Home Community Andy Ellis

Andy Ellis

Advisory CISO, Orca Security, and Contributing Writer

Andy Ellis is the Advisory CISO at Orca Security, and 2021 Inductee into the CSO Hall of Fame. He is an Operating Partner at YL Ventures, and was formerly a US Air Force officer and the CSO at Akamai Technologies. You can find him hosting the Cloud Security Reinvented podcast and on Twitter at @csoandy.

Articles by Andy Ellis

Why assessing third parties for security risk is still an unsolved problem

A recent ranking of the most cyber-secure companies reveals weaknesses in current third-party risk management practices.

Jun 20, 2023 4 mins

Risk Management

Software liability reform is liable to push us off a cliff

Mar 02, 2023 6 mins

Compliance Compliance Compliance

What the Uber verdict means to CISOs: You’re (probably) not going to jail

Oct 13, 2022 5 mins

CSO and CISO C-Suite Roles

TikTok resets the clock on security leadership

Roland Cloutier is stepping down as global CSO to become a strategic advisor to TikTok’s CEO. The clock is ticking on the CSO succession plan.

Jul 15, 2022 4 mins

IT Leadership Security

We don’t need another infosec hero

By setting yourself up as the defender, the solver of problems, you cast your business colleagues as hapless victims or, worse, threats. This is not a useful construct for engagement.

Jun 16, 2022 4 mins

CSO and CISO IT Leadership

The cloud security emperor has no pants

“Shared responsibility” usually means that no one is responsible for minding the gap. Don’t fall in.

Apr 26, 2022 4 mins

The security user experience (SUX)

Security processes that treat the very users we protect as unwanted burdens and alienate them in the process are a path to failure.

Apr 15, 2022 4 mins

Fraud Security Practices

CISOs are still chiefs in name only

If you’re not in the meeting where decisions are made, then you’re not part of the C-Suite—whatever your title may be.

Mar 07, 2022 4 mins

CSO and CISO Careers IT Leadership

Drop the SBOM

Software bills of material are having a moment, but the costs of an externally visible SBOM are likely to outweigh the benefits, says Andy Ellis.

Feb 22, 2022 5 mins

Application Security Open Source

Vulnerabilities don’t count

No one outside the IT department cares about your vulnerability metrics (or they shouldn’t, anyway). They care about efficacy. And traditional stats don’t show that.

Feb 10, 2022 5 mins

CSO and CISO Vulnerabilities IT Leadership

Show me more

How cybersecurity teams should prepare for geopolitical crisis spillover

By Christopher Whyte

Dec 05, 202312 mins

Advanced Persistent ThreatsAdvanced Persistent ThreatsAdvanced Persistent Threats

P2Pinfect Redis worm targets IoT with version for MIPS devices

By Lucian Constantin

Dec 04, 20235 mins

BotnetsHacker GroupsSecurity Practices

Hackers book profit by scamming Booking.com customers

By Gagandeep Kaur

Dec 04, 20234 mins

CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison

Nov 20, 202315 mins

CSO Executive Sessions Australia with Robbie Whittome, CISO at Curtin University

Oct 16, 202315 mins

CSO Executive Sessions / ASEAN: Cisco's Anthony Grieco on opportunities in Southeast Asia's cybersecurity landscape

Oct 10, 202316 mins

CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison

Nov 20, 202315 mins

AI and Cybersecurity: Speed Bumps, Training, and Communication

Nov 06, 202317 mins

CyberattacksGenerative AI

CSO Executive Sessions Australia with Robbie Whittome

Oct 16, 202315 mins

Sponsored Links

Tomorrow’s cybersecurity success starts with next-level innovation today. Join the discussion now to sharpen your focus on risk and resilience.