Protecting America’s Water Systems: A Cybersecurity Imperative

America’s water systems are becoming targets for cyberattacks. Cybercriminals and nation-state actors exploit known vulnerabilities, threatening the safety and security of a critical public resource. Recent attacks have highlighted the urgency for water utilities to bolster their capabilities, especially given their limited resources. The Growing Threat of Cyberattacks on Water ... Read More

A CISO Blueprint for an Effective Board Narrative

Many CISOs are technical at heart. Too often, they fall into the trap of discussing security activities—the number of incidents, vulnerabilities and exposures, patches applied, or hours of user training. If you’re still talking about operational metrics, you’re missing the opportunity to drive real influence with your board. Effective board ... Read More

CISOs: The one question your board will NEVER ask you

| | security posture
When was the last time your board asked, “How many vulnerabilities were patched last week?” They didn’t—and they won’t. What they care about is the impact of those vulnerabilities and exposure on the business. They want to know if the business could be exposed, how bad it is, and what ... Read More

CAASM: Dead-End Approach or Worthwhile Journey?

Cyber Asset Attack Surface Management (CAASM) is focused on enabling security teams to overcome asset visibility. Asset visibility is foundational to security programs  — knowing what assets exist in their environment and where those assets reside. CAASM provides a holistic view of an organization’s asset inventory by consolidating internal and ... Read More

Negotiate Your Next Cyber Insurance Policy With This 6-Step Playbook

TL;DR: Cyber liability insurance is essential, but premiums are increasing, and numerous exclusions exist. Important steps to lower premiums include preparation, articulating your risk, and demonstrating progressive improvement in security through measurable metrics. Why Do Organizations Need Cyber Liability Insurance? Cyber liability insurance has become an important component of every ... Read More

CRQ Lessons from EY and Balbix

Recently, we concluded a webinar with EY. During the discussion, we covered how cyber risk quantification has become a focal point for many organizations, emphasizing its role in transitioning from technical jargon to actionable business intelligence. Here are 4 key insights from our webinar: #1 CRQ can help articulate communication ... Read More

Logical Advice for CISOs on the SEC Cybersecurity Regulations Webcast Wrap-Up

| | Thought Leadership
On Monday, I was thrilled to host an informative webinar Logical Advice for CISOs on the SEC Cybersecurity Regulations. I want to thank our guests Richard Watson, Global Cybersecurity Consulting Leader at EY, Marlene Allison, former CISO at Johnson & Johnson and Gaurav Banga, Founder and CEO at Balbix for ... Read More

Webinar Highlights: Uncommon Wisdom – Lessons from Two Decades of Cyber Risk Quantification

Last week, I hosted a webinar on Cyber Risk Quantification (CRQ) with Chris Novak, a world-renowned cybersecurity executive at Verizon and advisor at CISA, along with Gaurav Banga, the Founder and CEO of Balbix. The recording is available here: Who was on the webinar: Our attendees were primarily executive and ... Read More