The key to reducing "alert fatigue" is to make sure alerts are repeatedly validated before they're distributed, says Chris Kubic, CISO at Fidelis Cybersecurity, who formerly served as CISO at the U.S. National Security Agency.
There's growing momentum around the use of software bills of materials, which allow for automated supply chain risk analysis. Patrick Dwyer of OWASP says that SBOMs and automation mean organizations can make better risk-based decisions on emerging security threats.
Customer data, PII, web apps – your strategic assets are digital, and they require a new degree of digital risk protection. In this exclusive panel, CISOs Todd Carroll of CybelAngel and TJ Hart of PlanSource discuss the needs, scope and practical use cases.
Network intrusion displaced phishing as the leading hack-attack tactic last year, while ransomware continued to surge as the pandemic complicated incident response efforts, says BakerHostetler's Craig A. Hoffman, who describes trends from the 1,250 incidents his firm helped manage.
Fintech firms offer established financial services companies the ability to navigate the open banking revolution, but convincing them to rely on emerging cloud, container and other technologies requires flexibility and salesmanship, says Finleap Connect's Francis McGillicuddy.
Driving employees to make cybersecurity a core part of their work vision and mindset continues to be a challenge. Anne Hännikäinen, CISO of Fintraffic, describes essential best practices - from having senior leadership on board to facilitating better communications via such strategies as gamification.
As the head of product security for LeanIX, Michael Lines is primarily focused on risk management, risk assessment and data governance. He tells why he believes that more security leaders and CISOs should focus on risk.
As both a CISO and CTO, Tim Heger is in the unique position of shaping HealthBridge's approach to security as well as adopting new technologies to keep the organization on the cutting edge. In his spare time, he helps mentor and encourage startups.
Diego Souza's main responsibility as the global CISO at Cummins Inc. is focusing on the gap between IT and OT security and effectively communicating risk and other security issues to the board. But his passion is developing and mentoring the next generation of cybersecurity leaders.
Experience as a chief enterprise architect offers excellent underpinnings for performing as a security leader, in that both roles require creating and executing a vision, backed by stakeholder buy-in and navigating obstacles - no matter the scarcity of resources, says Suren Naidoo, CISO of The Foschini Group.
"No risk, no business." As global CISO of Egyptian Arab Land Bank, Mohamed Mostafa says he regularly applies that maxim, which he learned from a prior boss, as he seeks to maximize his organization's security posture while working closely to collaborate with every line of business.
Drawing on her experience selling cybersecurity products and services, Nastassja Finnegan now sits in the hot seat, serving as CSO of South Africa's First National Bank. Succeeding in either role, she says, requires interfacing with users, understanding their needs and helping them to do the right thing.