CISO
Microsoft appoints a new Global CISO amid security leadership shakeup
"A storied career in high-scale/high-security, demanding environments"
CISO
The Big Interview: JPMorgan’s Global CISO, Pat Opet
"Industry has gotten good at identifying vulnerabilities in the supply chain; SBOMs and so on [but not at] at insidious backdoors and logic issues that are built into software, and update mechanisms that could cause implants..."
CISO
Mike Hanley, CSO, GitHub on “guns, gates, guards”, AI, ignoring the “flashy stuff”
"You have to be intentional about designing for real people who are not security experts."
CISO
“Security is a full contact sport”: Aerospace firm Sierra Nevada Corporation CSO Robert Daugherty
"We operate with the assumption that a sophisticated nation state threat actor is always active inside the organisation"
CISO
As SEC’s SolarWinds charges reverberate, companies scrutinise cyber risk disclosures
'Do not state anything that is subjective and avoid adjectives (e.g., "state of the art," "mature," "advanced," "appropriate," "comprehensive," or "reasonable")' say experts.
data breaches
Okta breach looks worse as BeyondTrust, Cloudflare, 1Password report impact, flag concerns
Concern at IAM vendor Okta's response mounts as BeyondTrust details concerns, Cloudflare calls for customers to press harder on "further information regarding potential impact to your organization"
CISO
CISO salaries: 20% earning over $700,000; GRC backgrounds get less
"We’re seeing CISOs getting elevated in the business, taking on a larger scope and being exposed to increased liability."
CISO
JPMorgan’s Global CISO urges use of Sigstore, Alpha-Omega in open source security drive
Multinational's Global CISO touts critical work being done by the OpenSSF and tools like its Security Scorecard...
Cybersecurity
The State Department is running 27,000 end-of-life systems but its CIO has been hamstrung...
Two new women in charge as CIO and CISO aim to stop the rot
Citi
Job of the Week: Head of Generative AI Security, Citi
"Ideate and leverage Gen AI to solve cybersecurity problems at scale for Citi..."
Cybersecurity
MGM Resorts’ ransomware attack started with a single phone call
Social engineering allegedly led to MGM attack: $13 billion firm's cybersecurity "defeated by a 10-minute conversation"?
Microsoft
A powerful key was stolen from one of the world’s largest companies. It still has questions to answer.
An attacker could have been forging access tokens to Microsoft services for up to two years, unnoticed