While the New Years barely begun, the contours of its awards race are rapidly coming into focus. Sunday night marked the first major televised awards show of the year with the (surprisingly) re-embraced Golden Globes declaring The Brutalist and Emilia Prez the Best Pictures of the year in separate genres. However, the Golden Globe Foundation consists of fewer than 70 members, nearly all of whom are journalists. Conversely, the Oscars Academy of Motion Picture Arts and Sciences is made up of roughly 10,000 people who work within the film industry itself. Which makes organizations like the Screen Actors Guild and the Directors Guild of America far more interesting bellwethers.Each grouprepresenting actors and directors, respectivelyenjoys overlapping membership with the Academy, and each provides a kind of tea leaves reading for how folks within the Hollywood community feel about this years crop of awards contenders. And wouldnt you know it, both just revealed their nominations for the year in 2024.We wont run on for paragraphs about the full listswhich you can find for SAG here and the DGA herebut the race for the ultimate Oscar prize appears to be coming into focus, particularly when one studies which movies are enjoying the most cross-pollinated support.Indeed, a number of the movies chosen for each groups highest baubleSAGs Outstanding Performance by a Cast in a Motion Picture and the DGAs Theatrical Feature Film prizeoverlap. Jacques Audiards Emilia Prez continues to perform well among awards voters after winning the Best Picture Musical or Comedy at the Globes, as the film has now been nominated in the equivalent award by both the SAGs and DGAs. It is also joined by another possible frontrunner (at least according to prognosticators) in Sean Bakers Anora, which is nominated at the top of both guilds shortlist, alongside Edward Bergers Conclave.Whats interesting, though, is that the other perceived frontrunner, and the movie that the Golden Globes called the Best Picture Drama, was snubbed by the SAGs for its Best Ensemble/Picture prize. In fact, Brady Corbets The Brutalist was barely recognized for its ambitions by the acting guild, which also snubbed Guy Pearce in the Best Supporting Actor category and Felicity Jones in the Best Supporting Actress category. The only SAG nomination the film received was Adrien Brody for Best Actoran award he won at the Globes.Meanwhile James Mangolds Bob Dylan biopic, A Complete Unknown, over-performed beyond the expectations of some prognosticators, earning a best ensemble nomination from SAG and a best director nod from the DGA. Stars Timothe Chalamet, Monica Barbaro, and Edward Norton were also nominated in their respective categories by SAG. The actors guild also elevated Wicked with a nomination for their equivalent of Best Picture while also re-confirming the popularity of Cynthia Erivo and Ariana Grandes performances in that musical with Best Actress and Best Supporting Actress nominations, respectively. Noticeably absent in either guilds Best Picture equivalent was a nomination for Denis Villeneuves Dune: Part Two or some of the films a lot of folks were hoping to get into DGAs directors shortlist SAGs ensemble choicessay, for example, the fascinating cast of Sing Sing. Coralie Fargeats snubbing for Director at the DGAs for her work on The Substance marks another year where at least the DGA failed to nominate a woman for its top prize. Well see if the Academy follows suit in the Best Director category.While most of the nominated movies mentioned above will probably be nominated for Best Picture at the Oscarswhich these days has a mandatory 10 slots openthe dynamics of who has momentum is constantly shifting. For starters, it would seem the actors guild is less won over by The Brutalist than critics, or for that matter directors. So its worth noting that actors make up the biggest branch of the Academy with about 1,200 members being thespians (or about 1/10th of all voters). Admittedly, plenty of films have won Best Picture at the Oscars and not Outstanding Cast at the SAGs, but seven of the last 10 movies to win the Best Picture Oscar were at least nominated in SAGs best ensemble category. And the only time one of the Best Picture winners wasnt in the last five years was when the largely (and intentionally) unprofessional, non-union cast of Nomadland was snubbed by SAG during the year of COVID.While the DGA nomination for Corbetan award we suspect he will winspeaks to how The Brutalist continues to appeal to filmmakers within the industry, its frontrunner status is far from guaranteed. Conversely, it would seem the industry thinks much more highly of A Complete Unknown than some critics, which might not be surprising since previous musical biopics like even the critically reviled Bohemian Rhapsody have ended up in the Oscars Best Picture category. However, Mangold getting a DGA nomination over the aforementioned Fargeat or, for that matter, Denis Villeneuve for Dune or RaMell Ross for Nickel Boys suggests all three films could be closer to the bubble of a Best Picture snubbing than some might like.Outside of the top prize, its also worth noting that Angelina Jolie was noticeably snubbed from a Best Actress nomination by SAG after being also snubbed by the BAFTAs across the pond. Her chances of getting nominated by the Academy for Best Actress appear to be dwindling, just as Demi Moores are on a rapid ascent. A week ago, I wrote about how there was a chance Moore might be snubbed for Best Actress, but after a magnificent acceptance speech at the Golden Globes, following a surprise win no less, her Best Actress nomination appears secure.Yet lest folks want to dub Moore a possible frontrunner, keep in mind that, again, The Substance was snubbed for SAG and the DGAs highest prize. Additionally, Margaret Qualley was also snubbed in the Best Supporting Actress category by the SAGs despite being considered likely to get in. It seems pretensions against the horror genre still run deep. Also instead of Qualley and Jones in Best Supporting Actress, we saw surprise nominations for Danielle Deadwyler in The Piano Lesson and Jamie Lee Curtis in The Last Showgirl. In fact, The Last Showgirl did remarkably well with the SAGs as Pamela Anderson also got into a surprise nomination for Best Actress, edging out not only Jolie but awards season royalty Nicole Kidman for her work in Babygirl. She also got in over Marianne Jean-Baptiste for a remarkable turn in Hard Truths.It is still early goings, all things considered, with the Oscars themselves not happening until March. However, the Academy finalizes its nominations next week and a narrative seems to be forming around certain films, chief among them being Emilia Prez, Conclave, and maybe Anora (which also saw Yura Borisov happily get into Best Supporting Actor at with the SAGs). For the record, ware not counting out at all The Brutalists chances at being the frontrunner, particularly against something as lascivious as Anora. Were simply noting that despite it winning what is traditionally seen as the Globes best predictor for the Oscar, this race is far from over.Join our mailing listGet the best of Den of Geek delivered right to your inbox!

You have to feel sorry for Intel at this point. Not only has Apple left its CPUs in the dust, but AMDs new Ryzan AI Max chips claim to do the same to Intels flagship Core Ultra 9 288V.The new chips take the same approach as Apple Silicon in combining CPU, GPU, and unified memory. AMD doesnt credit Apple with the idea, but does admit the chip wouldnt exist without the Cupertino company Engadget reports that the new chips are available with up to 16 CPU cores, 50 graphics cores, and 128GB unified memory. The result, claims AMD, is that it will render 3D graphics more than two-and-a-half times faster than the Intel Core Ultra 9 288V.AMD denies following in Apples footsteps.You might think AMD was taking a bit of inspiration from Apple Silicon, with its powerful CPU cores, graphics and unified memory. But according to VP Joe Macri, AMD was building towards this long before Apple. We were building APUs [chips combining CPUs and Radeon graphics] while Apple was using discrete GPUs. They were usingour discrete GPUs. So I dont credit Apple with coming up with the idea.However, Macri does admit that this latest chip might never have been developed in the first place without Apples influence.Macri gives Apple credit for proving that you dont need discrete graphics to sell people on powerful computers. Many people in the PC industry said, well, if you want graphics, its gotta be discrete graphics because otherwise people will think its bad graphics, he said.Apple proved that buyers dont care about integrated versus discrete, they only care about the performance. That enabled him to win the corporate politics battle needed to get the go-ahead for the development of the Ryzan AI Max.With the success of Apple Silicon, Macri was finally able to get approval to spend a mind boggling amount of money developing the Ryzen AI Max. I always knew, because we were building APUs, and Id been pushing for this big APU forever, that I could build a system that was smaller, faster, and I could give much higher performance at the same power, he said.The first chance to buy a laptop with the new chip will come in the first half of this year, with the ASUS ROG Flow Z13 and ZBook Ultra G1a (seriously, what is going on with PC naming this year?!) among the machines set to be powered by it.Image: AMDAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Springer Nature, the stalwart publisher of scientific journals including the prestigious Natureas well as the nearly 200-year-old magazine Scientific American, is approaching the authors of papers in its journals with AI-generated "Media Kits" to summarize and promote their research.In an email to journal authors obtained by Futurism, Springer told the scientists that its AI tool will "maximize the impact" of their research, saying the $49 package will return "high-quality" outputs for marketing and communication purposes. The publisher's sell for the package hinges on the argument that boiling down complex, jargon-laden research into digestible soundbites for press releases and social media copy can be difficult and time-consuming making it, Springer asserts, a task worth automating."We know how important it is to communicate your research clearly and effectively to both your peers and the broader public, but it can be tedious and time-intensive to create concise and impactful texts for different audiences," reads the email. "Thats why we're excited to introduce our new Media Kit designed to help you expand the reach and impact of your work."Per the email, the package includes a roughly 250-word "plain language summary" designed to "simplify" research for the public; a roughly 300-word "research brief" that offers a "concise summary" for academic and scientific peers; a short, AI-spun audio summary; and social media copy characterized as "ready-to-use content" for promoting work "across platforms."The content, the publisher adds, will be generated using Springer's own "secure, in-house" AI tool.There's a major catch, though: the tool's "high-quality" outputs can't always be trusted. On an accompanying webpage linked in the email, Springer warns that "even the best AI tools make mistakes" and urges authors to painstakingly review the AI's outputs and issue corrections as needed for accuracy and clarity."Before further use," reads the webpage, "review the content carefully and edit it as you see fit, so the final output captures the nuances of your research you want to highlight."Simon Hammann, a food chemist at the University of Hohenheim, Germany and a Springer-published author who received the emailed offer, characterized the AI media bundle as a cash grab."I find it ridiculous,"he toldFuturism. "It's jumping on the AI bandwagon, where we throw AI at about anything, useful or not. I am even more annoyed by the price tag.""I didn't think there was anything left for publishers to monetize (after having authors acquire the funding, do the research, write the paper, do the peer review, and correct the page proofs for free while they take in all the profits), but here I stand corrected," he continued, adding that the "research brief" promised in the package "is essentially the abstract that you're writing anyway usually."Hammann added that researchers might be "left to wonder" what they're "actually paying for, if the publisher doesn't even see promotion of their outputs as their job, but hands that over to researchers as well."To that end with the exception of the audio summary, at least it's unclear what Springer's $49 package is offering authors that much cheaper or free generative AI tools like OpenAI's ChatGPT or Google's Gemini models can't."At Springer Nature, we understand how vital it is for researchers to be able to communicate their research to different audiences from colleagues and funders to policymakers and the public. This multi-media content bundle offering high-quality, AI-generated summaries and posts has been developed to help them do just that,"the company said in response to questions about this story. "The content is generated using the support of a secure AI-tool."No memory of the paper is retained or stored or used for training," it continued. "The content bundle is only created when requested by the original author of the publication and can be reviewed and edited by the original author, ensuring that a human is always in the loop."Springer has made numerous forays into AI. The publisher announced last year that it would embrace AI as a tool to drive its business and science,purportedly forward, declaring on its website that "Springer Nature is committed to unlock the potential of AI and other emerging technologies to advance scientific discovery and innovation."That apparent commitment appears to be taking shape right now. Earlier this week, for instance, the massive publishing body announced in a press release that it would be deploying a "new AI-driven tool" crafted to automate "editorial quality checks" and notify editors to "potentially unsuitable manuscripts. The announcement adds that manuscripts may be held back from peer review if the AI tool deems them editorially unfit.At the same time, amid a broader field of scientific publishers grappling with a pipe-clogging onslaught of fake, AI-generated studies being submitted for peer review, Springer has been attempting to keep garbage-quality AI entries at bay via two "bespoke AI tools" designed to detect suspicious language and imagery. (Though Springer claimed in a press release last year that both tools proved effective in pilot testing, AI detection tools are notoriously unreliable.)In other words, Springer's embrace of AI has been a juggling act.On the one hand, it's charging researchers for automated social copy and trying to use AI to expedite the review process. On the other, it's deploying AI systems to detect the unauthorized use of AI by authors.Hammann, meanwhile, noted that the publisher's $49 AI upsell is just one of the ways that Springer promises to help scientists promote their work for a little extra dough, that is."Funnily, Springer Nature emailed me with the opportunity to get a 82 x 52 cm poster for my publication," Hammann recalled. "Only $89."More on science journals and AI: Scientific Article With Insane AI-Generated Images Somehow Passes Peer ReviewShare This Article

Jan 09, 2025Ravie LakshmananCybersecurity / MalwareJapan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019.The primary objective of the attack campaign is to steal information related to Japan's national security and advanced technology, the agencies said.MirrorFace, also tracked as Earth Kasha, is assessed to be a sub-group within APT10. It has a track record of systematically striking Japanese entities, often leveraging tools like ANEL, LODEINFO, and NOOPDOOR (aka HiddenFace).Last month, Trend Micro revealed details of a spear-phishing campaign that targeted individuals and organizations in Japan with an aim to deliver ANEL and NOOPDOOR. Other campaigns observed in recent years have also been directed against Taiwan and India.According to NPA and NCSC, attacks mounted by MirrorFace have been broadly categorized into three major campaigns -Campaign A (From December 2019 to July 2023), targeting think tanks, governments, politicians, and media organizations using spear-phishing emails to deliver LODEINFO, NOOPDOOR, and LilimRAT (a custom version of the open-source Lilith RAT)Campaign B (From February to October 2023), targeting semiconductor, manufacturing, communications, academic, and aerospace sectors by exploiting known vulnerabilities in internet-facing Array Networks, Citrix, and Fortinet devices to breach networks to deliver Cobalt Strike Beacon, LODEINFO, and NOOPDOORCampaign C (From June 2024), targeting academia, think tanks, politicians, and media organizations using spear-phishing emails to deliver ANEL.The agencies also noted that they observed instances where the attackers stealthily executed the malicious payloads stored on the host computer within the Windows Sandbox and have communicated with a command-and-control server since at least June 2023."This method allows malware to be executed without being monitored by antivirus software or EDR on the host computer, and when the host computer is shut down or restarted, traces in the Windows Sandbox are erased, so evidence is not left behind," the NPA and NCSC said.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 09, 2025The Hacker NewsData Protection / EncryptionRansomware isn't slowing downit's getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024.Are you prepared to fight back?Join Emily Laufer, Director of Product Marketing at Zscaler, for an eye-opening session, "Preparing for Ransomware and Encrypted Attacks in 2025" filled with practical insights and cutting-edge strategies to outsmart these evolving threats.What You'll Learn:ThreatLabz Insights: Get the latest findings from Zscaler's experts on ransomware and encrypted attacks, including the trends making the biggest impact.2025 Predictions: Find out how ransomware groups are refining their tactics to stay one step aheadand what you can do to stop them.Encrypted DNS Attacks: Learn how cybercriminals exploit DNS over HTTPS (DoH) and DNS over TLS (DoT) to stay hidden while launching devastating attacks.Proven Defense Techniques: Discover how to uncover hidden threats and stop ransomware before it hits your organization.Ransomware doesn't wait, and neither should you. Every day you delay could cost your organization millions or expose sensitive data to attackers.Seats are limitedsecure yours now! Register for the Webinar.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Jan 09, 2025Ravie LakshmananVulnerability / Threat IntelligenceThreat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE).The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then lead to a cross-site scripting (XSS) flaw.Successful exploitation of the 1-click RCE flaw permits an attacker to inject malicious inputs into HTTP response headers by introducing carriage return (\r) and line feed (\n) characters. The flaw impacts KerioControl versions 9.2.5 through 9.4.5, according to security researcher Egidio Romano, who discovered and reported the flaw in early November 2024.The HTTP response splitting flaws have been uncovered in the following URI paths -/nonauth/addCertException.cs/nonauth/guestConfirm.cs/nonauth/expiration.cs"User input passed to these pages via the 'dest' GET parameter is not properly sanitized before being used to generate a 'Location' HTTP header in a 302 HTTP response," Romano said."Specifically, the application does not correctly filter/remove line feed (LF) characters. This can be exploited to perform HTTP Response Splitting attacks, which, in turn, might allow it to carry out reflected cross-site scripting (XSS) and possibly other attacks."A fix for the vulnerability was released by GFI on December 19, 2024, with version 9.4.5 Patch 1. A proof-of-concept (PoC) exploit has since been made available.Specifically, an adversary could craft a malicious URL such that an administrator user clicking on it triggers the execution of the PoC hosted on an attacker-controlled server, which then uploads a malicious .img file via the firmware upgrade functionality, granting root access to the firewall.Threat intelligence firm GreyNoise has reported that exploitation attempts targeting CVE-2024-52875 commenced back on December 28, 2024, with the attacks originating from seven unique IP addresses from Singapore and Hong Kong to date.According to Censys, there are more than 23,800 internet-exposed GFI KerioControl instances. A majority of these servers are located in Iran, Uzbekistan, Italy, Germany, the United States, Czechia, Belarus, Ukraine, Russia, and Brazil.The exact nature of the attacks exploiting the flaw is presently not known. Users of KerioControl are advised to take steps to secure their instances as soon as possible to mitigate potential threats.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

John Edwards, Technology Journalist & AuthorJanuary 9, 20256 Min ReadPanther Media GmbH via Alamy Stock PhotoDisaster recovery technologies are designed to prevent or minimize the data loss and business disruption resulting from unexpected catastrophic events. This includes everything from hardware failures and local power outages to cyberattacks, natural disasters, civil emergencies, and criminal or military assaults.As AI continues to transform and enhance a seemingly endless array of tasks and functions, it should come as no surprise that the technology has caught the attention of disaster recovery professionals.Preparation and ResponseJoseph Ours, AI strategy director at Centric Consulting, says AI can assist disaster recovery in two essential areas: preparation and response. "In many respects, speeding disaster recovery means planning and preparing," he observes in an email interview. Ours notes that a growing number of government agencies and insurance companies are already routinely performing these tasks with AI assistance. "They use predictive and classification models to analyze historical data and environmental factors to determine potential risk."AI-enabled resiliency planning provides speed and precision that traditional methods lack, says Stephen DeAngelis, president of Enterra Solutions, an AI-enabled transformation and intelligent enterprise planning platform provider. "AI's ability to process large volumes of data quickly allows it to detect anomalies and potential risks earlier," he explains in an online interview. Unlike conventional disaster recovery plans, AI-powered solutions are adaptive, updating in real-time as conditions change. "This means companies can pivot their strategies almost immediately, reducing the time needed to return to normal operations and ensuring minimal disruption to the supply chain."Related:Automatic DetectionIn businesses, AI-enhanced disaster recovery automatically detects anomalies, such as ransomware-corrupted data, allowing technicians to skip over unusable files and focus on clean, viable backups, says Stefan Voss, a vice president at data protection and security firm N-able. "This eliminates the time-intensive, manual review process thats standard in conventional recovery methods."AI can also improve boot detection accuracy, ensuring that machines will bounce back successfully after recovery, Voss says in an email interview. "Well-trained AI models can significantly reduce false positives or negatives, enhancing technician confidence in the reliability and efficiency of the restored systems," he explains. "With AI-driven accuracy, organizations can recover systems faster, with fewer errors, and minimize downtime."Related:AI solutions rely on access to high-quality data to generate accurate predictions. "When data is siloed or incomplete, models are likely to produce less reliable results," DeAngelis warns. To ensure success, he advises businesses to establish robust data management practices before implementing AI solutions. "Today, we're seeing innovators develop sophisticated techniques, such as advanced data modeling, to bridge critical data gaps and enhance AI accuracy."Getting StartedAn important first step toward using AI in disaster recovery is conducting a comprehensive assessment of current supply chain vulnerabilities. "Identify critical points of failure and gather historical data on past disruptions," DeAngelis suggests. Next, collaborate with an AI partner to build predictive models that simulate various disaster scenarios, such as geopolitical risks or extreme weather events. Focus on implementing AI tools that integrate seamlessly with existing systems, allowing for smooth data flows and real-time updates. "A phased approach is ideal, beginning with pilot projects and scaling up as the organization gains familiarity with the technology."Related:Voss says the next step should be identifying any existing challenges in the disaster recovery process. "For example, if your main goal is increasing recovery testing accuracy, look for AI tools designed to improve boot detection and guarantee reliable system restoration," he suggests. "On the other hand, if the goal is precisely detecting backup anomalies, focus on AI solutions that specialize in identifying compromised or corrupted data quickly and accurately."After clearly defining the issue at hand, seek out the AI solution that will meet your needs, Voss advises. "Always start with your pain points and let AI provide the answer, not the other way around."ChallengesAI disaster recovery can offer significant advantages, yet it also comes with several serious drawbacks. High development and integration costs can be a barrier, especially for small businesses, Voss says. "The skills shortage in AI expertise makes it difficult for organizations to develop or maintain AI-driven systems."Remember, too, that even with well-trained models, AI is far from infallible. False positives or negatives can occur, potentially complicating recovery efforts, Voss warns. "Additionally, an over-reliance on AI can reduce human oversight, making it imperative to strike a balance between automation and manual processes."Perhaps the biggest drawback is that some disasters arrive as unpredictable black swan-type events. "In this case, AI is neither a benefit nor contributor to the failure to respond because, by their very nature, humans would struggle to respond adequately as well," Ours says.A Competitive EdgeA proactive investment in AI not only mitigates risk but can turn challenges into competitive advantages, DeAngelis says. He notes that by being prepared to adapt quickly when disruptions occur, enterprises can maintain continuity and even capture market share from less-prepared competitors. "As we've seen from recent events, such as the US port strike, hurricane-related supply chain impacts, and the ongoing pressures of inflation, businesses that leverage AI to build resilience are better positioned to thrive in uncertain environments."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Frank Kim, SANS Institute Fellow January 9, 20255 Min ReadEmre Akkoyun via Alamy StockAdopting zero-trust security architectures is increasingly becoming a corporate imperative, with zero trust serving as the recommended approach for building resilience against the evolving nature of enterprise threats. This shift represents more than just implementing the latest and greatest best-of-breed tools. Its a foundational shift away from perimeter-based security controls and external network defenses that were not designed for todays threat landscape.More than 80% of all data breaches today are attributed to human error or negligence, making human risk a pressing security concern amid the rise of hybrid work environments. A zero-trust architecture limits the damage that a compromised user can cause by segmenting the organizations security environment into smaller, isolated zones that restrict the ability to access sensitive data across the entire ecosystem. Unfortunately, the path to effective implementation has proven challenging. Forrester research found that more than 63% of enterprises are struggling to implement zero-trust frameworks, and Gartner predicts that by 2026 only 10% of large enterprises will have a mature and measurable zero-trust program in place.This heightens the role of the transformational CISO to the forefront. CISO success today requires more than being a pure technologist from the SOC room. They need to serve as transformational leaders who are capable of navigating shifting organizational priorities to foster collective buy-in amongst executive leaders, establish effective processes with business line stakeholders, and develop versatile security teams. Cultivating this company-wide alignment is critical to alleviating the roadblocks that hinder zero-trust adoption today.Related:Articulating Zero Trusts ValueNearly 50% of IT professionals describe collaboration between security risk management and business risk management as poor or nonexistent, according to NIST research. As CISOs, its our job to bridge this divide by framing zero trust as an enabler of business agility, operational efficiency, and competitive advantage rather than focusing on technical specifications. Leveraging scenario-based planning and risk quantification techniques can effectively articulate the value of zero trust in terms that resonate with various stakeholders -- correlating the ramifications of cyber incidents to high-value outcomes that impact their department. Marketing leaders, for example, might better appreciate zero trust when they understand how it prevents customer data breaches that result in brand reputational damage.Related:CISOs should establish regular touchpoints with business unit leaders to understand their workflows, pain points, and growth initiatives. This collaborative approach helps identify opportunities where zero trust can enhance business processes rather than hinder them. By securing visible support from the C-suite, CISOs can overcome initial resistance and ensure the necessary resources are allocated for successful implementation. It also helps strengthen organizational buy-in across all employees, giving the company a platform to address concerns, share implementation progress, and maintain alignment with business objectives.Minimizing Organizational FrictionSuccessful zero-trust adoption requires a carefully orchestrated change management strategy. Rather than pursuing lower-risk areas, organizations often achieve better results by starting with mid-risk priorities and moving methodically toward more complex challenges. This approach prevents implementation paralysis and drives meaningful security advancement.Clear communication at every stage is essential. Regular updates, user awareness training, and open feedback channels help maintain transparency and address concerns proactively. When employees realize that zero trust can streamline their access to resources while maintaining security, resistance typically diminishes. The key lies in balancing security requirements with user experience. Modern implementations should leverage automation and contextual access controls to make security seamless. Implementing single sign-on solutions alongside zero-trust principles can enhance both security and convenience, making the transition more palatable for end users.Related:In addition, developing a comprehensive change impact assessment helps identify potential friction points before they emerge. This involves mapping current workflows, understanding dependencies, and creating mitigation strategies. Regular user satisfaction surveys and feedback sessions enable continuous refinement of the implementation approach, ensuring that security measures align with operational needs while maintaining robust protection.Positioning Practitioners for SuccessThe technical complexity of zero-trust architectures demands a targeted focus on skill development amongst security practitioners. With practitioners often wearing multiple hats across architecture, implementation, operations, and monitoring, they must be all-around defenders who are capable of seamlessly transitioning between functional roles. This requires a strong foundational knowledge spanning both on-premises and cloud security domains. Security teams must understand the organization's end-to-end security environment, from network tools to cloud applications, endpoints, and data storage systems.Investment in targeted learning is crucial here. Prioritize formal trainings and upskilling programs that build team-wide competencies and implement cross-training initiatives that facilitate knowledge sharing to reduce key person dependencies and develop operational resilience. Establishing a dedicated zero-trust center of excellence can accelerate this skill development by providing guidance and support to other security team members while maintaining documentation and best practices.The path to zero trust is a continuous journey of organizational transformation. While technical implementation remains crucial, the transformational CISO's ability to bridge cultural gaps, foster organizational alignment, and develop comprehensive team capabilities will determine the success of zero-trust initiatives. As cyber threats continue to evolve and regulatory pressures mount, organizations that successfully execute this cultural and technical transformation will be better positioned to protect their critical assets and maintain business continuity in an increasingly complex threat landscape.About the AuthorFrank KimSANS Institute Fellow Frank Kim is a SANS Fellow where he leads the Cloud Security and Cybersecurity Leadership curricula to help shape and develop the next generation of security leaders. Previously, he served as the organizations CISO where he led the information risk function for the most trusted source of cybersecurity training and certification in the world.See more from Frank KimNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.

Time zones: GMT (UTC +0), CET (UTC +1), CVT (UTC -1)The RoleWere looking for a Technical Customer Support Specialist to join our team! In this role, youll be the first point of contact for our customers, helping them via chat and email (no phone calls). Youll assist with inquiries, troubleshoot issues, and ensure a smooth customer experience.This position is fully remote. However, if youre based near Nantes, youre welcome to work from our office occasionally.What Were Looking ForFluency in English is mandatory: English is our primary working language, so strong written and verbal communication skills are essential.French and a third language required: Fluency in french and in another language (German, Dutch, etc.) is required,Technical knowledge: You dont need to be a developer, but a solid understanding of tech concepts (e.g., HTML/CSS) is required. This isnt a learn on the job rolecome prepared!Team spirit: Empathy, kindness, understanding, active listening, and a collaborative mindset are essential. Youll fit right in if you value teamwork and fostering a positive work environment.Experience: Familiarity with customer support software is a plus, but not mandatory.What Makes Crisp Special?Everyone does support: even our developers contribute to customer support, keeping everyone connected to our users needs.No meetings: Say goodbye to unnecessary meetings and focus on meaningful work.No personal KPIs: We trust you to do great work without micromanagement or performance pressure.Contract DetailsIn France: If youre based in France, youll be hired under a standard employment contract (CDI).Outside France: If you live outside of France, the position will be under a full time freelance service contract. Youll need to have an independent contractor status in your country and be able to issue invoices.Who Can Apply?Must be located within the EU timezone.Immediate availability is a plus.Compensation & PerksThe compensation range for this role is around 30k/35K gross per year , depending on the profileJoin a diverse and inclusive remote-first team that values work-life balance and flexibility.