CISO's perspective from the frontlines

Authoryaron

Yaron is a seasoned multi-industry Cyber Security Leader. He is 2x CISO, Research Fellow for the Cloud Security Alliance, Security Tinkerer, Advisory Board Member for several cyber security startups and venture firms, and a Mentor to other CISOs and members of the security community.

Security Vendors, What Problem are you solving?

S

You would think this is a reasonable question to ask security vendors that are pitching you their product. I would also think the vendor will be able to answer it quite easily. Think again! Every vendor can tell you what they do 100%! Some times they can even tell you how they do it. But what I found was that they almost never can tell you what problem they are solving. My LinkedIn post Several...

Vulnerability Management: More Than Just discovering your Flaws

V

In this episode of Defense in Depth, I joined David Spark and Mike Johnson – CISO at Rivian to discuss the topic of vulnerability management. We make the argument that simply finding vulnerabilities is not enough, and true vulnerability management requires prioritizing, tracking, fixing, and assessing risks. What we need is a comprehensive approach that includes IT hygiene, asset...

Are you playing the security tools BINGO?

A

Have you ever wondered why many security strategies look more like a BINGO card than actual strategy? Organizations are still rarely proactive about cyber security. Usually something triggers organizations’ decision to invest in cyber security, whether they suffered a breach, they are required to do so by some regulations, their clients demanding it, or they decide to IPO, just to name a...

We need more budget to scare you

W

Once upon a time in a company far far away Several years ago, in a different organization, my team and I successfully implemented a Vulnerability Management program. It was a massive undertaking, taking over a year to complete and sizable budget. Our goal was to continuously scan over 100,000 devices and automate the reporting of findings to relevant teams. The project went beyond reporting by...

We Want a Solution to Remediate, Not Just Detect Problems

W

Discovery of security issues is important, but ultimately we need to remediate them. So why do so many solutions seem to stop short?

In this episode of Defense in Depth, I joined as a guest co-host to David Spark (@dspark), the producer of CISO Series, and our guest, Neil Watkins, SVP technology and cybersecurity services, i3 Verticals.

CISOs and trust first principles

C

Trust is the bedrock of any successful and healthy relationships. In organizations, it fosters collaboration, empowers team members, strengthens decision-making, and inspires confidence in leadership. Building trust takes time and consistent effort, but the rewards are a culture of transparency, accountability, and a workforce that is both motivated and secure. Therefore it is critical for CISOs...

CYBER SECURITY HEADLINES WEEK IN REVIEW: March 25-29, 2024

C

In this episode of CISO Series, Cyber Security Headlines, I am reviewing this week’s cyber security headlines and stories with Richard Stroffolino. We talked about: Vulnerability in Apple’s Silicon M-series chips can’t be patched APT31 uses family members to surveil targets MFA bombing attacks target Apple users Think tank calls for US military cyber service Google recommends scam sites Spyware...

Visibility without action is just noise

V

CISOs are bombarded with pitches from security product vendors, that all sound the same “We give the CISO visibility“. They tout their dashboards, each claiming to offer the most comprehensive, in-depth view of the security landscape, send alerts to the SIEM or give you various reports. But here’s the truth: visibility without actionability is just noise. The problem with...

Cyber Security Hierarchy of Needs

C

“What does a Cyber Security Practice Model should look like?”, I’ve been asked that question many times over the years, and with the lack of standard in this field, I had and also heard different answers. Ultimately, I was looking for a simple model where the building blocks of a security practice can be understood even by those who are not experts in the filed. The model I came...

Why Generalists Triumph in a Specialized World

W

Recently I finished reading the book Range: Why Generalists Triumph in a Specialized World by David Epstein, which I find not only interesting but very relevant to Cybersecurity. Our world is becoming increasingly specialized, and it’s easy to believe that the key to success is to focus on one thing and become an expert. This is especially true in Cybersecurity where over the years I had...

CISO's perspective from the frontlines

Topics

Follow me

Get in touch

Do you want to get in touch? have a question? want me to speak at your event? need advice? please use the form below. No sales messages please!
Please enable JavaScript in your browser to complete this form.