Posts tagged CISOs

4 min CISOs

How CISOs’ Roles – and Security Operations – Will Change in 2024

It’s fair to say that 2023 was a turning point for the cybersecurity industry, and no one felt it more than the CISO. From the onslaught of ransomware and zero-day attacks, [https://www.rapid7.com/blog/post/2024/01/12/2023-ransomware-stats-a-look-back-to-plan-ahead/] to the SEC’s new reporting rules [https://www.rapid7.com/globalassets/_pdfs/policy/sec-cybersecurity-compliance-solution-brief.pdf] , and added to technological innovation and sprawl, CISOs have never been under more pressure to ge

Read Full Post

3 min CISOs

4 Questions for CISOs to Reduce Threat Exposure Risk

The report, 2024 Strategic Roadmap for Managing Threat Exposure, can help CISOs and other top executives steer away from risk by analyzing their attack surfaces for gaps.

Read Full Post

2 min Cloud Security

Be Empathetic and Hug Your CISO More!

In the rapidly evolving landscape of cloud computing, the adoption of multi-cloud environments has become a prevailing trend. Organizations increasingly turn to multiple cloud providers to harness diverse features, prevent vendor lock-in, and optimize costs.

Read Full Post

1 min InsightIDR

This CISO Isn’t Real, But His Problems Sure Are

The odds are stacked against this poor guy (and you) now – but a unified Extended Detection and Response (XDR) and SIEM restacks them in your favor.

Read Full Post

3 min CISOs

The Cybersecurity Skills Gap Is Widening: New Study

A new study reveals organizations are having serious trouble sourcing top-tier cybersecurity talent — despite their need to fill these roles growing more urgent by the day.

Read Full Post

3 min Threat Intel

The CISO as an Ethical Leader: Building Accountability Into Cybersecurity

It’s important that cybersecurity leaders reinforce ethical practices in guarding against data loss.

Read Full Post

6 min CISOs

Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500

We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.

Read Full Post

8 min ICER Reports

Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500

Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.

Read Full Post

3 min CISOs

How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs

Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ (formerly CBS All Access) streaming platform.

Read Full Post

4 min ICER Reports

Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500

There are very few security measures that should be applied to all web applications across the board without further subdividing what specific type of application we are referring to. However, there are a couple that we will examine here.

Read Full Post

7 min CISOs

Security Budget Tips, from CISOs, for CISOs

CISO Series: Budgeting I have provided a brief overview of the genesis of the CISO series [/2015/10/27/introducing-the-ciso-blog-series], and now it is time to tackle our first topic: security budgets. Whether you're the CISO of a large public company or leading security at an early-stage startup, rich in headcount or forced to be tight with the purse strings, reporting into the CIO, COO, or elsewhere in the organization, the fact remains that budget conversations are among the most critical and

Read Full Post

10 min CISOs

Push vs Pull Security

I woke up from a dream this morning. Maybe you can help me figure out what it means. Your company hired me to build a security program. They had in mind a number of typical things. Build a secure software development lifecycle so app developers didn't code up XSS vulnerabilities. Improve network security with new firewalls, and rolling out IDS sensors. Set up training so people would be less likely to get phished. Implement a compliance program like NIST or ISO. And you wanted all of that rolle

Read Full Post

6 min CISOs

CISOs: Do you have enough locks on your doors?

In a previous blog post [/2015/07/09/ciso-in-residence-series-shocked-but-not-surprised], I referenced some research on how people plan for, or rather how they fail to plan for, natural disasters like floods. At the end of the blog post I mentioned that people who have poor mental models about disasters fail to prepare fully. I keep coming back to the idea of mental models because it starts to explain why we have such a gap between security practitioners and senior executives. I asked one CISO

Read Full Post

1 min CISOs

Top 3 Takeaways from "CyberSecurity Awareness Panel: Taking it to the C-Level and Beyond"

Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this week I'm here to provide you with the Top 3 Takeaways from our CyberSecurity Awareness month webcast where we were joined by a panel of experts: Brian Betterton - Director, Security, Risk and Compliance at Reit Management & Research Trey Ford - Global Security

Read Full Post