for a New CISO?

BSides Buffalo 2023 – Brent Patterson – Creative Hacking With Blender

BSides Cheltenham 2023 – Sadi Zane – Attacking And Defending On-Premises And Cloud-Based Kubernetes Services

BSides Buffalo 2023 – Magno Logan – Hacking GitHub Actions – Abusing GitHub And Azure For Fun And Profit

BSides Buffalo 2023 – Dr. Catherine J Ullman – Defending Beyond Defense

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

BSides Cheltenham 2023 – Simon Gurney – Making Your Own Cool Conference Badges!

BSides Cheltenham 2023 – Cristian Cornea – Bypassing Anti-Virus Using BadUSB

How Smart Organizations Mitigate Cyber Risks in a World of Unknown Unknowns

BSides Buffalo 2023 – Richard Smith – Enriching Your SOC Investigations With Insights From Active Directory

BSides Buffalo 2023 – Destiney M. Plaza – I Spy With My Hacker Eye – How Hackers Use Public Info To Crack Your Creds

BSides Buffalo 2023 – Jeff Hoge – Mitigating (Radio)Active Directory

BSides Buffalo 2023 – Jonathan D. Lawrence – Digital Possibilities For Research And Communication In The Humanities

BSides Buffalo 2023 – Zack Glick – How to Read a Breach Notification

BSides Cheltenham 2023 – BSides Cheltenham Organizers – Closing Remarks

BSides Cheltenham 2023 – Stephen – All Your Firmwares Are Belong To Us: A Guide To Successful Acquisition

Stay Connected