Blog, CISO and Risk - Cyber Security Informer

The C-Suite Power Shift: Why CIOs, CTOs, and CISOs Must Realign to Survive

Jane Frankland

JUNE 8, 2025

Today, the Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are rising in prominence—fuelled by the accelerating demands of AI innovation, cybersecurity, and digital transformation. That’s what this blog is all about. The CIO: At Risk of Being Sidelined Historically, the CIO oversaw enterprise-wide IT.

CISO

CISO Digital transformation Technology Risk

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

The Last Watchdog

FEBRUARY 25, 2025

Related: Weaponizing Microsoft’s co-pilot Until now, lackluster enterprise search capabilities kept many security risks in checkemployees simply couldnt find much of the data they were authorized to access. Ive spoken with numerous CIOs and CISOs who say these issues are directly impacting rollout plans at major enterprises.

Risk

Risk CISO Engineering

Why Predator is the ultimate CISO movie

Javvad Malik

OCTOBER 29, 2020

The movie starts on the outskirts of a jungle and the CISO (Arnie) with his team land in their helicopters. This is a perfect metaphor for how a CISO operates in day to day situations. This is a reminder to all security pros that they need to continually keep their skills up to date or risk becoming a dinosaur. Well read on.

CISO

CISO InfoSec Banking Technology

5 Tips to be an awesome CISO

Javvad Malik

NOVEMBER 22, 2021

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. Risk Appetite. Make everything about risk appetite.

CISO

CISO Risk Firewall Cybersecurity

The Dangers of AI Acceleration: Why a Deregulatory Stance Threatens Humanity

Jane Frankland

MAY 30, 2025

Everyone’s talking about AI aren’t they, and when I gave a keynote on Artificial Intelligence and cybersecurity recently, I relayed how the rise of AI has brought us to a pivotal moment in historya moment brimming with both extraordinary opportunity and unparalleled risk. Thats what this blog is all about. Yet the U.S.A,

Artificial Intelligence

Artificial Intelligence Risk Government Technology

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

MARCH 13, 2023

So how will this affect chief information security officers (CISOs) and security programs? Given the perennial skills and staffing shortage in security, it’s unlikely that CISOs will be asked to make deep budget or staffing cuts, yet they may not come out of this period unscathed. Related: Attack surface management takes center stage.

CISO

CISO Insurance Cybersecurity Risk

Navigating PAM Implementation Risks: A Comprehensive Guide for CISOs

Heimadal Security

SEPTEMBER 11, 2023

Chief Information Security Officers (CISOs) bear the responsibility of safeguarding their organizations against an ever-evolving array of cyber threats. However, implementing PAM solutions involves navigating multifaceted risks and intricacies that demand the unwavering attention of these senior security executives.

CISO

CISO Risk Cyber threats Information Security

Shifting from Business Continuity to Continuous Business in Cyber

Jane Frankland

OCTOBER 25, 2024

As ITDMs, CISOs and cyber risk owners this is our dream scenario, and he got me thinking. It’s a subtle shift in focus, and requires a fundamental change in how we, as ITDMs, CISOs and cyber risk owners view and action resilience—not as a one-time project, but as an ongoing programme that provides strategic advantage.

Cyber Risk

Cyber Risk CISO Cyber threats Risk

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

The Last Watchdog

JANUARY 10, 2022

It’s possible to de-risk work scenarios involving personal data by carrying out a classic risk assessment of an organization’s internal and external infrastructure. This de-risks personal data that does not fit in a separate security contour. Related: The dangers of normalizing encryption for government use. Encryption.

Risk

Risk Encryption Data privacy CISO

What Rebels Teach us About Stronger Cyber Defence

Jane Frankland

APRIL 25, 2025

While this progress is impressive and efficient, it comes with substantial risks. We need cybersecurity leadersCISOs, cyber risk owners, and IT decision makerswho are willing to challenge the norm, think critically, and make ethical decisions to protect our organisations, and world. Thats essentially the position were in today.

Technology

Technology Cyber threats Risk Cybersecurity

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

JANUARY 10, 2023

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses.

CISO

CISO Insurance Cyber Insurance Phishing

Secure Communications: Relevant or a Nice to Have?

Jane Frankland

FEBRUARY 7, 2025

But as a CISO or cyber risk owner, it’s not just about locking down sensitive informationits about doing it without slowing down your people. This is where the real opportunity lies, and what Im exploring in this blog. For CISOs and cyber risk owners, this isnt just a riskits a gamble no one can afford to take.

Cyber Risk

Cyber Risk CISO Risk Encryption

Developing a Risk Management Approach to Cybersecurity

Security Boulevard

MARCH 30, 2021

By now most CISOs understand that focusing your cybersecurity program on regulatory compliance is no longer sufficient. The post Developing a Risk Management Approach to Cybersecurity appeared first on Hyperproof. The post Developing a Risk Management Approach to Cybersecurity appeared first on Security Boulevard.

Risk

Risk Cybersecurity CISO Government

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

Security Boulevard

DECEMBER 30, 2024

In this post, we look at the enforcement actions the SEC has taken and what public company CISOs should do to stay in compliance. As part of their fiduciary duties, boards play a key role in the oversight of risks from cybersecurity threats. This pushed C-level executives and boards to adopt measures for compliance and transparency.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

How CISOs Can Impact Security for All

Cisco Security

APRIL 26, 2021

Insights from our new Advisory CISO, Helen Patton. If there’s anyone who’s been put through their paces in the security industry, it’s Helen Patton , our new Advisory Chief Information Security Officer (CISO). Helen has come to Cisco from The Ohio State University, where she served as CISO for approximately eight years.

CISO

CISO Education Technology Media

Cybersecurity Insights with Contrast CISO David Lindner | 10/28

Security Boulevard

OCTOBER 28, 2022

CVSS score does not directly relate to the risk to your organization. Please for everyone’s sake, including your developers, produce a better algorithm for managing risk in your organization. See my first insight from this week, find a better algorithm that fits your organization that mirrors your risk profile and tolerance.". .

CISO

CISO Cybersecurity Risk

Hello, I am CISO Helen. Nice To Meet You :-)

Duo's Security Blog

FEBRUARY 23, 2021

Hello, I am Helen Patton, and I am the newest Advisory CISO at Duo. While I was a CISO at Ohio State we partnered with Duo to implement MFA across our organization. Talk to a Higher Education CISO (note to security product engineers – if you ever want a testbed for your ideas, partner with a university). We don’t care.

CISO

CISO Education Banking Retail

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

The Last Watchdog

DECEMBER 16, 2021

After all, a malicious actor only needs a few minutes of time with a privileged account to take over the entire directory, and there are volumes of exploitable identity risks at every organization. The ascendency of CISOs. In 2022 we expect to see organizations increasingly moving identity management systems into the CISO organization.

CISO

CISO Ransomware Risk Authentication

Is fighting cybercrime a losing battle for today’s CISO?

CyberSecurity Insiders

JANUARY 12, 2022

In this blog, we’ll look at the root causes of concern for today's CISO and share some practical strategies to deter cybercriminals. The CISO role can be an unenviable one. Is the cyber deck stacked against today's CISO? If you own the risks, who owns the elimination? ' is usually swift.

CISO

CISO Cybercrime Risk Healthcare

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

The Last Watchdog

MARCH 1, 2023

The linked white paper explains the three stages of this process: •Assessing secrets leakage risks •Establishing modern secrets management workflows •Creating a roadmap to improvement in fragile area This model emphasizes that secrets management is more than just how an organization stores and shares secrets.

Authentication

Authentication CISO Software Passwords

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

JANUARY 8, 2023

Smarter security to me broadly refers to relentlessly focusing on fundamentals while maturing the program, making sure your risk posture aligns with your business strategy. When it comes down to it, C-level goals and CISO initiatives are not all that misaligned. This leads to revenue gains and positive customer outcomes.

Risk

Risk Cybersecurity Technology CISO

New Office of the CISO Paper: Organizing Security for Digital Transformation

Anton on Security

SEPTEMBER 13, 2024

Ideally, we think this conversation should start with defining security goals framed in business outcomes like capabilities, velocity, quality, cost, and risk.”

Digital transformation

Digital transformation CISO Technology Cybersecurity

Get an Untrusted Security Advisor! Have Fun, Reduce Fail!

Anton on Security

OCTOBER 18, 2024

If you look at LinkedIn, many consultants present themselves as trusted advisors to CISOs or their teams. Let’s think about the use cases where using an untrusted security advisor is quite effective and the risks are minimized. The risks are low and the value is there. Given the controls we have, how would you test X?

Architecture

Architecture Risk CISO Cybersecurity

Valentine’s Day for CISOs: How to Woo Your CEO

Security Boulevard

FEBRUARY 14, 2022

CISO is a high-stakes position, and possibly the most important business relationship/direct report a CEO can have. At Axio, our platform enables companies to perform cyber risk quantification (CRQ), which analyzes the unique risks to.

CISO

CISO Cyber Risk Risk Cyber Attacks

Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Anton on Security

JANUARY 28, 2025

In addition to publishing blogs and papers, our Cloud Security Podcast by Google episodes have featured experts discussing AIs impact on security, offering practical implementation advice, and addressing emerging challenges. A recap of our key blogs, papers and podcasts on AI security in 2024follows.

CISO

CISO Risk Government Artificial Intelligence

Cybersecurity Snapshot: Experts Issue Best Practices for Migrating to Post-Quantum Cryptography and for Improving Orgs’ Cyber Culture

Security Boulevard

JUNE 6, 2025

And get the latest on exposure response strategies and on CISO compensation and job satisfaction. The principles describe cultural conditions that are essential underpinnings for an organisation to be cyber secure and offer an approach to developing that culture,” reads an NCSC blog.

CISO

CISO Cybersecurity Cyber threats Government

The CISO’s Midset for 2025: Outcomes, Automation, and Leadership

Lenny Zeltser

FEBRUARY 10, 2025

As the year 2025 rushes forward, the responsibilities of CISOs are continuing to evolve. We increasingly recognize the importance of not just identifying risks but actively addressing them through direct action and influence. The year will continue to shape the CISO role into an exciting combination of leadership and tech expertise.

CISO

CISO Technology Risk Data breaches

Third-Party Security Risk: How to Protect and Respond

Duo's Security Blog

JUNE 15, 2023

Third party security risk is an issue that frequently comes up in my discussions with clients. Meanwhile, Prevalent noted that companies are currently big on exposure but small on preparation, with a staggering 45% still relying on manual spreadsheets to assess third party risk. Control the risk. How simple is the solution?

Risk

Risk Authentication Phishing Insurance

Female Cybersecurity Leaders (CISOs) Wanted

Jane Frankland

OCTOBER 13, 2021

I went through some of them this week at the Cyber Security Virtual Conference: Celebrating Women in Cyber, and with PWC Canada when they engaged me to open their one day event – SheProtects: Future CISO Program. She sees risk everywhere, is accountable for it, and is mostly at odds with the business. Tip 2 – Believe you can do it.

CISO

CISO Cybersecurity Risk Marketing

Seven Ways DSPM Helps CISOs Buy Down Cyber Risk

Security Boulevard

APRIL 23, 2024

Have you heard someone indicate they buy down risk? In today’s digital economy, cyber risk is a top concern of everyone from the Board and CEO to the CFO and ultimately the CISO. The post Seven Ways DSPM Helps CISOs Buy Down Cyber Risk appeared first on Security Boulevard.

Cyber Risk

Cyber Risk CISO Risk Data breaches

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

FEBRUARY 14, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? recurring re-confirmations of initially assigned rights and roles in all connected systems by the employees’ manager – to reduce the risk of abuse and accidents.

CISO

CISO Social Engineering Authentication Risk

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

LinkedIn also said it is adding a warning to some LinkedIn messages that include high-risk content, or that try to entice the user into taking the conversation to another platform (like WeChat). “These warnings will also give you the choice to report the content without letting the sender know.” A follow-up story on Oct.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Security Boulevard

APRIL 18, 2025

Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Both frameworks have a Core section, which outlines detailed activities and outcomes aimed at helping organizations discuss risk management. blog) Know Your Exposure: Is Your Cloud Data Secure in the Age of AI? (on-demand

Risk

Risk Cybersecurity Data privacy Software

News alert: Qualys unveils ‘Enterprise TruRisk Platform’ to help businesses eliminate cyber risks

The Last Watchdog

NOVEMBER 20, 2023

The Qualys Enterprise TruRisk Platform centers around helping customers holistically measure, effectively communicate, and proactively eliminate cyber risk, with a hyper focus on the impact of cyber risk on business risk.

Cyber Risk

Cyber Risk Risk CISO Insurance

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

29, roughly the same time Pyle published a blog post about his findings , ConnectWise issued an advisory warning users to be on guard against a new round email phishing attempts that mimic legitimate email alerts the company sends when it detects unusual activity on a customer account. ET: Included statement from ConnectWise CISO.

Phishing

Phishing Architecture Passwords Accountability

Navigating the Supply Chain Security Maze with SBOMs

Appknox

OCTOBER 18, 2023

Dive into Appknox's SBOM blog guide. Essential for CISOs & CTOs to elevate supply chain security with unmatched transparency & proactive risk mitigation.

CISO

CISO Risk Software

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

Security Boulevard

MARCH 24, 2022

Identity credentials and source code are critical assets that can create major risks for your organization when exposed by breaches of third-party cloud service companies that provide identity management and software composition analysis. Know the risks of pushing your crown jewels into other services running in the cloud.

Risk

Risk Software Engineering Passwords

What is the CISO Experience in a Red Team Exercise?

NetSpi Executives

JANUARY 16, 2024

You’re about to have your first Red Team experience, or maybe your first one in the CISO seat of your organization. Besides the debrief meeting and handing you deliverables, what’s next for a CISO after a Red Team exercise? The post What is the CISO Experience in a Red Team Exercise? What Happens After a Red Team Exercise?

CISO

CISO Penetration Testing Social Engineering Engineering

Top 5 Cyber Predictions for 2024: A CISO Perspective

Security Boulevard

JANUARY 2, 2024

2023 Rewind — Cyber Trends and Threats The generative AI (r)evolution 2023 will be remembered as the year artificial intelligence (AI) rose to the forefront of our collective consciousness, ushering in never before seen opportunities and risks. A more mature third party risk management program. The solution?

CISO

CISO Social Engineering Architecture Ransomware

Did You Hire a Spy? Risks and Strategies for Securing Remote Workers

Security Boulevard

JANUARY 24, 2025

Former Military Intelligence Agents Turned Cybersecurity Experts at CISO Global In todays high-stakes digital landscape, hiring remotely requires diligence and vigilance. Risks and Strategies for Securing Remote Workers appeared first on CISO Global. Trust is important, but verifying that trust is non-negotiable.

Risk

Risk CISO Cybersecurity

Cyber Risk Quantification: Three Key Use Cases

Security Boulevard

NOVEMBER 1, 2022

CISOs continue to face an uphill battle, and one of their biggest headaches is where to focus cyber investments. The post Cyber Risk Quantification: Three Key Use Cases appeared first on Axio. The post Cyber Risk Quantification: Three Key Use Cases appeared first on Axio.

Cyber Risk

Cyber Risk Risk Cyber Insurance Insurance

People Skills Outweigh Technical Prowess in the Best Security Leaders

SecureWorld News

OCTOBER 5, 2023

Michael Gregg, the CISO for the State of North Dakota, speaks across the country, including keynoting at SecureWorld Detroit on Sep. A recent blog by Frank Domizio titled " The CISO Role: Beyond Technology " explores exactly what I am talking about. That's a soft skill that even the most adept CISOs are still trying to master.

CISO

CISO Risk Government Architecture

No Deep AI Security Secrets In This Post!

Anton on Security

MAY 24, 2023

talk to us :-) These are the episodes: EP52 Securing AI with DeepMind CISO EP68 How We Attack AI? What portion of AI-related “badness” (harm, risk, etc) fits within the cybersecurity domain? BTW, if you have anything fun to say about LLM security (easy!) and you actually know what you are talking about (hard!),

Artificial Intelligence

Artificial Intelligence CISO Risk Marketing

Budget Approved: 13 Cybersecurity KPIs That CISOs Can Present to the Board

Security Boulevard

FEBRUARY 26, 2025

When reporting to the board, a CISO must translate risk into identifiable terms to present key findings and ensure that all cybersecurity initiatives are aligned with business objectives. Cyber risk mitigation expenditures help translate risk into potential additional profit.

CISO

CISO Cybersecurity Cyber Risk Risk

The C-Suite Power Shift: Why CIOs, CTOs, and CISOs Must Realign to Survive

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

Trending Sources

Why Predator is the ultimate CISO movie

5 Tips to be an awesome CISO

The Dangers of AI Acceleration: Why a Deregulatory Stance Threatens Humanity

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

Navigating PAM Implementation Risks: A Comprehensive Guide for CISOs

Shifting from Business Continuity to Continuous Business in Cyber

GUEST ESSAY: 5 tips for ‘de-risking’ work scenarios that require accessing personal data

What Rebels Teach us About Stronger Cyber Defence

Nine Top of Mind Issues for CISOs Going Into 2023

Secure Communications: Relevant or a Nice to Have?

Developing a Risk Management Approach to Cybersecurity

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

How CISOs Can Impact Security for All

Cybersecurity Insights with Contrast CISO David Lindner | 10/28

Hello, I am CISO Helen. Nice To Meet You :-)

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

Is fighting cybercrime a losing battle for today’s CISO?

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

New Office of the CISO Paper: Organizing Security for Digital Transformation

Get an Untrusted Security Advisor! Have Fun, Reduce Fail!

Valentine’s Day for CISOs: How to Woo Your CEO

Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Cybersecurity Snapshot: Experts Issue Best Practices for Migrating to Post-Quantum Cryptography and for Improving Orgs’ Cyber Culture

The CISO’s Midset for 2025: Outcomes, Automation, and Leadership

Third-Party Security Risk: How to Protect and Respond

Female Cybersecurity Leaders (CISOs) Wanted

Seven Ways DSPM Helps CISOs Buy Down Cyber Risk

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

LinkedIn Adds Verified Emails, Profile Creation Dates

Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

News alert: Qualys unveils ‘Enterprise TruRisk Platform’ to help businesses eliminate cyber risks

ConnectWise Quietly Patches Flaw That Helps Phishers

Navigating the Supply Chain Security Maze with SBOMs

Okta’s Breach Highlights Risk of Putting Crown Jewels in the Cloud

What is the CISO Experience in a Red Team Exercise?

Top 5 Cyber Predictions for 2024: A CISO Perspective

Did You Hire a Spy? Risks and Strategies for Securing Remote Workers

Cyber Risk Quantification: Three Key Use Cases

People Skills Outweigh Technical Prowess in the Best Security Leaders

No Deep AI Security Secrets In This Post!

Budget Approved: 13 Cybersecurity KPIs That CISOs Can Present to the Board

Stay Connected