Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

trustcloud

Why strategic CISOs need proactive risk reduction, not reactive GRC reporting

May 20, 2026 By Sravish Sridhar In TrustCloud
Security and GRC teams have no shortage of risk mitigation activities. They are carrying more work than ever, yet many still lack confidence in the data and recommendations produced by all that manual effort. They are also operating in a risk environment that changes faster than their current operating model was designed to support. Unfortunately, the existence of risk activity does not mean actual risk has been reduced.
Read Post
nightfall

What Is MCP Security? 9 Things Every CISO Needs to Know

May 19, 2026 By Chris Martinez In Nightfall
Your AI agents had a productive day. Nobody can tell you what data they touched. A developer opens Cursor and connects it to a GitHub MCP server and a Postgres MCP server. The agent reads the repo to understand a schema change, finds an AWS access key in a config file, and uses it to run a migration against staging. The key now lives in the agent's context, in the Postgres query log, in the chat history, and in whatever artifact the developer copies out. No alert fired. No policy triggered.
Read Post

Useful or Spam? A CISO's Guide to Vendor Outreach

May 6, 2026 By Razorthorn Security In Razorthorn
Why do so many vendors still get it wrong when selling to security leaders? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I’m Jim and in this episode, I’m joined by Marius Poskus, CISO at a fintech organisation and host of the Cyber Diaries podcast, and Simon Woods, co-founder of One Compliance and a salesperson who’s been working in cybersecurity sales for over 15 years.
View Video

Selling To CISOs, What Vendors Keep Getting Wrong

May 5, 2026 By Razorthorn Security In Razorthorn
This episode breaks down why so many sales approaches fail with CISOs, from lazy research and scripted persistence to tone deaf messaging and zero trust building. It also shows what works better, active listening, free value, real relationships and outreach that respects how security leaders think and buy.
View Video

The New Evolution Of CISO Responsibilities

May 1, 2026 By Razorthorn Security In Razorthorn
The CISO role is facing its biggest challenge yet. AI adoption is happening faster than any technology shift in history and security leadership is struggling to keep up. Accountability is increasing whilst the ability to control AI implementation is decreasing. In this episode of Razorwire Raw, James Rees explains why CISOs are finding it nearly impossible to manage AI security risks at the speed organisations are deploying the technology.
View Video
cyberhaven

The ROI of DSPM: What CISOs Need to Know

Apr 22, 2026 By Cyberhaven In Cyberhaven
Data security budgets are under more scrutiny than ever. When a CISO brings a new tool to the table, finance and the board want to know: What does this buy us, and how do we measure it? Data security posture management (DSPM) is one of the harder investments to quantify on paper, largely because its primary value is risk reduction rather than revenue generation. But that framing undersells it.
Read Post
sophos

Strengthening authentication with passkeys: A CISO playbook

Apr 22, 2026 By Ross McKerchar In Sophos
For decades, passwords have been the standard method for protecting access to systems and accounts. However, passwords can be compromised or stolen via tactics such as brute-force attacks, phishing attacks, and infostealer malware. The shift to multi-factor authentication (MFA) added another layer of security by requiring additional authentication to verify the user’s identity – some combination of something you know, own, or (in the case of biometrics) are.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.