“Security” means different things to different organisations; for proof you need look no further than the disparate collection of security chiefs featured in this issue.For Commonwealth Bank head of security John Geurts, security means thwarting armed robbers and ensuring the safety of the bank’s employees. For Starbucks CSO Francis D’Addario, security means balanced cash registers in cafes all over the world. For Mike Hager, who was vice president of security at OppenheimerFunds when the company’s offices were destroyed on September 11, security is about business continuity planning and the ability to recover systems quickly in the event of a disaster. For Mike Arnavutian, head of security strategy at BT Global Services, security is an ASP that guards his company data as closely as he does.And yet while every company’s security road map is different, some challenges remain constant, like aligning security with the business and protecting critical information infrastructure. Another is the inevitable tension between good security practices and delivering quality service to your customers.“We work very hard to keep examining and refining our systems to make sure they’re as good as they can be, but you can’t throw customer service out the window — so it’s a trade-off,” the Commonwealth Bank’s Geurts told me when I interviewed him for this month’s cover story. That trade-off is a challenge that all CSOs recognize, no matter what business they’re in. Geurts knows that good security is not only about creating a safe and secure work environment, it is also about creating a profitable one. Not surprisingly, he also says that improving business acumen should be a top priority for most security professionals.To that end, we’ve asked CSOs, security experts and researchers to share their perspectives on the current state of IT security. Security has taken centre stage in our society, whether we like it or not, and it’s the CSO’s job to help companies navigate a course through this treacherous new business landscape. CSO magazine is here to help you plot where you are, predict what the future holds for technology, and find out where the bad guys hide. ? Related content news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe