Qualys

A defeated CISO sighed, “Am I a glorified purchasing agent?” He was bemoaning the “rinse, wash, repeat” budgeting cycle… Where CFO’s reluctantly release capital to security…. With a “vague sense of moral obligation.” What the CISO wanted… Without saying it or realizing it... Was to work collaboratively… From a shared objective of “Protecting the business from material impact.” If he said that to the CFO, the CFO would likely smile and say, “Motherhood and apple pie…thank you for stating the obvious!” Material impact, while borrowed from the SEC… Equates here to losses large enough to matter to stakeholders… They are plausible losses that could derail business objectives… (And most certainly would find they were on your form 8-K) The question for our CISO now is…how do we do this...how do we collaborate on business terms? Sun Tzu (author of The Art of War) must have had a CFO He said, “Tactics without strategy is the noise before defeat.” Over a thousand years ago he knew Defenders and Financiers must be aligned… But whose job is it to fix this “strategic misalignment?” The CISO. Why do I say that? It’s our job to meet “the money people” on their terms… You simply can’t force the CFO, board, eteam, and business stakeholders… Onto your terms and tools… That’s backwards… It’s what created the problem in the first place... Leading to CFOs with “a vague sense of moral obligation” . Now I am going to say something quite unpopular Cyber Risk Quantification (CRQ) should have been “the practice” for doing all of the above. Unfortunately, the way it's presented creates more distance. It puts the cart before the horse… Actually, it’s all cart...no horse. The good news is that if you are fully operating from the “Sun Tzu” mind set… And are committed to meeting the business on their terms and their tool chains... 100% focused on their objectives… Then a CRQ solution could really help... But with the wrong point of view… It’s another tactical purchase by a glorified and unfulfilled purchasing agent. If this line of reasoning interests you…. I have added a link to an article published today by the fine folks at The Stack Also, stay tuned for freemium regional and online trainings.. #CISO #CFO #CRQ #cyberriskquantification 

Why choose Qualys for #vulnerability management? In our latest video, discover how Qualys protects Aberdeen, why Qualys is their top choice for vulnerability management and the benefits it can bring to your organization. Learn more about Qualys' VMDR here. https://lnkd.in/dQiR4t7 #DeRiskYourBusiness

Coming this October is the must-attend #cybersecurity event of the year! Join us in person for #QSCAmericas to find out how today’s #security leaders are evolving from enumerating #risk to eliminating it. Secure your spot today! https://lnkd.in/gKt3CWjf #DeRiskYourBusiness

"Many #CISO may think quantifying risk in business terms is too hard. They will in turn fall back on taken-for-granted 'best practices' like heat maps." Read more from Qualys' Richard Seiersen in The Stack. https://lnkd.in/gMnvWihj

#QSCAmericas is coming! This October, join thought leaders, security practitioners, product experts, and more in beautiful San Diego. Spend the week learning how to measure, communicate, and eliminate #cyber risk to drive better business outcomes. Register today! https://lnkd.in/gKt3CWjf #DeRiskYourBusiness

A critical vulnerability has been discovered in a popular #WordPress plugin called WPML, tracked as CVE-2024-6368, with a CVSS score of 9.9. Successful exploitation of the may allow an attacker to execute arbitrary code on the vulnerable server. https://lnkd.in/dUhbFh-K

Do you need help effectively communicating cyber risk in terms of business impact? This Wednesday, join Qualys’ Richard Seiersen, Lionfish Tech Advisors’ Jonathan Care, and Dark Readings Becky Bracken for a #webinar on "Developing a Cyber Risk Assessment for the C-Suite." There’s still time to register! https://lnkd.in/evyQ8syY

According to The Hacker News, multi-factor authentication failures have fueled a 500% surge in #ransomware losses this year. Our latest #blog explores why it is important to unpack #MFA failures, the details of the Retool attack, and outline the critical lessons learned for enhancing #cloudsecurity. https://lnkd.in/g37e2CAQ

Discover how Jeff Huffman ensures top-notch security for the New Orleans Saints, whether they're at home, on the road, or evacuating during a hurricane. Learn about his game-changing strategies using the Qualys Cloud Agent and automated patching to significantly reduce the Saints' attack surface. See for yourself how Qualys patch management can enhance your security posture. Try it today at https://lnkd.in/gb3_dsef

Headed to Oracle #CloudWorld next month? Meet with us at booth 99 and learn how you can de-risk your multi-cloud and container environments with Qualys TotalCloud AI-Powered #CNAPP. Register today! https://lnkd.in/dkXiXyQd #owc