惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
S
Securelist
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
量子位
博客园 - Franky
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
T
Troy Hunt's Blog
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
小众软件
小众软件
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
L
LINUX DO - 最新话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Microsoft Security Blog
Microsoft Security Blog
T
Tailwind CSS Blog
博客园_首页
云风的 BLOG
云风的 BLOG
V
Vulnerabilities – Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
Engineering at Meta
Engineering at Meta
Forbes - Security
Forbes - Security
T
Tenable Blog

Security & Identity

Introducing k8s-aibom on GKE for automated AI bills of materials | Google Cloud Blog Contributing to U.K. financial sector resilience as a critical third party | Google Cloud Blog Meet the 33 cybersecurity startups joining the Gemini Startup Forum | Google Cloud Blog Drive proactive security, prioritize risks with Google Threat Intelligence and Wiz ASM | Google Cloud Blog Shift into high gear with agents: Securing the software-defined vehicle | Google Cloud Blog New IDC study: How Mandiant transforms security into a competitive advantage | Google Cloud Blog Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval | Google Cloud Blog Cloud CISO Perspectives: How Google Cloud Security uses AI internally | Google Cloud Blog Securing agentic AI: What's new in VPC Service Controls | Google Cloud Blog Verifiable trust in the AI era: What’s new in Confidential Computing | Google Cloud Blog Choice, compliance, and collaboration: Europe’s path to open digital sovereignty | Google Cloud Blog Driving the UK’s next chapter: From AI potential to agentic reality | Google Cloud Blog Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment | Google Cloud Blog Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense | Google Cloud Blog Powering the next era of Confidential AI Detecting and containing AI-powered threats with Google Security Operations agents Cloud CISO Perspectives: How to build an AI-ready security program for the public sector Introducing Google AI Threat Defense to help you outpace the adversary Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs Why cloud infrastructure is the foundation for digital health in 2026 Beyond source code: The files AI coding agents trust — and attackers exploit What's new in IAM: Security, governance, and runtime defense Google named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies Introducing Agent Gateway ISV ecosystem for security and governance Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI Next ‘26: Redefining security for the AI era with Google Cloud and Wiz | Google Cloud Blog Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog Next ‘26: Announcing new partner-supported workflows for Google Security Operations | Google Cloud Blog Essential AI and cloud security now on by default Securing AI inference on GKE with Model Armor A Leader in Forrester Wave Sovereign Cloud Platform 2026 See beyond the IP and secure URLs with Google Cloud NGFW Cloud CISO Perspectives: RSAC: AI, security, and the workforce of the future How to build AI agents with Google-managed MCP servers Bringing dark web intelligence into the AI era RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence IAP integration with Cloud Run Why context is the missing link in AI data security Welcoming Wiz to Google Cloud: Redefining security for the AI era Cloud CISO Perspectives: New Threat Horizons report highlights current cloud threats Google named a Leader in IDC MarketScape: U.S. SLG Professional Security Services Introducing the Google Cloud recommended security checklist Cloud CISO Perspectives: How Google approaches critical security topics, from fundamentals to AI Sovereignty and European competitiveness: A partnership-led approach to AI growth Cloud CISO Perspectives: New AI threats report: Distillation, experimentation, and integration Delivering a secure, open, and sovereign digital world Introducing Single-tenant Cloud HSM for more data encryption control Cloud CISO Perspectives: 5 top CISO priorities in 2026
Cloud CISO Perspectives: How CISOs can pursue technical and cultural resilience (Q&A) | Google Cloud Blog
Thiébaut Meyer · 2026-04-15 · via Security & Identity

Welcome to the first Cloud CISO Perspectives for April 2026. Today, Thiébaut Meyer and Lia Wertheimer from Google Cloud’s Office of the CISO share Thiébaut’s conversation with Matt Rowe, chief security officer, Lloyds Banking Group, on how security leaders can simultaneously pursue technical and cultural resilience.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

How CISOs can pursue technical and cultural resilience (Q&A)

By Thiébaut Meyer, Director, and Lia Wertheimer, Program Manager, Office of the CISO

https://storage.googleapis.com/gweb-cloudblog-publish/images/Thiebaut_Meyer_2025.max-2200x2200.jpg

In cybersecurity, we have long operated under a dangerous assumption: that the "always-on" nature of the role is a badge of honor. We treat the CISO as a biological shock absorber, expected to sustain high-performance output amidst a state of permanent volatility. But as the pace of change continues to accelerate, we are reaching a tipping point where this reliance on individual effort is no longer a sustainable strategy — it is a structural fragility.

https://storage.googleapis.com/gweb-cloudblog-publish/images/Lia_Wertheimer.max-600x600.png

To address the constant reactivity mode and the compounding demands placed on security leaders and their teams, we must move beyond a focus on personal grit and toward a dual mandate of resilience. This requires an honest look at where our technical structures and our human cultures intersect.

True resilience is more than a single initiative. It’s the intersection of two distinct disciplines:

  • Operational resilience: This is the technical “shift down,” a process of radical consolidation and simplification that can reduce the noise of fragmented tools to build a secure-by-default foundation. It’s about creating a technical environment that is robust enough to survive shocks — without constant manual intervention.
  • Cultural resilience: This is the organizational "safe system of work" that focuses on the mindset, behaviors, and psychological safety required to keep a team effective under pressure. This system can help a team adapt and thrive even when the technical systems are under fire (or on fire.)

When these two resilience strategies align, we move from a state of "chaos coordination to a sustainable operating model.

We sat down with Matt Rowe, chief security officer, Lloyds Banking Group, to explore how to pursue this alignment at a recent CISO Community event in Madrid. While our technical discussions at the event focused on shifting down the stack to manage sprawl, Matt offered a masterclass in the human side of the equation. We compared notes on how to scale these performance insights into a functional department that can endure the long game.

The following transcript has been lightly edited.

Thiébaut Meyer: We often talk about the CISO’s endurance as a personal burden to carry, but you’ve argued that we need to bake that resilience into the very fabric of the security function. In my view, high performance and resilience are inseparable — can you talk about how you see that relationship playing out in a high-stakes environment?

https://storage.googleapis.com/gweb-cloudblog-publish/images/Matt_Rowe_2.max-800x800.jpg

Matt Rowe: I couldn't agree more, Thiébaut. I see them as two sides of the same coin. This is a tough gig: The stakes are high and the pace is relentless.

There’s a Haitian proverb: "Behind the mountains, more mountains." In cybersecurity, that’s our daily reality. Resilience at the team level is about creating the conditions where people can keep climbing those mountains without losing their intrinsic motivation.

Thiébaut Meyer: I’ve observed a tug-of-war in our industry. We treat the CISO as a biological asset that must be ‘fueled’ for 24/7 performance, yet the mission often demands an unsustainable fusion of the leader’s identity with the role itself. How do you think we move toward a model where the organization, not the individual, is the shock absorber?

Matt Rowe: I think we need to have three things in balance: the needs of the individual, the needs of the team, and the needs of the company. While wellness is the engine, the team dialogue should be about how we get from good outcomes to great outcomes. We can’t just focus on the individual in a vacuum, we have to show how their unique strengths ladder up to the team's success.

Thiébaut Meyer: Like many CISOs, I’ve spent my fair share of time on that continuous treadmill where you feel there isn't a second to breathe. I’ve personally found that if we don't force a pause, the team will eventually break. How are you building that into your own operating model?

I’m a firm believer that psychological safety isn't something you can just delegate. You have to model it yourself, especially when things go wrong.

Matt Rowe: You have to artificially create moments of pause and recovery. Because the mountains are endless, the leader must set the cadence. We have to get people inspired to have great impact and create conditions where people are striving to do even better.

When there is more to do than time allows, the answer is disciplined prioritization. It’s an opportunity to get really good at saying "not now," so the team can focus on what actually moves the needle.

Thiébaut Meyer: I’m a firm believer that psychological safety isn't something you can just delegate. You have to model it yourself, especially when things go wrong. How do you approach modeling psychological safety at a large organization?

Matt Rowe: For me, it starts with transparency. People need to see me being challenged and observe how I react. It’s about making it obvious that being brave — speaking up, or questioning a process — is what we value. We have to create proof points where people who operate with psychological safety are seen as the role models.

Thiébaut Meyer: We’ve both seen the risks of security teams becoming silos or even fortresses against the rest of the organization. How do you ensure a resilient team remains a business enabler?

Matt Rowe: You have to embed the team’s objectives directly into business priorities. If the company’s mission is to provide lending to small businesses, our mission is to enable them to get those products to market faster and safely.

When the team sees themselves as stewards of the business mission, it changes the mindset from one of security versus the business to one of shared resilience.

Learn more about building resilient organizations

Building a resilient organization is a continuous journey. As we navigate the mountains ahead, protecting our teams starts with protecting the people behind the roles.

  • Seize the reset moment: Use consolidation as a catalyst to demystify complexity. Reducing the tool stack is the first step toward reducing the mental load on your team.
  • Be like water: Adopt a mindset of flexibility. The most resilient organizations are those that can make quick, flexible decisions.
  • Mandate the pause: In an environment of endless mountains, the leader's primary job is to set the cadence of recovery and enforce disciplined prioritization.
  • Architecture over effort: Resilience isn't about being tough enough to handle adverse situations, it’s about being more intentional with our technology, our team design, and our shared mission so that we can achieve our goals and avoid burning out.

While it’s a full house at Google Cloud Next in Las Vegas, you can still be part of the action by registering for a complimentary digital ticket to access select sessions.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

  • How Google Does It: An inside look at cybersecurity: Learn how Google approaches some of today's most pressing security topics, challenges and concerns, straight from Google experts. View the collection.
  • Raising the security baseline: Essential AI and cloud security now on by default: To support the next generation of AI innovators, we are offering on by default essential AI security and cloud security in Security Command Center Standard. Read more.
  • Guardrails at the gateway: Securing AI inference on GKE with Model Armor: Here’s how to secure AI inference on Google Kubernetes Engine with Model Armor and high-performance storage. Read more.
  • Google Cloud named a Leader in The Forrester Wave™: Sovereign Cloud Platforms, Q2 2026: Google Cloud has been named a Leader in The Forrester Wave™: Sovereign Cloud Platforms, Q2 2026, validating our portfolio of choice approach. Read more.
  • See beyond the IP and secure URLs with Google Cloud NGFW: Announcing domain filtering with a wildcard capability in Cloud NGFW Enterprise, providing increased security and granular policy controls. Read more.
  • VRP 2025 year in review: How did Google’s vulnerability reward program do in its 15th year? $17 million awarded, more than 40% over the previous year. Read more.
  • Google Workspace’s continuous approach to mitigating indirect prompt injections: We’re sharing more detail on the continuous approach we take to improve the layered architecture of our indirect prompt injection defenses, and to solve for new attacks. Read more.
  • Protecting cookies with Device Bound Session Credentials: A significant step forward in our ongoing efforts to combat session theft, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. Read more.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

  • M-Trends 2026: Data, insights, and strategies from the frontlines: Grounded in over 500,000 hours of frontline incident investigations conducted by Mandiant globally in 2025, M-Trends 2026 provides a definitive look at the TTPs actively being used in breaches today. Read more.
  • iOS exploit chain DarkSword adopted by multiple threat actors: Google Threat Intelligence Group (GTIG) has identified a new full-chain exploit that uses zero-day vulnerabilities to compromise iOS devices, and has observed multiple commercial surveillance vendors and suspected state-sponsored actors using it in distinct campaigns. Read more.
  • vSphere and BRICKSTORM Malware: A defender's guide: To help organizations stay ahead of the risks documented in recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), we’ve created this guide to help you focus on essential hardening strategies and mitigating controls necessary to secure critical assets. There’s also an automated script to help you apply some of the guidance. Read more.
  • North Korea-nexus threat actors abused compromised Axios NPM package in supply chain attack: GTIG is tracking an active software supply chain attack targeting Axios, a popular node package manager (NPM). We attribute this activity to UNC1069, a financially-motivated North Korea-nexus threat actor active since at least 2018. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Podcasts from Google Cloud

  • Can AI-native MDR fix broken SOC workflows: Tenex.AI’s Eric Foster and Bashar Abouseido discuss the impact of AI on security operations center workflows, and how best to measure its success, with hosts Anton Chuvakin and Tim Peacock. Listen here.
  • Why we keep failing at supply chain security: Have we reached the point where our security tooling is actually our largest unmanaged attack surface? Dan Lorenc, founder and CEO, Chainguard, chats about how convenience impacts supply chain security, with hosts Anton and Tim. Listen here.
  • Defender’s Advantage: Using Google Threat Intelligence to hunt adversaries on the dark web: Host Luke McNamara sits down with Google Threat Intelligence experts Jose Nazario and Brandon Wood on the new dark web and underground monitoring capabilities, and how AI is fundamentally changing the way defenders track adversaries. Listen here.
  • Behind the Binary: What happens when botnet operators show up in court: Host Josh Stroschein is joined by Pierre-Marc Bureau from Google’s Threat Analysis Group (TAG) to unpack the unprecedented takedown of the Glupteba botnet, from reverse engineering binaries to a surreal showdown in New York courtroom. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.

Posted in