Consent: Power vs Choice, The Crack in the Cloud, The Art of Digital Disguise, A Boring but Necessary Job, The Imitation Game, and Lock-Out: The Clock is Ticking. It's CISO Intelligence for Wednesday, 29th October 2025.

Table of Contents

1. Microsoft Sued: When Copilot Goes Rogue
2. Is Your Google Workspace Really Safe? Probably Not.
3. The Phantom Menace: Caller ID Spoofing Strikes Again!
4. Risky Business: The Art of Audit-Proofing Cyber Assessments
5. New Herodotus Android Malware: When Typing Seems Too Human
6. Click or Be Locked: The Deadline Looms for 2FA Key Re-enrollment

Microsoft Sued: When Copilot Goes Rogue

When autocompletions spell 'cha-ching'.

What You Need to Know

A lawsuit has been filed against Microsoft claiming that the company deceptively enrolled users into Copilot M365 subscriptions without explicit consent. Board members and executives should assess current user consent practices and subscription procedures to ensure transparency and avoid similar legal disputes.

CISO Focus: Legal Compliance & Customer Data Protection
Sentiment: Negative
Time to Impact: Immediate

Amidst the ever-evolving landscape of cloud services, Microsoft, one of the industry stalwarts, finds itself embroiled in a legal quagmire. Allegations have surfaced accusing the tech giant of surreptitiously enlisting millions of users into its Copilot M365 subscriptions. This suit raises questions about user consent, transparency in billing practices, and corporate responsibility in digital transformations.

The Legal Allegations

Microsoft's Copilot M365, envisioned as an advanced AI-driven productivity companion, is now under scrutiny. The lawsuit contends that Microsoft engaged in misleading marketing tactics, enrolling consumers in paid plans without adequate permission. Plaintiffs argue that users were neither adequately informed nor given an explicit choice before being shifted to costly subscriptions.

What’s at Stake

• Legal Ramifications: Immediate analysis is required for compliance with consumer protection laws such as the Consumer Review Fairness Act and similar statutes globally. The potential for costly settlements looms if the court finds in favor of the plaintiffs.
• Trust and Brand Equity: At a time when data protection and transparency are critical, Microsoft's reputation could suffer irreversible damage if these claims are validated. User trust, once lost, can take years to rebuild.
• Financial Impact: The financial implications extend beyond potential payouts; they could affect market confidence and shareholder value.

The Corporate Response

Microsoft has yet to make a comprehensive public statement in response to these allegations. Generally, companies embroiled in such disputes initiate internal reviews, potentially halting future deployments of the contested service amid the investigation.

• Indication of Intent: The suit challenges how technology coercively influences consumer behavior, spotlighting the ethics involved in automated service enrollments.
• Lesson in Due Diligence: This case is a clarion call for reevaluating automated process oversight, especially for large-scale service rollouts and billing systems.

Broader Implications for Corporate Practices

• Consent and Transparency: Mechanisms for obtaining clear user consent must be a priority. The era of unchecked opt-ins is over; CIOs must enforce clear, comprehensible subscription agreements.
• Governance and Compliance: This incident underscores the need for robust governance frameworks. CIOs should validate that their organizations adhere strictly to regulatory requirements governing digital services.
• Operational Adjustments: Companies should reassess their automated enrollment processes, potentially enhancing AI models to emphasize consumer comprehension before initiating billing cycles.

Navigating the Controversy: Lessons Learned

• Implement Transparency-First Policies: Build trust by ensuring clarity in communication and user consent processes. Consider third-party audits to maintain subscription integrity.
• Leverage Technology Ethically: AI, while powerful, must not serve as a tool for deceit. Develop ethical guidelines for AI applications that affect consumer transactions.
• Strengthen User Engagement Protocols: Enhance user interface designs to make critical information salient, ensuring user understanding prior to agreement consent.

Between the Lines

As tech companies continue to push the boundaries of artificial intelligence, the intersection of machine learning and consumer law becomes ever more poignant. While the promise of AI is transformative efficiency, unchecked application risks navigating these innovations into contentious territories.

Envision a future where transparency and user agency underpin every interaction—a necessary evolution for sustaining trust in the digital age. With governments and legal systems catching up to technology, companies must preemptively align themselves with emerging norms or face detrimental outcomes.

Closing with a Circuit: Byte Your Own Business

In a world wired by nodes and volts, perhaps Microsoft’s case will catalyze a more conscientious deployment of AI-powered services. For now, shifting from sly subscriptions to subscription mindfulness might just be the judicious course of action.

Vendor Diligence Questions

1. What measures are in place to ensure user consent before subscription enrollments?
2. How does the organization verify the clarity of the information presented to users during the signup process?
3. What auditing frameworks are employed to ensure compliance with relevant consumer protection laws?

Action Plan

For Teams Reporting to the CISO:

1. Conduct Immediate Review: Audit all active subscriptions to ensure compliance with consent protocols and identify potential areas of vulnerability.
2. Enhance Employee Training: Implement training on ethical AI usage and consumer protection compliance.
3. Revitalize Monitoring Systems: Upgrade systems to include checkpoints that flag potential user consent issues in real-time.

Source: Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions

Is Your Google Workspace Really Safe? Probably Not.

Just because it's in the cloud doesn't mean it's on Cloud 9!

What You Need to Know

The latest revelations about Google Workspace's vulnerabilities have sparked concern across businesses globally. Anomalies in Workspace's security configuration could potentially lead to data breaches. Board members and executive management must prioritize evaluating their organization's current dependency on Google's cloud services and take immediate action to reassess security measures in place.

CISO focus: Cloud Security
Sentiment: Strong Negative
Time to Impact: Immediate

As more organizations flock to cloud-based solutions like Google Workspace, a sobering reality emerges—behind the glossy appeal of efficiency and collaboration, there are significant vulnerabilities lurking. Google Workspace, a leading cloud productivity suite, is under scrutiny following reports of security lapses that could compromise your organization’s data integrity.

Google Workspace Vulnerabilities Exposed

A recent expose by cybersecurity experts has uncovered multiple vulnerabilities within Google Workspace. Several misconfigurations have been identified that allow unauthorized access to sensitive company information. The core issues revolve around weak default settings which, if left uncorrected, can easily be exploited by cyber attackers.

Key Issues Identified

• Weak Security Configurations: Default settings in Google Workspace are often set up in a less secure manner, exposing sensitive data.
• Phishing Risks: With an increase in sophisticated phishing attacks, there is potential to exploit these configurations, tricking users into divulging sensitive credentials.
• Access Controls: Improper management of access controls has led to inadvertent data exposure, including sharing sensitive data with unauthorized users.

Organizations at Risk

Given the widespread adoption of Google Workspace, the scale and impact of these vulnerabilities are significant. Small and medium businesses that rely heavily on the default configurations provided by Google are particularly at risk. These businesses often lack the technical expertise to implement stringent security measures, making them easy targets for cybercriminals.

Impact on Businesses

• Data Breach Risk: The potential for data breaches increases exponentially with each vulnerability, putting customer and employee data at risk.
• Revenue Loss: Companies affected by data breaches can face immense financial losses due to fines and the cost of remediation.
• Reputational Damage: Breaches can lead to lasting reputational harm, eroding customer trust and impacting long-term business prospects.

Calls to Action

To combat these vulnerabilities, organizations must prioritize a robust security strategy for their cloud environments. The key is not to rely solely on default settings but to implement comprehensive security enhancements.

Recommended Steps

• Security Audit: Conduct regular audits of your Google Workspace settings to ensure they align with best security practices.
• Employee Training: Educate employees about phishing threats and establish protocols for identifying and reporting suspicious activities.
• Enhanced Access Control: Implement a least-privilege access policy to minimize unnecessary exposure of sensitive data.

Looking Ahead with Google

As Google addresses these identified weaknesses, organizations should remain vigilant. The cloud landscape is dynamic, and threats evolve at an alarming pace. By staying informed and proactive, businesses can navigate these challenges.

It's important not to be lulled into a false sense of security simply because data resides in the cloud. The burden of safeguarding data does not rest solely with service providers; users too have a crucial role to play.

What Can Google Do?

• Enhanced Security Tools: Release tools that enable users to easily audit their workspace for vulnerabilities.
• User Education Programs: Roll out comprehensive training programs focused on tackling phishing and other emerging threats.

Google’s reputation as a reliable cloud service provider will be measured by its ability to swiftly address these vulnerabilities and prevent future issues.

Vendor Diligence Questions

1. What security measures are currently being taken by Google to address defaults in configuration vulnerabilities?
2. Can Google guarantee compliance with the latest industry standards for cloud security, specifically for Workspace?
3. How frequently does Google update its security protocols to defend against newly discovered threats?**

Action Plan

1. Initiate a comprehensive security audit of current Google Workspace settings.
2. Establish a cross-functional team to enhance security protocols and monitor effectiveness.
3. Schedule regular training sessions for employees emphasizing phishing prevention and response.

Source: Is Your Google Workspace as Secure as You Think it is?

The Phantom Menace: Caller ID Spoofing Strikes Again!

A 'Call'ing Card of Criminality

What You Need to Know

The escalation of caller ID spoofing attacks poses a significant threat, with Europol identifying the practice as a burgeoning criminal activity that transcends borders. This emerging threat underscores the need for immediate board-level attention to harmonize technical standards, improve cross-border collaboration, and streamline regulatory frameworks across Europe. Your action is crucial in addressing policy gaps and implementing defensive strategies.

CISO focus: Telecommunications Security
Sentiment: Strong Negative
Time to Impact: Immediate

Caller ID spoofing has evolved from a mere nuisance to a criminal enterprise, prompting Europol to issue a call to arms across European jurisdictions. This ominous trend involves criminals falsifying phone numbers to deceive recipients into providing sensitive information or transferring funds. By offering "spoofing-as-a-service," these networks have crafted a scalable, borderless model of deceit. Despite the clear and present danger, efforts to combat these activities remain disjointed, highlighting the urgency of coordinated, continent-wide measures.

The Current Scenario

Europol's recent report sounds an alarm over caller ID spoofing's rise, emphasizing the seamless nature of its operations, which knows no boundaries. Organized networks have monetized this deception, presenting a 'spoofing-as-a-service' business model that anyone, including amateur hackers, can use. The allure of anonymity and low entry costs are catalyzing its growth.

• Technical Inadequacies: A critical issue identified is the lack of harmonized technical standards for authenticating caller IDs and tracing fraudulent calls back to their origin.

• Cross-Border Criminality: With no borders to limit them, these criminal networks exploit varying regional laws to evade capture and prosecution, demanding enhanced cross-border collaboration.

• Impediments to Investigation: Poor information sharing, unclear police mandates, and uncoordinated anti-spoofing tools are significant barriers, hindering effective law enforcement actions.

Strategic Priorities

Responding to Europol's call involves addressing three strategic priorities:

1. Adopt Harmonized Technical Standards: Establish uniform systems for tracing calls. Developing authentication protocols can significantly reduce the technological advantages criminals currently enjoy.

2. Enhance Cross-Border Collaboration: Cultivate seamless partnerships among law enforcement, industry stakeholders, and regulators. This ensures comprehensive, real-time data exchange and coordinated efforts to track and apprehend offenders.

3. Pursue Regulatory Convergence: By streamlining regulations concerning caller ID usage and lawful traceback requests, we can eliminate the loopholes that criminals exploit.

Industry Implications

The implications are profound for telecom operators, tech companies, and financial institutions who are frequent targets or conduits of these spoofing attacks. Failing to mitigate these risks could lead to severe reputational damage, financial loss, and compromised customer trust.

Potential Solutions

Telecommunication and security industries must re-engineer their infrastructures to accommodate new security measures. Potential solutions include:

• Advanced Caller ID Authentication: Deploy technologies like STIR/SHAKEN protocols, which validate the authenticity of caller IDs across networks.

• Integrated Law Enforcement Platforms: Develop platforms that facilitate real-time information sharing and case management between jurisdictions.

• Public Awareness Campaigns: Educate the public on recognizing spoofing attempts and encourage timely reporting to authorities.

What's the Score?

This spoofing saga reflects a disturbing sentiment of alarm, with Europol's warnings indicating a strong negative outlook. The situation necessitates swift, coordinated action to thwart these malevolent maneuvers. With an immediate time to impact, stakeholders must pivot quickly to address these vulnerabilities effectively.

With the telephonic tricksters persistent and the stakes rising, collaboration isn’t just useful—it's mandatory. This is a wake-up call with the potential for severe consequences if left unanswered. The window for action is immediate—pick up the pace or soon, these 'phantom' calls might haunt even your network.

Vendor Diligence Questions

1. How does your company ensure compliance with evolving telecommunication security standards?
2. What capabilities do you offer to trace and authenticate caller IDs effectively?
3. Can you provide references or case studies showcasing successful cross-border collaborations?

Action Plan

1. Audit Current Systems: Conduct a thorough evaluation of existing call authentication and tracing mechanisms.
2. Prioritize Stakeholder Engagement: Initiate dialogue with regulatory bodies, industry partners, and cyber defense teams to strategize collective responses.
3. Drive Innovation in Security Solutions: Invest in advanced technologies and propose policy amendments that support robust caller ID authentication.

Source: Europol Warns of Rising Threat From Caller ID Spoofing Attacks

Risky Business: The Art of Audit-Proofing Cyber Assessments

Audit-proof? More like "audaciously" proof.

What You Need to Know

The board needs to understand that writing audit-proof risk assessments is becoming a non-negotiable element of organizational security and compliance. A robust risk assessment process mitigates potential audit failures and strengthens enterprise security posture. Executives are expected to prioritize the implementation of standardized, transparent processes that fulfill statutory and voluntary compliance prerequisites, safeguarding organizational integrity and ensuring readiness in case of audits.

CISO Focus: Risk Management and Compliance
Sentiment: Positive
Time to Impact: Immediate

With increasing scrutiny on organizational cyber resilience, creating effective, audit-proof risk assessments has never been more critical. These assessments ensure compliance and help identify vulnerabilities and the measures needed to address them, ultimately fortifying an organization’s cyber defense.

The Anatomy of an "Audit-Proof" Assessment

1. Clarity and Comprehensiveness:

   • An audit-proof risk assessment must detail each threat and corresponding mitigation strategy clearly and comprehensively. This step ensures that everything is documented, minimizing errors or omissions during audits.

2. Adherence to Standards:

   • Align assessments with industry-accepted frameworks like NIST, ISO 27001, or CIS Controls. These provide a structured guideline ensuring consistency and comprehensibility in your approach.

3. Documenting the Process:

   • Robust documentation not only assists in the development and maintenance of the risk management process but also serves as a reference for internal and external auditors to verify compliance.

4. Continuous Update and Review:

   • Regular updates are critical—threat landscapes evolve rapidly, necessitating ongoing reassessment and adjustment of risk management frameworks.

Structuring Your Cyber Safeguard

• Identify Assets: Know what you’re protecting; inventory includes all hardware, software, and data assets critical to operations.

• Risk Analysis: Establish potential threats to each asset, evaluate the magnitude of possible impacts, and identify existing vulnerabilities.

• Risk Mitigation: Develop strategies to minimize risks—this could range from implementing new security protocols to fortifying existing defenses.

• Implementation and Monitoring: Execute risk mitigation strategies and regularly monitor their effectiveness, adapting as necessary to evolving risks.

The Perks of Being Thorough

• Avoiding Red Flags in Audits: A meticulously crafted risk assessment demonstrates due diligence when auditors come knocking, potentially mitigating liabilities.

• Building Trust with Stakeholders: Consistent and transparent risk management fosters confidence among stakeholders, reinforcing trust in the organization's security posture.

• Strategic Decision Making: An audit-proof approach provides an invaluable roadmap that informs key business decisions related to security investments and initiatives.

When Risk Stops Being a Gamble

Acknowledging the importance of audit-proof risk assessments is the first step towards ensuring that your organization doesn’t just survive audits but thrives under scrutiny. Organizations focusing on robust assessment protocols witness fewer operational hiccups and experience more seamless compliance journeys.

Sentiment Analysis

The sentiment surrounding audit-proof risk assessments is strongly positive, as it emphasizes preparedness and resilience—both crucial for an organization’s long-term success.

Time to Impact

Given the dynamic nature of threats, the time to impact for an organization implementing audit-proof risk assessments is immediate, providing immediate advantages in compliance and risk mitigation.

Vendor Diligence Questions

1. How do you define and manage the scope of risk assessments conducted for clients?
2. What mechanisms do you employ to ensure ongoing compliance with evolving cybersecurity frameworks?
3. Can you describe a recent instance where your risk assessment mitigated potential audit risks for a customer?

Action Plan

1. Initiate Internal Workshops: Train the team on the latest risk assessment frameworks and practices.
2. Appoint a Compliance Officer: Designate a team member to oversee and regularly report on the state of compliance and risk management efforts.
3. Conduct Mock Audits: Simulate audit scenarios to test the robustness of current risk management frameworks and documentation.

Source: The Do's & Don'ts of Writing Audit-Proof Risk Assessments | UpGuard

New Herodotus Android Malware: When Typing Seems Too Human

Some malware just want to watch the keyboard burn.

What You Need to Know

A new strain of Android malware, dubbed "Herodotus," has emerged with an uncanny ability to mimic human typing behavior, thereby evading detection by security measures. This development poses significant risks to Android users, as traditional security software may not be equipped to recognize this sophisticated technique. Immediate assessment of your organization's mobile security protocols is critical. Facilitate cross-departmental communications to ensure employees are aware of the potential risks and know the signs of infection. C-level executives should prioritize a review of current mobile security strategies.

CISO Focus: Mobile Malware and Endpoint Security
Sentiment: Strong Negative
Time to Impact: Immediate

In the cyber threat landscape, creativity is both a boon and a bane. While innovation drives robust security measures, it also equips cybercriminals with novel tools of deception. One recent emergence is the New Herodotus Android malware, an elusive cyber foe reminiscent of an artful dodger. Its clever gimmick? Mimicking human typing to evade detection.

Why Herodotus Stands Out

Unlike conventional malware that often relies on brute force, Herodotus steps up the game by acting like a well-trained typist. It monitors text inputs and seamlessly integrates its malevolent activities within normal user operations, mimicking real-time human interactions on your smartphone.

• Evading Detection: Herodotus’ trickery makes it hard for behavioral-detection algorithms to spot anomalies, as it looks like any other human interaction. It injects its nefarious payload slowly and steadily, leaving no space for typical heuristic patterns to sound the alarm.

• Evolving Threats: Cybersecurity experts are concerned that Herodotus could set a precedent for future malware, which could increasingly adopt similar tactics to cloak their activities amidst legitimate user behaviors.

Immediate Risks and Vulnerabilities

The potential risks associated with Herodotus are dire. This malware doesn’t steal data or plant ransomware in the traditional ways but opens a new front in the cybersecurity war—a fight against deceptive human imitation.

• Sensitive Data Exposure: By integrating itself with user operations, Herodotus can access and exfiltrate sensitive data, such as login credentials and personal identification numbers.

• Endpoint Exploitation: This threat exploits the weakest link in the security chain: human devices. Organizations with Bring Your Own Device (BYOD) policies are specifically at risk if Herodotus infiltrates employee personal devices carrying sensitive corporate data.

Guarding Against the Ghost in the Machine

Countering a threat that cloaks itself in benign activity requires a multi-layered approach. Here are some suggestions for organizations to consider:

• Endpoint Monitoring: Redouble efforts on endpoint monitoring solutions that can detect nuanced patterns of behavior characteristic of human mimicry.

• User Training: Educate employees on identifying unusual app behaviors and consistently update them on potential malware signs.

• Security Partnerships: Work closely with security vendors offering advanced mobile threat defense insights and services.

Pre-empting Future Variants: Forward-Looking Thoughts

The appearance of Herodotus is a stark reminder for cybersecurity practitioners: vigilance and innovation must evolve at a pace matching, if not exceeding, that of cyber attacks.

• Threat Intelligence Sharing: This becomes crucial in foreseeing and preemptively warding off similar future threats. Encourage industry-wide collaboration to refine attack pattern recognition.

• AI-aided Solutions: Employ artificial intelligence tools trained to differentiate genuine user behavior from malware activities based on extensive behavior databases.

• Updating Security Protocols: Refine, test, and update security protocols frequently, ensuring they account for these innovative malware approaches.

Vendor Diligence Questions

1. How does your mobile security solution detect and respond to malware that imitates human interactions?
2. What AI-driven capabilities are incorporated into your security tool to adapt to evolving malware tactics such as Herodotus?
3. Can your solution conduct real-time behavior analysis without compromising device performance?

Action Plan

1. Immediate Device Audit: Conduct a security audit of all Android devices used within the organization to check for signs of infection.
2. Security Update Rollout: Implement necessary updates to all security software immediately, focusing on mobile device protection.
3. User Awareness Campaign: Launch an internal awareness campaign to alert employees of this specific threat and educate them on recognizing potential risks.
4. BYOD Policy Review: Reassess your organization’s BYOD policy to ensure it comprehensively addresses and mitigates risks associated with mobile malware.

Source: "New Herodotus Android malware fakes human typing to avoid detection," Bleeping Computer, 2023.

Click or Be Locked: The Deadline Looms for 2FA Key Re-enrollment

If you snooze, you lose—literally, access to your account.

What You Need to Know

Executives need to be aware that staff must re-enroll their Two-Factor Authentication (2FA) security keys by November 10, 2023. Failure to do so will result in employees being locked out of their accounts, potentially causing disruptions in business operations. Immediate action is required to ensure compliance and continuous access.

CISO focus: Identity and Access Management
Sentiment: Negative
Time to Impact: Immediate

In the cyber jungle, where digital security is ever-important, X users are now faced with an impending deadline that could see them locked out of essential systems. November 10 is D-Day for those who have yet to re-enroll their Two-Factor Authentication (2FA) security keys. This move, prompted by X's latest security diligence, requires users to either comply promptly or face exclusion.

Why Re-enrollment?

The re-enrollment announcement by X has been tagged as a preemptive measure against possible security breaches. Two-Factor Authentication, commonly referred to as 2FA, adds an extra layer of security to user accounts. By making users confirm their identity through two independent factors, X aims to fend off unauthorized access.

According to X, this mass re-enrollment drive is part of a broader attempt to integrate updated security protocols as technothreats become more sophisticated.

What Happens if You Don't Comply?

If users fail to re-enroll their 2FA security keys by November 10, the consequences are as inevitable as they are frustrating: account lockout. This does not mean a permanent banishment but would require time-consuming recovery processes, which impact productivity and may engender mistrust among users.

The lockout poses a risk not only to individual users but also to organizational workflows reliant on consistent app access. Organizations need to ensure full compliance lest they find themselves hampered by locked accounts and disengaged employees.

How to Navigate the 2FA Minefield

Re-enrolling your 2FA security keys may sound ominous, but X has provided clear guidelines. Users need to log into their accounts and follow the steps detailed in X’s support documentation to complete re-enrollment.

Organizations should disseminate these guidelines among staff, promote urgency and clarity through internal communication channels, and ensure that support systems are in place to help users navigate the process.

• Guidelines for Re-enrollment:
  • Log into your X account.
  • Navigate to the security settings.
  • Follow the on-screen instructions to re-enroll your 2FA security key.

The Wider Implications

The mandate for re-enrollment has brought mixed reviews. While some see it as a necessary security mechanism to stave off cyber threats, others view this as a burdensome task, especially for larger organizations where thousands of accounts are at stake.

Phishing attacks, password breaches, and other cybercriminal activity levels account for the increased emphasis on 2FA, as noted by leading security experts. To mitigate these risks, companies and users alike must treat this re-enrollment process with the urgency it demands.

The cybersecurity landscape is ever-shifting, and staying one step ahead involves adapting to new protocols swiftly. X’s push for stricter 2FA usage reinforces this trend and underlines a broader industry move towards better identity management systems.

The Final Countdown

As the days tick down to November 10, inaction is not an option. Organizations have a short window to ensure that their teams are aligned with new security measures, even as the world of cyber threats expands. In this digital age, where access is king, failure to comply with 2FA requirements is akin to leaving the palace doors wide open.

Vendor Diligence Questions

1. What measures has the vendor implemented to ensure a smooth and secure re-enrollment process for 2FA?
2. Does the vendor offer customer support services to assist our organization during this mass re-enrollment period, and what are their service level commitments?
3. How does the vendor handle potential account lockouts, and what recovery options do they offer to minimize business disruption?

Action Plan

1. Internal Communication: Immediately inform all staff about the re-enrollment requirement and deadline.
2. Technical Guidance: Provide detailed instructions and support for the re-enrollment process.
3. Monitoring and Reporting: Establish a tracking mechanism to monitor re-enrollment progress and report on compliance status.
4. Recourse Preparation: Prepare for potential lockout incidents by creating a rapid response team to handle recovery processes quickly.

Source: X: Re-enroll 2FA security keys by November 10 or get locked out

CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career.

We’re a small startup, and your subscription and recommendation to others is really important to us.

Thank you so much for your support!

CISO Intelligence by Jonathan Care is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International