WELCOME TO SECURITY CURRENT Privateers: A New Type of Ransomware Syndicate. June 01, 2021 - Cyware Alerts - Hacker News. Researchers identified a new type of cybercrime THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at WHY THE SUPREME COURT’S VAN BUREN CASE REALLY MATTERS The 6-3 decision written by Justice Amy Coney Barrett simply found that the federal “hacking” statute, which makes it a crime to “exceed authorization to access a computer” and thereby to “obtain information” didn’t apply to what the police officer did. The case is significant not for its impact on Officer Van Buren,

but as a

WHITE HOUSE ISSUES ADVISORY TO BUSINESS LEADERS ON In the wake of the highly publicized attacks on both gasoline and food infrastructures by Russian-based ransomware attackers, the Biden administration on June 3 issued an advisory to business leaders directing them to take action to harden their systems against ransomware and to be more resilient against similar attacks. It has also been reported that THE 20 CRITICAL CONTROLS The 20 Critical Controls are a set of technical controls that can help defend systems. There are other models that focus on process and operational tactics; this is not one of them. Root cause problems must be fixed in order to ensure the prevention or timely detection of

attacks.

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

A ROAD MAP FOR CISOS The role of the CISO has evolved greatly over the years. Over the past 20 years leading security practices across multiple industry verticals for large Fortune 500 organizations, I have observed first hand its various shifts. The natural next question is what the next phase would look like. More importantly, will the CISOs of today CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

WELCOME TO SECURITY CURRENT Privateers: A New Type of Ransomware Syndicate. June 01, 2021 - Cyware Alerts - Hacker News. Researchers identified a new type of cybercrime THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at WHY THE SUPREME COURT’S VAN BUREN CASE REALLY MATTERS The 6-3 decision written by Justice Amy Coney Barrett simply found that the federal “hacking” statute, which makes it a crime to “exceed authorization to access a computer” and thereby to “obtain information” didn’t apply to what the police officer did. The case is significant not for its impact on Officer Van Buren,

but as a

WHITE HOUSE ISSUES ADVISORY TO BUSINESS LEADERS ON In the wake of the highly publicized attacks on both gasoline and food infrastructures by Russian-based ransomware attackers, the Biden administration on June 3 issued an advisory to business leaders directing them to take action to harden their systems against ransomware and to be more resilient against similar attacks. It has also been reported that THE 20 CRITICAL CONTROLS The 20 Critical Controls are a set of technical controls that can help defend systems. There are other models that focus on process and operational tactics; this is not one of them. Root cause problems must be fixed in order to ensure the prevention or timely detection of

attacks.

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

A ROAD MAP FOR CISOS The role of the CISO has evolved greatly over the years. Over the past 20 years leading security practices across multiple industry verticals for large Fortune 500 organizations, I have observed first hand its various shifts. The natural next question is what the next phase would look like. More importantly, will the CISOs of today CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

PODCASTS - SECURITYCURRENT SC 118. LinkedIn Twitter. Having conducted a major influenza pandemic exercise in Q4 of last year assuming all employees were sent home, Ellie Mae SVP & CISO Selim Aissi was able to quickly and effectively respond to COVID-19. In this podcast, Selim speaks with *David Cass, VP of Cyber & IT Risk at the Federal Reserve Bank of New York. CONDUCTING ORGANIZATIONAL INFORMATION SECURITY ASSESSMENTS The first step that self-help books suggest when a person wants to change is to perform a self- assessment. By honestly looking at yourself – the good, the bad, and the ugly – you can gain the knowledge on what direction you need to travel as you attempt to maximize the program you wish to THE ATTACKS OF THE FUTURE This was the first time a cybersecurity attack crossed over to the physical world to create real and significant damage. The Stuxnet worm destroyed a military target, a feat on par with a conventional bombing attack. It was determined that this level of engineering could only have been carried out by nation state actors. CISO CHOICE AWARDS WINNERS 2020 CISO. CISO Spotlights; CISO Insights; Articles. Featured Articles; Expert Insights; Archived Articles; News; Events. CISOs Top 100 CISOs for 2021; CISO Choice Awards 2020 CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

CISOS CONNECT™ DALLAS 2020 Newsletter. Contact Us. top-bar. INVITATION ONLY ANNUAL CISO-TO-CISO CONFERENCE. Hotel Crescent Court – March 30-31, 2020. 2 Days of Peer-to-Peer Knowledge Sharing and Networking With Some of the World’s Leading CISOs. Postponed Until Further Notice. CISOs Connect™ Dallas Participating Companies: CISOs Connect™ is an invitation-only event. A CISO’S TOP 5 TO DO’S IN THE FIRST 90 DAYS As many of you know, starting a new job can be challenging in and of itself. It involves learning a new culture, understanding company values, as well as basic things such as remembering names and faces, and who to eat lunch with. With all of the stress and challenges experienced within that first 90 days, which is just CONCEAL AND FAIL TO REPORT The InfoSec world has been atwitter over the indictment of former Uber CSO (and current Cloudflare CISO) Joe Sullivan on criminal charges related to the failure to report to the FTC a massive data breach involving millions of personal records stolen from the ride sharing service. The allegations in the complaint are that the Federal Trade Commission was investigating a 2014 breach at Uber, and JIM ROUTH, CSO, AETNA By: Security Current October 12, 2018. On his first day as a CISO for financial giant American Express, Jim Routh learned a valuable lesson on the kindness of strangers. He looked at his calendar and saw that he was due to present a security strategy the following day to the Office of the Controller of the Currency. He felt ill-prepared. RUVI KITOV, CEO AND CO-FOUNDER, TUFIN January 22, 2018. Tufin CEO and Co-founder Ruvi Kitov has dual citizenship for both Israel and the United States. After he completed his required military service in Israel, he moved to the U.S. to be close to his family, and to attend the University of Maryland at College Park. That’s where he was exposed to computer security for

the first time.

WELCOME TO SECURITY CURRENT Privateers: A New Type of Ransomware Syndicate. June 01, 2021 - Cyware Alerts - Hacker News. Researchers identified a new type of cybercrime THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at WHY THE SUPREME COURT’S VAN BUREN CASE REALLY MATTERS The 6-3 decision written by Justice Amy Coney Barrett simply found that the federal “hacking” statute, which makes it a crime to “exceed authorization to access a computer” and thereby to “obtain information” didn’t apply to what the police officer did. The case is significant not for its impact on Officer Van Buren,

but as a

WHITE HOUSE ISSUES ADVISORY TO BUSINESS LEADERS ON In the wake of the highly publicized attacks on both gasoline and food infrastructures by Russian-based ransomware attackers, the Biden administration on June 3 issued an advisory to business leaders directing them to take action to harden their systems against ransomware and to be more resilient against similar attacks. It has also been reported that THE 20 CRITICAL CONTROLS The 20 Critical Controls are a set of technical controls that can help defend systems. There are other models that focus on process and operational tactics; this is not one of them. Root cause problems must be fixed in order to ensure the prevention or timely detection of

attacks.

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

A ROAD MAP FOR CISOS The role of the CISO has evolved greatly over the years. Over the past 20 years leading security practices across multiple industry verticals for large Fortune 500 organizations, I have observed first hand its various shifts. The natural next question is what the next phase would look like. More importantly, will the CISOs of today CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

WELCOME TO SECURITY CURRENT Privateers: A New Type of Ransomware Syndicate. June 01, 2021 - Cyware Alerts - Hacker News. Researchers identified a new type of cybercrime THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at WHY THE SUPREME COURT’S VAN BUREN CASE REALLY MATTERS The 6-3 decision written by Justice Amy Coney Barrett simply found that the federal “hacking” statute, which makes it a crime to “exceed authorization to access a computer” and thereby to “obtain information” didn’t apply to what the police officer did. The case is significant not for its impact on Officer Van Buren,

but as a

WHITE HOUSE ISSUES ADVISORY TO BUSINESS LEADERS ON In the wake of the highly publicized attacks on both gasoline and food infrastructures by Russian-based ransomware attackers, the Biden administration on June 3 issued an advisory to business leaders directing them to take action to harden their systems against ransomware and to be more resilient against similar attacks. It has also been reported that THE 20 CRITICAL CONTROLS The 20 Critical Controls are a set of technical controls that can help defend systems. There are other models that focus on process and operational tactics; this is not one of them. Root cause problems must be fixed in order to ensure the prevention or timely detection of

attacks.

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

A ROAD MAP FOR CISOS The role of the CISO has evolved greatly over the years. Over the past 20 years leading security practices across multiple industry verticals for large Fortune 500 organizations, I have observed first hand its various shifts. The natural next question is what the next phase would look like. More importantly, will the CISOs of today CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

PODCASTS - SECURITYCURRENT SC 118. LinkedIn Twitter. Having conducted a major influenza pandemic exercise in Q4 of last year assuming all employees were sent home, Ellie Mae SVP & CISO Selim Aissi was able to quickly and effectively respond to COVID-19. In this podcast, Selim speaks with *David Cass, VP of Cyber & IT Risk at the Federal Reserve Bank of New York. CONDUCTING ORGANIZATIONAL INFORMATION SECURITY ASSESSMENTS The first step that self-help books suggest when a person wants to change is to perform a self- assessment. By honestly looking at yourself – the good, the bad, and the ugly – you can gain the knowledge on what direction you need to travel as you attempt to maximize the program you wish to THE ATTACKS OF THE FUTURE This was the first time a cybersecurity attack crossed over to the physical world to create real and significant damage. The Stuxnet worm destroyed a military target, a feat on par with a conventional bombing attack. It was determined that this level of engineering could only have been carried out by nation state actors. CISO CHOICE AWARDS WINNERS 2020 CISO. CISO Spotlights; CISO Insights; Articles. Featured Articles; Expert Insights; Archived Articles; News; Events. CISOs Top 100 CISOs for 2021; CISO Choice Awards 2020 CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

CISOS CONNECT™ DALLAS 2020 Newsletter. Contact Us. top-bar. INVITATION ONLY ANNUAL CISO-TO-CISO CONFERENCE. Hotel Crescent Court – March 30-31, 2020. 2 Days of Peer-to-Peer Knowledge Sharing and Networking With Some of the World’s Leading CISOs. Postponed Until Further Notice. CISOs Connect™ Dallas Participating Companies: CISOs Connect™ is an invitation-only event. A CISO’S TOP 5 TO DO’S IN THE FIRST 90 DAYS As many of you know, starting a new job can be challenging in and of itself. It involves learning a new culture, understanding company values, as well as basic things such as remembering names and faces, and who to eat lunch with. With all of the stress and challenges experienced within that first 90 days, which is just CONCEAL AND FAIL TO REPORT The InfoSec world has been atwitter over the indictment of former Uber CSO (and current Cloudflare CISO) Joe Sullivan on criminal charges related to the failure to report to the FTC a massive data breach involving millions of personal records stolen from the ride sharing service. The allegations in the complaint are that the Federal Trade Commission was investigating a 2014 breach at Uber, and JIM ROUTH, CSO, AETNA By: Security Current October 12, 2018. On his first day as a CISO for financial giant American Express, Jim Routh learned a valuable lesson on the kindness of strangers. He looked at his calendar and saw that he was due to present a security strategy the following day to the Office of the Controller of the Currency. He felt ill-prepared. RUVI KITOV, CEO AND CO-FOUNDER, TUFIN January 22, 2018. Tufin CEO and Co-founder Ruvi Kitov has dual citizenship for both Israel and the United States. After he completed his required military service in Israel, he moved to the U.S. to be close to his family, and to attend the University of Maryland at College Park. That’s where he was exposed to computer security for

the first time.

WELCOME TO SECURITY CURRENT Mobile Apps Exposing Personal Data of Millions of Users. May 25, 2021 - Cyware Alerts - Hacker News. Insecure data storage is the most

common security

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

CISO INSIGHTS

CISO Insights, Featured Articles By Randall Frietzsche November 20, 2019. Cybersecurity professionals often come from very technical backgrounds. It is imperative that these professionals understand all the areas of technology: operating systems, networking protocols, architecture, applications and databases. CISO CHOICE AWARDS WINNERS 2020 CISO. CISO Spotlights; CISO Insights; Articles. Featured Articles; Expert Insights; Archived Articles; News; Events. CISOs Top 100 CISOs for 2021; CISO Choice Awards 2020 CHRISTOPHER MANDELARIS His goal wasn’t always so straight-forward, though. Right around the start of the millennium, Mandelaris was a pharmaceutical representative doing sales, marketing and promotions. While the money was good, he lacked passion for the job. What he did have passion for was IT. “I had done IT work on the side and always enjoyed it,”

says

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

PATRICIA TITUS, MARKEL CORPORATION By the end of the year, we were 56,000 strong,” according to Titus. She kept telling the TSA CIO that someone had to focus on information security and he put her in charge of that as well. It wasn’t long before security was her sole focus, and this is when she became the first female federal CISO. WELCOME TO SECURITY CURRENT Mobile Apps Exposing Personal Data of Millions of Users. May 25, 2021 - Cyware Alerts - Hacker News. Insecure data storage is the most

common security

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

CISO INSIGHTS

CISO Insights, Featured Articles By Randall Frietzsche November 20, 2019. Cybersecurity professionals often come from very technical backgrounds. It is imperative that these professionals understand all the areas of technology: operating systems, networking protocols, architecture, applications and databases. CISO CHOICE AWARDS WINNERS 2020 CISO. CISO Spotlights; CISO Insights; Articles. Featured Articles; Expert Insights; Archived Articles; News; Events. CISOs Top 100 CISOs for 2021; CISO Choice Awards 2020 CHRISTOPHER MANDELARIS His goal wasn’t always so straight-forward, though. Right around the start of the millennium, Mandelaris was a pharmaceutical representative doing sales, marketing and promotions. While the money was good, he lacked passion for the job. What he did have passion for was IT. “I had done IT work on the side and always enjoyed it,”

says

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

PATRICIA TITUS, MARKEL CORPORATION By the end of the year, we were 56,000 strong,” according to Titus. She kept telling the TSA CIO that someone had to focus on information security and he put her in charge of that as well. It wasn’t long before security was her sole focus, and this is when she became the first female federal CISO. EVENTS - SECURITYCURRENT Events - SecurityCurrent. The agenda of the Security Current community events are purpose built by CISOs and leverage the proprietary content and powerful CISO guidance for which Security Current is known. The invitation-only gatherings offer unique opportunities for security, privacy and risk executives to exchange knowledge and network with WHITE HOUSE ISSUES ADVISORY TO BUSINESS LEADERS ON In the wake of the highly publicized attacks on both gasoline and food infrastructures by Russian-based ransomware attackers, the Biden administration on June 3 issued an advisory to business leaders directing them to take action to harden their systems against ransomware and to be more resilient against similar attacks. It has also been reported that THE 20 CRITICAL CONTROLS The 20 Critical Controls are a set of technical controls that can help defend systems. There are other models that focus on process and operational tactics; this is not one of them. Root cause problems must be fixed in order to ensure the prevention or timely detection of

attacks.

CONDUCTING ORGANIZATIONAL INFORMATION SECURITY ASSESSMENTS The first step that self-help books suggest when a person wants to change is to perform a self- assessment. By honestly looking at yourself – the good, the bad, and the ugly – you can gain the knowledge on what direction you need to travel as you attempt to maximize the program you wish to A ROAD MAP FOR CISOS The role of the CISO has evolved greatly over the years. Over the past 20 years leading security practices across multiple industry verticals for large Fortune 500 organizations, I have observed first hand its various shifts. The natural next question is what the next phase would look like. More importantly, will the CISOs of today IN-HOUSE SOFTWARE DEVELOPMENT Nowadays, data breaches are a subject of conversation at dinner tables and in boardrooms. Cyber insurance premiums to cover these breaches are skyrocketing. Recent surveys and breach reports have highlighted the challenges with software security. The 2015 Annual Verizon Data Breach Investigations Report points out that applications are the number one attack vector leading to WHEN DISCLOSING A DATA BREACH IS THE WRONG THING TO DO Inevitably, after a major data breach, when a company disclosed the fact of the breach, security professionals question the timing of the disclosure. “Why did you wait so long to make a disclosure?” is the outcry! Sometimes, like in the case of Uber, which delayed notification for almost a year, the criticism is warranted. But even

when the

CONCEAL AND FAIL TO REPORT The InfoSec world has been atwitter over the indictment of former Uber CSO (and current Cloudflare CISO) Joe Sullivan on criminal charges related to the failure to report to the FTC a massive data breach involving millions of personal records stolen from the ride sharing service. The allegations in the complaint are that the Federal Trade Commission was investigating a 2014 breach at Uber, and RUVI KITOV, CEO AND CO-FOUNDER, TUFIN January 22, 2018. Tufin CEO and Co-founder Ruvi Kitov has dual citizenship for both Israel and the United States. After he completed his required military service in Israel, he moved to the U.S. to be close to his family, and to attend the University of Maryland at College Park. That’s where he was exposed to computer security for

the first time.

JIM ROUTH, CSO, AETNA By: Security Current October 12, 2018. On his first day as a CISO for financial giant American Express, Jim Routh learned a valuable lesson on the kindness of strangers. He looked at his calendar and saw that he was due to present a security strategy the following day to the Office of the Controller of the Currency. He felt ill-prepared. WELCOME TO SECURITY CURRENT Mobile Apps Exposing Personal Data of Millions of Users. May 25, 2021 - Cyware Alerts - Hacker News. Insecure data storage is the most

common security

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

CISO INSIGHTS

CISO Insights, Featured Articles By Randall Frietzsche November 20, 2019. Cybersecurity professionals often come from very technical backgrounds. It is imperative that these professionals understand all the areas of technology: operating systems, networking protocols, architecture, applications and databases. CISO CHOICE AWARDS WINNERS 2020 CISO. CISO Spotlights; CISO Insights; Articles. Featured Articles; Expert Insights; Archived Articles; News; Events. CISOs Top 100 CISOs for 2021; CISO Choice Awards 2020 CHRISTOPHER MANDELARIS His goal wasn’t always so straight-forward, though. Right around the start of the millennium, Mandelaris was a pharmaceutical representative doing sales, marketing and promotions. While the money was good, he lacked passion for the job. What he did have passion for was IT. “I had done IT work on the side and always enjoyed it,”

says

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

PATRICIA TITUS, MARKEL CORPORATION By the end of the year, we were 56,000 strong,” according to Titus. She kept telling the TSA CIO that someone had to focus on information security and he put her in charge of that as well. It wasn’t long before security was her sole focus, and this is when she became the first female federal CISO. WELCOME TO SECURITY CURRENT Mobile Apps Exposing Personal Data of Millions of Users. May 25, 2021 - Cyware Alerts - Hacker News. Insecure data storage is the most

common security

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

CISO INSIGHTS

CISO Insights, Featured Articles By Randall Frietzsche November 20, 2019. Cybersecurity professionals often come from very technical backgrounds. It is imperative that these professionals understand all the areas of technology: operating systems, networking protocols, architecture, applications and databases. CISO CHOICE AWARDS WINNERS 2020 CISO. CISO Spotlights; CISO Insights; Articles. Featured Articles; Expert Insights; Archived Articles; News; Events. CISOs Top 100 CISOs for 2021; CISO Choice Awards 2020 CHRISTOPHER MANDELARIS His goal wasn’t always so straight-forward, though. Right around the start of the millennium, Mandelaris was a pharmaceutical representative doing sales, marketing and promotions. While the money was good, he lacked passion for the job. What he did have passion for was IT. “I had done IT work on the side and always enjoyed it,”

says

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

PATRICIA TITUS, MARKEL CORPORATION By the end of the year, we were 56,000 strong,” according to Titus. She kept telling the TSA CIO that someone had to focus on information security and he put her in charge of that as well. It wasn’t long before security was her sole focus, and this is when she became the first female federal CISO. EVENTS - SECURITYCURRENT Events - SecurityCurrent. The agenda of the Security Current community events are purpose built by CISOs and leverage the proprietary content and powerful CISO guidance for which Security Current is known. The invitation-only gatherings offer unique opportunities for security, privacy and risk executives to exchange knowledge and network with WHITE HOUSE ISSUES ADVISORY TO BUSINESS LEADERS ON In the wake of the highly publicized attacks on both gasoline and food infrastructures by Russian-based ransomware attackers, the Biden administration on June 3 issued an advisory to business leaders directing them to take action to harden their systems against ransomware and to be more resilient against similar attacks. It has also been reported that THE 20 CRITICAL CONTROLS The 20 Critical Controls are a set of technical controls that can help defend systems. There are other models that focus on process and operational tactics; this is not one of them. Root cause problems must be fixed in order to ensure the prevention or timely detection of

attacks.

CONDUCTING ORGANIZATIONAL INFORMATION SECURITY ASSESSMENTS The first step that self-help books suggest when a person wants to change is to perform a self- assessment. By honestly looking at yourself – the good, the bad, and the ugly – you can gain the knowledge on what direction you need to travel as you attempt to maximize the program you wish to A ROAD MAP FOR CISOS The role of the CISO has evolved greatly over the years. Over the past 20 years leading security practices across multiple industry verticals for large Fortune 500 organizations, I have observed first hand its various shifts. The natural next question is what the next phase would look like. More importantly, will the CISOs of today IN-HOUSE SOFTWARE DEVELOPMENT Nowadays, data breaches are a subject of conversation at dinner tables and in boardrooms. Cyber insurance premiums to cover these breaches are skyrocketing. Recent surveys and breach reports have highlighted the challenges with software security. The 2015 Annual Verizon Data Breach Investigations Report points out that applications are the number one attack vector leading to WHEN DISCLOSING A DATA BREACH IS THE WRONG THING TO DO Inevitably, after a major data breach, when a company disclosed the fact of the breach, security professionals question the timing of the disclosure. “Why did you wait so long to make a disclosure?” is the outcry! Sometimes, like in the case of Uber, which delayed notification for almost a year, the criticism is warranted. But even

when the

CONCEAL AND FAIL TO REPORT The InfoSec world has been atwitter over the indictment of former Uber CSO (and current Cloudflare CISO) Joe Sullivan on criminal charges related to the failure to report to the FTC a massive data breach involving millions of personal records stolen from the ride sharing service. The allegations in the complaint are that the Federal Trade Commission was investigating a 2014 breach at Uber, and RUVI KITOV, CEO AND CO-FOUNDER, TUFIN January 22, 2018. Tufin CEO and Co-founder Ruvi Kitov has dual citizenship for both Israel and the United States. After he completed his required military service in Israel, he moved to the U.S. to be close to his family, and to attend the University of Maryland at College Park. That’s where he was exposed to computer security for

the first time.

JIM ROUTH, CSO, AETNA By: Security Current October 12, 2018. On his first day as a CISO for financial giant American Express, Jim Routh learned a valuable lesson on the kindness of strangers. He looked at his calendar and saw that he was due to present a security strategy the following day to the Office of the Controller of the Currency. He felt ill-prepared. WELCOME TO SECURITY CURRENT Mobile Apps Exposing Personal Data of Millions of Users. May 25, 2021 - Cyware Alerts - Hacker News. Insecure data storage is the most

common security

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

CISO INSIGHTS

CISO Insights, Featured Articles By Randall Frietzsche November 20, 2019. Cybersecurity professionals often come from very technical backgrounds. It is imperative that these professionals understand all the areas of technology: operating systems, networking protocols, architecture, applications and databases. CISO CHOICE AWARDS WINNERS 2020 CISO. CISO Spotlights; CISO Insights; Articles. Featured Articles; Expert Insights; Archived Articles; News; Events. CISOs Top 100 CISOs for 2021; CISO Choice Awards 2020 CHRISTOPHER MANDELARIS His goal wasn’t always so straight-forward, though. Right around the start of the millennium, Mandelaris was a pharmaceutical representative doing sales, marketing and promotions. While the money was good, he lacked passion for the job. What he did have passion for was IT. “I had done IT work on the side and always enjoyed it,”

says

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

PATRICIA TITUS, MARKEL CORPORATION By the end of the year, we were 56,000 strong,” according to Titus. She kept telling the TSA CIO that someone had to focus on information security and he put her in charge of that as well. It wasn’t long before security was her sole focus, and this is when she became the first female federal CISO. WELCOME TO SECURITY CURRENT Mobile Apps Exposing Personal Data of Millions of Users. May 25, 2021 - Cyware Alerts - Hacker News. Insecure data storage is the most

common security

LEGAL ISSUES IN PENETRATION TESTING When I was a kid growing up in the Bronx, a high school buddy got a job as a “security tester” at the Alexander’s department store on Fordham Road. His job was to shoplift. This was to see whether the security personnel were doing their job, or were asleep at THE FBI CISO ACADEMY The first CISO Academy was held in September 2015 at the FBI Training Academy in Quantico, VA. The venue was specifically chosen because it is the training facility for all new FBI agents and analysts and other law enforcement personnel from around the globe. CISO Academy participants are housed alongside the students and have the

opportunity

CISO INSIGHTS

CISO Insights, Featured Articles By Randall Frietzsche November 20, 2019. Cybersecurity professionals often come from very technical backgrounds. It is imperative that these professionals understand all the areas of technology: operating systems, networking protocols, architecture, applications and databases. CISO CHOICE AWARDS WINNERS 2020 CISO. CISO Spotlights; CISO Insights; Articles. Featured Articles; Expert Insights; Archived Articles; News; Events. CISOs Top 100 CISOs for 2021; CISO Choice Awards 2020 CHRISTOPHER MANDELARIS His goal wasn’t always so straight-forward, though. Right around the start of the millennium, Mandelaris was a pharmaceutical representative doing sales, marketing and promotions. While the money was good, he lacked passion for the job. What he did have passion for was IT. “I had done IT work on the side and always enjoyed it,”

says

KIRSTEN DAVIES, ESTEE LAUDER COMPANIES CISO ENGAGING WITH LAW ENFORCEMENT WHEN IT COMES TO Many times, the simplest and easiest way to do this is to report the cybersecurity incident to state or local law enforcement authorities. Oftentimes this is a perfunctory matter that is done to ensure compliance with this “check the box” process but nothing substantive really comes from making such a report. In most cases,

state and local

CHECK POINT’S SANDBLAST IS A NEW APPROACH TO THE SANDBOX This allows workers to view the content without the risk of unknowingly releasing malware into the business network. Hackers have done an excellent job of keeping ahead of security technology like sandboxes. Check Points Sandblast is a unique way of isolating and inspecting files that puts the security technology one step ahead of

cyber attackers.

PATRICIA TITUS, MARKEL CORPORATION By the end of the year, we were 56,000 strong,” according to Titus. She kept telling the TSA CIO that someone had to focus on information security and he put her in charge of that as well. It wasn’t long before security was her sole focus, and this is when she became the first female federal CISO. EVENTS - SECURITYCURRENT Events - SecurityCurrent. The agenda of the Security Current community events are purpose built by CISOs and leverage the proprietary content and powerful CISO guidance for which Security Current is known. The invitation-only gatherings offer unique opportunities for security, privacy and risk executives to exchange knowledge and network with WHITE HOUSE ISSUES ADVISORY TO BUSINESS LEADERS ON In the wake of the highly publicized attacks on both gasoline and food infrastructures by Russian-based ransomware attackers, the Biden administration on June 3 issued an advisory to business leaders directing them to take action to harden their systems against ransomware and to be more resilient against similar attacks. It has also been reported that THE 20 CRITICAL CONTROLS The 20 Critical Controls are a set of technical controls that can help defend systems. There are other models that focus on process and operational tactics; this is not one of them. Root cause problems must be fixed in order to ensure the prevention or timely detection of

attacks.

CONDUCTING ORGANIZATIONAL INFORMATION SECURITY ASSESSMENTS The first step that self-help books suggest when a person wants to change is to perform a self- assessment. By honestly looking at yourself – the good, the bad, and the ugly – you can gain the knowledge on what direction you need to travel as you attempt to maximize the program you wish to A ROAD MAP FOR CISOS The role of the CISO has evolved greatly over the years. Over the past 20 years leading security practices across multiple industry verticals for large Fortune 500 organizations, I have observed first hand its various shifts. The natural next question is what the next phase would look like. More importantly, will the CISOs of today IN-HOUSE SOFTWARE DEVELOPMENT Nowadays, data breaches are a subject of conversation at dinner tables and in boardrooms. Cyber insurance premiums to cover these breaches are skyrocketing. Recent surveys and breach reports have highlighted the challenges with software security. The 2015 Annual Verizon Data Breach Investigations Report points out that applications are the number one attack vector leading to WHEN DISCLOSING A DATA BREACH IS THE WRONG THING TO DO Inevitably, after a major data breach, when a company disclosed the fact of the breach, security professionals question the timing of the disclosure. “Why did you wait so long to make a disclosure?” is the outcry! Sometimes, like in the case of Uber, which delayed notification for almost a year, the criticism is warranted. But even

when the

CONCEAL AND FAIL TO REPORT The InfoSec world has been atwitter over the indictment of former Uber CSO (and current Cloudflare CISO) Joe Sullivan on criminal charges related to the failure to report to the FTC a massive data breach involving millions of personal records stolen from the ride sharing service. The allegations in the complaint are that the Federal Trade Commission was investigating a 2014 breach at Uber, and RUVI KITOV, CEO AND CO-FOUNDER, TUFIN January 22, 2018. Tufin CEO and Co-founder Ruvi Kitov has dual citizenship for both Israel and the United States. After he completed his required military service in Israel, he moved to the U.S. to be close to his family, and to attend the University of Maryland at College Park. That’s where he was exposed to computer security for

the first time.

JIM ROUTH, CSO, AETNA By: Security Current October 12, 2018. On his first day as a CISO for financial giant American Express, Jim Routh learned a valuable lesson on the kindness of strangers. He looked at his calendar and saw that he was due to present a security strategy the following day to the Office of the Controller of the Currency. He felt ill-prepared.

Skip to content

Twitter page opens in new window Linkedin page opens in new window Twitter page opens in new window Linkedin page opens in new window

* Newsletter

* Contact Us

__top-bar

* Newsletter

* Contact Us

__top-bar

SecurityCurrent

*

*

*

*

*

*

* CISO __

* CISO Spotlights

* CISO Insights

* Articles __

* Featured Articles

* Expert Insights

* Archived Articles

* News

* Events __

* CISOs Top 100 CISOs for 2021 * CISO Choice Awards 2020 * CISO Roundtable: Uncharted Territories in the Lending Market * Healthcare CISO Roundtable: Unprecedented Times * CISO Roundtable – The New Normal * Virtual Security Shark Tank * Wheel of Destiny® 2020 * Security Shark Tank® During RSA 2020 * CISOs Connect™ Dallas 2020 * Security Shark Tank® New York 2019 * Security Shark Tank® Chicago 2019 * CISOs Connect San Diego 2019 * Security Shark Tank® During RSA 2019 * CISOs Connect™ Miami 2019

* Resources __

* CISOs Investigate Reports * Executive Overviews

* Podcasts

* Newsletter

* Webinars

* White Papers

* Industry __

* Vendor Spotlights

* Executive Viewpoints

* Vendor Listings

* About __

* Community Contributors * Editorial Board Members

* Browse All__

* CISO __

* CISO Spotlights

* CISO Insights

* Resources __

* CISOs Investigate Reports * Executive Overviews

* Podcasts

* Newsletter

* Webinars

* White Papers

* Events __

* CISOs Connect™ Dallas 2020 * Security Shark Tank® Chicago 2019 * CISOs Connect San Diego 2019 * Security Shark Tank® During RSA 2019 * CISOs Connect™ Miami 2019

* News

* Vendor __

* Vendor Spotlights

* Executive Viewpoints

* Vendor Listings

* About __

* Community Contributors * Editorial Board Members

* Articles __

* Featured Articles

* Expert Insights

* Archived Articles

Search: __

__

Search: __

__

*

*

*

*

*

*

Search: __

__

* CISO __

* CISO Spotlights

* CISO Insights

* Articles __

* Featured Articles

* Expert Insights

* Archived Articles

* News

* Events __

* CISOs Top 100 CISOs for 2021 * CISO Choice Awards 2020 * CISO Roundtable: Uncharted Territories in the Lending Market * Healthcare CISO Roundtable: Unprecedented Times * CISO Roundtable – The New Normal * Virtual Security Shark Tank * Wheel of Destiny® 2020 * Security Shark Tank® During RSA 2020 * CISOs Connect™ Dallas 2020 * Security Shark Tank® New York 2019 * Security Shark Tank® Chicago 2019 * CISOs Connect San Diego 2019 * Security Shark Tank® During RSA 2019 * CISOs Connect™ Miami 2019

* Resources __

* CISOs Investigate Reports * Executive Overviews

* Podcasts

* Newsletter

* Webinars

* White Papers

* Industry __

* Vendor Spotlights

* Executive Viewpoints

* Vendor Listings

* About __

* Community Contributors * Editorial Board Members

* Browse All__

* CISO __

* CISO Spotlights

* CISO Insights

* Resources __

* CISOs Investigate Reports * Executive Overviews

* Podcasts

* Newsletter

* Webinars

* White Papers

* Events __

* CISOs Connect™ Dallas 2020 * Security Shark Tank® Chicago 2019 * CISOs Connect San Diego 2019 * Security Shark Tank® During RSA 2019 * CISOs Connect™ Miami 2019

* News

* Vendor __

* Vendor Spotlights

* Executive Viewpoints

* Vendor Listings

* About __

* Community Contributors * Editorial Board Members

* Articles __

* Featured Articles

* Expert Insights

* Archived Articles

*

*

*

*

*

*

Twitter page opens in new window Linkedin page opens in new window

* Newsletter

* Contact Us

__top-bar

FEATURED ARTICLES

REPORTS

CISOS INVESTIGATE: THIRD PARTY RISK MANAGEMENT (TPRM)

NEWS

PODCASTS

SC 121

TOMÁS MALDONADO, CISO OF THE NATIONAL FOOTBALL LEAGUE (NFL), SPEAKS WITH IAN KELLER, CSO OF SBV BANK

SC 120

VP AND CISO OF SENTARA HEALTHCARE DAN BOWDEN SPEAKS ABOUT THE NOT-FOR-PROFIT HEALTH SYSTEM’S JOURNEY POST COVID-19

WEBINARS

EVENTS

CORPORATE SPONSOR

READ BLACK KITE'S LATEST RESEARCH REPORT: 2021 CYBER THIRD-PARTY RISK PULSE: CREDIT UNIONS & VENDOR ECOSYSTEMS

VCISO INSIGHTS

PROGRAM MATURITY - CYBERSECURITY AND OPERATIONAL RISK MANAGEMENT

GIDEON RASMUSSEN

CISO CHOICE AWARDS WINNERS 2020

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

__

____

� Security Current 2021

Go to Top