Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data security budgets are under more scrutiny than ever. When a CISO brings a new tool to the table, finance and the board want to know: What does this buy us, and how do we measure it? Data security posture management (DSPM) is one of the harder investments to quantify on paper, largely because its primary value is risk reduction rather than revenue generation. But that framing undersells it.

For decades, passwords have been the standard method for protecting access to systems and accounts. However, passwords can be compromised or stolen via tactics such as brute-force attacks, phishing attacks, and infostealer malware. The shift to multi-factor authentication (MFA) added another layer of security by requiring additional authentication to verify the user’s identity – some combination of something you know, own, or (in the case of biometrics) are.

“ From AI-driven threats to identity-based attacks, CISOs are facing increasing pressure to manage risk while enabling business growth.“

Your engineering lead is in your office Thursday morning. They want to push an AI agent to production next Tuesday. It’s a LangChain-based workflow agent, connected through MCP to three internal tools and one external API, with access to a customer database. The framework posters are on the wall. Your team has spent two quarters standing up runtime observability. And sitting in that chair, you still don’t know whether to say yes.

Your CNAPP shows green across every posture check—hardened clusters, compliant configurations, no critical CVEs—but when your board asks "Are our AI agents safe in production?", you cannot answer with confidence because your tools see the infrastructure, not what the agents actually do at runtime.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo John White is the Field CISO for EMEA at Torq. A respected security executive with more than 20 years of leadership experience, John previously served as CISO at Virgin Atlantic, where he led a multi-year transformation deploying the Torq AI SOC Platform to modernize cyber operations.

A CISO’s job never ends, and, according to a recent LevelBlue survey, the issues they are dealing with on a daily basis are piling up, causing some disconnect in priorities and a misunderstanding of how to accomplish specific cybersecurity goals. To help answer some of the more pressing questions CISOs face and to gain a different perspective on the survey’s results, we sat down with LevelBlue’s Chief Security & Trust Officer, Kory Daniels.