Features – Help Net Security

In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk reduction, especially when facing legacy constraints. Looking ahead, she sees security leaders playing a bigger role in shaping infrastructure and innovation, with teams working more closely across functions as tools converge. What advice would you offer … More → The post From posture to prioritization: The shift toward unified runtime platforms appeared first on Help Net Security.

In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights into their scalability, compliance advantages, and real-world deployment considerations. How do FIDO security keys differ from traditional authentication methods like passwords or SMS codes? FIDO security keys use public key cryptography to authenticate users, making them … More → The post Why should companies or organizations convert to FIDO security keys? appeared first on Help Net Security.

In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She shares how her team handles constant pressure, sets boundaries, and deals with stress. Wallace also gives practical advice for those looking to build a lasting career in cybersecurity. Let’s start with your perspective. How would you describe the current state of work-life balance in cybersecurity leadership? Work-life balance is challenging … More → The post Why work-life balance in cybersecurity must start with executive support appeared first on Help Net Security.

In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and elevate cybersecurity as a strategic driver. What should CISOs know about how insurers and financial risk professionals are evaluating cybersecurity maturity? Cybersecurity maturity is viewed differently depending on the stakeholder, and effective programs must account … More → The post How CISOs can justify security investments in financial terms appeared first on Help Net Security.

In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, easy device management, and preparing for future tech like quantum computing and AI. He also covers challenges with IoT visibility, security, and new regulations. For CISOs building or improving an IoT security strategy, what should be the top 3 priorities? 1. First off, creating an IoT infrastructure that matches … More → The post Strategies to secure long-life IoT devices appeared first on Help Net Security.

In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities if not properly reviewed. What security risks do AI code assistants pose that developers and organizations might overlook? While AI code assistants enhance developer productivity, they introduce significant and often overlooked security risks across multiple … More → The post Why AI code assistants need a security reality check appeared first on Help Net Security.

When CISOs think about risk, they usually think about cloud platforms, laptops, and data centers. But live events like conferences, trade shows, product launches, and shareholder meetings bring a different kind of cybersecurity exposure. These events gather people, devices, and sensitive information in one place, often for just a day or two. That makes them an appealing target. Events also combine digital and physical systems. A vulnerability in one area can lead to a breach … More → The post Hackers love events. Why aren’t more CISOs paying attention? appeared first on Help Net Security.

In this Help Net Security interview, Paolo del Mundo, Director of Application and Cloud Security at The Motley Fool, discusses how organizations can scale their AI usage by implementing guardrails to mitigate GenAI-specific risks like prompt injection, insecure outputs, and data leakage. He explains that as GenAI features proliferate, organizations must implement guardrails to manage risk, especially around input/output handling and fine-tuning practices. Establishing these controls early ensures safe, compliant adoption without compromising innovation. For … More → The post Before scaling GenAI, map your LLM usage and risk zones appeared first on Help Net Security.

In this Help Net Security interview, Rich Friedberg, CISO at Live Oak Bank, discusses how banks can better align cybersecurity efforts with broader cyber governance and risk priorities. Banking institutions often falter when cybersecurity is siloed as purely a technical or compliance issue. Cyber governance requires treating cybersecurity as a strategic business risk embedded across enterprise-wide decision-making. Where do banks typically struggle when trying to align cybersecurity efforts with broader governance and risk priorities? Banks … More → The post Why banks’ tech-first approach leaves governance gaps appeared first on Help Net Security.

In this Help Net Security interview, Amichai Shulman, CTO at Nokod Security, discusses how the abstraction layer in no-code environments complicates security by obscuring data flow, identity propagation, and control logic. Shulman also addresses why vulnerabilities in no-code applications go far beyond simple misconfigurations or insecure defaults. How does the abstraction layer in no-code environments complicate visibility into data flow, identity propagation, or control logic? The use of no-code tools to generate custom applications in … More → The post Unpacking the security complexity of no-code development platforms appeared first on Help Net Security.