Articles about CISO

Data is the most valuable resource for the global enterprise. For any company wanting to remain relevant in today’s competitive business landscape, data needs to be at the center of every business decision, allowing the C-suite to review initiatives, make real-time decisions and if necessary reverse actions. A quick response fueled by real data insights will power and improve the customer experience and product offerings while driving lower prices through better efficiency. Ultimately, this will improve the bottom line and deliver successful outcomes for many organizations.

However, to unlock the true value of data, it is equally important that organizations ensure that confidential data is always secure. To achieve this, the Chief Information Security Officer (CISO), who acts as the gatekeeper to data to ensure it is compliant and secure, and the Chief Data Officer (CDO), who aims to unlock and exploit data, have different and competing priorities, yet they must be able to work together towards a common goal to achieve the strategic objectives of the organization and deliver great customer and business outcomes. There are significant benefits to be had when these two role holders work together and huge drawbacks when they don’t. 

Continue reading →

As the profile of cybersecurity has increased within enterprises, so has the challenge of finding people to fill senior roles and then hanging on to them.

Recent research suggests that CISOs don't stay in the job for more than three years on average. One answer is to use a virtual CISO (vCISO) to advise on current issues and relieve the strain on the in-house team.

Continue reading →

It can be a challenging proposition to navigate your first 30 days as CISO. You have the responsibility of securing an entire company on your shoulders, and you know that without robust security infrastructure and processes, the organization is exposed to external threats, service restrictions and degradation, and insider risk.

To effectively guide your organization’s security posture, tackle your first 30 days with a strategic mindset and focus on the following three key priorities: taking in information, identifying quick wins, and implementing robust processes.

Continue reading →

In security, we are very used to talking about features and functions in the tools we use. When it comes to measuring the positive impact of what we spend on cyber, in terms of both people and equipment costs, we tend to be equally abstract -- for years, 'mean time to detection' and 'mean time to resolution' have probably been the two most widely-used metrics for cybersecurity progress, and measuring the number of security incidents handled is still probably how the CISO tracks his team’s contribution to the organization.

But no longer. Today we need to start thinking about measuring cyber’s impact in completely new ways -- or to be more accurate, concepts new to us in IT security but already very familiar to our colleagues in HR; with terms that seem very far from threat intelligence, such as wellbeing, inclusion and creating psychologically safe spaces.

Continue reading →

Cybersecurity automation has steadily gained traction as organizations seek to improve efficiency, address talent gaps, and keep up with escalating threats. However, our latest State of Cybersecurity Automation research shows that while more businesses are utilizing automation, they continue to grapple with obstacles that prevent them from fully capitalizing on its benefits.

In our recent study surveying over 700 cybersecurity professionals, we uncovered several persistent pain points in implementing automation. The research found that a lack of trust in automated outcomes, insufficient expertise among users, and poor communication between teams have hampered automation success. As a result, organizations are struggling to build confidence in automation and maximize its effectiveness.

Continue reading →

I’ve led security functions and established cybersecurity board reporting processes for over 25 years. The relationship between CEOs and CISOs has always held contradictions and the decisions around when to disclose a breach have always been hard. But the recent developments involving the SEC and SolarWinds is a regulatory game-changer for the CISO community. Still, I think we’ll all ultimately come out OK from this if we behave ethically.

New ethical lines are being drawn very quickly and publicly as teams figure out the lines between good judgment and fraud. I have no intention of moralizing here about the SEC’s allegations against SolarWinds and their CISO. Rather, I’d like to shine a light on the underlying principles of disclosure that have served as my own ethical compass, and which I think remain unchanged.

Continue reading →

A new poll of over 500 security decision makers and developers shows a disconnect and even some distrust between CISOs and developers relating to how security-conscious each department is within the organization and what their roles are.

The Harris Poll conducted for Chainguard finds a majority of both developers and CISOs view software supply chain security as a top priority in their roles (70 percent and 52 percent respectively).

Continue reading →

The most recent average CISO total compensation increase was 11 percent, down from 14 percent the previous year. This year, 20 percent of CISOs did not receive a raise, double the number of a year ago.

Research released today from IANS Research and Artico Search finds that the share of CISOs with bigger retention bonuses and equity packages also declined to 12 percent (from 21 percent) and to eight percent (from 24 percent), respectively.

Continue reading →

A new report finds 86 percent CISOs are turning to generative AI in order to alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic.

The study from Splunk shows 35 percent are using generative AI for positive security applications and 61 percent say they will likely use it within the next 12 months. On the other side of the coin 70 percent believe that generative AI could give cyber adversaries more opportunities to commit attacks

Continue reading →

Cloud transition plans have dominated the CISO agenda for the past decade, accelerated by the rapid shift to working remotely. Now, cloud infrastructure and strategies have moved far beyond the initial reactive approach of the last few years and into a revenue-generating, proactive investment for all modern businesses. Communications service providers (CSPs) are aligning their services and networks to support this trend and most are reporting a positive outcome related to the cloud transition of their enterprise customers.

As technology evolves and digital transformation plans continue to accelerate, enterprises that want to stay competitive are transitioning a portion of their infrastructure to the cloud, focusing on finding the right mix of cloud services to support their mix of applications as well as their current and future plans. These enterprises are looking to communications service providers to help them manage a complex multi-cloud environment as well as including CSP cloud services in that mix.

Continue reading →

A new report from Team8 shows that 56 percent of CISOs have had budget increases since 2022 despite the economic slowdown, while 25 percent saw no change and 19 percent cuts.

However, larger security departments have been most affected by budget cuts with 67 percent of those with 51-100 people seeing budget reductions.

Continue reading →

Identity access management (IAM) is a key priority for enterprise security leaders according to the latest CISO Survival Guide, released today by Cisco along with Forgepoint, NightDragon, and Team8.

According to the guide 85 percent of IT decision-makers prioritize IAM investments more highly than other security solutions, while 23 percent of respondents report that user and device identity management is a top priority.

Continue reading →

Navigating the complexities of today’s digital landscape, it's clear that cyber security can no longer be the sole accountability and responsibility of one person -- the CISO. As cyber threats evolve, becoming more frequent and sophisticated, a single individual can't feasibly manage it all. As a result, and at some point in the future, we may dare to consider that the traditional CISO role might eventually become obsolete as business units become secure-by-design.

We need to pivot. Rather than placing the weight of managing an organization's entire security on the shoulders of one person, we need to integrate cyber security throughout every layer of our operations. This means moving towards a world where every business unit and every employee in an organization understands and owns their role in maintaining cyber security.

Continue reading →

The cyber talent shortage is a greater concern for CISOs than ongoing economic uncertainty, according to the latest Information Security Maturity Report from ClubCISO and Telstra Purple.

Insufficient staff is named as the top (51 percent) concern for CISOs when asked which factors most affect their ability to deliver against their objectives.

Continue reading →

A new study of over 200 CISOs and senior security leaders at organizations with over 5,000 employees shows that 93 percent have suffered at least one cyberattack in the last year and all of them think the security landscape is worsening.

The research from Censys also shows that 53 percent identify the need to secure their organization's entire attack surface as their top priority.

Continue reading →