Stay updated on CISO news and insights. Expert coverage on Chief Information Security Officer roles, strategies, and cybersecurity leadership trends.
Search across headline titles and summaries.
Background for this topic.
CISO is an acronym for Chief Information Security Officer, a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the organization to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually the point of contact for any regulatory compliance issues related to information security.
In the context of information security, the CISO plays a critical role in defending against cyber threats and ensuring that an organization's data and technology infrastructure are secure. By collaborating with other executives, the CISO helps to align security initiatives with business objectives, thus enabling the organization to innovate and grow while minimizing security risks.
Weekly headline count for the current query.
Zoom CISO Sandra McLeod discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and her advice for aspiring cybersecurity leaders.
Semperis is set to bring ‘Enter the War Room: A Tabletop Experience’ to Infosecurity Europe to help cybersecurity leaders prepare to face real incidents
ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident
Artificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.
SANS Survey Says Industry Risks Future by Cutting Roles That Train Cyber ExpertiseAI is automating the entry-level cybersecurity roles where the next generation of experts have always been trained. As the industry struggles to hire senior talent, cutting the bottom rungs of the ladder could create a talent crisis today that CISOs can't solve later.
Company Pushes Key Rotation After 3,800 Repositories CompromisedHacked code repository GitHub warned administrators of self-hosted git servers to rotate public encryption keys following a May 18 incident involving a poisoned VS Code extension used by an employee. GitHub CISO Alexis Wales in a Tuesday update said the repository is rotating all keys.
Advanced AI Models Find More Holes Than Enterprise Security Teams Can PlugArtificial intelligence models such as Anthropic's Mythos are rapidly exposing decades of hidden software security debt, forcing CIOs and CISOs to rethink vulnerability management, remediation capacity and the trade-offs between availability and breach prevention.
CEO Beth Tschida: AI Developers' Apple Preference Could Strengthen Jamf's PositionChief Technology Officer Beth Tschida takes over as CEO of Minneapolis-based Jamf with a mandate to define how the Apple management and security vendor uses AI internally while helping CISOs govern shadow AI, identity and policy controls across enterprise Apple fleets.
Finding ways to document both component and execution attributes for AI bills of materials (AI BOMs).
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires
Five ways CISOs can prepare for consuming AI bills of materials and influence the direction of how they're generated.
Forrester's Allie Mellen on Preparing for a Mythos-Level Surge in VulnerabilitiesAI is simultaneously the biggest threat to financial system security and the most powerful tool for defending it. The IMF is sounding the alarm on systemic risk. Forrester principal analyst Allie Mellen breaks down what that means for CISOs and security teams at financial institutions.
Survey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if that’s what it took to help restore encrypted systems
As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.
As AI and quantum threats target the backbone of the American economy, Washington must provide the guidance and incentives necessary for SMBs to access executive-level cyber expertise. The post The missing cybersecurity leader in small business appeared first on CyberScoop.
Security Leaders Face Gaps, Not in Their Org Charts, But in Their Team's SkillsConcerns about the skills and capabilities of cybersecurity teams have for the first time overtaken worries about headcount and unfilled vacancies among CISOs, according to a new SANS survey.
Tightening Budgets and AI-Enabled Attacks Stretch State Cyber DefensesState CISO confidence has collapsed, with just 22% saying their data is protected from cyberthreats. The 2026 NASCIO-Deloitte study points to AI-enabled attacks, third-party vendor risk and the worst budget picture in years as states rethink how they defend public data.
Chris Inglis was the head civilian in charge at the NSA when the Snowden leaks exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and "enculturation."
Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX's MDR CoreTekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model.
Recent Package Compromises Pushed Software Component Trust to the Security AgendaCloudsmith raised a $72 million Series C led by TCV to expand policy enforcement, auditability and real-time package risk analysis as CISOs focus more closely on software supply-chain threats tied to open-source dependencies, AI-assisted development and compromised artifacts.