In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring, and more!
Next, pre-recorded interviews from RSAC Conference 2025, including:
This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them!
Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet’s FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders.
Read the full report at https://securityweekly.com/fortinetrsac.
This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them!
In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems.
Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz
Derek Manky leads FortiGuard Labs’ Global Threat Intelligence Team at Fortinet, bringing over 20 years of cyber security experience. He has established frameworks in the security industry including responsible vulnerability disclosure, which has exercised the responsible reporting of over 1000 zero-day vulnerabilities. Manky has been with the Cyber Threat Alliance since it was founded in May 2014. For more than 15 years he has been highly engaged building public/private partnerships and supporting efforts including the CTA, FIRST.org, MITRE CTID, INTERPOL Expert Group/Gateway, and the World Economic Forum Partnership Against Cybercrime (PAC). He sits on the executive committee of the Cybercrime Atlas Initiative. His vision is applied to help shape the future of proactive cyber security, with the ultimate goal to make a positive impact towards the global war on cybercrime and threat actors.
As Cobalt’s Chief Technology Officer, Gunter brings decades of experience and innovation to the forefront of information security. A seasoned veteran in the field, he has defined, delivered, and trailblazed cutting-edge security innovations to protect organizations worldwide.
With decades of global experience in information security, Gunter has trailblazed innovations that safeguard organizations across industries. He has built and led high-performing SecOps, engineering, and research teams while guiding the invention of groundbreaking technologies, including multiple patents in cyber threat detection and mitigation.
Gunter’s international expertise spans over 80 countries and three continents, giving him unique insights into diverse business cultures. He has been instrumental in bringing advanced security solutions to market through startups, market leaders, and household-name brands.
A recognized thought leader, Gunter’s insights have been featured in SC Magazine, SecurityWeek, Dark Reading, and more, and he has been quoted by global media outlets such as USA Today, CNN, the BBC, and NPR.
Matt Alderman
- CISO vs CFO: why are the conversations difficult?
Bridging the gap between CISOs and CFOs means ditching old stereotypes, speaking the same language, and turning cybersecurity from a budget battle into a blueprint for business growth.
- How CISOs can talk cybersecurity so it makes sense to executives
For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing and regulations tightening, that’s changing. Boards now expect CISOs to speak their language: risk, dollars, impact.
- CIOs pay too much for not enough IT security
CIOs are experiencing a cybersecurity anomaly. Nearly 9 in 10 organizations had a breach in the last year, according to a Vanson Bourne survey of 1,000 IT leaders commissioned by service provider Logicalis Group. Half of respondents said they overinvested in security technology while the same proportion admitted they don’t fully use features they’ve paid for.
- Firms to spend more on GenAI than security in 2025, finds study
Organisations are set to allocate more of their 2025 tech budgets to Generative AI (GenAI) than to security, according to new global research commissioned by Amazon Web Services (AWS). The Gen AI Adoption Index study, which surveyed 3,739 senior IT decision-makers across nine countries, was conducted by Access Partnership.
The survey’s findings show that 45% of organisations identified GenAI as their top IT investment priority for 2025. In comparison, 30% of organisations prioritised cybersecurity. Other areas, such as compute (13%), storage (7%), and physical hardware (4%), were lower in priority.
- Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring
The 2025 cybersecurity workforce research report, released at the RSA Conference, marks a watershed moment for the industry: for the first time, more organisations worldwide (52 %) cite “not having the right staff” as their primary concern rather than “not having enough staff” (48%).
- When You’re Asked to Meet Impossible Goals
Change is no longer an occasional disruption but a constant. Employees are now experiencing five times more planned change initiatives than they did just a decade ago. Add unrealistic goals, and the result is predictable: disengagement, burnout, and a sharp decline in execution—in short, widespread change fatigue. Leaders who take on impossible goals don’t do it because they lack judgment—they do it because pushing back feels risky to them. The real leadership skill is not figuring out how to do it all; it’s knowing when and how to push back. That’s where strategic refusal comes in. Strategic refusal is a structured method to force prioritization and push back on unrealistic demands that jeopardize team productivity, morale, or well-being. The idea isn’t to avoid responsibility, but rather to protect the team, maintain long-term performance, and ensure sustainable outcomes—all while safeguarding your reputation.
