Cyber Security Headlines Department of Know: CISO hiring warning, critical threat actor law, Microsoft Defender outage
Dec 9, 2025
In this engaging discussion, Jason Shockey, CISO at Cenlar FSB, and Mike Lockhart, CISO at EagleView, dive deep into the evolving landscape of cybersecurity. They explore the implications of browser extensions being turned into spyware and debate the UK's proposed ban on ransomware payments. The duo also addresses the rise of complex DDoS attacks and the importance of educating teams on AI-driven extortion. With insights into holistic leadership and CISO skills, they stress the need for bridging technical issues with executive communication.
AI Snips
Chapters
Transcript
Episode notes
Plan For Defender Outages
- Assume critical security vendors will fail and plan for it routinely.
- Test incident response and resilience for one-hour to one-week outages.
Extensions Are A Hidden Supply-Chain Risk
- Browser extensions are code and therefore an attack surface that can be weaponized.
- Long-lived APT campaigns can quietly convert legitimate extensions into spyware.
Treat Hyper-Volumetric DDoS As BAU
- Include DDoS scenarios in business resilience and BAU tabletop exercises.
- Evaluate critical suppliers and document what happens if they go down.