CXO Revolutionaries Insights An executive-level resource for actionable, practical, and real-world examples for creating enterprise change through digital transformation initiatives. en ThreatLabz July 2022 Report: Deconstructing a massive global phishing campaign, exposing Industrial Spy, Google Play infiltrated, Qakbot upgraded, and Raccoon v2 This July ThreatLabz released a trove of actionable threat intel, performed a deep dive on a massive phishing attack, exposed a new threat group named Industrial Spy, and more. Dive into the latest cybersecurity news from ThreatLabz today. Mon, 15 Aug 2022 16:55:08 -0700 Daniel Ballmer Talking standards with NIST Fellow Dr. Ron Ross The evolution of risk management in the cloud era and the future of cybersecurity. Mon, 15 Aug 2022 09:29:52 -0700 Chris Jablonski The string (cheese) theory of zero trust Be bold. Experiment with string (cheese) theory for yourself. Embrace zero trust one calcium-rich strip at a time. Fri, 12 Aug 2022 06:19:44 -0700 Kyle Fiehler The elevation of cyber risk and the CISO Chief information security officers now speak the language of business and the board is the audience. Succeed with these tales of a Global 500 cyber veteran. Tue, 09 Aug 2022 16:03:40 -0700 Chris Jablonski Beating IT’s bad rap: How CXOs can maintain a positive corporate presence Rather than stressing how important your role is after a breach makes it plain, take responsibility for making your impact known. Tue, 09 Aug 2022 08:41:45 -0700 Kyle Fiehler Cybersecurity skills shortage provides rare cross-training opportunities In the U.S., there’s an extreme need for qualified cybersecurity professionals, a career that pays pretty well. At the same time, 62% of workers report living paycheck to paycheck. The cybersecurity problem we face has an obvious solution. Mon, 08 Aug 2022 11:16:49 -0700 Daniel Ballmer You could do zero trust the old-fashioned way, but why? Many organizations are trapped in an outdated way of operating and simply do not realize it. People, businesses, and agencies regularly use antiquated processes or technology, never anticipating encountering serious problems until it is too late. Wed, 03 Aug 2022 09:49:01 -0700 Daniel Ballmer The security risks of taking a stand Organizations face increasing internal and external pressures to take public stands on issues unrelated to their core business. How should CISOs, CIOs, and other security leadership deal with the risk that may arise because of it? Mon, 01 Aug 2022 11:27:04 -0700 Kyle Fiehler So long, not goodbye In her final episode, Field CTO Lisa Lorenzin delivers an inspirational tour de force of lessons from across her professional and personal life. Fri, 29 Jul 2022 17:57:46 -0700 Chris Jablonski The power of prediction: Harnessing AI and ML for cybersecurity Nobody needs more alert fatigue, false positives, data paralysis, and complexity. Now algorithms and automation are stepping up to do inferencing and risk modeling. The timing can't be better. Wed, 27 Jul 2022 16:23:14 -0700 Chris Jablonski Learning not to step on Lego: Blast radius, cloud sprawl, and CNAPP Don’t blow up your attack surface in an effort to limit your blast radius. You’ll just increase your chances of stepping on the painful Lego that is a compromised asset. Choose the right CNAPP solution instead. Wed, 27 Jul 2022 09:40:00 -0700 Kyle Fiehler Edge computing and IoT: Security through zero trust Though they're often used interchangeably, the internet of things (IoT) and operational technology (OT) refer to adjacent but fundamentally different technologies. They do share common characteristics - including their security challenges. Fri, 22 Jul 2022 13:45:53 -0700 Kyle Fiehler Are conventional cybersecurity tactics leading you to defeat? Are conventional cybersecurity tactics leading you to defeat? Don't use traditional approaches to fight asymmetrical warfare. Adversaries can arm and train themselves for less than it costs an organization to protect a single employee. Mon, 18 Jul 2022 15:30:23 -0700 Daniel Ballmer If you can reach it, you can breach it TCP/IP protocol – the lingua franca of the internet – requires no authentication to establish a connection. That makes them vulnerable to zero day exploits. Mon, 18 Jul 2022 14:39:44 -0700 Kyle Fiehler How to talk tech, featuring Bill Lapp An industry guru opens his bag of tricks for explaining technology to the business. Mon, 18 Jul 2022 07:15:16 -0700 Chris Jablonski Shifting focus from vulnerabilities to exploitabilities Headed into the second half of 2022, the rate of new cybersecurity threats is not slowing but accelerating. To optimize their defenses, security teams should prioritize exploitabilities over vulnerabilities. Fri, 15 Jul 2022 09:34:04 -0700 Kyle Fiehler SaaS, IaaS, and PaaS: What the shared responsibility model means for zero trust Consumers of cloud services opt for all different forms of delivery. What effect might the different models have on your zero trust rollout? Thu, 14 Jul 2022 12:24:34 -0700 Kyle Fiehler SSL inspection comes with great responsibility The SSL/TLS protocol was designed to secure communication between only two parties Widespread abuse of this protocol, however, have made it necessary to inspect this traffic. Thu, 14 Jul 2022 11:58:14 -0700 Kyle Fiehler If a recession comes, cut cyber professionals at your peril Fears of a recession are rising. Will cybersecurity investment suffer as a result? Mon, 11 Jul 2022 16:05:24 -0700 Kyle Fiehler To go far, go together: The value of collaboration in transformation In episode 31, Zscaler Field CTO Pam Kubiatowski goes deep on key issues driving today's digital transformation challenges and success. Wed, 06 Jul 2022 12:38:49 -0700 Chris Jablonski CIOs reveal the secrets to thriving in an evolving workplace Traditionally, a CIOs primary responsibility was cutting costs by creating or maintaining information systems that increased productivity. Today, cost-cutting is still a factor, but CIOs must also support key leadership initiatives. Thu, 30 Jun 2022 13:54:15 -0700 Kyle Fiehler Cybersecurity spending and the roller coaster economy Is cybersecurity recession-proof? How should IT leaders prepare for a more turbulent world? All this and more in the latest episode of The CIO Evolution. Thu, 30 Jun 2022 08:59:58 -0700 Chris Jablonski Lessons learned along the way to zero trust In my role at Zscaler, when I talk with peers I tell them to learn from the lessons Larry and I experienced, both good and bad. So here are some tips for companies just beginning their zero trust transformation journeys. Wed, 29 Jun 2022 15:24:28 -0700 Kyle Fiehler ThreatLabz June 2022 Report: Ransomware report, sextortion scams, new Lyceum APT backdoor, renewed Evilnum attacks, and PureCypter premier malware loader ThreatLabz June 2022 Report: Ransomware report, sextortion scams, new Lyceum APT backdoor, renewed Evilnum attacks, and PureCypter premier malware loader. Fresh threat intelligence from global security provider, Zscaler. Thu, 07 Jul 2022 14:13:33 -0700 Daniel Ballmer CSA and the pursuit of a zero trust ‘gold’ standard (podcast) This in-depth briefing with John Yeoh, Global Vice President of Research at Cloud Security Alliance highlights industry progress toward zero trust standards. Tue, 28 Jun 2022 12:25:15 -0700 Chris Jablonski Security execs redefine threats facing the modern workplace - Zenith Live 22 recap New insights pulled from big data reveal rising risks, supply chain complexities, and the double-edged sword of cybersecurity insurance. Mon, 27 Jun 2022 15:54:04 -0700 Kyle Fiehler Ransomware rising: A look at ThreatLabz’ latest findings This year’s predicted increase in the severity and volume of ransomware attacks has come to pass. Zscaler’s ThreatLabz team found that attacks rose by 80% between February 2021 and March 2022. Tue, 28 Jun 2022 11:57:07 -0700 Kyle Fiehler NotPetya and learning the lessons of WannaCry I recently wrote about my experience working as an IT architect for a Copenhagen-based multinational energy firm during the WannaCry ransomware attacks of May 2017. I didn’t know it at the time, but it was only a dress rehearsal. Sun, 26 Jun 2022 18:20:14 -0700 Kyle Fiehler Strategies for surviving in a multi-cloud world Bryan Green moderated a panel discussion on ways zero trust and secure service edge (SSE) mitigate security risk in a multi-cloud world. With him were NetJets CISO John Graham and IFF Director of Security Architecture Michael Strause. Wed, 06 Jul 2022 10:16:24 -0700 Kyle Fiehler Choose zero trust for security and spend – a conversation on business enablement To Security and Beyond: Zero Trust as a Business Enabler was an interactive panel featuring Zscaler President Amit Sinha, PhD; Dhawal Sharma VP & GM, Product Management; and Nathan Howe, VP, Emerging Technology & 5G. Thu, 23 Jun 2022 13:43:37 -0700 Kyle Fiehler CXOs see blurring lines between teams - Zenith Live 22 panel recap Technical C-suite leaders stress cross-functional collaboration to securely transform infrastructure and services as customer and business demands rise. Thu, 23 Jun 2022 13:23:59 -0700 Kyle Fiehler RSAC 2022: An attendee's perspective on hot topics and the elephant in the room Zscaler CISO - AMS Bryan Green braved crowds and his own reservations to be on the scene at RSAC this year. He joined hosts Pam & Lisa to discuss what he learned. Tue, 21 Jun 2022 13:19:25 -0700 Kyle Fiehler Defending against email attacks means optimizing your team (not just your tech) Though cybersecurity is a swiftly evolving field, one principle remains constant: it’s often much easier to fool people than to circumvent security tech. Tue, 21 Jun 2022 09:10:30 -0700 Kyle Fiehler Fortifying cybersecurity in a time of war Russia’s invasion of Ukraine has had profound cybersecurity implications. Organizations should continuously refine their cyber defense strategies to avoid becoming collateral damage. Wed, 15 Jun 2022 09:59:37 -0700 Kyle Fiehler The CISOs Report: A spotlight on today’s cybersecurity challenges In a new study by the Cloud Security Alliance and in partnership with Zscaler, 80% of C-level respondents said they consider zero trust a priority for their organizations. Read a CISO's take on the findings here. Tue, 14 Jun 2022 16:11:54 -0700 Kyle Fiehler Public sector zero trust fundamentals: Moving ahead in uncertain times In 2021, President Biden signed an executive order mandating government agencies adopt zero trust. Guidance, however, is limited. Zscaler leaders sat down with public sector security professionals to hear about their approaches to zero trust. Wed, 08 Jun 2022 09:37:35 -0700 Kyle Fiehler C-SCRM and the C-suite: Securing executive buy-in for supply chain risk management It's not enough for today's IT leaders to concern themselves with the security of their own organizations. They must now concern themselves with their vendors' security as well. Mon, 06 Jun 2022 10:34:37 -0700 Kyle Fiehler Optimize incident response plans with smarter security tabletop exercises A good TTX will reveal whether an organization can handle a specific class of attack. Mon, 06 Jun 2022 06:00:01 -0700 Chris Jablonski Lock down cloud applications with a CNAPP CNAPP can be considered a logical extension of DevSecOps into the cloud. It puts security at the heart of cloud-based application infrastructures, rather than tagging it on as an afterthought. Thu, 02 Jun 2022 13:10:50 -0700 Kyle Fiehler Anatomy of a threat with Zscaler CISO and ThreatLabz chief Deepen Desai What is ThreatLabz? In this podcast Zscaler's global CISO sheds light on what it really takes to stay a step ahead of cyber adversaries. Wed, 01 Jun 2022 12:31:14 -0700 Chris Jablonski Understanding phishing today: Bad actors 'dialed in' on sophisticated attacks Listen in to a CISO deep dive into new phishing data and tactical analysis provided by the Zscaler ThreatLabz team and learn the latest tricks the bad guys use to get you to click. Tue, 31 May 2022 08:44:50 -0700 Chris Jablonski ThreatLabz May 2022 Report: Annual phishing study finds over four-fold jump in phishing attacks in ‘21 for retail, Lazarus APT hits South Korea, AsyncRAT targets travelers, and PrivateLoader deep dive The May ThreatLabz update: annual phishing study finds retail sector in the crosshairs, keeping tabs on the Lazarus APT group, targeting Thailand's travelers, and a crash course on PrivateLoader. Fri, 27 May 2022 15:20:47 -0700 Kyle Fiehler Zero trust a ‘blueprint’ for next version of the internet, says CSA’s Jim Reavis Jim Reavis and the CXO REvolutionaries Editorial Team discuss the promise of the CSA’s Zero Trust Advancement Center Tue, 24 May 2022 16:24:40 -0700 Kyle Fiehler Stop advanced hackers cold with cloud-driven deception intelligence Operationalize the MITRE Engage framework with Zscaler Deception and make your network a hostile environment for attackers. Sat, 21 May 2022 09:41:20 -0700 Chris Jablonski Adapting the cloud service model to today's needs Director of Transformation Strategy AMS - West Brett James updates a decade-old diagram from David Chou depicting cloud service models. Thu, 19 May 2022 08:24:36 -0700 Kyle Fiehler With multi-device FIDO credentials, you can now go all-in on passwordless Apple, Google, and Microsoft recently announced plans to expand support for multi-device FIDO credentials. Their united support removes a major barrier to the uptake of passwordless logins among consumers. Wed, 18 May 2022 08:38:55 -0700 Kyle Fiehler Firewalls: the good, the bad, and the ugly What is the difference between Zero Trust and a traditional Firewall? How about a virtual firewall? Find out in this episode. Tue, 17 May 2022 10:30:07 -0700 Chris Jablonski A customer-centric approach: the key to the innovation paradox As a woman leader in tech, I had the honor of speaking before the elite group of women who make up part of the melting pot of technology and innovation that is Silicon Valley. Thu, 12 May 2022 16:44:52 -0700 Kyle Fiehler Phishing is on the rise: What CISOs should know New research by Zscaler's ThreatLabz team suggests phishing increased a startling 29% from 2020 to 2021. A CISO details what you should know about this growing threat. Thu, 12 May 2022 15:54:31 -0700 Kyle Fiehler WannaCry five years on: Revisiting my revelation Five years after the WannaCry ransomware attacks, a former IT architect takes a look back at the lessons he took from that day. Wed, 11 May 2022 15:52:48 -0700 Kyle Fiehler