Insights from Security Leaders
Stay across the issues that matter to security leaders. Practical guidance, threat analysis, and strategic thinking drawn across finance, healthcare, SaaS, and beyond from our network of experienced fractional CISOs.
Is There an AI Security Crisis?
Anthropic's Project Glasswing reveals AI can now find critical vulnerabilities at scale. For CISOs and boards, this is less about panic and more about a structural shift in risk, capability, and talent.
Explaining CISO, fCISO, vCISO and CISO to the CISO
The security leadership market has fragmented. Here's how to tell the difference between a full-time CISO, a fractional CISO, a virtual CISO, and a CISO to the CISO.
Iranian Cyber Operations: An Update for CISOs
Handala's shift from wiper malware to native admin tool abuse is a tactical change, not a strategic surprise. What it reminds us about identity, supply chain, and detection.
A practical guide to your first 90 days as a CISO
The first 90 days in a CISO role set the trajectory for your entire tenure. Here's how to navigate them with purpose, pragmatism, and a plan.
Morgan McSweeney's Stolen Phone: Lessons for CISOs
When Morgan McSweeney's government phone was stolen in London, it exposed gaps in mobile device security that every CISO should address.
Five Actions for CISOs After the LiteLLM Attack
On March 24, 2026, LiteLLM version 1.82.8 was compromised on PyPI. Five actions CISOs need to take to address AI-accelerated supply chain threats.
When Supply Chain Vendors Become Weak Links
The M&S and JLR breaches reveal how attackers bypass your defences by targeting suppliers. How to build a risk management programme that works.
A CISO's Guide to the Iranian Cyber Conflict
As conflict unfolds between the US, Israel, and Iran, cyber operations are a critical battleground. What CISOs need to know.
Seven Lessons from the McKinsey Lilli Hack
When McKinsey's internal AI platform was compromised via SQL injection, it revealed new classes of vulnerabilities security programmes miss.
When Does Your Business Need a CISO?
Knowing when to invest in executive security leadership is critical. Key indicators and decision frameworks for when to hire a CISO.
Choosing Between SOC 2 and ISO 27001
SOC 2 and ISO 27001 serve different strategic purposes. A decision framework, implementation roadmap, and integration strategies that actually work.
The Security-First Culture Playbook
Technology alone won't protect your business. A framework for creating a culture where security is intrinsic to how work gets done.
Looking for Security Insights for Your Business?
Our fractional CISOs can help you implement the strategies and frameworks discussed in our articles. Book a call to discuss your security needs.