Hoang: My background sits at the intersection of enterprise IT, data protection, and cybersecurity. I've spent much of my career working with CIOs and CISOs on resilience - how organizations protect, recover, and govern their most critical data in the face of cyber threats, outages, and operational risk. Today, as CIO at Commvault, I see security not as a standalone function, but as a core business capability.
The funding will establish a Government Cyber Unit, led by the UK's CISO and overseen by the Department for Science, Innovation and Technology (DSIT), to improve risk identification, incident response, and recovery capabilities. The unit will also create a dedicated Government Cyber Profession, elevating cybersecurity from its current placement under the broader Government Security Profession.
Broadcom divided it across VMware Cloud Foundation (VCF), , and Application Networking and Security (ANS) divisions. Broadcom president and CEO Hock Tan presides over division heads Krish Prasad (VCF), Purnima Padmanabhan (Tanzu), and Umesh Mahajan (ANS). Senior vice president for global commercial sales and partners Brian Moats oversees roughly remaining VMware partners since the r Registered tier was jettisoned. Pre-acquisition, VMware turned over $13bn.
CISOs often operate in environments where security is underfunded, under prioritised, or misunderstood at the board and C-suite level. A lack of senior-level buy-in trickles down into: Budget constraints that limit the scope and impact of the CISO function, including resources for tooling and automation. Skills shortages and restrictive operating models that prevent effective delegation. Strategic misalignment, where short-term delivery is prioritised over long-term business resilience and customer outcomes.
Financial institutions are facing a new reality: cyber-resilience has passed from being a best practice, to an operational necessity, to a prescriptive regulatory requirement. Crisis management or Tabletop exercises, for a long time relatively rare in the context of cybersecurity, have become required as a series of regulations has introduced this requirement to FSI organizations in several regions, including DORA (Digital Operational Resilience Act) in the EU; CPS230 / CORIE (Cyber Operational Resilience Intelligence-led Exercises) in Australia;
In what officials described as a call to arms, national security officials and ministers are urging all organisations, from the smallest businesses to the largest employers, to draw up contingency plans for the eventuality that your IT infrastructure [is] crippled tomorrow and all your screens [go] blank. The NCSC, which is part of GCHQ, said highly sophisticated China, capable and irresponsible Russia, Iran and North Korea were the main state threats, in its annual review published on Tuesday.
The age of agentic AI - where autonomous systems make decisions and take actions at speed - has dawned in ways government agencies may struggle to grasp. As agencies explore ways to bring agentic AI into public service, resilience can no longer be a component of the strategy; it is the strategy. When integrating AI agents, the federal government must prioritize rapid reversibility and transparent, auditable recovery.
