<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>ciso.blog</title><description>Signal for security leaders — CISOs, C-level, and practitioners. Opinionated takes on cyber risk and security leadership.</description><link>https://ciso.blog/</link><language>en-us</language><item><title>Morning Security Brief — 17 July 2026</title><link>https://ciso.blog/blog/2026-07-17-morning-security-brief/</link><guid isPermaLink="true">https://ciso.blog/blog/2026-07-17-morning-security-brief/</guid><description>Record 622-flaw Patch Tuesday with two active zero-days, exploited SharePoint flaws, agentic ransomware, and what deserves your attention today.</description><pubDate>Fri, 17 Jul 2026 00:00:00 GMT</pubDate><category>risk</category><category>ai-security</category><category>incident-response</category></item><item><title>AI security is a product risk problem first</title><link>https://ciso.blog/blog/2026-07-16-ai-security-product-risk/</link><guid isPermaLink="true">https://ciso.blog/blog/2026-07-16-ai-security-product-risk/</guid><description>Treat model features like any other high-blast-radius launch: ownership, abuse cases, and kill switches — before the slide deck.</description><pubDate>Thu, 16 Jul 2026 00:00:00 GMT</pubDate><category>ai-security</category><category>architecture</category><category>cloud</category></item><item><title>Stop selling fear. Sell residual risk you can own.</title><link>https://ciso.blog/blog/2026-07-15-stop-selling-fear/</link><guid isPermaLink="true">https://ciso.blog/blog/2026-07-15-stop-selling-fear/</guid><description>Fear-mongering burns trust with C-level and bores practitioners. Ownable residual risk builds a real security brand.</description><pubDate>Wed, 15 Jul 2026 00:00:00 GMT</pubDate><category>risk</category><category>culture</category><category>career</category></item><item><title>The board doesn&apos;t want your risk register</title><link>https://ciso.blog/blog/2026-07-14-board-doesnt-want-risk-register/</link><guid isPermaLink="true">https://ciso.blog/blog/2026-07-14-board-doesnt-want-risk-register/</guid><description>They want a decision. Translate cyber risk into business consequence — or lose the room.</description><pubDate>Tue, 14 Jul 2026 00:00:00 GMT</pubDate><category>board</category><category>risk</category><category>governance</category></item></channel></rss>