Careers | News, how-tos, features, reviews, and videos

Conceptual image of a network of executives / silhouettes of executives in motion.
A man and woman sit on opposite sides of an office desk, in discussion.

csea22 001 thumb

CSO Executive Sessions with guest Jason Lau / ASEAN

Jason Lau, CISO at, joins host Xiou Ann Lim for this CSO Executive Sessions interview. They will discuss how having a growth mindset is necessary to thrive in cybersecurity, how industry collaboration and data-sharing can...

computer keyboard delete trash

Machine as insider threat: Lessons from Kyoto University’s backup data deletion

Kyoto University lost terabytes of data in a machine-as-an-insider scenario triggered by human error. Here are questions CISOs should ask to avoid a similar situation.

Activists protest against racism and advocate for social justice and equal rights.

Aligning security strategy with ESG objectives: The next big issue for CISOs

As interest in environmental, social, and governance issues increases among investors, business partners, consumers, and employees, CISOs will need to shape their security and risk strategies to align with the organization’s ESG...

social media network interaction

A framework to vet security processes for human execution

Make sure you take human interaction and communication into account when developing your security processes. Here's a simple framework that can help.

A stack of school books sits on a desk, with an apple on top. [Education/Learning]

TIAA boosts cybersecurity talent strategy with university partnership

CISO Tim Byrd teams up with New York University Tandon School of Engineering to create a new educational pathway for TIAA employees.

conference / convention / audience / applause / clapping

The CSO guide to top security conferences, 2022

Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

human weak link cybersecurity primary

Supply chain attacks show why you should be wary of third-party providers

The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

A stressed businessman with head in hand sits at a desk and computer in an office workspace.

Security leaders on how to cope with stress of Log4j

The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope.

business travel / airport terminal walkway / traveller

CISOs, what's in your travel security program?

It's time to review (or create) your travel security program now that more people are traveling for work and pleasure. Here's what it should include.

A virtual checkmark in digital system / standards / quality control / certification / certificates

8 top penetration testing certifications employers value

If you're looking for a job as a penetration tester, these certs will help you demonstrate your hacking skills and your commitment to the field.

Tim Rohrbaugh, CISO, JetBlue 

JetBlue CISO Tim Rohrbaugh on putting threat intelligence at the center

Understanding threat actors and the tactics they use informs how Rohrbaugh develops his cybersecurity strategy, allocates resources, and leads his team.

balance - measure - comparison - risk assessment

4 classes of practical security and how to balance them against goals

Every CISO must evaluate their security programs against these four basic levels of security -- stay out of jail, table stakes, competitive and advantage -- in terms of business need.

high priority gauge

Security priorities for 2022: Advancement, not revolution

Security leaders say their priorities reflect security needs due to recent shifts in their organization’s IT and business environments, a changing threat landscape, and emerging risks.

storytelling primary

How CISOs can drive the security narrative

If you want people to follow proper security practices, they need to understand why. That's best done by telling a good story.

A group of business leaders / board members with questions.

13 traits of a security-conscious board of directors

A CISO's success (and job longevity) is often dependent on support from the board of directors. Answers to these questions will reveal how security savvy a BoD is.

eliminate insider threats 1

What CISOs can learn from the US Navy insider who stole nuclear secrets

The theft of government secrets by Jonathan Toebbe and others raises the question: How should CISOs deal with insider threats who have had insider threat training?

Vitaliy Panych, CISO, State of California

California state CISO: the goal is “operating as a whole government”

Partnerships with other state entities elevate security capabilities and enhance information sharing to provide better security overall, says California state CISO Vitaliy Panych.

avoid detour side step trap hole in floor arrow by lucadp getty images

How CISOs escape the cost center trap

Even as the CISO role is becoming more business-focused, in many organizations the notion of security as purely a cost center persists. Here’s how savvy CISOs can turn that around.

Load More
You Might Also Like