Matt Chiodi

One year after the devastating #ColonialPipeline attack, organizations are placing a higher premium on #cybersecurity. CSO Online spoke with me about the path forward: . Some are asking if wider adoption of #ZeroTrust can redu…lnkd.in/gbRkWusP lnkd.in/gUyevkSY

Last month I had an insightful podcast discussion with @varun__badhwar, one of the leading voices in software supply chain security. We delved into the heart of open source software, its potential risks, and how to navigate them effectively. Here are so…lnkd.in/ekn2tqgW

#opensource software is a double-edged sword. Your business and/or agency needs it to run almost everything digitally. But when you look at vulnerabilities like #log4j and Apache Struts, the security of open source software can no longer be ignored. In t…lnkd.in/eGzurJiM

And you thought your corporate apps that aren’t connected to your identity provider were safe (nonfederated due to no support for SAML/OIDC). Fat chance. PassGPT and hundreds of others soon to be like it will obliterate passwords. Is this the demise o…lnkd.in/eHy5arKN

Every organization has risks that are just below the surface. They are lurking in the background, just waiting to be exploited. Sure, it's easy to focus on the risks that are seemingly always in the headlines, but remember what happened to software supp…lnkd.in/ee2rqiu6

Zero trust is too complicated. It’s not practical and doesn’t scale. Have you felt this way? I know I have. In a webinar I did with the creator of zero trust, @Kindervag, he explained that it’s quite the opposite in reality. I asked John if he could…lnkd.in/eekKwjm9

Should security be everyone's responsibility? What about secure by default? In this CISO Series newsletter, I opine why security should not be everyone's responsibility. Am I wrong? What do you think? #security #leadership lnkd.in/ebbj59Nf

Tuesday's discussion with my good friend @Kindervag will be fun! We will discuss all things #zerotrust and where nonfederated (unmanageable) applications fit into the mix. Join us Tuesday, May 16 at 11a PT / 2 PM ET! Cerby ON2IT Cybersecurity lnkd.in/e4BT3zfr

Why is effective delegation so difficult? What is it about giving a task to another to complete that is so challenging? Two thoughts: 1) The idea that only I can do it “the right way”. Which is, of course, not exactly true. With the right mix of traini…lnkd.in/eUibys8t

How many times have you “trusted” someone to get a task done and then it doesn’t happen? When I look over many of these situations in my life, with kids and with employees, typically the failure is on my end as the leader. I haven’t trained and developed…lnkd.in/eVTXgh2A

Join me at 1pm ET today to learn about the latest threats in the enterprise from our exclusive research with the Ponemon Institute! Learn 1) What organizations understand about the risks of nonfederated applications 2) Why organizations are vulnerable t…lnkd.in/e73RsVHb

How do you deal with "unknown unknowns"? This famous quote from the former US Secretary of Defense, Donald Rumsfeld, is deeply troubling. It implies that we should be worrying about things that we are currently unaware of. How do we do that? Let's start…lnkd.in/g957rPUQ

Props to Cybersecurity and Infrastructure Security Agency (CISA) for the friendliest booth at #rsac2023. Great place to meet up with friends and talk about #sbom and #securebydefault. What’s your favorite booth his year and why? Jen Easterly lnkd.in/eykuzxa7

The Ponemon Institute found the next #cybersecurity black swan: nonfederated applications. Correlating the research with the Verizon DBIR indicates they generate between 11 to 15 percent of breaches annually! Why such an elevated risk? Nonfederated appli…lnkd.in/euibjFzr

🎙️ What's changed in cloud native security over the past year? In my recent podcast conversation with @rkw59, CSO of Cloud at Prisma Cloud by Palo Alto Networks, we explored the latest installment of The State of Cloud Native Security report and his fas…lnkd.in/ecwB9-Cf

Are you concerned about #supplychainsecurity in the software industry? It's time to unlock the potential of SBOMs and improve transparency and collaboration. As the software industry continues to evolve and grow, the importance of supply chain security h…lnkd.in/eSJHK9Dz

🤔 Ever wondered if the cloud is truly more secure than on-prem? @StevenPrentice's insightful CISO Series article "23 Cloud Security Myths Debunked" addresses this question. In my quote, I emphasize the importance of choosing the…lnkd.in/eMjAm4mK lnkd.in/etemJT8n

As professionals, we often wear our busyness as a badge of honor. But what if being busy is actually a form of laziness? According to Tim Ferriss, author and productivity guru, "Being busy is a form of laziness - lazy thinking and indiscriminate action."…lnkd.in/eqxePfuS

🔒 Is CISA's Zero Trust Maturity Model (ZTMM) a game-changer or just another buzzword? 🌐 My take: 1️⃣ Zero Trust is a journey, not a one-time purchase. Beware of vendor FUD. 2️⃣ The ZTMM offers a valuable framework for measuring progress, but it still n…lnkd.in/eg3c5Vmf

Borrowed from a Reddit post titled "Humanities last Tweet"... While said in jest, given the rapid advances in AI over the past few months, we need to proceed cautiously. #ai will impact every area of life. If you are a writer and only marginal at what…lnkd.in/ezqxsvdi

What metrics should you use that demonstrate the value of your cyber program? How often do your scratch your head on this one? In my book review and interview with CISO and author @Matthew_K_Sharp, he outlined three steps to take before picking your me…lnkd.in/eeJ3yEYb