Consumers should know and exercise their #privacy rights. Here's a summary of the California Consumer Privacy Act (CCPA) at #PalUpNow!. This includes the development of new measures that extend #compliance to #California residents and beyond.

#CCPA #USA #global #CISO #InfoSec #DevSecOps #legal

CCPA Update From DPO Office: California Consumer Privacy Act
https://palupnow.com/blogs/f/ccpa-update-from-dpo-office-california-consumer-privacy-act

Hoe kunnen bestuurders invulling geven aan hun verantwoordelijkheid op digitaal gebied? Ga eens dineren met je #CISO, adviseert Jasper Nagtegaal van @wijzijnrdi Digitale Infrastructuur (RDI). Vind een gemeenschappelijke taal.
https://ibestuur.nl/artikel/dineren-met-de-ciso/

Stop.
Haal adem.
Zeg iets aardigs.
Stel een vraag.

I think #Microsoft have given themselves enough rope with #Recall. For Reasons, running anything like it would be flat out, no discussion, illegal in my org. As #CISO I’m sensitive to such things… :)

Sure we run a MSFT shop, and sure they theoretically have access to all that data anyhow - can’t [viably yet] process ciphertext, they see all the cleartext at some point.

The rope part is that argument. If MSFT argues that they see all data *anyway* so why not Recall, they burst our collective hallucination that various #GDPR agreements are actually worth a damn [Narrator: They’re not].

And then, my #infosec friends, I get to eject Microsoft - and coincidentally all other #US #cloud services as well as collateral damage - and finally build a full scale Linux/FOSS environment.

It’ll be more fun than I can #recall!

Are you prepared Your cyber incident response plan is how you prepare for a possible — but if we are being honest... really, a probable #security incident or data breach. And no single plan will work for everyone. So, let's talk about building out the the best possible cyber incident response plan, for YOU.

A good place to start is with these 5 best practices:
Assigning roles and responsibilities
Centralizing the incident response process
Identifying attack scenarios
Creating high-fidelity alerts
Defining reporting requirements

Get the details on "how" and "why" for each of these important steps, here.
https://graylog.org/post/5-best-practices-for-building-a-cyber-incident-response-plan/ #cybersecurity #incidentresponse #infosec #CISO #databreach

Is your organization truly encrypting email or just assuming it's secure?

Despite rising threats and regulatory pressure, encrypted email adoption remains low in many industries. Most sensitive messages are still exposed after delivery—leaving you open to breaches, insider threats, and compliance risks. Principal Consultant Ben Kast dives into the technical details in his new blog, as well as advice on the pros and cons of different email encryption options.

Check it out: https://www.lmgsecurity.com/securing-the-email-flow-implementing-encrypted-email-in-microsoft-365-exchange-and-onward/

The post-quantum era is closer than you think!

It’s time to tighten up that security hygiene and future-proof your organization’s data before quantum computing renders today’s encryption obsolete.

Here’s your crypto checklist:
Audit your encryption infrastructure
Automate certificate/key management
Educate teams on quantum risk
Pilot NIST’s post-quantum algorithms
Start now—retrofitting later will cost you

Quantum threats don’t wait. Neither should we.

#CyberSecurity #PostQuantum #Encryption #CISO #ITOps #QuantumComputing #CyberResilience

https://www.darkreading.com/vulnerabilities-threats/post-quantum-planning-security-hygiene

High-severity cloud alerts jumped 235% in 2024 — part of a 388% overall rise in #cloud attacks, per Palo Alto Networks. Threats are more targeted than ever. Need a cloud #security checkup? Please contact us.

https://www.darkreading.com/cyber-risk/high-severity-cloud-security-alerts-tripled-2024

Heading to RSA Conference 2025? Let’s connect!

Let’s grab a coffee and chat about today’s biggest cybersecurity challenges! https://www.lmgsecurity.com/contact-us/

We also invite you to join @sherridavidoff & @MDurrin's must-see sessions:

Session 1: From Leak to Breach – How Hackers Use AI to Exploit Stolen Source Code | April 28, 9:40 AM

Session 2: Deepfake Cyber Extortion – A Tabletop Learning Lab | April 28, 1:10 PM (Limited capacity—reserve your spot!)

We hope to see you there!

CISO Alert: Security Tool Fatigue Is Real — and Dangerous

More tools ≠ more security. In fact, 68% of orgs use 11+ security tools — and many are facing alert fatigue, talent strain, and visibility gaps.

Key lessons for CISOs:

More dashboards = less clarity. Tool sprawl leads to noise, missed threats, and wasted budget.
Redundant tools ≠ value. Many platforms overlap, offering the same functions in different UIs.
Talent gets stretched thin. New tools require onboarding, management, and integration.
The illusion of coverage. Without full ecosystem visibility, risks go unnoticed and unowned.

Solutions that work:
・Take inventory of tools and evaluate actual usage.
・Prioritize integration over expansion.
・Invest in training and unifying data—not flashy features.
・Embrace platform consolidation for long-term security resilience.

#CyberSecurity #CISO #SecurityStrategy #ToolFatigue #SecurityOps #Visibility #ThreatDetection #security #privacy #cloud #infosec

https://www.helpnetsecurity.com/2025/04/07/ciso-security-platform-fatigue/

Sometimes being a #CISO makes me a little sad. Not stressed, not frustrated - sad.

It’s the days when I fail to convince some part of the business to improve their #security posture in some fully critical way, on the #BCP / #DR level, and the manager of that part of the business lets slip their true view of #infosec and #IT:

They truly think the whole information processing infrastructure they use every millisecond of their work is fully replaceable, at will. That no intricate and evolved symbiosis is there. So rather than GAF about securing it, they’d ”just replace it if it breaks”.

These are smart highpowered people, but utterly priviliged in the way they can afford to think their unique skills will offer them a new job, if their negligence to be responsible in this one destroys the org.

I see many sinners in this group, but more than anywhere else among creatives - text, art and code.

A good Reality Slap might do wonders.

Splash zone @CypherCon for a talk with bentenpas and @alyssam_infosec

Are You Ready for Red Team Penetration Testing?

In our latest blog, penetration testing expert @tompohl shares how to choose the best test for your organization's cybersecurity maturity stage. We'll cover the difference between penetration testing and red team penetration testing, how to determine if your company is ready for a red team assessment, and tips for planning your test that will maximize your ROI!

Read More: https://www.lmgsecurity.com/are-you-ready-for-red-team-penetration-testing/

Worried about making your #flight plan public in case it endangers your property and family?

Sawyer at #PalUpNow! leads #information #security. They #anonymize your profile such that your #travel plans can't be tied to you. Your personal #data is shared only after you're matched.

#CISO #priv...

Sawyer, A PalUpNow! Bot, Reduces Risk And Increases Compliance
https://palupnow.com/blogs/f/sawyer-a-palupnow-bot-reduces-risk-and-increases-compliance

As a #CISO I am daily both astonished and dismayed at the number of coworkers who say ”Whatever, if I can’t work in this insecure way with these vulnerable tools, IDGAF, I’ll go somewhere I can”. Even from *engineers*.

Dude, you’re breaking The Code, figuratively and literally. We techs are supposed to engi things more cleverly and robust than anyone could expect - not build mansions on stilts.

Are #infosec people the only ones left with some pride and sense of duty?

Are Encryption Backdoors Putting Your Organization at Risk?

In this clip, @sherridavidoff and @MDurrin explain why encryption backdoors are a nightmare for organizations, creating security gaps that cybercriminals can exploit.
Watch this full episode of Cyberside Chats to hear Sherri and Matt break down Apple’s battle against the UK’s demands for backdoor access, the worldwide backlash, and what it all means for cybersecurity professionals.

We'll cover:
Why backdoors are a double-edged sword for security
Historical backdoor failures that left organizations exposed
Pro tips to strengthen your security posture against evolving encryption policies

Watch the full video: https://youtu.be/5HhNKMIJkCQ
Listen to the podcast: https://www.chatcyberside.com/e/the-encryption-battle-security-savior-or-cyber-risk/

Someone send the CISO Musical to me. I kinda want to see it, ngl. It's hilarious .

#ciso #musical #cybersecurity

https://www.cisomusical.com/

Cybersecurity budgets: Cost or competitive edge? I contributed insights to this @CyberhavenSec article on how CISOs can prove ROI, align security w/business goals, and secure boardroom buy-in. Read more: https://zurl.co/dBmhk
#Cybersecurity #CISO #RiskManagement #Leadership

Is Your Security Communications Strategy Ready for 3rd Party Incidents?

Join us this Wednesday (April 2) for a new Discernible Drill where you'll step into the role of a #CISO facing a real-world third-party vulnerability scenario.

In this hands-on simulation, you'll:

Navigate stakeholder communication when disclosure isn't legally required
Balance transparency values against security considerations
Turn a potential reputation challenge into a trust-building opportunity
Leverage existing company assets in your response strategy

Only 24 hours left to subscribe & join this session!

Subscribe now: https://discernibleinc.com/drills