< ciso
brief />
Tag Banner

All news with #human risk management tag

57 articles · page 2 of 3

Rethinking Cybersecurity Hiring: Skills-First Talent

🔍 Many organizations treat the cybersecurity skills gap as a supply problem, but the 2025 Cybersecurity Skills Gap Global Research Report shows restrictive hiring definitions are a major cause. Rigid filters like four-year degrees exclude candidates with military, technical, or vendor-certified experience who already possess relevant, hands-on capabilities. Adopting a skills-first approach and mapping role-aligned certifications to job requirements expands the qualified pool, shortens onboarding, and reduces operational risk. Fortinet emphasizes partnerships and free, scalable training as practical ways to build and certify talent at scale.
read more →

Insider Threats Surge as AI and Remote Work Expand Risk

🚨 Insider threats are rising again: the Mimecast State of Human Risk Report found 42% of organizations saw increases in both malicious and negligent insider incidents, with an average of six insider-driven incidents per month at an estimated cost of $13.1 million per incident. Two-thirds of surveyed IT leaders expect insider-related data loss to grow over the next 12 months. Experts warn the insider perimeter now includes contractors, fraudulent hires, and AI agents, and they recommend adaptive, behavior-driven controls, coordinated legal/HR response plans, and extending protections to nonhuman identities to reduce risk.
read more →

Encouraging Women in Cybersecurity at Every Career Stage

🔐 Women early in their careers are shaping the future of cybersecurity and AI security, bringing fresh perspectives, curiosity, and collaborative leadership that strengthen detection, design, and resilience. The post argues that diversity is a security imperative, citing research such as the ISACA paper and workforce data showing women comprise roughly 24% of the field. It highlights leaders and programs like Girl Security and recommends practical steps—mentorship, inclusive hiring, sustained training, and community partnerships—to support women from introduction through leadership.
read more →

Half of US CISOs Now Working Equivalent to Six-Day Weeks

📊 A Seemplicity survey of 300 CISOs and equivalents finds nearly half of US security leaders are effectively working an extra day each week, with 45% logging 11+ additional hours and 20% putting in 16+ hours. Forty-four percent say the role feels emotionally exhausting and 43% cannot take time off without undue stress, yet 94% would still choose cybersecurity. The report warns AI is shifting work from execution to interpretation, increasing the need for communication and business skills.
read more →

Seven Key Factors Driving the Cybersecurity Skills Gap

🔐 The article summarizes seven factors limiting organizations' ability to build sustainable cybersecurity talent pipelines and cites World Economic Forum data showing only 14% of organizations feel they have the required people and skills. Contributors highlight constrained budgets and rising burnout, the rapid emergence of AI and other technologies, and misaligned employer–candidate expectations as core drivers. Additional issues include outdated processes, training mismatches, strategy disconnects, and failures to simplify and scale operations. Experts recommend internal upskilling, using managed services and automation, and framing the skills gap as a clear business risk to leadership.
read more →

Cyber Resilience Requires People, Skills, and Training

🛡️ The 2025 Global Cybersecurity Skills Gap Report shows that human risk and workforce shortages—not technology alone—are driving frequent, costly breaches: in 2024, 86% of organizations experienced at least one breach and 28% reported five or more. Awareness deficits, phishing, and skills gaps account for most incidents, so training must be preventive, continuous, and role-based. Fortinet pairs security products with a broad training and certification program to help organizations close these gaps and improve detection, response, and recovery.
read more →

Majority of CISOs Open to Career Moves, Many Exit Now

🚨 A recent IANS Research and Artico Search survey found that 69% of enterprise CISOs are open to a career move within the next year, often targeting larger-company CISO roles, other executive posts, or non-CISO paths. Analysts attribute the trend to chronic exhaustion, misaligned authority, and a structurally broken role that leaves leaders accountable without matching influence. Experts recommend giving CISOs enterprise-level standing, direct CEO and board access, and authority and budget that match their responsibilities to retain top security talent.
read more →

Why Smart People Fall for Phishing: Psychological Tactics

🧠 Unit 42 examines why phishing remains effective despite advanced defenses, highlighting the role of human psychology, cognitive bias and AI-enabled deception. The article outlines a three-stage attack model—The Bait, The Hook and The Catch—and common social engineering tactics such as urgency, authority and distraction. It urges a zero-trust mindset, continuous education and a simple habit: pause and verify before acting.
read more →

Human Risk Management: Rethinking Security Training

🧠Human Risk Management reframes employee training as measurable behavioral risk reduction rather than a compliance checkbox. HRM tools integrate with email and identity systems to detect risky actions in real time and deliver immediate, contextual remediation such as micro-learning, automated controls, or role-specific simulations. Vendors like Fable Security, KnowBe4 and Mimecast combine standard SAT content with AI-driven nudges to improve real-world digital hygiene.
read more →

Human Risk Management: Rethinking Security Training

🔒Security awareness training (SAT) increasingly fails to reduce real-world human risk, even as organizations spend billions and meet regulatory mandates like HIPAA, GDPR, and PCI. The article argues that firms should move from knowledge-focused SAT to human risk management (HRM), which measures actual user behavior through email, web, and IAM integrations and targets the riskiest users. Leading vendors such as Fable Security, KnowBe4, and Mimecast bundle SAT content into HRM platforms and use AI to deliver personalized micro-learning, simulations, and behavioral nudges that aim to create lasting habit change.
read more →

Building Cyber Readiness Early: Youth Education Imperative

🔐 Cyber security should begin in childhood, not only as a late-stage workforce specialization. The piece argues that threat actors target schools, hospitals, municipalities and small businesses as aggressively as large enterprises, and that waiting for workforce pipelines to mature leaves communities exposed. Early, practical education—covering ransomware awareness, phishing resistance, hands-on skills and teacher training—reduces immediate risk and strengthens future talent pools.
read more →

Six Strategies to Build a High-Performing Security Team

🔒 Building a high-performing cybersecurity team requires deliberate hiring, clear mission alignment, and empowered leadership. Veteran security leaders advise assembling a balanced mix of ambitious innovators and dependable 'rock stars,' promoting diverse backgrounds, and giving teams targeted training, tools, and AI-enabled analytics. They emphasize strong prioritization, business-focused communication skills, and appointing deputies to scale leadership, speed decision-making, and sustain operational resilience.
read more →

Cybersecurity Stress Driving Burnout and Employee Loss

🧠 New survey shows cybersecurity roles are causing widespread stress and burnout. Object First polled 500 IT and security professionals and found 84% feel uncomfortably stressed and 78% fear being personally blamed after incidents. The pressure is pushing many to seek new jobs, worsening staffing shortages and increasing organizational risk. Recommended actions include building a blame-free culture, reducing alert noise, and investing in mental-health and resilience resources.
read more →

Cybersecurity Skills Trump Headcount in the AI Era

🛡️ ISC2’s 2025 Cybersecurity Workforce Study of 16,029 professionals finds that skills shortages have overtaken headcount as the primary concern for security teams. Budget constraints leave 33% of respondents unable to adequately staff and 29% unable to afford skilled hires, while 88% reported at least one incident linked to skills gaps. The report highlights rapidly accelerating AI adoption—69% are at some adoption stage—and stresses capability development, targeted training, and realistic workload expectations over simple headcount increases.
read more →

Five UX Mistakes That Weaken Corporate Security Posture

🔐 Organizations often assume stricter, more complex controls automatically increase security. The article identifies five common UX-driven mistakes — poor security mindset, one-size-fits-all policies, confusing complexity with protection, reliance on legacy security questions, and misplaced faith in biometrics — that can degrade defenses. Experts Yehudah Sunshine, Joseph Steinberg and April McBroom recommend practical measures such as targeted training, contextual controls, password managers, multiple-choice knowledge checks, and behavioral biometrics. Their guidance emphasizes reducing friction, encouraging honest reporting of errors, and tailoring security to user roles to improve both usability and protection.
read more →

Coach or Mentor: Guidance Paths for Cyber Leaders Today

🔑 Renee Guttmann and other senior cyber leaders explain when professionals need mentorship versus executive coaching. At a September ISSA LA meeting, Guttmann distinguished mentoring as a one-on-one transfer of real-world experience and coaching as focused work on skills like executive presence. Speakers pointed to formal programs, networking, and industry groups as primary sources for guidance. Together, mentors and coaches help bridge technical foundations and board-level business acumen.
read more →

Build Forward-Thinking Cybersecurity Teams for Tomorrow

🧠 The democratization of advanced attack capabilities means cybersecurity leaders must rethink talent strategies now. Ann Johnson argues the primary vulnerability in an AI-transformed landscape is human: teams must combine technical expertise with cognitive diversity to interrogate and adapt to probabilistic AI outputs. Organizations should change hiring, onboarding, retention, and continuous upskilling to create resilient, future-ready security teams.
read more →

Kevin Lancaster Joins usecure Board to Drive Channel Growth

🛡️ usecure has appointed Kevin Lancaster as a Non-Executive Director to accelerate its North American channel expansion. Lancaster, founder of ID Agent and former head of Channel Program, brings deep channel experience and a proven track record of scaling channel-first security and SaaS businesses. He will work with the board and executive team to help usecure become the leading human risk management solution for MSPs, supporting growth across distribution partners and more than 1,800 MSP partners worldwide.
read more →

Empathy-Driven IT Security: Path to Active Compliance

🔐 IT security often meets resistance when guidelines clash with everyday work pressures, causing employees to view measures as obstructive and to bypass them. The article advocates empathetic policy engineering: perform stakeholder analysis, design user-centered policies, and pilot changes with early adopters. Communicate with respect—use tactical empathy, collaborative 'help me to help you' dialogues, and realistic, scenario-based training to boost acceptance and embed secure practices.
read more →

Invisible Battles: Cybersecurity's Toll on Mental Health

🛡️ Cybersecurity work creates a relentless, always-on pressure that erodes mental health, driving sleep loss, anxiety and burnout. The piece outlines how constant alerts, moral responsibility for failures and siloed teams amplify errors and organizational risk. It calls for concrete changes—from individual boundaries and therapy to organizational psychological safety—and industry shifts such as integrating wellness into ISO and NIST frameworks.
read more →