Source: securityboulevard.com – Author: Matthew Rosenquist This year, virtual CISOs must begin making a difference in our industry.  For the longest time, small and medium businesses (SMBs) have been abandoned by the cybersecurity industry.  But, SMBs need security leaders to guide them through the maze of cyber risk and craft practical strategies that align with […]

La entrada Unlocking SMB Cybersecurity: The Rise of Virtual CISOs in 2024 and Beyond – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 

This year, virtual CISOs must begin making a difference in our industry.  For the longest time, small and medium businesses (SMBs) have been abandoned by the cybersecurity industry.  But, SMBs need security leaders to guide them through the maze of cyber risk and craft practical strategies that align with their unique ever-evolving business objectives.

Sadly, SMBs cannot afford an experienced full-time CISO.  They often either ignore the risks or get lured into purchasing shiny tools that do not meet their overall needs.  Before spending money on security solutions, it's crucial to understand the risks and develop clear objectives that support the overall business goals.

This is the role of a CISO: to set the direction and establish cybersecurity program foundations that will meet the expectations of the Board and C-suite.

However, there are not enough CISOs to go around which creates a high premium on their time.  Hiring a CISO can cost hundreds of thousands of dollars, which is far beyond what most SMBs are willing to commit.  But they don’t actually need a full-time CISO.  An hour or two may be perfect for guidance, leadership, and strategy development.  This is where the fractional/virtual CISOs (vCISO) community can play a role!

Experienced CISOs often have a few hours extra per week and yearn to take on new challenges, as long as it does not impact their day job.  Many retiring CISOs still have the itch to contribute, but don’t want to commit the long hours of managing all the operations and details.  They would rather leverage their experience to provide guidance and help organizations avoid costly pitfalls.

It becomes a perfect fit.

Experienced leaders offer guidance at a fraction of the cost, with short-term contracts keeping commitments flexible. Everyone wins.

vCISOs can provide leadership without being tied to the demanding operational aspects.  By dedicating a few hours a week, vCISOs help SMBs benefit from experienced cyber risk leadership with direction, focus, and an understanding of the evolving risks.  SMBs can then make informed business decisions that properly account for cybersecurity factors.  The practical benefits include effective prioritization and efficient allocation of resources for an optimized cybersecurity posture, based upon their unique needs.

There are risks in the vCISO market.  Two things to watch out for:

First, beware of vCISO services offered by security vendors masquerading as impartial advisors.  In many cases, this is just a ploy to get customers to buy the parent company’s products or services.  These people are effectively used as a sales channel and incentivized to convince SMBs to purchase their wares.  They aren’t necessarily looking out for their clients’ best interests.  Instead, seek out vendor-agnostic vCISOs that will work with what you have and align recommendations to your actual needs.

Second, many will assert themselves as seasoned cybersecurity leaders, but in actuality, lack the practical experience needed to be a successful vCISO.  Let’s be clear, a vCISO is NOT an entry-level job.  Rather it is the opposite.

An experienced cybersecurity leader can quickly understand the major risks and business needs, develop a customized set of strategic plans for a specific organization, and communicate effectively to executives so they may rapidly understand and make well-informed decisions.  vCISOs must be vetted properly to make sure they can deliver quality results in very limited timeframes.  Otherwise, it will be money wasted!

If you are interested in exploring how vCISOs can help businesses, sectors, or various audiences, reach out to me directly or visit my website.  We must purposefully work to support the SMB community.  Let's join forces to make this year a turning point in fortifying SMBs and bolstering their digital security and competitiveness!

The post Unlocking SMB Cybersecurity: The Rise of Virtual CISOs in 2024 and Beyond appeared first on Security Boulevard.

Source: www.darkreading.com – Author: Jeffrey Schwartz, Contributing Writer Source: kawin ounprasertsuk via Alamy Stock Photo Ever since the first Hack@DAC hacking competition in 2017, thousands of security engineers have helped discover hardware-based vulnerabilities, develop mitigation methods, and perform root cause analysis of issues found. Intel initially decided to organize the competition, which draws security professionals […]

La entrada Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

SecurityWeek interviews Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.

The post CISO Conversations: LinkedIn’s Geoff Belknap and Meta’s Guy Rosen appeared first on SecurityWeek.

Source: www.darkreading.com – Author: PRESS RELEASE McLean, Va. & Bedford, Mass., April 25, 2024 — MITRE’s Cyber Resiliency Engineering Framework (CREF) NavigatorTM now incorporates the US Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) so cybersecurity engineers for the Defense Industrial Base (DIB) can strengthen supply chain resilience against sophisticated cybersecurity attacks. The CREF Navigator […]

La entrada MITRE’s Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

The majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners.

The post Should Cybersecurity Leadership Finally be Professionalized? appeared first on SecurityWeek.

The shift to cloud computing has enhanced the resilience and security of most organizations. In this era of unparalleled agility and scalability, data-centric security can offer transformational opportunities for Chief Information Security Officers (CISOs) to improve data protection, compliance, and operational efficiencies, thereby strengthening customer trust. Despite this, a layered defense model is still necessary […]

The post The CISO’s Top Priority: Elevating Data-Centric Security appeared first on Blog.

The post The CISO’s Top Priority: Elevating Data-Centric Security appeared first on Security Boulevard.

As technology advances and attackers develop ever-more sophisticated tactics, CISOs and security teams face a constant battle of trying to stay ahead of the curve. This year, several key themes are expected to dominate the cybersecurity landscape, shaping the priorities of CISOs and their teams.

The post Navigating the Evolving Threat Landscape: Addressing 2024 CISO and Security Team Goals with MixMode appeared first on Security Boulevard.

Dinesh Kumar Shrimali has become the Chief Information Security Officer (CISO) and Data Protection Officer (DPO) of Tata Steel Ltd., one of the largest and most established steel manufacturing companies globally.

Having held worldwide leadership positions in cybersecurity for over 22 years, Shrimali brings a lot of experience to his current post from his time at Welspun and UPL Ltd.

Dinesh Kumar Shrimali Excitement and Aim

Speaking about his appointment, Shrimali expressed his excitement, stating, “I am thrilled to join one of the most established and largest steel manufacturing companies and to reunite with the Tata group. My aim is to leverage the insights gained from my previous experiences to strengthen the company’s security stance.” Shrimali will be coordinating and supervising Tata Steel’s information security policies and initiatives in his new position. This entails putting in place strong security measures, carrying out exhaustive risk analyses, and creating efficient incident response plans in order to reduce cybersecurity threats. Concurrently, he will guarantee adherence to data protection statutes and guidelines, emphasizing the management and processing of personal information within the company. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

In today's digital age, where data breaches and cyber threats loom large, the role of Chief Information Security Officer (CISO) is more critical than ever. PayPal, a global leader in digital payments, has taken a significant step forward in fortifying its cybersecurity posture with the appointment of Shaun Khalfan as its new Senior Vice President and Chief Information Security Officer.

With over 20 years of extensive experience in information security and risk management across various industries, Khalfan brings a wealth of knowledge and expertise to his new role at PayPal. His appointment underlines PayPal's commitment to ensuring the security and protection of both its own and its customers' data, digital assets, and payments.

Shaun Khalfan: Industry Leadership

Before joining PayPal, Khalfan served as the Senior Vice President and CISO for Discover Financial, where he led the information security organization, implementing enhanced strategies to monitor and mitigate current and emerging risks. His tenure at Discover Financial, along with previous experience as the Managing Director and CISO at Barclays International, has equipped him with invaluable insights into the evolving landscape of cybersecurity within the financial sector. Khalfan's journey to becoming a leading figure in cybersecurity began with his education at the University of Maryland, where he honed his skills in information security. He furthered his academic pursuits with an MBA from the George Washington University School of Business, which provided him with a solid foundation in business management and strategy. In addition to his professional achievements, Khalfan's commitment to cybersecurity extends beyond his corporate roles. He serves on the board of the Financial Services Information Sharing and Analysis Center (FS-ISAC), a vital platform for collaboration and information sharing among financial institutions to combat cyber threats effectively. Furthermore, Khalfan's dedication to nurturing the next generation of cybersecurity professionals is evident through his role as an adjunct professor at Carnegie Mellon University. By sharing his knowledge and experiences, he contributes to shaping future leaders in cybersecurity, ensuring a robust talent pipeline to address the evolving challenges in the field. As an Army combat veteran, Khalfan understands the importance of leadership and resilience in the face of adversity, qualities that are invaluable in the realm of cybersecurity. His military background, coupled with his extensive expertise, allows him to approach cybersecurity challenges with a strategic mindset and unwavering determination.

Credentials and Expertise

Khalfan's credentials speak volumes about his commitment to excellence in cybersecurity. He holds certifications such as Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), demonstrating his proficiency in safeguarding information systems and networks from malicious threats. Additionally, his graduation from the Department of Defense Executive Leadership Development Program underscores his leadership capabilities honed through rigorous military training. Beyond his professional endeavors, Shaun Khalfan is deeply engaged in the cybersecurity community. He advises several companies, ranging from Series A to D funding rounds, on go-to-market strategies and opportunities to bolster their cybersecurity defenses. His insights and guidance are instrumental in preparing these companies for eventual acquisitions and ensuring their continued success in an increasingly digital world. In his new role at PayPal, Khalfan is poised to lead the charge in strengthening the company's cybersecurity defenses on a global scale. His vision, coupled with his extensive experience and expertise, will play a pivotal role in safeguarding PayPal's infrastructure and maintaining its reputation as a trusted payments provider. In a statement on LinkedIn, Khalfan expressed his excitement about the new challenge, highlighting his admiration for PayPal's leadership team and growth strategy. "I am excited to embark on a new challenge as SVP, Chief Information Security Officer at PayPal! I am inspired by the leadership team, growth strategy, and look forward securing a digital company on a global scale," said Khalfan. With Khalfan at the helm of cybersecurity, PayPal is well-positioned to navigate the complex landscape of cybersecurity threats and emerge stronger than ever before. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Mitel, a leading provider of business communications solutions worldwide, has announced the appointment of Bill Dunnion as its new Chief Information Security Officer (CISO).

In his new role, Dunnion will spearhead Mitel’s information security strategy, oversee security architecture, and ensure compliance with security standards. His responsibilities also include assessing, developing, and implementing industry best practices for security across the organization.

Bill Dunnion Expertise and Experience

Bringing over two decades of progressive experience across various industries, Dunnion boasts a comprehensive understanding of IT, cybersecurity, and risk management. His expertise encompasses cybersecurity trends, adherence to security standards and frameworks, as well as emerging business risks. Mitel's Chief Information Officer, Jamshid Rezaei, emphasized the critical importance of security in today's digital landscape. Rezaei highlighted that in an era where secure, reliable, and compliant digital tools are paramount, Dunnion's leadership and experience in implementing cybersecurity policies and procedures will greatly benefit Mitel. “In today's world, providing secure, reliable, and compliant digital tools, including communications and collaboration solutions, for our employees, partners, and customers is more crucial than ever. Bill’s proven leadership, combined with his considerable experience in implementing and operationalizing cybersecurity policies and procedures, is a great asset for Mitel," said Rezaei. Expressing his enthusiasm for his new role, Dunnion highlighted the ever-evolving nature of security threats faced by businesses today. He stressed the necessity for organizations to adopt agile solutions that prioritize the confidentiality, residency, and protection of critical data. Dunnion expressed his eagerness to collaborate with the combined Mitel and Unify teams to develop a cohesive and comprehensive security program for all stakeholders. "After 25 years, I am very excited to be returning to Mitel where the people are as amazing as I remember. The company's continued growth and 51-year legacy are incredible testaments to the leadership and employee commitment to excellence. I am looking forward to helping the excellent security team manage and mature the security program at Mitel," reads Dunnion's LinkedIn post.

Bill Dunnion's Professional Journey

Prior to joining Mitel, Dunnion held notable IT and cybersecurity leadership positions at esteemed organizations such as Calian Ltd, 2Keys Security Solutions, and Bell Canada. In his most recent role as Senior Director of Corporate Cybersecurity at Calian, he played a pivotal role in developing, implementing, and operationalizing the company's cybersecurity program. Dunnion ensured alignment with industry standards such as NIST, ISO, and SOC2, demonstrating his commitment to enhanced cybersecurity practices. Dunnion holds a degree in mechanical engineering from Queen's University in Kingston, Ontario, and actively contributes to the cybersecurity community as the volunteer chair of the Canadian Cyber Forum in Ottawa. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Keepit, a global leader in SaaS data backup and recovery, has announced the appointment of Kim Larsen as its new Chief Information Security Officer (CISO). With over two decades of leadership experience in IT and cybersecurity spanning both governmental and private sectors, Kim Larsen brings a wealth of expertise to his new role. Talking about backup and recovery, Kim Larsen denoted his take cybersecurity posture, stating, “I am very happy to join Keepit: Backup and recovery are critical components of a solid cybersecurity posture, and the unique Keepit solution is the answer to so many compliance and security challenges. It’s a great opportunity to work with organizations on how to retain access to their data in the face of any malign or arbitrary threats to their infrastructure.”

Kim Larsen Expertise in Government and Private Sector

Larsen's career trajectory encompasses significant roles in esteemed organizations such as the Danish National Police and the Security and Intelligence Service (PET), where he served as a delegate for the Danish government in NATO’s and the EU’s security committees. Transitioning to the private sector, Larsen contributed his strategic insights to companies like Verizon, Huawei, and Systematic, while also serving on the information security board of the Danish Industry Confederation (DI) and the Danish Council for Digital Security. Speaking on the development Morten Felsvang, Keepit CEO said, “It's a real pleasure to welcome Kim Larsen to the team — his deep government and broad private sector experience is exceptional, and perfectly positions him to bring Keepit’s security advisory capabilities and development of future services to the next level. Our current growth trajectory and go-to-market strategy has us engaging in conversations where his expertise is highly valuable.”

Larsen Holistic Approach to Cybersecurity

Larsen's expertise extends across various domains including business-driven security, aligning corporate, digital, and security strategies, risk management, and threat mitigation. His adeptness in developing and implementing security strategies, coupled with his prowess in leadership and communication, make him a strategic asset to Keepit's mission of providing next-level SaaS data protection. Emphasizing the proactive approach necessary for cybersecurity preparedness, Larsen said, “If there’s one thing we can be sure of, it’s this: We don’t know the threats we will be facing in the future. But we can make educated guesses. And based on those, we can make sure to cross the t’s and dot the i’s that we do know about. That’s why the Keepit solution is a future-proof solution: With its vendor-independent tech stack that keeps data physically and logically separate from the production environment, it’s a guarantee that customer data is always available. And with local data centers keeping data in the same regulatory regions as the organization, full compliance is assured. It is really quite unique.” With Larsen at the helm of Keepit's cybersecurity initiatives, the company aims to reinforce its commitment to providing robust data protection solutions to its global clientele. Larsen's emphasis on compliance, security, and disaster recovery best practices underscores Keepit's dedication to staying ahead of emerging threats and evolving regulatory landscapes. Keepit's vendor-independent cloud dedicated to SaaS data protection, based on a blockchain-verified solution, offers a future-proof safeguard against evolving cyber threats. By keeping data physically and logically separate from the production environment and maintaining local data centers in regulatory-compliant regions, Keepit ensures the availability and compliance of customer data, making it a preferred choice for organizations worldwide. In his role as CISO, Larsen will lead Keepit's efforts to advance its security advisory capabilities, develop future services, and navigate the complex cybersecurity landscape with resilience and innovation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

SecurityWeek discusses cybersecurity leadership with CISOs from crowdsourced hacking organizations Bugcrowd (Nick McKenzie) and HackerOne (Chris Evans)

The post CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne) appeared first on SecurityWeek.

In the dynamic arena of cybersecurity, few figures resonate as profoundly as Saloni Vijay, the Vice President and Chief Information Security Officer (CISO) at _VOIS (Vodafone Intelligent Solutions), a pivotal entity within the Vodafone Group. With a career spanning over two decades, Saloni's journey is a testament to perseverance, expertise, and an unyielding commitment to safeguarding digital space. Her professional odyssey commenced amidst the intricacies of software development, navigating through the complexities of telecom technology, until finally converging at the forefront of cybersecurity. Saloni's trajectory embodies not just professional growth but also a profound narrative of gender inclusivity within the tech realm. As a woman navigating a predominantly male-dominated field, she has confronted unconscious biases and societal stereotypes head-on, advocating tirelessly for inclusivity and equal opportunities. Beyond her professional achievements, Saloni's narrative speaks to the delicate balance between ambition and well-being—an aspect often overshadowed in the fast-paced world of cybersecurity. In an exclusive interview with The Cyber Express, Saloni provides her perspective on the cybersecurity landscape, drawing from her personal journey. Her story is more than just professional growth; it's a heartfelt reflection on the challenges and successes faced by women in the cybersecurity industry.

Excerpt From Saloni Vijay's Interview

TCE: Can you share with us your personal journey in the field of cybersecurity? What initially attracted you to this field, and how did you navigate your career path to become the Vice President | CISO at VOIS? Saloni: I started my career in software development and eventually transitioned into core telecom technology and then into IT. While serving as Head of IT, I harbored a strong curiosity for core security practices. This drive led me to embrace a pivotal role in technology security as the Head of Risk and Security Assurance at Vodafone Idea. To enhance my skills in the cybersecurity field, I pursued post-graduation studies in cybersecurity at MIT (Massachusetts Institute of Technology), eventually ascending to the position of CISO at _VOIS, a Vodafone Group company. TCE: Throughout your career, have you encountered any instances of gender discrimination or biases in the cybersecurity industry? If so, how did you handle these challenges? Saloni: Yes, I have noticed gender discrimination or biases not only in cybersecurity but in all industries. Sometimes, it's unconscious bias, and dealing with it requires speaking up when such biases are observed. I strongly believe that actions, rather than gender, should speak, eventually changing people’s perceptions. TCE: Building on the previous question, what specific difficulties, if any, did you face as a woman in a predominantly male-dominated field like cybersecurity? Saloni: Equal opportunities and a seat at the table are essential. Due to perceived fragility, women are often assumed incapable of handling specific tasks. Balancing professional and personal life becomes challenging as they intertwine. However, the pandemic has brought about a positive change by introducing flexible working hours for women." TCE: As a leader in cybersecurity, what strategies have you found effective in encouraging more women to pursue careers in this field? Saloni: Early exposure at a young age through educational programs and mentorship initiatives can spark interest in cybersecurity. Additionally, visibility of role models through conferences, seminars, and media coverage is crucial for aspiring professionals. Supporting networks and communities for women to connect, along with diversity initiatives and the creation of more role models, are also important. Furthermore, promoting work-life balance, flexible working hours, a safe work culture, and women-friendly policies would further encourage women to pursue careers in this field. TCE: Are there any specific programs or initiatives that you believe are essential for fostering gender diversity and inclusion within cybersecurity? Saloni: Providing training on unconscious bias and promoting awareness of gender bias within the industry can help create a more inclusive and equitable workplace culture. Another initiative involves collaborating with industry partners and educational institutes to develop initiatives that address the underrepresentation of women in cybersecurity. TCE: In your opinion, what are the major barriers preventing more women from entering and thriving in cybersecurity roles, and how can these barriers be overcome? Saloni: Societal stereotypes, lack of role models, educational disparities, unequal role or growth opportunities, hostile work environments, and work-life balance concerns are major barriers preventing women from entering the cybersecurity field. These barriers can be overcome by implementing women-friendly policies and establishing a safe and equal workplace culture.