Boston, MA, USA, 21st January 2026, CyberNewsWire

Atlanta, GA, United States, 20th January 2026, CyberNewsWire

Madison, United States, 20th January 2026, CyberNewsWire

 

The Cybersecurity Vault — episode 52, with guest Wil Klusovsky.

Wil discusses the essential questions that CEOs should be asking their CISOs. He explores the importance of effective communication between technical and business perspectives, the need for investment in cybersecurity with clear ROI, and the significance of understanding risks and setting priorities.

The conversation also delves into the importance of business resilience, managing third-party risks, and preparing for future threats in the ever-evolving cybersecurity landscape. The episode emphasizes the need for CISOs to articulate their strategies in business terms to align with corporate goals and secure necessary resources.

Subscribe for more episodes of Cybersecurity Vault!

Chapters:

00:00 Introduction to Cybersecurity Questions

02:06 Importance of CEO-CISO Communication

05:03 Investment and ROI in Cybersecurity

08:17 Establishing Cybersecurity Priorities

11:12 Identifying the Biggest Risks

14:24 Understanding the Risk Register

15:41 Crafting a Compelling Risk Narrative

18:21 Blind Spots in Cybersecurity Awareness

21:27 Understanding Accepted vs. Unknown Risks

24:29 The Importance of Documentation in Risk Management

25:22 Business Resilience and Recovery Planning

27:52 Engaging Third-Party Vendors in Cybersecurity

31:09 Cybersecurity as a Business Advantage

34:44 Future Threats and Technological Advancements

38:42 Translating Cybersecurity into Business Language

40:51 The Impact of CISO Responses on Business Outcomes

Wil’s LinkedIn Profile: https://www.linkedin.com/in/wilklu/

9 CISO Questions LinkedIn Post: https://www.linkedin.com/feed/update/urn:li:activity:7394720767416107008

Keyboard Samurai Podcast: https://www.youtube.com/@KeybdSamurai

Website: https://www.wilklu.me/podcast

Follow Matthew on

· LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

· SubStack: https://substack.com/@matthewrosenquist

Visit Cybersecurity Insights at https://www.cybersecurityinsights.us

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

rsecurityInsights

The post 9 Cybersecurity Questions that Define a CISO appeared first on Security Boulevard.

Security leaders chart course beyond predictions with focus on supply chain, governance, and team efficiency.

The post Forget Predictions: True 2026 Cybersecurity Priorities From Leaders appeared first on SecurityWeek.

Silver Spring, Maryland, 15th January 2026, CyberNewsWire

Ransomware remains the biggest concern for CISOs in 2026, according to WEF’s Global Cybersecurity Outlook 2026 report.

The post Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF  appeared first on SecurityWeek.

Here we examine the CISO Outlook for 2026, with the purpose of evaluating what is happening now and preparing leaders for what lies ahead in 2026 and beyond.

The post Cyber Insights 2026: What CISOs Can Expect in 2026 and Beyond appeared first on SecurityWeek.

Phishing in 2026 is harder to detect and verify. Learn how CISOs can speed up investigations, reduce noise, and respond with confidence.

Closed CISO communities act as an information exchange, advice center, pressure valve, and safe haven from critical oversight.

The post CISO Communities – Cybersecurity’s Secret Weapon appeared first on SecurityWeek.

PinnacleOne recently partnered with a leading UK construction company to analyze the cybersecurity risks shaping the sector in 2025. This new report explores how evolving threats intersect with the construction industry’s unique challenges, including tight project timelines, complex supply chains, sensitive data, and high-value transactions. Aimed at CISOs and security leaders, it provides actionable guidance to balance opportunity with resilience, ensuring construction firms stay secure while building the nation’s future.

Report Overview

The UK construction sector is a vital part of the national economy, contributing approximately 5.4% of GDP and employing around 1.4 million people. However, this critical industry is increasingly the target of cyber threat actors seeking financial gains and espionage.

PinnacleOne recently collaborated with a UK construction company to review these trends and bolster their cyber strategy. In a new report, PinnacleOne synthesizes key recommendations for construction sector cyber strategy to help CISOs stay ahead of the threat.

The construction industry’s core characteristics make it a uniquely enticing target for cyber threat actors:

• Money: Construction companies frequently handle high-value transactions, making them susceptible to financial fraud via business email compromise (BEC). Attackers can achieve significant gains by intercepting even a single large transaction.
• Sensitive Data: Construction firms often possess a variety of sensitive data, including personal, sensitive personal, and client data, some of which is regulated by mandates like the Building Safety Act. This data is valuable to both threat actors and regulators, incentivizing attacks and regulatory scrutiny.
• Time Sensitivity: Construction projects operate on tight schedules and budgets. Cyberattacks causing delays can lead to reputational damage and liquidity issues, as rapid payment for invoices is often mandated.
• Broad Attack Surface: The industry’s reliance on numerous contractors, subcontractors, suppliers, and a wide array of IoT/OT devices creates multiple avenues for threat actor infiltration, presenting significant cybersecurity challenges.

For construction companies, cyber risk is inherently business risk. Cyber incidents can directly impact project timelines, budgets, and even the safety and structural integrity of the built environment. The interconnected nature of the construction ecosystem means that attackers can leverage any exposed point of entry. This, combined with slim profit margins and inconsistent cybersecurity investments, elevates the risk profile for the entire industry.

By adopting a proactive, risk-based cybersecurity approach, construction firms can strengthen their resilience and protect operational continuity and client trust. Read the full report here.

The era of evaluating AI on its potential is over. For CISOs, the only conversation about AI worth having in cybersecurity is about proven performance. The executive mandate is clear – every leader is being asked how they are using AI to get better, faster, and more profitable. For CISOs, this pressure transforms the conversation from if they should adopt AI to how to do it right. The right AI investment is one that strengthens the business by delivering faster threat containment, creating more efficient security teams, and providing a quantifiable reduction in overall risk.

In a landscape where every vendor claims AI supremacy, the measure of a platform’s worth is not its model size or an arbitrary LLM benchmark, but its ability to deliver on those business imperatives. It’s time to move beyond the hype and focus on the results of implementing AI for security operations.

Security teams face unprecedented pressure from a growing volume, complexity, and speed of cyberattacks – it’s more noise, more work, more risk. Tried-and-true security methods and manual workflows are struggling to keep pace, resulting in overwhelmed analysts, overlooked alerts, and greater organizational risk. In response, security teams not only need new tools, but also a fundamental shift in how they approach security.

To guide this transformation, SentinelOne created the Autonomous SOC Maturity Model, a framework showing how advanced generative and agentic AI are essential to augment human expertise, analyze data, and automate workflows to counter threats at machine speed.

Discerning Genuine AI Value from Market Noise

For CISOs, the challenge lies in cutting through the deafening market noise to identify actual AI-driven value. True AI value manifests when organizations can accelerate their threat detection and response times while reducing critical metrics such as MTTD and MTTR. By automating routine and repetitive tasks, AI enables experienced analysts to focus their expertise on proactive threat hunting and deeper investigation.

Organizations implementing AI in their security programs aim for substantial gains in efficiency, demonstrably lower risk, and a reduction in the probability and severity of security incidents. Tools driven by AI become essential to security teams when they improve the analyst workflow and provide security professionals of all levels with amplified capabilities. Most people are now familiar with generative AI: tools that help assist you with work.

In security, that means generating readable content from raw data (incident summaries, queries, investigative insights) to help an analyst understand what’s happening faster. It’s about speeding up comprehension. Agentic AI goes further. This isn’t about just providing assistance, it’s about systems that can do the work. Advanced AI systems, particularly those that leverage agentic capabilities, can now handle data recall and correlation, and even initiate decision-making steps with precision, enabling teams to respond faster and more accurately.

The most effective AI complements and amplifies human expertise and vice versa, driving towards a more resilient security posture. Ultimately, the goal of a well-designed AI system is where the human role is elevated to strategic oversight and supervision of AI actions, applying their expertise and deep institutional knowledge of tools and processes in a more effective way. The role of the analyst shifts from manually triaging and investigating a queue of alerts to applying their expertise for the supervision of an autonomous system. AI agents can reason through multi-step tasks, decide on next actions, prioritize what matters most, and move workflows forward autonomously, while maintaining transparency and keeping a human in the loop.

Navigating the AI Maze: What CISOs Should Look For In AI Tools

Navigating the AI vendor landscape is challenging. Use this checklist to prioritize solutions that deliver smarter, faster, and more integrated security, ensuring you invest in true value, not just hype.

1. Does It Deliver Unified, Actionable Visibility?

• Can the AI break down data silos by ingesting and correlating intelligence from my entire security landscape, including endpoints, cloud workloads, identities, firewall, SASE, and threat intelligence feeds?
• Does it provide a single, unified view to turn disparate data points into actionable insights?

2. Does It Support Open Standards for Better Detection?

• Does the platform adopt open standards for data normalization, like the Open Cybersecurity Schema Framework (OCSF)?
• Will this result in more accurate, context-rich threat detection by ensuring all my security tools speak the same language?

3. Does It Drive Action and Containment?

• Does the AI move beyond simply identifying issues to actively helping my team contain them?
• Can it transform raw telemetry into clear intelligence that drives automated response actions or provides prioritized, guided pathways to remediation?

4. Does It Empower Analysts and Foster Autonomy?

• Is the AI designed to simplify complexity and empower analysts of all skill levels, reducing alert fatigue and freeing up human talent for the most critical threats?
• Does it help my team move towards a more autonomous operational model?

5. Does It Act as a True Force Multiplier?

• Does the platform leverage both generative AI (for insights and understanding) and agentic AI (for autonomous actions and decision-making)?
• Is there clear evidence that the AI continuously learns, adapts, and enhances the capabilities and efficiency of my security team?

From Anecdote to Evidence: Outcomes of AI Deployments

Confronted with these challenges and choices, how can security leaders separate credible AI solutions from the hype? The answer lies in data-driven evaluations and an honest look at real-world implementations. Security leaders should evaluate solutions that demonstrate how advanced AI capabilities translate into measurable security and business outcomes.

A recent IDC white paper, “The Business Value of SentinelOne Purple AI” _[1] offers precisely this kind of quantitative evaluation. IDC conducted in-depth interviews with organizations using SentinelOne’s Purple AI, a solution that leverages cutting-edge generative AI and agentic AI to accelerate workflows like investigation, hunting, triage, and response.

The findings from these real-world deployments provide compelling insights into the tangible benefits AI can deliver when aligned with the needs of security leaders for speed, efficiency, and risk reduction. With the Singularity Platform and Purple AI, customers experienced significant improvements:

• 63% faster to identify and 55% faster to resolve security threats, meaning incidents are contained in minutes, not hours.
• Security teams became 38% more efficient, allowing them to support 61% more endpoints per team member.
• A 338% three-year ROI with a payback period of just four months.

These customer outcomes are attributed to Purple AI’s capabilities, including natural language querying, automated event summarization, suggested next investigation steps, and the automation provided by its agentic AI features like Auto-Triage. Organizations found that Purple AI enabled them to enhance their security operations, become more operationally efficient, and improve overall security outcomes, reducing operational risk and increasing business confidence.

Don’t just take our word for it – hear from existing Purple AI customers featured in the report about how they:

• Enhanced Security Operations: “Being able to ask a native question with SentinelOne Purple AI without needing to know specific keywords or learn new syntax is a massive force multiplier, saving us a lot of time.”
• Improved Operational Efficiency: “With Purple AI, we don’t have to scale our security expert team. At this point, we are avoiding hiring and we’ll be able to leverage our existing application teams.”
• Realized Risk Reduction: “Having Purple AI has been instrumental in improving our operational maturity. It allows us to conduct investigations with specificity, making informed decisions around security posture and ensuring nothing sneaks into our environment.”
• Increased Business Confidence: “In terms of innovation, I think it will potentially help us take more risks in the future because we’ll have more confidence.”

Beyond the Buzz: Judge for Yourself

When AI – incorporating both generative and agentic strengths – is thoughtfully implemented to address the demands of security teams, it moves the needle for security operations in a very real and measurable way. The key is to look past the marketing slogans and focus on validated outcomes. Generative and agentic AI will undoubtedly shape the future of the security operations center, and CISOs must move from cautious curiosity to strategic adoption.

Is AI a distraction or your next competitive advantage? Get the definitive answer in our on-demand webinar, Beyond the Buzz: Separating AI Hype from Security Outcomes. We present IDC’s quantitative evaluation of real AI implementations and feature insights from current Purple AI customers, IDC Research Vice President Chris Kissel, and SentinelOne’s Senior Director of Product Management Adriana Corona.

To learn more about how to transform security operations with Purple AI’s revolutionary approach to the Autonomous SOC, visit our web page or request a demo from a product expert.

_{[1] IDC Business Value White Paper, sponsored by SentinelOne, The Business Value of SentinelOne’s Purple AI, #US53337725, July 2025}

EXECUTIVE SUMMARY:

One of the leading cyber security conferences globally, Black Hat USA is where intellect meets innovation. The 2024 event is taking place from August 3^rd – 8^th, at the Mandalay Bay Convention Center in Las Vegas.

The conference is highly regarded for its emphasis on cutting-edge cyber security research, high-caliber presentations, skill development workshops, peer networking opportunities, and for its Business Hall, which showcases innovative cyber security solutions.

Although two other cyber security conferences in Las Vegas will compete for attention next week, Black Hat is widely considered the main draw. Last year, Black Hat USA hosted roughly 20,000 in-person attendees from 127 different countries.

Event information

The Black Hat audience typically includes a mix of cyber security researchers, ethical hackers, cyber security professionals – from system administrators to CISOs – business development professionals, and government security experts.

On the main stage this year, featured speakers include Ann Johnson, the Corporate Vice President and Deputy CISO of Microsoft, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Harry Coker Jr., National Cyber Director for the United States Executive Office of the President.

The Black Hat CISO Summit, on Monday, August 5^th through Tuesday, August 6^th, caters to the needs and interests of CISOs and security executives. This track will address topics ranging from the quantification of cyber risk costs, to supply chain security, to cyber crisis management.

Professionals who are certified through ISC2 can earn 5.5 Continuing Professional Education (CPE) credits for CISO Summit attendance.

Why else Black Hat

• Access to thousands of industry professionals who have similar interests, who can discuss challenges and who can provide new product insights.
• Access to the latest cyber research, which may not yet be widely available, helping your organization prevent potential attacks before they transform into fast-moving, large-scale issues.
• Cyber security strategy development in partnership with experts and vendors.
  • Check Point is offering exclusive 1:1 meetings with the company’s cyber security executives. If you plan to attend the event and would like to book a meeting with a Check Point executive, please click here.
• Community building. Connect with others, collaborate on initiatives and strengthen everyone’s cyber security in the process.

Must-see sessions

If you’re attending the event, plan ahead to make the most of your time. There’s so much to see and do. Looking for a short-list of must-see speaking sessions? Here are a handful of expert-led and highly recommended talks:

• Enhancing Cloud Security: Preventing Zero-Day Attacks with Modernized WAPs: Wednesday, August 7^th, at 11:00am, booth #2936
• How to Train your AI Co-Pilot: Wednesday, August 7^th, at 12:30pm, booth #2936
• Key Factors in Choosing a SASE Solution: Thursday, August 8^th, at 10:45am, booth #2936

Further details

Be ready for anything and bring the best version of yourself – you never know who you’ll meet. They could be your next software developer, corporate manager, business partner, MSSP, or cyber security vendor. Meet us at booth #2936. We can’t wait to see you at Black Hat USA 2024!

For more event information, click here. For additional cutting-edge cyber security insights, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

 

The post A preview of the upcoming Black Hat conference… appeared first on CyberTalk.

EXECUTIVE SUMMARY:

In a landmark case, a judge dismissed most of the charges against the SolarWinds software company and its CISO, Timothy Brown.

On July 18^th, U.S. District Judge Paul Engelmayer stated that the majority of government charges against SolarWinds “impermissibly rely on hindsight and speculation.”

The singular SEC allegation that the judge considered credible concerns the failure of controls embedded in SolarWinds products.

For its part, SolarWinds has consistently maintained that the SEC’s allegations were fundamentally flawed, outside of its area of expertise, and a ‘trick’ designed to allow for a rewrite of the law.

Why it matters

For some time, the SEC has pursued new policies intended to hold businesses accountable for cyber security practices; an understandable and reasonable objective.

In this instance, the SEC said that claims made to investors in regards to cyber security practices had been misleading and false – across a three year period.

The SEC’s indictment also mentioned falsified reports on internal controls, incomplete disclosure of the cyber attack, negligence around “red flags” and existing risks, and more.

But what caught the attention of many in the cyber security community was that, in an unprecedented maneuver, the SEC aimed to hold CISO Timothy Brown personally liable.

This case has been closely watched among cyber security professionals and was widely seen as precedent-setting for future potential software supply chain attack events.

Timothy Brown’s clearance

In the end, the court ruling does not hold CISO Timothy Brown personally liable for the breach.

“Holding CISOs personally liable, especially those CISOs that do not hold a position on the executive committee, is deeply flawed and would have set a precedent that would be counterproductive and weaken the security posture of organizations,” says Fred Kwong, Ph.D, vice president and CISO of DeVry University.

Despite the fact that this court ruling may loosen some CISO constraints, “you need to be honest about your security posture,” says Kwong.

The remaining claim against the company, which will be scrutinized further in court, indicates that there is a basis on which to conclude that CISOs do have certain disclosure obligations under the federal securities laws.

Further details

The SolarWinds incident, as its come to be known, has cost SolarWinds tens of millions of dollars. In 2023, the company settled a shareholder lawsuit to the tune of $26 million.

A spokesperson for SolarWinds has stated that the company is “pleased” with Judge Engelmayer’s decision to dismiss most of the SEC’s claims. The company plans to demonstrate why the remaining claim is “factually inaccurate” at the next opportunity.

For expert insights into and analyses of the SolarWinds case, please see CyberTalk.org’s past coverage. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The post SEC charges against SolarWinds largely dismissed appeared first on CyberTalk.

The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job.

Today’s modern CISO must ensure they are always prepared for the next big trend and remain ahead of adversaries.

As we begin to navigate 2023, the security landscape has transformed from a year ago, let alone a decade ago. The Russian invasion of Ukraine, emerging technologies like Web3 and AI, and new, post-pandemic ways of organizing the workforce have all led to significant shifts in the world of hacking.

In this article, we’ll look at how hacking is different in 2023, some of the key threats CISOs must contend with and some of the best defenses available.

What Does Modern Hacking Look Like?

Before we start, it’s worth noting that even the term “hacker” has undergone some evolution over the years. Once largely associated with hostile actors, many security professionals now refer to themselves as hackers. The term “white hat hacker” also exists; this refers to hackers using the same methods as cyber criminals to carry out ethical tasks like pressure-testing security systems.

So what are the concrete ways hacking has changed today compared to five, ten and even twenty years ago? There are several significant trends to highlight that look set to dominate the cybersecurity conversation in 2023.

A Lower Barrier to Entry

In the past, threat actors needed highly developed skill sets honed over many years. Hacking, especially targeting high-level organizations with valuable assets, wasn’t something just anyone could do — the bar was set high.

Today, with the emergence and growth of DIY hacking kits and services — available in places like the dark web — even fairly low-skilled cyber criminals can inflict damage and successfully commit crimes. This is concerning news because it means the pool of potential attackers is soaring.

Taking Advantage of the Shift to Remote Work

Although the COVID-19 pandemic is now receding, many effects still linger. One of the most notable is the sustained shift to remote working patterns. While more remote work options come with great employee benefits such as work-life balance and productivity, this style of working also carries inherent security risks.

With millions of companies now operating either partially or fully remote, along with escalating levels of cloud adoption, security teams have the challenging task of defending sensitive information and assets. Employees access all this data from a wide range of locations — including unsafe wireless networks and even public places.

Emerging Technologies Will Play a Greater Role

Emerging technologies like blockchain, the internet of things and artificial intelligence are expected to play a more prominent role in our lives in 2023, making them a more attractive target for attackers.

We’ve already seen a number of high-profile attacks on Web3 infrastructures, like the 2022 hacking of the Binance exchange for $570 million. Threat actors can also turn new technologies to their own advantage; for example, by harnessing AI tools to automate their attacks and quickly identify easy targets.

Bigger Targets and Heavyweight Players

The invasion of Ukraine in early 2022 sparked a new era of geopolitics, shifting the cybersecurity landscape. Russia has been targeting critical infrastructure in Ukraine with cyberattacks. As tensions between the West and its adversaries reach the highest point in decades, it’s realistic to expect more such attacks against Western targets.

CISOs at all levels must prepare for attacks by nation-state actors, which could even target assets like regional power grids.

What Will Be the Most Popular Hacking Methods of 2023?

Which techniques will malicious actors use to achieve their goals in 2023? While it’s difficult to predict, we’ll likely see a continuation of recent trends.

• Phishing. Despite  — or perhaps because of — its simplicity, phishing remains an extremely effective method for threat actors of all types. Tricking victims into sharing sensitive data, including company information, is a tried-and-tested attack vector that organizations must prepare for with widespread employee education and more robust password policies.
• DDoS attacks. Distributed Denial of Service attacks work by overwhelming the target’s servers with traffic, causing them to crash. In many cases, attackers are using cloud infrastructure to bolster their DDoS attacks.
• Ransomware. This method has been skyrocketing year over year and will probably trend upward in 2023. During an attack, malicious actors seize an organization or individual’s data, encrypt it and demand a ransom for its return. Ransomware can be devastating, leading to enormous financial losses and irreparable reputation damage.
• Targeting missing patches. Many threat actors are actively searching for security patches that organizations have failed to keep up to date. Then, they take advantage of those vulnerabilities.

What Does Defense Against Hacking Look Like in 2023?

As hacking continues to evolve, so do the methods cybersecurity teams are deploying to combat those threats.

Here are some of the key trends in defense against hacking to be aware of in 2023:

Automation and AI

AI is being harnessed by cyber criminals more and more, but when used correctly, it can also be a powerful tool for defense. AI algorithms are excellent at analyzing huge datasets and making accurate predictions about when and where attacks will take place, giving security teams a valuable advantage.

According to research by IBM, companies that use AI and automation to defend against data breaches save an average of $3.05 million compared to those that don’t — a difference of 65.2%.

Secure Cloud Assets

As cloud assets and infrastructure become increasingly popular targets, companies will focus on defending in this area. Stricter security controls, greater enforcement of access requirements and better education and coordination between teams are all excellent places to start.

Make Cybersecurity a Priority

The past few years have seen a growing trend of organizations taking a much more focused approach to cybersecurity with company-wide education policies and growing cyber spending.

As we enter 2023 and beyond, companies look certain to continue along this path, emphasizing security responsibility for everyone in the organization, not just security teams.

The post What CISOs Should Know About Hacking in 2023 appeared first on Security Intelligence.

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.

Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk assessment, oversight, patching of critical systems and proper system configuration.

Many factors have contributed to this gap in essential cybersecurity workers. Some of the top reasons the survey identified were a lack of internal promotion opportunities, struggles with turnover and attrition, budget issues and a lack of qualified talent. But what defines “qualified talent” in cybersecurity today?

The industry has two options. The first is to cut the pie by continuing to focus on degree and certification holders. The other is to make a bigger pie by widening the talent pool and offering on-the-job training to applicants with the passion and mindset to succeed.

Looking for Talent in All the Wrong Places?

The term “cybersecurity” has been overly mystified. Does it involve a reclusive hoodie-wearing night owl? A math whiz writing complex code or working with cryptography?

Unfortunately, misconceptions and complexity have built a wall around the industry. This, at least in part, may explain the high percentage of people with university degrees working in cybersecurity fields. In fact, 82% of the workforce have a Bachelor’s or Master’s degree.

That level of formal education may have been necessary in the past, but the industry requires all types of workers right now. The first step to closing that worker gap will be to ensure that the public understanding of “cybersecurity” is demystified. Core skills aren’t coding or highly advanced math; core skills are problem-solving, investigative thinking, dedication and hard work.

The Making of a Cybersecurity Specialist

Recently, the Australian Signals Directorate (ASD) identified that a “cybersecurity specialist” is “just your average person” that can come from varying backgrounds. This is completely true, especially when key cybersecurity tasks today revolve around monitoring, detection and the ability to spot anomalies. Contrary to popular thinking, cybersecurity is not a bunch of blinking lights and super-secret artificial intelligence — though there are elements of that.

The cybersecurity industry could be morphing into a 21st Century version of manufacturing and assembly lines. Yes, there are still skilled labor requirements. But there is still no substitute for “hands-on keyboard” or “taking live fire” during an incident response case. That comes through experience.

Therefore, this begs the question: Who is better suited for a cybersecurity position? Somebody with a high school diploma but has managed computers and IT systems since they were a teenager, making mistakes along the way but solving them with passion and curiosity? Or a person with a cybersecurity degree who read about the field in a book, spending limited time with hands on a keyboard?

Focus on the Person, Not the Paper

Let’s return to the (ISC)2 study. Participants are trending towards practical skills and experience as more important qualifications. Certification, degrees and training are nice, but problem-solving abilities and related work experience are what employers are looking for. Interestingly, certifications are seen to be more valuable for skills growth than a means to jump into a career in cybersecurity.

It almost feels as though there is an elephant in the room: are we considering the right people for cybersecurity jobs, especially for entry-level jobs?

Granted, some positions require a strong mix of experience, paper qualification and/or validation, and years of battle hardening. For instance, a CISO or senior-level SOC analyst will almost certainly have done time in the trenches.

But some positions grant some low-risk, hands-on experience. If an organization finds a candidate with sincere curiosity, problem-solving skills and the appropriate soft skills, their paper qualifications may not matter. Rather, what will determine success is the organization’s ability to train the individual on the necessary tools and the core technical competencies required to complete the job. A curious person with problem-solving skills can figure out the rest. Just do not leave them hanging because they may suffer from burnout.

Training Can Bridge the Gap

Back to the assembly line analogy: Let’s say you are new to the machinery or protocols in a manufacturing shop. If you can be trained, shadow somebody more experienced for a period of time and have the right work ethic you can pick up the skills and excel. It’s the same principle in cybersecurity.

This is how to bridge the gap, especially in the short term. Waiting three to seven years for individuals to complete advanced degrees may no longer be practical, given the high demand. Technologies will change and there is no guarantee of “hands on keyboard” battle scars.

It’s time to start thinking outside the box. Pitch these two scenarios to a hiring manager today:

1. Individual A works on IT systems and remotely manages a SIEM. They have no certifications or paper qualifications but have worked like this for a couple of years, come highly referred as a dedicated worker, are dependable and require little oversight.
2. Individual B completed a Bachelor’s degree in computer science and a Master’s degree in cybersecurity. They also have completed some basic cybersecurity certifications but have no previous work experience or references.

Based on these surface descriptions, who are you inclined to interview first for a cybersecurity job?

The Pathway to Filling Future Needs

The above example is not a knock on those seeking university degrees or certifications; rather, it is a reality check. If 80% of workers in the industry have university degrees and there are not enough people to meet the need, well, you need to start looking elsewhere to fill the gap. Otherwise, expect retention problems.

For hiring managers, that will mean carefully crafting your requisitions and keeping your expectations in check. These new hires will be your apprentices for a while. Know that if you get them early, reward them with the opportunity and treat them right, you may also be filling a long-term need.

The post Bridging the 3.4 Million Workforce Gap in Cybersecurity appeared first on Security Intelligence.

Pete has 32 years of Security, Network, and MSSP experience and has been a hands-on CISO for the last 17 years and joined Check Point as Field CISO of the Americas. Pete’s cloud security deployments and designs have been rated by Garter as #1 and #2 in the world and he literally “wrote the book” and contributed to secure cloud reference designs as published in Intel Press: “Building the Infrastructure for Cloud Security: A Solutions View.” 

In this interview, Check Point’s Field CISO, Pete Nicoletti, shares insights into cyber security consolidation. Should your organization move ahead with a consolidated approach? Or maybe a workshop would be helpful. Don’t miss Pete Nicoletti’s perspectives.

What kinds of struggles and challenges are the organizational security leaders that you’re working with currently seeing?

Many! As members of the World Economic Forum Council for the Connected World, we drilled into this exact question and interviewed hundreds of executives and created a detailed report. The key findings are:  Economic Issues, IoT risks, increase in ransomware, and security personnel shortages all impacting budgets. Given these issues, our council recommended that security spend remain a priority, even in challenging times, since we all know that security incidents cost 10x to 100x verses budgeted expenditures.

How are CISOs currently building out or transitioning their information security programs? What kinds of results are they seeing?

In challenging times, CISO’s are looking hard at their tool set and seeing if there is overlap, or redundant tools, or underutilized tools. CISO’s are also evaluating their “play-books” to ensure that the tools in-use are efficient and streamlined. CISO’s are also keen to negotiate ELA’s that give them lower costs with flexibility to choose from a suite of tools to support the “speed of business.”

Security teams need to be trained and certified on their tools in use, and those budgets are under pressure. All these drivers lead to tool consolidation projects. Our customers are frequently very pleased with the normally mutually exclusive benefits: Costs Savings and better efficacy once a consolidation program is launched.

What are the key considerations for CISOs in deciding on whether or not to consolidate information security solutions? Can CISOs potentially lose capabilities when consolidating security and if so, how can this be addressed, if at all?

Losing features when consolidating is a valid concern, however, typically we find more advantages after consolidation: Lower training costs, higher staff satisfaction, fewer mistakes made, and the real gem: higher security program efficacy. We also see our customers leveraging the cloud and needing to extend their security protections quickly and easily, and our Check Point portfolio supports this using one console. With all the news of our peers experiencing exploited security vulnerabilities and other challenges, we are continuing to gain market share and happy customers.

How should CISOs go about deciding on whether or not to consolidate cyber security? Beyond cost, what should CISOs think about?

The number one consideration should be efficacy of the program. CISO’s are realizing that very small differences in efficacy lead to very large cost savings. The best security tool for the job should always be selected knowing this. An inventory of tools and the jobs they are doing should be created and maintained. Frequently, CISO’s find dozens of tools that are redundant, overlap with others, add unnecessary complexity, and that are poorly deployed or managed and not integrated into the program. Once the inventory is completed, work with your expert consultant or reseller to review and find redundancies or overlaps and kick-off a program to evaluate technical and cost benefits.

What can organizations achieve with a consolidated cyber security solution?

As mentioned previously, the number one goal of the program should be improving efficacy and our customers do report this. Efficacy lowers the number of false positives, lowers the number of real events and decreases overall risk. Other savings are found with lower training costs, faster run book execution, fewer mistakes and the ability to free up security analysts from wasting time on inefficient processes. Those analysts can now be leveraged into more productive efforts and ensure that the business growth and strategies are better supported.

As a seasoned professional, when you’ve worked with CISOs and security teams in moving to a consolidated solution, what’s gone right, what’s gone wrong, and what lessons can you share with newbie security leaders?

Any significant change in your tool set needs careful consideration and evaluation. Every new tool needs to be tested in lab and moved, as appropriate, into production. You need to find all the gotcha’s with any new tool going inline before they cost impact.

Don’t rush this testing step! Ensure that you have good measurements of your current program so you can easily determine improvements with new tools or consolidation efforts.

If CISOs decide against consolidation, how can they drive better value through existing solutions?

Ensure that the solutions you are using are fully deployed and optimized. We frequently uncover many tools that are underutilized and ineffective. Sit with your staff and watch their work. If they are cutting and pasting, logging into and out of multiple tools, not having the time to address every alert, or are making excessive mistakes, it may be time to have Check Point come in and do a workshop. Our very experienced team will review the current program and provide thoughts and ideas to improve the program. Even if consolidation is not selected, other findings may help improve the program!

Are there any other actionable insights that you would like to share with cyber security leaders?

Every security program is different, and your challenges are unique. But, you can’t know everything, so, consider working with your trusted partners and invite Check Point in to do a free discovery workshop. Cloud maturity, consolidation program consideration, Zero Trust program formulation, and many others are available. As a CISO, you may have some initiatives that need extra validation, and we are standing by to help propel your program.

And for an even stronger security strategy, be sure to attend Check Point’s upcoming CPX 360 event. Register here.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter. 

The post Unconsidered benefits of a consolidation strategy every CISO should know appeared first on CyberTalk.

Endpoint protection is a critical aspect of cybersecurity that helps organizations protect their endpoints (computers, laptops, mobile devices, servers, IoT devices, etc.) from potential threats. With the increasing use of technology in businesses, endpoints have become a prime target for cybercriminals looking to steal sensitive information or disrupt operations. As a result, it is essential […]