CISO, Engineering and Security Awareness

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The Last Watchdog

MAY 13, 2025

Related: How real people are really using GenAI Todays Chief Information Security Officers (CISOs) operate in a pressure cooker: responsible for protecting critical assets, expected to show up in the boardroom with fluency, yet rarely granted the authority, resources or organizational alignment to succeed. Its not a people problem.

CISO

CISO Risk Cybersecurity Government

Reaction to Social Engineering Indicative of Cybersecurity Culture

Security Boulevard

JULY 5, 2021

It was a master class in social engineering, one that put an organization’s security posture at risk. Social engineering attacks like phishing take advantage of an employee’s awareness of. The post Reaction to Social Engineering Indicative of Cybersecurity Culture appeared first on Security Boulevard.

Social Engineering

Social Engineering Engineering Cybersecurity Phishing

News Alert: INE Security enables CISOs to secure board support for cybersecurity training

The Last Watchdog

MAY 28, 2024

Cary, NC, May 28, 2024, CyberNewsWire — If there is a single theme circulating among Chief Information Security Officers (CISOs) right now, it is the question of how to get stakeholders on board with more robust cybersecurity training protocols. Human error remains one of the leading causes of security breaches.

CISO

CISO Cybersecurity Data breaches Cyber threats

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

SecureWorld News

FEBRUARY 28, 2025

This is because the whole paradigm around security training is building technical knowledge; whereas the whole point of successful social engineering is to bypass the logical and rational brain and bait the subconscious and emotions. What if we thought like a psychologist, not just a CISO? Cognitive Security?

Cybersecurity

Cybersecurity Risk Social Engineering Phishing

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

SecureWorld News

APRIL 23, 2025

The 2025 DBIR is a call to arms for CISOs and security leaders to rethink how they detect, respond to, and recover from breaches. Security teams would be responsible for identifying these weak links to be secured, and setting security thresholds. Your response must be equally fast." Nicole Carignan , Sr.

Ransomware

Ransomware CISO Backups Risk

$12M Ransomware Attack Hit Because Nobody Listened to the Security Team

SecureWorld News

APRIL 3, 2025

I've seen cases where executives were actually supportive of a security initiative but didn't realize the security team was waiting for more explicit approval. A healthcare CISO I mentored was frustrated by apparent lack of support for a medical device security program. The average tenure of a CISO is under three years.

Ransomware

Ransomware CISO Authentication Healthcare

Nurturing Our Cyber Talent

IT Security Guru

SEPTEMBER 25, 2023

The IT Security Guru caught up with Tarnveer Singh a CISO and finalist in the Security Serious Unsung Heroes Awards 2023 for his thoughts on how to get more professionals involved in the cybersecurity industry: There are many ways we can inspire new cybersecurity professionals to join our industry.

CISO

CISO Identity Theft Cybercrime Cybersecurity

Strong medical device security awareness stifled by inventory, knowledge gaps

SC Magazine

JULY 1, 2021

This creates a major gap in security awareness, considering the 65,000 ransomware attacks deployed in the U.S. They have information about a ‘point in time,’ however most would not be aware of a vulnerability and thus a patch, until after a vulnerability scan is complete.”. “In

Security Awareness

Security Awareness IoT Risk Healthcare

NIST and No-notice: Finding the Goldilocks zone for phishing simulation difficulty

Webroot

OCTOBER 19, 2021

Earlier this year, the National Institute for Standards and Technology (NIST) published updated recommendations for phishing simulations in security awareness training programs. For security awareness training to be successful, it has to be collaborative. Ready to establish your own successful security awareness training?

Phishing

Phishing Security Awareness Scams Social Engineering

Police are warning crooks are using cleaners to compromise businesses

Security Affairs

FEBRUARY 3, 2020

” Santander’s UK CISO/Director of Security & Privacy Services, Emma L eith told Computer Business Review. The only way to p revent this kind of p hysical intrusions that exploit human factor and social engineering is to implement a cultural change.

Social Engineering

Social Engineering Advertising CISO Hacking

Best Cybersecurity Awareness Training for Employees in 2021

eSecurity Planet

JUNE 17, 2021

Back in the day, security training was largely reserved for IT security specialists and then extended to include IT personnel in general. These days, all employees need to be well educated in security best practices and good habits if the organization wishes to steer clear of ransomware and malware. Living Security.

Cybersecurity

Cybersecurity Phishing Security Awareness Education

Spotlight on Cybersecurity Leaders: Diego Maldonado

SecureWorld News

AUGUST 31, 2022

Currently, Diego is serving as Manager of Cybersecurity Engineering at Leonardo DRS supporting the U.S. Currently, Diego is serving as Manager of Cybersecurity Engineering at Leonardo DRS supporting the U.S. Defense industry in the engineering, integration, testing, and delivery of cybersecurity compliant solutions.

Cybersecurity

Cybersecurity Engineering Social Engineering CISO

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Social engineering attacks , including phishing, spam, and viruses introduced via clickable links within e-mail affected 80% of the banking institutions in 2016. To pursue cybersecurity culture change, we recommend you to institute a cost-effective, company-wide security awareness training for your employees.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Inflation Is Making Cybersecurity Even More Challenging for Leaders

SecureWorld News

OCTOBER 19, 2023

We asked a few practitioners for their take on rising inflation and how it is making their jobs keeping their organizations secure more difficult—and what they are doing to try to combat these issues. "I Andrew Smeaton, CISO at Afiniti, says reassessment of cybersecurity programs and plans is necessary.

Cybersecurity

Cybersecurity CISO Phishing Education

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

Below is our esteemed panel of SC Awards judges, contributing from health care, engineering, finance, education, manufacturing, nonprofit and consulting, among others. Almeida led the development and implementation of enterprise-wide information security strategy, policies, risk assessments and controls.

Computers and Electronics

Computers and Electronics Technology Information Security Education

Preventing Critical Email Attacks: Brian Krebs and Mike Britton Discuss

SecureWorld News

MARCH 17, 2022

That was the case for a broadcast SecureWorld recently hosted with Mike Britton, CISO of Abnormal Security , and legendary investigative journalist Brian Krebs. Key takeaway #3: Social engineering is the most powerful attack vector against InfoSec protocols. And you know, that can cause a potential loss for that organization.".

InfoSec

InfoSec Social Engineering Phishing Cybercrime

SPOTLIGHT: Women in Cybersecurity

McAfee

NOVEMBER 3, 2020

Forrester also predicts that the number of women CISOs at Fortune 500 companies will rise to 20 percent in 2019 , compared with 13 percent in 2017. Director/CISO of IT Risk Management. Director/CISO of IT Risk Management at Ulta Beauty located in Bolingbrook, IL. Alexandra holds a B.S. Diane Brown. Ulta Beauty.

Cybersecurity

Cybersecurity Architecture Cloud Migration Retail

Cybersecurity Snapshot: Tenable Report Warns About Toxic Cloud Exposures, as PwC Study Urges C-Suite Collaboration for Stronger Cyber Resilience

Security Boulevard

OCTOBER 18, 2024

Check out invaluable cloud security insights and recommendations from the “Tenable Cloud Risk Report 2024.” Plus, a PwC study says increased collaboration between CISOs and fellow CxOs boosts cyber resilience. Meanwhile, a report finds the top cyber skills gaps are in cloud security and AI.

Cybersecurity

Cybersecurity CISO CSO Risk

WEF Outlines Path to Cyber Resilience for Manufacturing Sector

SecureWorld News

MAY 29, 2024

The risk is too great, and key business partnerships are required," said Amy Bogac , former CISO at The Clorox Company. "If If you are a CFO, COO, or supply chain leader, please engage with your security partner like your (professional) life depends on it." Director, Cyber Security, Acumatica, Inc., trillion annually. "

Manufacturing

Manufacturing CISO Cyber threats Risk

Seven Massachusetts Cities Join Forces to Bolster Cybersecurity Posture

SecureWorld News

MAY 16, 2023

We use this type of model for our 'Whole of State' approach to security in North Dakota," says Michael Gregg, CISO for the State of North Dakota. Small entities struggle with the cost of security services. By banding together, these entities can accomplish much more than going it alone. He says: "I love this idea!

Cybersecurity

Cybersecurity Insurance Cyber Risk CISO

2025 Cybersecurity Trends That Redefine Resilience, Innovation, and Trust

NetSpi Executives

DECEMBER 3, 2024

This will drive a greater shift towards fewer, more comprehensive solutions that reduce management complexity and enhance team productivity. With cyber threats growing more complex and frequent, CISOs are under immense pressure to ensure that their teams can respond rapidly and decisively.

Cybersecurity

Cybersecurity CISO Social Engineering Accountability

IRISSCON 2022 roundup: a new hope

BH Consulting

NOVEMBER 15, 2022

DI Doyle gave examples of victims including an unnamed law firm and a large engineering company. Georgia Bafoutsou of ENISA, the EU’s information security agency, called on those attending to amplify messages about security awareness. Sharon Conheady’s entertaining talk explored the ethical side of social engineering.

Social Engineering

Social Engineering Insurance CISO Ransomware

A Guide to Articulating Risk: Speaking the Language of the Stakeholder

Security Boulevard

JUNE 29, 2023

The role of the modern CISO today is just as much about managing technical solutions as it is about communicating risk to key decision-making stakeholders. The post A Guide to Articulating Risk: Speaking the Language of the Stakeholder appeared first on Security Boulevard.

Risk

Risk CISO Social Engineering Security Awareness

Common IT Security Roles and Responsibilities Explained

Spinone

JULY 29, 2020

Application Security Engineer The job of an app security engineer has two major aspects. Firstly, you will need to help developers to create more secure apps. Don’t be surprised that sometimes, different roles share some responsibilities. Risky and insecure apps should be blacklisted.

Penetration Testing

Penetration Testing CISO Engineering Software

8 Cyber Predictions for 2025: A CSO’s Perspective

Security Boulevard

JANUARY 9, 2025

Threat actors used AI tools to orchestrate highly convincing and scalable social engineering campaigns, making it easier to deceive users and infiltrate systems. 2025 predictions: AI (again), insider threats, and moreHere are eight cybersecurity trends and predictions I expect will shape the landscapeand security prioritiesin the year ahead.

Social Engineering

Social Engineering Architecture Phishing Risk

Local government cybersecurity: 5 best practices

Malwarebytes

SEPTEMBER 30, 2022

In Michigan’s Cyber Partners Program , for example, local communities receive services from a CISO-level consultant. University partners : Partnering with universities can help local governments get access to talent, technological insights, even real-time network security monitoring. Employee security awareness training.

Government

Government Cybersecurity Cyber Insurance Insurance

How to evaluate OT security program maturity

Security Boulevard

OCTOBER 23, 2024

Yes No No How frequently OT security awareness programs run? Once a quarter Once every 9 months Only in October Are crown jewels and legacy systems residing behind a DMZ?

Architecture

Architecture Risk Government Engineering

Cybersecurity Culture: How Princeton University's Security Team Created It

SecureWorld News

MAY 19, 2020

Sherry brought to Princeton his 25 years of technology experience, 12 of which was in higher education as the former CISO at Brown University. In many ways, leading a security mission out of a university is like securing a city. Security culture: the security team and everyone else.

Cybersecurity

Cybersecurity CISO Risk Education

The secrets to start a cybersecurity career

Responsible Cyber

JULY 14, 2024

This article is a complete guide to starting a career in cybersecurity: Choosing a Career Path : Explore different routes within cybersecurity, including leadership and operations or engineering. Skills Needed: Strategic planning abilities, deep knowledge of security standards (e.g., ISO 27001), experience with risk management tools.

Cybersecurity

Cybersecurity Education Penetration Testing Technology

Sisense Hacked: CISA Warns Customers at Risk

Security Boulevard

APRIL 12, 2024

The post Sisense Hacked: CISA Warns Customers at Risk appeared first on Security Boulevard. A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.”

Risk

Risk Hacking Government Digital transformation

Stalkers: ‘Ugly Truth’ of Facebook Staff Abusing Private Data

Security Boulevard

JULY 16, 2021

The post Stalkers: ‘Ugly Truth’ of Facebook Staff Abusing Private Data appeared first on Security Boulevard. A new book exposes yet another Facebook failure for the social media firm to say sorry about. But nothing’s going to change.

Media

Media Social Engineering CISO Security Awareness

GoDaddy Hosting Hacked — for FOURTH Time in 4 Years

Security Boulevard

FEBRUARY 20, 2023

The post GoDaddy Hosting Hacked — for FOURTH Time in 4 Years appeared first on Security Boulevard. GoDaddy’s web hosting service breached yet again. This time, the perps were redirecting legit websites to malware.

Hacking

Hacking Malware Social Engineering CISO

How to Prepare Your Workforce for the Deepfake Era

Security Boulevard

JULY 22, 2024

The post How to Prepare Your Workforce for the Deepfake Era appeared first on Security Boulevard. Of all of the AI-powered weapons, the one that your employees may be the least equipped to resist is deepfake technology.

Technology

Technology Social Engineering Engineering CISO

Oops! Meta Security Guards Hacked Facebook Users

Security Boulevard

NOVEMBER 18, 2022

Meta Security Guards Hacked Facebook Users appeared first on Security Boulevard. Facebook parent Meta has disciplined or fired at least 25 workers for allegedly hacking into user accounts. The post Oops!

Hacking

Hacking Accountability Social Engineering CISO

Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs

Security Boulevard

JUNE 14, 2024

The post Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs appeared first on Security Boulevard. Copilot Plus? More like Copilot Minus: Redmond realizes Recall requires radical rethink.

Digital transformation

Digital transformation Artificial Intelligence Social Engineering Data privacy

Warning: N. Korean Job Scams Push Trojans via LinkedIn

Security Boulevard

OCTOBER 1, 2022

Korean Job Scams Push Trojans via LinkedIn appeared first on Security Boulevard. Hey, hey, DPRK, how many people will you scam today? The post Warning: N.

Scams

Scams Social Engineering CISO Security Awareness

‘Extraordinary, Egregious’ Data Breach at House and Senate

Security Boulevard

MARCH 10, 2023

The post ‘Extraordinary, Egregious’ Data Breach at House and Senate appeared first on Security Boulevard. Capitol Trouble: Senators, representatives and staffers suffer PII leak. Could it finally kickstart some action?

Data breaches

Data breaches Social Engineering Insurance CISO

Why an HR-IT Partnership is Critical for Managing Cybersecurity Risk

Security Boulevard

FEBRUARY 6, 2024

The post Why an HR-IT Partnership is Critical for Managing Cybersecurity Risk appeared first on Security Boulevard. By aligning priorities into a shared game plan, HR and IT can finally set their organizations up to defend against modern cyberthreats.

Risk

Risk Cybersecurity Social Engineering Cyber Risk

New Russian Hacks Revealed—but U.S. Says it’s Microsoft’s Fault

Security Boulevard

OCTOBER 26, 2021

Says it’s Microsoft’s Fault appeared first on Security Boulevard. Microsoft has issued another of its “look how clever we are” writeups of detecting APT29 hackers. But the U.S. government sees it differently. The post New Russian Hacks Revealed—but U.S.

Hacking

Hacking Government Social Engineering CISO

Crowdstrike outage: Growing scams amid global outage

Security Boulevard

JULY 29, 2024

The post Crowdstrike outage: Growing scams amid global outage appeared first on Security Boulevard. The post Crowdstrike outage: Growing scams amid global outage appeared first on Click Armor.

Scams

Scams Social Engineering CISO Engineering

Chinese Tech: Banned in DC, but not in the States

Security Boulevard

OCTOBER 31, 2022

The post Chinese Tech: Banned in DC, but not in the States appeared first on Security Boulevard. There’s a massive loophole in the federal ban on Chinese technology from sus firms such as Huawei and ZTE: It doesn’t stop states from buying it.

Technology

Technology Social Engineering CISO IoT

Unlearning What We Know In Cybersecurity

Jane Frankland

OCTOBER 1, 2021

Just watch this video by Destin Sandlin, he’s an American engineer and science communicator who produces the YouTube series Smarter Every Day. How to secure a dissolved perimeter, onboard new partners and suppliers, manage passwords, train your employees on security awareness, and deal with a breach or ransomware attack?

Cybersecurity

Cybersecurity Ransomware Technology Identity Theft

Phish or Be Phished. That is the question!

Security Boulevard

SEPTEMBER 7, 2022

Even with a generic greeting, you would think an AL-powered anti-phishing protection engine would have blocked the message. Phishing attacks often rely on social engineering techniques to trick users into revealing sensitive data. Whaling, spear, barrel, reverse social engineering, malware, ransomware, account compromise.

Phishing

Phishing Social Engineering Identity Theft Engineering

IRISSCON 2023: OT, AI, and human empathy

BH Consulting

NOVEMBER 22, 2023

Deryck Mitchelson, EMEA field CISO for Check Point, chimed in on this point. With so many alerts coming in to security operations centres and incident management systems, AI can help security teams from being overworked and potentially missing vital signals that something’s wrong. “Any To be trusted, listen,” she said. “I

Cybercrime

Cybercrime Technology Cybersecurity Engineering

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

Reaction to Social Engineering Indicative of Cybersecurity Culture

Trending Sources

News Alert: INE Security enables CISOs to secure board support for cybersecurity training

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

$12M Ransomware Attack Hit Because Nobody Listened to the Security Team

Nurturing Our Cyber Talent

Strong medical device security awareness stifled by inventory, knowledge gaps

NIST and No-notice: Finding the Goldilocks zone for phishing simulation difficulty

Police are warning crooks are using cleaners to compromise businesses

Best Cybersecurity Awareness Training for Employees in 2021

Spotlight on Cybersecurity Leaders: Diego Maldonado

Cyber Security Awareness and Risk Management

Inflation Is Making Cybersecurity Even More Challenging for Leaders

Meet the 2021 SC Awards judges

Preventing Critical Email Attacks: Brian Krebs and Mike Britton Discuss

SPOTLIGHT: Women in Cybersecurity

Cybersecurity Snapshot: Tenable Report Warns About Toxic Cloud Exposures, as PwC Study Urges C-Suite Collaboration for Stronger Cyber Resilience

WEF Outlines Path to Cyber Resilience for Manufacturing Sector

Seven Massachusetts Cities Join Forces to Bolster Cybersecurity Posture

2025 Cybersecurity Trends That Redefine Resilience, Innovation, and Trust

IRISSCON 2022 roundup: a new hope

A Guide to Articulating Risk: Speaking the Language of the Stakeholder

Common IT Security Roles and Responsibilities Explained

8 Cyber Predictions for 2025: A CSO’s Perspective

Local government cybersecurity: 5 best practices

How to evaluate OT security program maturity

Cybersecurity Culture: How Princeton University's Security Team Created It

The secrets to start a cybersecurity career

Sisense Hacked: CISA Warns Customers at Risk

Stalkers: ‘Ugly Truth’ of Facebook Staff Abusing Private Data

GoDaddy Hosting Hacked — for FOURTH Time in 4 Years

How to Prepare Your Workforce for the Deepfake Era

Oops! Meta Security Guards Hacked Facebook Users

Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs

Warning: N. Korean Job Scams Push Trojans via LinkedIn

‘Extraordinary, Egregious’ Data Breach at House and Senate

Why an HR-IT Partnership is Critical for Managing Cybersecurity Risk

New Russian Hacks Revealed—but U.S. Says it’s Microsoft’s Fault

Crowdstrike outage: Growing scams amid global outage

Chinese Tech: Banned in DC, but not in the States

Unlearning What We Know In Cybersecurity

Phish or Be Phished. That is the question!

IRISSCON 2023: OT, AI, and human empathy

Stay Connected