cybersecurity

Jill Knesek, BlackLine's CISO, discusses her experience in cyber threat mitigation and building security teams. She emphasizes a structured cybersecurity team with governance, risk, compliance, application security, and operations units. Knesek prioritizes soft skills and cultural fit in hires, alongside technical training. Effective communication with executives using risk management language and transparency builds trust. She identifies ransomware as a top threat, advocating strong security practices and employee training. Knesek acknowledges the potential of AI in enhancing security while remaining cautious of its risks. Her key advice is to focus on fundamental security hygiene to address the majority of attack vectors.

https://www.infosecurity-magazine.com/interviews/blackline-ciso-jill-knesek/

SolarWinds CISO Tim Brown highlighted growing anxiety among security executives about personal liability for data breaches, stemming from legal challenges following the company's notable cyberattack. This stress distracts CISOs from their core responsibilities, impacting their effectiveness. While individual executive liability raises concerns, some cybersecurity professionals argue it may enhance accountability. Brown emphasized the need for clearer guidelines to allow CISOs to manage cybersecurity without legal fears hindering their work.

https://cyberscoop.com/tim-brown-solarwinds-liability-cyberlawcon/

CIS provides cybersecurity benchmarks for various platforms, aimed at helping organizations mitigate threats. These include configuration guidelines for over 25 vendor products, tools for assessing compliance, and a variety of resources like the CIS SecureSuite and webinars for implementation support. Membership benefits include access to exclusive tools and community development.

https://www.cisecurity.org/cis-benchmarks