Full episode and show notes

CISO Cheat Sheet, as Role Evolves and vCISO is Viable, Cobalt Strike and Resilience – Theresa Lanowitz, Rohit Dhamankar – BSW #396

In the leadership and communications section, Why Every CISO Should Be Gunning For A Seat At The Board Table, The Innovation We Need is Strategic, Not Technical , The Best Leaders Ask the Right Questions, and more! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them! Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra’s collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has...

This episode is sponsored by
Full Segment Notes

In the leadership and communications section, Why Every CISO Should Be Gunning For A Seat At The Board Table, The Innovation We Need is Strategic, Not Technical , The Best Leaders Ask the Right Questions, and more!

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them!

Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra’s collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has been reduced to less than one week in the United States and less than two weeks worldwide.

Segment Resources: https://www.cobaltstrike.com/blog/update-stopping-cybercriminals-from-abusing-cobalt-strike

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluersac to learn more about them!

Uncover how organizations are building business confidence through cyber resilience, how alignment of cybersecurity and business goals impacts business, how collaboration creates a proactive culture, and how emerging attacks are evolving.

Guests

Theresa Lanowitz is the Chief Cybersecurity Evangelist at LevelBlue.

Theresa is a globally respected leader known for her deep and diverse experience in cybersecurity.

Rohit is the Vice President of Product Strategy at Fortra. Rohit has more than 20 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Dhamankar holds a Master of Science in Electrical Engineering from the University of Texas Austin and a Master of Science in Physics from IIT in Kanpur, India.

He has worked in leading and advisory roles for many successful start-ups and Texas based VCs. Rohit has spoken at RSA, Black Hat and other cybersecurity industry conferences. In addition, he worked with the SANS Institute for many years authoring industry-driving reports and newsletters.

Announcements

  • Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025

List of Articles

Matt Alderman

  1. Why Every CISO Should Be Gunning For A Seat At The Board Table

    With economic uncertainty, regulatory pressure, and cybersecurity now among the top risks facing public companies, Kurtz issued a bold call to action: It’s time for CISOs to earn their seat at the board table. His message was clear: in the next decade, cybersecurity expertise won’t just be welcome on corporate boards—it will be indispensable.

  2. The 2025 CISO Cheat Sheet

    Ask Yourself The Following Questions:

    1. Am I setting the right security direction?
    2. Do I know our top risks — and are we doing something about them?
    3. Are the “basics” in place — and working?
    4. If something goes wrong at 2 AM, do we know what to do?
    5. Can I show the board how security is improving — without technical jargon?
    6. Are we compliant — and ready to prove it?
    7. Does our team — and company — actually care about security?
    8. Are our cloud systems and vendors under control?
    9. Are we adapting to what’s coming — not just reacting to what happened?
    10. Am I trying to do everything myself?
  3. Evolving The CISO Role

    The traditional responsibilities of a CISO have expanded far beyond the confines of managing IT security. As the cyber threat grows, building cross-functional relationships is crucial. Today’s CISOs must increasingly influence board-level decisions and shape the strategic direction of their organisations in order to foster a culture of cyber resilience.

  4. The rise of vCISO as a viable cybersecurity career path

    For those looking for a career change or who just don’t want to be in charge of the cybersecurity of one company for a long period of time, becoming a vCISO might be just what you are looking for.

  5. A third of enterprises have been breached despite increased cybersecurity investment

    Most companies (67%) have experienced a data breach in the last 24 months, despite an increase in spending, new research from Pentera shows, with 24% experiencing a breach in the last 12 months, and 43% in the last 12 months.

    During these breaches, the most common disruption suffered was unplanned downtime, with 36% of breached organizations impacted. Many firms also suffered a breach of data (30%) and financial loss (28%), showing just how damaging security breaches can be.

    Of those who disclosed the impacts of the breach, a shocking 76% reported an impact on the confidentiality, integrity, and/or availability of their data - with only 24% reporting no significant impact.

  6. The Innovation We Need is Strategic, Not Technical – Talking Identity

    Here’s an uncomfortable truth. Most of the risks being called out already have solutions – at least technically. The standards, protocols, and architectural patterns required to address them already exist. What’s lacking is the organizational will to implement them, the investment required to modernize infrastructure for security, and the discipline to prioritize long-term resilience over short-term delivery.

    And this isn’t just a failure of vendors. It’s also a consequence of enterprise buyers rewarding compliance over capability, and executives framing security as a function of audit readiness rather than operational integrity.

  7. The Best Leaders Ask the Right Questions

    Few leaders have been trained to ask great questions. That might explain why they tend to be good at certain kinds of questions, and less effective at other kinds. Unfortunately, that hurts their ability to pursue strategic priorities. Arnaud Chevallier, strategy professor at IMD Business School, explains how leaders can break out of that rut and systematically ask five kinds of questions: investigative, speculative, productive, interpretive, and subjective. He shares real-life examples of how asking the right sort of question at a key time can unlock value and propel your organization. With his IMD colleagues Frédéric Dalsace and Jean-Louis Barsoux, Chevallier wrote the HBR article “The Art of Asking Smarter Questions.”

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Segments

Related Content

You can skip this ad in 5 seconds