tagCiso

  • AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
    AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.

    For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of the

    June 11, 2026
  • The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
    The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

    Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor. A Security Growth Platform is the more precise name for what MSPs and MSSPs need from the software

    June 1, 2026
  • Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
    Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

    AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR  Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.

    May 20, 2026
  • Deterministic + Agentic AI: The Architecture Exposure Validation Requires
    Deterministic + Agentic AI: The Architecture Exposure Validation Requires

    Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed

    April 15, 2026
  • Block the Prompt, Not the Work: The End of "Doctor No"
    Block the Prompt, Not the Work: The End of "Doctor No"

    There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &

    April 1, 2026
  • The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
    The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

    Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year's findings reveal three core trends: AI has

    March 30, 2026
  • AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
    AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

    A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how organizations are securing AI infrastructure and highlights critical gaps tied to skills shortages and

    March 17, 2026
  • How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
    How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs

    Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helps

    March 12, 2026
  • New RFP Template for AI Usage Control and AI Governance 
    New RFP Template for AI Usage Control and AI Governance 

    As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actually looking for. The CISO’s Dilemma: You Have the AI Budget, but Do You Have the Requirements? As AI

    March 4, 2026
  • Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
    Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow

    Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive and organizational pressures that quietly erode SOC performance over time. The Paradox at the Gate:

    March 3, 2026