Market trends, acquisitions, hiring, certifications
A job posting by the UK's GCHQ for a Chief Information Security Officer, described as a highly influential role, offers a maximum salary of £130,000 (approximately $175,000). This salary is considered low compared to industry standards for similar positions, especially considering the responsibilities involved in securing a nation from cyber threats.
This article is a guide to upcoming security conferences in 2026, offering a list of events that cover various aspects of cybersecurity. It aims to help cybersecurity professionals stay informed about industry trends and threats by attending these conferences for networking and knowledge gathering.
A FinTech company is suing SonicWall after suffering a breach, raising questions about the responsibility of third-party security vendors when their products fail to prevent attacks. The lawsuit highlights the complex issue of liability in cybersecurity incidents involving multiple parties.
Apple's iPhones and iPads have been cleared for classified use by NATO. These devices have been added to the NATO Information Assurance Product Catalogue (NIAPC), indicating they meet the security requirements for handling classified information within the alliance.
This SecurityWeek article discusses four cybersecurity risks that boards of directors should prioritize and not ignore. The emphasis is on business continuity and resilience in the face of inevitable successful attacks, rather than focusing solely on prevention.
Gambit Security, a cybersecurity startup, has emerged from stealth mode with $61 million in seed and Series A funding. The company plans to use the investment to accelerate product development and expand its sales and customer success teams.
The article discusses the common cybersecurity practice of relying on employees as the 'last line of defense' and argues that it's unrealistic to expect untrained employees to catch threats that sophisticated security tools and professionals miss. The author suggests this approach leads to high false-positive rates and overwhelmed SOC teams, as employees flag normal business operations as potential risks.
The article discusses five cybersecurity trends expected to be prominent at RSA 2026, focusing on the rise of AI-SOCs and the importance of Continuous Threat Exposure Management (CTEM). It also touches on the increasing focus on the software supply chain, the evolving role of zero trust architecture, and the imperative of cybersecurity frameworks.
The article discusses how CISOs can justify security investments to boards of directors. It emphasizes the importance of framing security spending in terms of revenue generation, risk mitigation, and shareholder value, rather than simply as technical upgrades. The article also advises CISOs to link technology investments to strategic priorities, such as entering new markets, improving margins, increasing resilience, and ensuring compliance.
Sophos has announced the release of Sophos Workspace Protection, a new product offering. The article highlights the availability of this new protection solution for workspaces.
UFP Technologies, a medical device manufacturer, has reported a cybersecurity incident resulting in the compromise of its IT systems and data. The company is working to contain the incident and restore operations.
The article discusses how poorly implemented security triage processes can increase business risk instead of reducing it. It highlights issues such as indecisiveness, alert fatigue, and escalation leading to missed SLAs and real threats slipping through the cracks.
SecurityWeek reports that 426 cybersecurity mergers and acquisitions (M&A) deals were announced in 2025. The market appears to favor Governance, Risk, and Compliance (GRC), data protection, and identity solutions.
Astelia, a company focused on exposure management, has raised $35 million in funding. The company intends to use the funds to expand its AI-based analysis capabilities, increase its workforce, and scale deployments.
The stocks of major cybersecurity companies have fallen sharply due to concerns that AI is disrupting the industry. This is driven by products like Claude's AI vulnerability scanner.
The article discusses the disconnect between the cybersecurity metrics that security teams track and the risk signals that boards of directors need to effectively govern risk. It argues that boards are less interested in technical metrics like "mean time to detect" and more interested in metrics that directly map to financial consequences, regulatory exposure, and operational disruption. Experts suggest focusing on metrics like detection and containment speed, which function as proxies for business loss avoided.
Sophos has launched Sophos Workspace Protection, a new offering designed to provide comprehensive security for modern work environments. This solution integrates endpoint protection, threat detection, and response capabilities to safeguard against evolving cyber threats.
This article introduces Timothy Youngblood, a seasoned cybersecurity leader who has served as CISO/CSO at four Fortune 500 companies: Dell, Kimberley-Clark, McDonald’s, and T-Mobile.
Cybersecurity startup investments surged in 2025, driven by venture capital firms prioritizing AI-native technologies and skilled personnel. This trend indicates a growing emphasis on AI's role in cybersecurity and the need for specialized expertise.
The NIST Cybersecurity Framework (CSF) 2.0 is celebrating its second anniversary. Published in 2024, CSF 2.0 included an updated framework with an added Govern Function, emphasizes supply chain risk management, and new categories/subcategories addressing current threat and technology shifts.
The number of international workers applying for UK tech sector visas has decreased, impacting the availability of skilled professionals. AI advancements are also contributing to shifts in required skills, exacerbating the skills squeeze.
The article discusses the reporting structure of CISOs, highlighting that a majority still report to IT, specifically the CIO or CTO. Experts argue that this structure can create a conflict of interest, as the CIO is incentivized to cut costs, while the CISO is responsible for identifying risks that require spending, and suggests that CISOs should ideally report to the CEO or general counsel.
Ring is offering a $10,000 bounty for security researchers who can find flaws that allow users to run software locally and stream only to their own computers, breaking free of Ring's servers. This initiative aims to address ongoing privacy and security concerns surrounding Ring's products.
EC-Council has launched its Enterprise AI Credential Suite to address the AI skills gap and bolster AI workforce readiness and security in the face of significant global AI risk exposure. The suite includes four new AI certifications and an updated Certified CISO v4 to bridge the gap between AI adoption and necessary skills.
This is a weekly "Friday Squid Blogging" post on Bruce Schneier's blog. The post includes a link to a squid cartoon and invites readers to discuss security news stories not covered on the blog.
The article discusses the increasing importance of "identity cyber scores" in cyber insurance assessments, driven by the high frequency of attacks involving compromised employee accounts. Insurers and regulators are focusing on elements like password hygiene, privileged access management, and MFA coverage to gauge cyber risk.
A Ukrainian man was sentenced to five years in prison for assisting North Korean IT workers in using stolen identities to gain employment at U.S. firms. This scheme allowed the North Koreans to generate revenue for their government while posing as legitimate employees.
Snyk's CEO is stepping down to find a replacement with more experience in artificial intelligence. The company seeks someone to lead Snyk into the age of AI, focusing on innovation and disruption.
The article discusses the problem of password-based authentication and its susceptibility to cyberattacks. It introduces passwordless authentication as a solution, highlighting the FIDO Alliance and technologies like FIDO2 and Passkeys as key components. The article then lists 10 passwordless authentication solutions for companies.
Google reports blocking over 1.75 million app submissions on the Play Store in 2025 due to policy violations. Additionally, over 255,000 apps were blocked from gaining excessive access to sensitive user data.
DEF CON has banned three men named in the Epstein files from attending future events. These individuals are not accused of any criminal wrongdoing, but internal communications showed discussions of networking and business interests with Jeffrey Epstein throughout the 2010s.
Venice Security, formerly Valkyrie, emerges from stealth mode with $33 million in funding, including a $25 million Series A round. The company focuses on privileged access management (PAM) solutions.
A healthcare facility apparently wrote login details on a whiteboard, showcasing a severe lack of basic security practices. This highlights the persistent challenge of human error overriding technical security measures.
The article discusses the immaturity of cybersecurity practices in many organizations, where compliance checklists and superficial activities are prioritized over genuine risk reduction and resilience. It emphasizes that cybersecurity is not a game, but a serious matter requiring mature leadership, long-term thinking, and clear responsibilities to avoid creating a false sense of security.
The article discusses the trend of CISOs transitioning from in-house roles to consulting, highlighting the benefits such as increased flexibility, learning opportunities, and the ability to impact multiple organizations. It also covers the challenges and necessary adjustments, such as the shift from mandating to influencing.
This is a weekly cybersecurity newsletter from Risky Business News, offering analysis and commentary on current events. The newsletter is sponsored by runZero.
This is a summary of the SANS Internet Storm Center's Stormcast podcast for February 19th, 2026. The Stormcast is a daily podcast providing a brief overview of current cybersecurity threats and vulnerabilities.
The article discusses the role of AI in threat intelligence and whether it will replace human analysts. It argues that AI is a force multiplier, not a replacement, and that effective human-machine collaboration is key to creating adaptive and proactive defense capabilities. The article suggests that human context, ethics, and intuition remain indispensable in threat intelligence.
The article discusses the importance of evolving security culture within organizations to shift security teams from being seen as roadblocks to becoming strategic enablers of business growth. It emphasizes the need for collaboration, communication, and embedding security into the organizational culture. The article highlights how intentional leadership can position security as a cornerstone of innovation and operational success.
The article discusses a shift in cybersecurity leadership towards financial efficiency and capital allocation, driven by budget constraints. It emphasizes the need for CISOs to prioritize actions that materially reduce risk exposure while being financially disciplined, moving away from simply adding more tools and teams.
Palo Alto Networks is set to acquire Koi, an endpoint security solution developer, for a reported $400 million. The acquisition aims to enhance Palo Alto Networks' existing product offerings in the endpoint security space.
The increasing use of AI coding assistants is accelerating software development, creating challenges for security teams due to the increased volume and speed of code production. Traditional developer security training needs to evolve from focusing on common code-level vulnerabilities to emphasizing threat modeling and systemic software risks, with training being bite-sized, hands-on, and embedded in developer toolchains.
Palo Alto Networks CEO Nikesh Arora believes enterprise AI adoption is lagging, except for coding assistants. The company acquired Koi to prepare for future AI developments in the enterprise space, suggesting they expect broader adoption eventually.
This Dark Reading article promotes a virtual event focused on key technologies reshaping cybersecurity defenses. The event will cover topics relevant to modern cybersecurity challenges and solutions. The article provides information on how to register and attend the event.
VulnCheck, a vulnerability intelligence firm, has raised $25 million in Series B funding led by Sorenson Capital, bringing total investment to $45 million. This funding will be used to scale their vulnerability intelligence capabilities. The company likely provides services related to vulnerability research, exploit analysis, or related security data.
A recent report indicates that over half of CISOs feel their roles are no longer manageable due to consistently broadened responsibilities without adequate resources. This scope-resource imbalance can lead to delays in strategic priorities, erosion of long-term resilience, and reactive security operations. CISOs are now often responsible for business risk functions and even parts of the IT stack.
The article discusses the problem of fragmented risk management within organizations, where different departments (cybersecurity, operations, and strategy) use different 'languages' to describe and address risk. This siloed approach can lead to a lack of comprehensive understanding and coordination, ultimately harming the organization, similar to the Enron collapse.
The article is a conversation with CISO Julie Chatman about the challenges CISOs face today and how security leaders can navigate them. Chatman discusses her career path from the Navy and FBI to becoming a CISO and strategic advisor, highlighting the importance of understanding ROI, risk, and resource allocation.
Bruce Schneier has announced his upcoming speaking engagements for 2026. He will be speaking at events in Canada, the US, and the UK, covering topics related to AI and cybersecurity.
This blog post from Schneier on Security links to an article exploring the question of whether squid dream. The linked article discusses scientific perspectives on cephalopod sleep.
