April 30th, 2025 Security Briefing with IANS Faculty Dave Shackleford⁠⁠⁠⁠ and ⁠⁠Shannon Lietz

This Episode Details:

• Verizon DBIR 2025: In this year’s version of the Verizon Data Breach Investigations Report (DBIR), there were several main takeaways.
• State of Mobile Security 2025: With adversaries' growing interest in mobile attack vectors, this year’s State of Mobile Security report by NowSecure introduces a need to help users understand that they should minimize what they add to their phones.
• Darcula Gets GenAI Features: Netcraft researchers have documented the extension of Darcula with GenAI features, reducing the barrier to entry for attackers looking to create their own phishing campaigns.

With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

April 9th, 2025 Security Briefing with IANS Faculty ⁠⁠⁠⁠Jake Williams⁠⁠⁠ and ⁠Jessica Hebenstreit⁠

This Episode Details:

EU Companies Exploring Alternatives to US Cloud Providers - WIRED reported that some EU companies are exploring ways to de-risk their involvement with U.S. cloud providers by looking at alternatives to Amazon, Google, and Microsoft.

More Cuts at CISA - Reporters at Politico (among others) are reporting additional staffing cuts coming to CISA imminently. Some reports detail expectations of as many as 1300 of CISA's 3300 remaining staff to be cut.

Novel Supply Chain Bug Bounty - In February, Roni Carta (aka Lupin) published a post-mortem on a bug bounty that involved a complex supply chain attack. The impact was so severe that the organization paid Carta and his partner Snorlhax $50k for the report

With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

March 5th, 2025 Security Briefing with IANS Faculty ⁠⁠⁠Jake Williams⁠⁠ and Wolfgang Goerlich

This Episode Details:

U.S. Pauses Offensive Cyber Ops Against Moscow - The United States has suspended its offensive cyber activities targeting Russia. This decision, authorized by U.S. Defense Secretary, aims to encourage Moscow to engage in negotiations to end the ongoing conflict in Ukraine.

DPRK Behind the $1.5B Bybit Heist - The FBI confirmed that the North Korean Lazarus Group (also known as TraderTraitor) was responsible for the recent theft of approximately $1.5 billion in virtual assets from the cryptocurrency exchange Bybit.

Copilot Exposes Private GitHub Pages - The AI security firm Lasso has identified GitHub Copilot, an AI coding assistant, was inadvertently exposing private GitHub Pages. So called “zombie repositories" (repositories that were once public and are now private) were retrievable using specific Copilot prompts.

With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

CISOs are currently under more pressure than ever to deliver results with lean teams and increasingly scrutinized budgets.

CISOs’ scope continues to expand while boards and leaders are continually focused on cyber budgets and program execution. At the same time, resources are tight and orgs are still figuring out how to navigate emerging areas of digital risk – particularly AI and its corresponding data governance implications.

CISOs who navigate these challenges successfully will set themselves apart by enhancing their personal brand and the reputation and success of the programs they lead.

In this session, IANS Faculty Steve Martano and IANS Senior Research Director Nick Kakolowski will provide a deep dive into the current state of the CISO role. They’ll cover:

• How the job scope of the CISO is shifting and what CISOs think about those changes.
• Trends in how CISOs are interacting with the board and advice for influencing at the highest levels of the organization.
• Market observations and anecdotal guidance on how to position yourself to achieve your career goals.

Interested in learning more about IANS and Artico's State of the CISO findings? Download ⁠IANS State of the CISO Summary Report!

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

2025 Deep Dive Webinar and Podcast with IANS Faculty⁠⁠Jessica Hebenstreit⁠ and ⁠⁠⁠Jake Williams⁠

Infosec teams are stretched. Budgets are flat, resources are strained, and we’re always trying to stay one step ahead of adversaries.

Layer in new regulations, the integration of AI into seemingly all aspects of the business, and other disruptions. It’s no wonder CISOs and their teams are constantly challenged as to where to prioritize their time, resources, and activities.

In this podcast, IANS Faculty Jake Williams and Jessica Hebenstreit call out the areas they believe will be most impactful to CISOs and their teams in 2025. Hear an overview of the trends and recommendations of actionable steps to work into your roadmap. Topics of discussion include:

• How to ensure you’re getting value out of AI in security operations (and words of caution)
• The evolving role of the SOC in the face of increased coverage of MDR services (e.g., Falcon Complete)
• Cyber resiliency and planning for CrowdStrike 2.0
• Implications of the new EU product liability directive

With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

January 8th, 2025 Security Briefing with IANS Faculty ⁠Jessica Hebenstreit and ⁠⁠Jake Williams⁠

This Episode Details:

Browser Plugins Are a (Cyber)haven for Malware - On Christmas Eve, a Cyberhaven developer fell victim to a phish that allowed a threat actor to publish applications to Cyberhaven’s account in the Google Chrome Web Store where browser extensions are published.

With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

The CISO job market has been slow in 2024 – largely due to conservative job movement caused by challenging macroeconomic conditions, but signs of improvement are emerging for 2025.

Want to learn more? Download the summary version of IANS' 2024 CISO Compensation Benchmark Report here.

In this webinar, IANS Faculty Steve Martano and Senior Research Director Nick Kakolowski will share insights from the recently published 2024 IANS and Artico Search CISO Compensation Survey and discuss how CISOs can best navigate the marketplace.

Join the session to hear:

With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

December 4th, 2024 Security Briefing with IANS Faculty ⁠Wolfgang Goerlich⁠ and ⁠Jake Williams

This Episode Details:

With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

November 13th, 2024 Security Briefing with IANS Faculty Wolfgang Goerlich and Jessica Hebenstreit

This Episode Details:

With ⁠IANS Research⁠, get security expertise at speed. IANS Research is a clear-headed resource for decision making and articulating risk, providing experience-based security insights for Chief Information Security Officers and their teams.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

October 28th, 2024 AI Deep Dive with IANS Faculty Jake Williams and Jessica Hebenstreit

Join IANS Faculty Jake Williams and Jessica Hebenstreit in the first episode of IANS AI Deep Dive Series for security professionals. This episode will cover:

Interested in more AI content? Check out IANS AI Resources page and sign up for our AI Playbook series!

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.