strategy

CISO Assistant: Open-source cybersecurity management and GRC

CISO, Compliance, cybersecurity, DevSecOps, Don't miss, framework, GitHub, GRC, Hot stuff, News, open source, Risk Management, software, strategy /

CISO Assistant: Open-source cybersecurity management and GRC 2026-01-14 at 13:25 By Mirko Zorz CISO Assistant is an open-source governance, risk, and compliance (GRC) platform designed to help security teams document risks, controls, and framework alignment in a structured system. The community edition is maintained as a self-hosted tool for organizations that want direct access to […]

CISO Assistant: Open-source cybersecurity management and GRC Read More »

Teaching cybersecurity by letting students break things

cybersecurity, Don't miss, Features, Hot stuff, News, online gaming, rersearch, skill development, strategy /

Teaching cybersecurity by letting students break things 2026-01-13 at 09:01 By Sinisa Markovic Cybersecurity students show higher engagement when the work feels tangible. A new study from Airbus Cybersecurity and Dauphine University describes what happens when courses move beyond lectures and place students inside structured hacking scenarios, social engineering exercises, and competitive games. From theory

Teaching cybersecurity by letting students break things Read More »

European Commission opens consultation on EU digital ecosystems

EU, News, open source, strategy /

European Commission opens consultation on EU digital ecosystems 2026-01-09 at 15:44 By Sinisa Markovic The European Commission has opened a public call for evidence on European open digital ecosystems, a step toward a planned Communication that will examine the role of open source in EU’s digital infrastructure. The consultation runs from January 6 to February

European Commission opens consultation on EU digital ecosystems Read More »

When AI agents interact, risk can emerge without warning

agentic AI, Artificial Intelligence, Don't miss, News, research, strategy /

When AI agents interact, risk can emerge without warning 2026-01-07 at 08:30 By Sinisa Markovic System level risks can arise when AI agents interact over time, according to new research that examines how collective behavior forms inside multi agent systems. The study finds that feedback loops, shared signals, and coordination patterns can produce outcomes that

When AI agents interact, risk can emerge without warning Read More »

Turning plain language into firewall rules

cybersecurity, Don't miss, Features, FireMon, firewall, Hot stuff, how-to, LLMs, News, research, security operations, strategy, tips, Versa Networks /

Turning plain language into firewall rules 2026-01-06 at 09:00 By Sinisa Markovic Firewall rules often begin as a sentence in someone’s head. A team needs access to an application. A service needs to be blocked after hours. Translating those ideas into vendor specific firewall syntax usually involves detailed knowledge of zones, objects, ports, and rule

Turning plain language into firewall rules Read More »

The roles and challenges in moving to quantum-safe cryptography

Don't miss, News, open source, quantum computing, research, strategy /

The roles and challenges in moving to quantum-safe cryptography 2026-01-06 at 08:45 By Anamarija Pogorelec A new research project examines how organizations, regulators, and technical experts coordinate the transition to quantum safe cryptography. The study draws on a structured workshop with public sector, private sector, and academic participants to document how governance, security, and innovation

The roles and challenges in moving to quantum-safe cryptography Read More »

Executives say cybersecurity has outgrown the IT department

CISO, CXO, cybersecurity, News, report, Rimini Street, Risk Management, strategy, threats /

Executives say cybersecurity has outgrown the IT department 2025-12-30 at 08:03 By Anamarija Pogorelec Cybersecurity has moved from a technical problem to a boardroom concern tied to survival. A global Rimini Street study of senior executives shows security risk shaping decisions on technology, talent, and long term planning across industries that keep economies running. Cyber

Executives say cybersecurity has outgrown the IT department Read More »

NIST issues guidance on securing smart speakers

hardware, healthcare, how-to, Internet of Things, medical devices, News, NIST, strategy, tips /

NIST issues guidance on securing smart speakers 2025-12-22 at 07:02 By Sinisa Markovic Smart home devices, such as voice-activated digital assistants, are increasingly used in home health care, with risks involved. An attacker could change a prescription, steal medical data, or connect a patient to an impostor. To reduce cybersecurity risks tied to this use,

NIST issues guidance on securing smart speakers Read More »

LLMs work better together in smart contract audits

blockchain, CISO, cybersecurity, Don't miss, Ethereum, framework, LLMs, News, research, strategy, tips /

LLMs work better together in smart contract audits 2025-12-19 at 08:42 By Sinisa Markovic Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead of

LLMs work better together in smart contract audits Read More »

The soft underbelly of space isn’t in orbit, it’s on the ground

aerospace, CISO, cybersecurity, Don't miss, Features, Hot stuff, KSAT, News, security telemetry, strategy, supply chain, tips /

The soft underbelly of space isn’t in orbit, it’s on the ground 2025-12-18 at 09:08 By Mirko Zorz In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He

The soft underbelly of space isn’t in orbit, it’s on the ground Read More »

Why vulnerability reports stall inside shared hosting companies

cybersecurity, Don't miss, Features, Hot stuff, News, research, strategy, tips, vulnerability disclosure, vulnerability management /

Why vulnerability reports stall inside shared hosting companies 2025-12-17 at 09:24 By Mirko Zorz Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short. The research

Why vulnerability reports stall inside shared hosting companies Read More »

AI-driven threats are heading straight for the factory floor

Artificial Intelligence, attacks, CISO, collaboration, Compliance, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, News, penetration testing, Siemens, strategy, threat modeling /

AI-driven threats are heading straight for the factory floor 2025-12-09 at 09:07 By Mirko Zorz In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, discusses how industrial organizations are adapting to a shift in cyber risk driven by AI. She notes that in-house capability, especially for OT response and recovery, is

AI-driven threats are heading straight for the factory floor Read More »

Smart grids are trying to modernize and attackers are treating it like an invitation

access control, Analog Devices, critical infrastructure, cybersecurity, Don't miss, energy sector, Features, firmware, hardware, Hot stuff, News, strategy, supply chain, threats /

Smart grids are trying to modernize and attackers are treating it like an invitation 2025-12-04 at 09:05 By Mirko Zorz In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack

Smart grids are trying to modernize and attackers are treating it like an invitation Read More »

Creative cybersecurity strategies for resource-constrained institutions

collaboration, Compliance, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Innovation, News, RTI International, security controls, strategy /

Creative cybersecurity strategies for resource-constrained institutions 2025-12-02 at 09:33 By Mirko Zorz In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and still build resilience. He discusses the tension between open research and the need to protect sensitive information, noting that

Creative cybersecurity strategies for resource-constrained institutions Read More »

Offensive cyber power is spreading fast and changing global security

China, CISO, cyber risk, cybersecurity, Don't miss, Hot stuff, NATO, News, report, research, Risk Management, Russian Federation, strategy, threats /

Offensive cyber power is spreading fast and changing global security 2025-12-01 at 08:36 By Sinisa Markovic Offensive cyber activity has moved far beyond a handful of major powers. More governments now rely on digital operations to project influence during geopolitical tension, which raises new risks for organizations caught in the middle. A new policy brief

Offensive cyber power is spreading fast and changing global security Read More »

Heineken CISO champions a new risk mindset to unlock innovation

boardroom, CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Heineken, Hot stuff, News, Risk Management, strategy, tips /

Heineken CISO champions a new risk mindset to unlock innovation 2025-11-26 at 09:16 By Mirko Zorz In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than technical overseers. She shares how connecting security to business impact can shift perceptions and

Heineken CISO champions a new risk mindset to unlock innovation Read More »

How board members think about cyber risk and what CISOs should tell them

boardroom, CISO, cyber risk, cybersecurity, Don't miss, News, Qualys, security metrics, strategy, Video /

How board members think about cyber risk and what CISOs should tell them 2025-11-26 at 07:11 By Help Net Security In this Help Net Security video, Jonathan Trull, EVP & CISO at Qualys, discusses which cybersecurity metrics matter most to a board of directors. Drawing on more than two decades in the field, he explains

How board members think about cyber risk and what CISOs should tell them Read More »

How an AI meltdown could reset enterprise expectations

access control, Artificial Intelligence, CIO, CISO, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, Redgate Software, regulation, strategy, tips /

How an AI meltdown could reset enterprise expectations 2025-11-25 at 09:02 By Mirko Zorz In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past incidents haven’t pushed the industry to mature. McMillan also outlines the structural shifts he expects once

How an AI meltdown could reset enterprise expectations Read More »

How to cut security tool sprawl without losing control

CISO, cybersecurity, Don't miss, News, policy, strategy, threats, tips, Versa Networks, Video, zero trust /

How to cut security tool sprawl without losing control 2025-11-19 at 07:58 By Help Net Security In this Help Net Security video, Jon Taylor, Director and Principal of Security at Versa Networks, talks about how organizations can deal with security tool sprawl. He explains why many teams end up with too many tools, especially as

How to cut security tool sprawl without losing control Read More »

What security pros should know about insurance coverage for AI chatbot wiretapping claims

Artificial Intelligence, Don't miss, Features, Hot stuff, law, law firms, News, Privacy, strategy, tips /

What security pros should know about insurance coverage for AI chatbot wiretapping claims 2025-11-18 at 08:44 By Mirko Zorz AI-powered chatbots raise profound concerns under federal and state wiretapping and eavesdropping statutes that is being tested by recent litigation, creating greater exposure to the companies and developers that use this technology. Security professionals that integrate

What security pros should know about insurance coverage for AI chatbot wiretapping claims Read More »

Scroll to Top