Welcome to this week’s edition of CIOsurge!

This week:

• A new phishing kit, "Sneaky 2FA," bypasses Microsoft 365 2FA protections, posing serious risks to enterprise security.

• FinOps automation is transforming cloud cost management with smarter tools and strategies from leaders like Intuit and Roku.

• TD Synnex and Woolpert appoint new CIOs to spearhead AI initiatives and digital transformation.

Let’s make this week a game-changer.

Stay sharp. Stay ahead.

🎣 New phishing kit targets Microsoft 365 accounts with 2FA bypass

A new phishing kit, dubbed "Sneaky 2FA," targets Microsoft 365 accounts, bypassing two-factor authentication (2FA) protections. Discovered by Sekoia, the phishing-as-a-service kit has been active since late 2024 and operates via Telegram. It uses compromised infrastructure, advanced anti-bot measures, and fake authentication pages to harvest credentials and 2FA codes, posing a significant threat to enterprise security.

The rise of phishing kits like Sneaky 2FA highlights the increasing sophistication of adversarial tactics. This kit specifically targets Microsoft 365 accounts, a cornerstone for many organizations. What’s alarming is its ability to bypass 2FA protections, which many CIOs rely on as a critical security measure. It's another reminder that even robust defenses can have vulnerabilities.

This development underscores the importance of continuous vigilance and layered security. Educating teams on recognizing phishing attempts, monitoring for suspicious login activity, and deploying solutions like Conditional Access Policies in Microsoft environments can help mitigate this risk. As these threats evolve, so must our strategies to counter them.

- Zack Tembi

Read the full story

💰 FinOps automation advances cloud cost management

FinOps automation is revolutionizing cloud cost control by combining data engineering, targeted optimization, and accessible tools. Intuit's focus on AWS account-based cost management and Roku's effort-to-savings prioritization highlight strategies to cut costs effectively. These examples showcase how automation drives transparency, accountability, and significant financial savings in the cloud.

Cloud costs are often among the largest and most volatile line items in IT budgets. The experiences of Intuit and Roku underscore the importance of automation in bringing these expenses under control. Automation isn't just about efficiency—it’s about enabling IT teams to make smarter, more agile decisions that align technical resources with business objectives.

FinOps automation is especially relevant for CIOs overseeing complex multi-cloud or Kubernetes environments. Tools that provide actionable insights, like Roku's effort-savings mapping, can empower teams to focus on high-impact optimizations. This isn't just cost-saving; it's a way to ensure IT infrastructure remains scalable and aligned with organizational growth.

 - Zack Tembi

Read the full story

💬 Zack's Take

Continuous Coaching Over Annual Reviews

One of the biggest gaps in leadership today is the outdated reliance on annual performance reviews. With the rapid pace of change in technology and evolving business needs, annual reviews are no longer sufficient. Employees’ needs and priorities shift weekly or monthly, making continuous feedback and coaching essential for retaining talent and maintaining productivity.

CIOs should focus on building a culture where regular check-ins are the norm. This includes equipping frontline managers with the tools and processes to conduct effective one-on-ones. These sessions shouldn’t just review past performance—they should be forward-looking, addressing current challenges, aligning on priorities, and ensuring employees have the resources to succeed.

Organizations that implement continuous coaching not only improve retention but also foster stronger alignment between team members and company goals. By addressing issues early and regularly, businesses can avoid the costly turnover that comes from employees feeling undervalued or misaligned with their roles.

🗞️ At A Glance

Trump unveils Stargate, a $500B AI infrastructure push

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Google Cloud links poor credentials to nearly half of all cloud-based attacks

Microsoft joins the European cloud group that sued it for antitrust

Microsoft AutoGen v0.4: A turning point toward more intelligent AI agents for enterprise developers

Deepfakes and cybersecurity: Tackling evolving digital threats

Adoption of AI in Cybersecurity Grows, but Experts Say Risks Remain High

💡 CIO Spotlights

TD Synnex names Kristie Grinnell as new CIO

• Kristie Grinnell, formerly CIO at DXC Technology, steps into the CIO role at TD Synnex, succeeding Bonnie Smith.

• Grinnell will oversee the revamped MyShop B2B ecommerce platform, which incorporates AI-driven features to enhance partner and customer experiences.

• With a background in IT, supply chain, and business integration, Grinnell is positioned to drive innovation and operational efficiency.

  Read the full story

Woolpert CIO Carl Lucas to lead global IT and AI initiatives

• Carl Lucas joins Woolpert as CIO, tasked with enhancing cybersecurity, IT integration, and a holistic AI program for global operations.

• With over 30 years of IT experience, including leadership in the geospatial sector, Lucas aims to drive transformative IT and AI advancements.

• Woolpert leadership cites Lucas’ innovative mindset and scalability expertise as key to supporting their strategic vision.

  Read the full story

🗞️ Submit a Section

Want to be featured in the next edition of CIOsurge?

Send us your story

🤝 Jobs

CIO - ROC

CISO - Peraton

CISO, VP of Cybersecurity - Amentum

CIO - Population Services International

CISO, Senior Director - Otsuka Pharmaceutical Companies (U.S.)