You have been temporarily restricted. Please be more thoughtful when adding content for your portfolio. Your portfolio and digital media kit and should be reflective of the professional image you wish to convey. Accounts may be temporarily restricted if we receive reports of spamming or if the system detects excessive entries.
Membership
Publish your original ideas on the Thinkers360 platform!
This feature is available for Pro and Pro-Plus Members Only.
Speaker Bureau functionality whereby individuals can be featured speakers within our Speaker Bureau service and enterprises can find and work with speakers.
This feature is available for Pro, Pro-Plus, Premium and Enterprise Members Only.
Contribute to the Thinkers360 Member Blog and have your thought leadership featured on our web site, newsletter and social channels. Reach our opt-in B2B thought leader community and influencer marketplace with over 100M followers on social media combined!
You’ve reached your daily limit for entering quotes. Please only add personally-authored content which is reflective of your digital media kit and thought leadership portfolio.
Thinkers360 Content Library
For full access to the Thinkers360 content library, please join ourContent Planor become a contributor by posting your own personally-authored content into the system viaAdd PublicationorImport Publication.
Unlock your personalized dashboard including metrics for your member blogs and press releases as well as all the features and benefits of our member plans!
Interested in getting your own thought leader profile? Get Started Today.
Kayne McGladrey
Field CISO at Hyperproof
Bellingham, United States
The modern company has an implicit social contract to protect the data entrusted to it. As a cybersecurity professional, my role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors. My consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies.
The ability to fluently speak the languages of both business and technology and effectively communicate complex concepts to non-technical audiences has not only facilitated conversation with company leadership in developing and implementing effective policies to reduce cyber threat, it has made me the go-to person for multiple media outlets and a spokesperson for IEEE’s Public Visibility Initiative.
One of my career priorities is to inspire under-represented communities to pursue careers in cybersecurity. Talent is not limited by geography or background. Because I look beyond the usual circles for talent, trust their abilities, and have an eagerness to help people succeed, I have been able to build effective teams despite the continued challenges of low unemployment in cybersecurity careers.
Available For: Influencing, Speaking Travels From: Bellingham, WA Speaking Topics: Cybersecurity, Compliance, Risk
· Working to increase the diversity of perspectives on enterprise cyber security challenges and opportunities.
· Dynamically responding to and anticipating the needs of the cyber security marketplace through unique and timely content.
· Serving as an “early explainer” to articulate “why” the subject matter is important to current practitioners and the next generation of cyber professionals.
Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement
CSHub
March 29, 2021
Read this report on:
- Identifying accountability for cloud security across the enterprise
- Conceiving of a cloud security strategy to ensure that the business consults and informs the cyber security operation
- Gaining true visibility of the entire organization from on-prem to the cloud
- Adopting common language along with a newly assumed forward posture to find the edge of business innovation and enable it
Managing Risk and Compliance Through a Recession
Solutions Review
March 24, 2023
As security professionals, managing risk and compliance efficiently during a recession is essential for our organizations. Here's a structured approach to evaluate control effectiveness and identify potential budgetary efficiencies:
• Gap Analysis: Map existing controls to documented risks, ensuring a consolidated inventory.
• Automate Evidence Collection: Simplify the process of gathering control operation and effectiveness evidence, fostering collaboration.
• Automate Control Testing: Implement automated testing to quickly identify and resolve issues, increasing overall effectiveness.
• Estimate Control Effectiveness: Assess control health to make data-driven decisions for risk reduction strategies.
• Evaluate Outlier Controls: Examine controls for potential budgetary efficiencies, optimizing resource allocation.
• Annual Control Assessment: Revisit the process annually to identify control gaps, inform budget planning, and drive cost savings.
• Leverage for Cyber Insurance: Use control assessments in conversations with insurers, potentially reducing premiums.
Adopting this end-to-end process can lead to a more secure organization, even in a challenging economic climate.
Hack Me If You Can
American Banker
February 21, 2023
A hacker can say that an institution has 90 days to fix a vulnerability before publicly divulging the secret, and for the vulnerable bank or credit union, that might come off as extortion or a threat. However, it is well within the boundaries of normal security research to do that, according to Kayne McGladrey, Field CISO for the security and compliance company Hyperproof.
The Ultimate Guide to Enterprise Risk Management
Hyperproof
December 13, 2022
Enterprise risk management is a nebulous, hard-to-define topic area. It encompasses a large variety of risks and procedures for the enterprise and it differs greatly from traditional risk management. So, what exactly is enterprise risk management? In this article, we’ll establish what it is, present common strategies for enterprise risk management, and emphasize the value of having enterprise-ready software to help simplify the process.
Three Key Predictions for 2023: The Year of Risk
ISACA
December 09, 2022
As we approach 2023, it’s natural to look back on the biggest security events that took place this year and anticipate their effect next year. The previous two years have shown that our world is full of complexity and uncertainty, despite all the advances in data collection, compliance operations automation, and SaaS technology. Risk modelers and analytics experts know we can’t predict or control the world with any degree of certainty, but it’s important to brace ourselves for the upcoming threats and new opportunities the coming year will present. Here are three key risk management predictions we have for 2023 that will shape the risk management industry.
How to Upgrade Your Security Program from ISO 27001:2013 to ISO 27001:2022
Hyperproof
December 08, 2022
Since the initial release of ISO 27001, the threat actor economy has diversified substantially, with both criminal groups and nation states developing and selling offensive cyber products and cyber surveillance solutions. In response, cybersecurity experts have documented and developed best practices and actionable guidance for organizations to effectively manage their cybersecurity risks. ISO 27001:2022 provides a risk-based reference set of information security, cybersecurity, and privacy controls that have been adopted by modern organizations as part of deploying cloud technologies and addressing data protection requirements driven by GDPR.
It's Time to Regard Cybersecurity as Human Safety
Industry Week
November 17, 2022
Cultural change takes time and is a journey, not a destination. Senior leaders, managers, and individual contributors all have a role and responsibility in ensuring that manufacturing companies stay safe from cybersecurity risks. Elevating cyber risks to the same level as safety risks will help companies to comprehensively understand and manage their risks now and in the coming years.
Best practices for cryptocurrency firms and digital currency firms managing money
Security Magazine
October 26, 2022
A Consent Order issued in August 2022 by the New York State Department of Financial Services (“NYDFS”) for a $30 million fine on Robinhood Crypto, LLC (“RHC”) shows that cryptocurrency firms are not immune from regulatory and legal obligations. The Consent Order can be read as a partial roadmap for similar firms in establishing best practices for ongoing successful compliance operations, which help firms to remain compliant and secure concurrently.
Based on the Consent Order, firms in this space should be prepared to demonstrate to NYDFS how their compliance programs meet the standards outlined in DFS regulations, particularly the Virtual Currency Regulation, the Money Transmitter Regulation, the Cybersecurity Regulation, and the Transactions Monitoring Regulation. Firms should also ensure that they have documented policies and procedures required by the Cybersecurity Regulation.
4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap
Dark Reading
October 17, 2022
ic and International Studies (CSIS) published the report "A Human Capital Crisis in Cybersecurity," which noted "there are about 1,000 security people in the US who have the specialized security skills to operate effectively in cyberspace. We need 10,000 to 30,000." Twelve years later, the Cyberspace Solarium Commission 2.0 Workforce Development Agenda for the National Cyber Director observed that "in the United States, there are almost 600,000 open cybersecurity jobs across the private sector and federal, state, and local governments — a remarkable gap considering that the field currently employs just over a million professionals." This is not an encouraging trend.
What Thoma Bravo’s latest acquisition reveals about identity management
Venture Beat
October 14, 2022
Identity management of users and devices is key for CISOs to manage the risks associated with unauthorized access to sensitive data and systems, according to Kayne McGladrey, Field CISO at Hyperproof and Senior IEEE Member. “From a control operations standpoint, the two most important capabilities are the ability to validate a user’s behavior when it deviates from the norm, and the ability to quickly de-provision access when it is no longer needed,’’ McGladrey told VentureBeat.
For example, if a user regularly logs in from Washington State using their Windows-powered computer to access a single program, there’s little reason to prompt them for a second authentication factor, he said. “But when the device changes, perhaps a new Mac computer that’s not configured correctly, or their location suddenly changes to Australia, they should be prompted for multifactor authentication as part of identity validation before being allowed to access those data,” McGladrey said. When a user leaves an organization, their identity access should be rapidly revoked across all platforms and devices. Otherwise, organizations run the risk of a threat actor using the older access and credentials, McGladrey added.
Banks can leverage automation, regulation for cyberattack prevention
Bank Automation News
October 13, 2022
Financial institutions can avoid becoming the next victim of a costly cyberattack by leveraging automation and existing legislation. Automation can help to mitigate risk when handling personal client information by storing records efficiently and securely, Kayne McGladrey, field chief information security officer at Hyperproof, told Bank Automation News. “If you don’t automate, that has a cost, because now people are spending their time doing control testing,” he said. “The organizations that recognize that are going to probably spend a lot less time on compliance and have a happier team, because they’re not doing routine stuff that they should have automated.”
GRC Platforms: 5 Features You Need
Hyperproof
September 29, 2022
"Choosing the right GRC platform is hard, but knowing what’s most important for you and your organization is key to choosing the right one. Ultimately, what matters most is that you find a platform with all the features listed above that will enable your team to maintain compliance without the headache of manual processes or inflexible legacy solutions."
Exploring the Advantages of Deploying DPUs in the Data Center
CIO Magazine
June 24, 2022
“Moving network and security functions to a DPU allows server CPUs to be more efficient at running core applications and operating systems without sacrificing security controls,” said Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions LLC. “DPUs should also expedite the application of Zero Trust principles by allowing finer-grained micro-segmentation of applications and networks so that there is limited or no unearned trust.”
Secure Collaboration: Adopt an approach that balances people and technology
CIO
March 21, 2022
“Make the security guardrails as invisible as possible to your end users and ensure that organizational change management is part of your planning for rollout,” says Kayne McGladrey, security architect, strategy and GRC practice lead at Ascent Solutions LLC. “This increases adoption of new collaboration technologies by ensuring that users are aware that the solution exists and understand that it’s easy to use. End users won’t use a solution specifically because it’s secure; rather, they’ll adopt it if it meets their needs easily and quickly.”
3 Phases to Simplify Cyber Risk Management
Ascent
March 07, 2022
Cybersecurity risk management exists to help businesses make informed decisions when allocating their limited resources. Although there are several ways of measuring risks and several more risk frameworks, there is no “right” way to conduct risk management other than consistency. Provided that a business documents, discusses, and acts on risk data, the supporting technologies and formulas are not particularly relevant to business leaders or board members.
Top 4 IoT data privacy issues developers must address
Internet of Things Agenda
February 23, 2022
"IoT device monetization strategies have nonobvious supply chain privacy risks. IoT device manufacturers may choose to incorporate one or more advertising or marketing APIs to generate incidental revenue that is unrelated to the primary subscription costs of the IoT device and service."
Top Three Use Cases for AI in Cybersecurity
DataCenter Knowledge
February 03, 2022
“The big things we’re seeing effectively in cybersecurity right now around AI is security incident and event management,” said Ascent Solutions’ Kayne McGladrey.
The reason is that it involves large pattern analysis, McGladrey told Data Center Knowledge, and AI is very good at doing large pattern analysis.
“It does that at a scale and speed that human defenders cannot match,” he said.
65 predictions about edtech, equity, and learning in 2022
eSchoolNews
January 03, 2022
Over the past year and a half, school administrators, teachers, and IT support staff and students themselves have been working in a complex threat environment. The pandemic and major increase in cyberattacks has resulted in closures for both in-person and online schools. While this will only continue into 2022, it will be importance for security and IT professionals that support schools to align their policies, procedures, and technical controls to a cybersecurity framework that fits the needs of their organization, such as the recently announced K-12 resources announced jointly by the FBI and CISA. Using a formal framework can help schools effectively identify and mitigate gaps in school security postures without substantial budget increases. Schools should also consider a quarterly exercise to re-audit their password stores, as the number of compromised passwords will only continue to increase in the year ahead. A password that was secure three months ago may have appeared in a data breach (especially since students and adults tend to use the same passwords for multiple accounts) and may no longer be a secure option. Although it’s hard to predict what’s to come for educational institutions moving forward and future of remote and hybrid learning is going to be uncertain, education professionals should expect to see threat actors continue to target schools that have not taken a proactive approach to cybersecurity and deployed the appropriate defenses.
Security in 2022 – Ransomware, APT groups and crypto exchanges pose key challenges
Security Magazine
December 09, 2021
Adopting zero trust strategies are a potential solution to mitigate the challenges of ransomware, bulk intelligence data collection, and technical threats to cryptocurrency. As zero trust is predicated on a continuous authentication of user and device identities based on prior known-good behaviors, unusual events from previously unknown devices will be far less frequent and the telemetry far more obvious for investigation by blue teams.
Reduce the risk of cyber attacks with frameworks, assessments
SearchSecurity
November 15, 2021
Large-scale cyber attacks will continue to pose a substantial risk to companies, individuals and economies in 2022. Several factors contribute to this trend, and unfortunately, policies and technical responses have yet to reduce the frequency and impact of cyber attacks.
Key Security Challenges for Smart Offices and Their Solutions
CMSWire
November 01, 2021
"The future of work is not what we were collectively promised in the days before the pandemic. Despite being nearly two years into the global pandemic, organizations are still in the process of redefining how their offices should be used now and in the future, which has lead to a surge in the adoption of smart, digital technologies."
Protecting schools in hybrid and remote learning environments
Security Magazine
October 14, 2021
There are three best practices that security professionals supporting schools can follow to help make the school year uneventful in their district: defending user identities, patching endpoints, and running quarterly tabletop exercises.
Three US state laws are providing safe harbor against breaches
CSHub
September 08, 2021
The affirmative defenses combined with making strategic decisions based on published facts is a compelling reason for organizations to select and plan to adopt a framework before the start of the next budgetary year.
A back-to-school plan for reaching the next generation of cybersecurity professionals
Security Magazine
August 30, 2021
To further diversify, our field needs better to present the career options and benefits to young people. Most new people in cybersecurity quickly learn that this is a collaborative, team-oriented job. Not everyone needs to write code; there are project managers, analysts, trainers, consultants, and marketing professionals. Our jobs pay a middle-class salary and are generally recession-proof.
When to have the online-security talk with your kids
Popular Science
August 27, 2021
“This is a journey, not a one-and-done conversation,” he says. Make a habit of checking in with kids about what they saw on the internet that day, what they thought about it, and if they thought it was safe or not, and why. And you can’t outsource your parenting to a computer, so McGladrey cautions parents not to solely rely on controls and monitoring programs.
Telehealth’s emergence and the keys to security in 2021
Security Magazine
January 15, 2021
Telehealth was an unexpected technology bright spot in 2020, as the Office for Civil Rights (OCR) relaxed enforcement of certain aspects of HIPAA, helping to reduce COVID exposure via virtual rounding and virtual visits.
Unfortunately, bad actors have shown a lack of morality in their pursuit of illegal profits and have continued to attack medical organizations. Ransomware attacks, for example, can cripple a hospital’s abilities to provide high-quality patient care by denying access to key computer systems, which would force medical professionals to have to treat patients based on memory and paper-based records.
The following three high-level recommendations provide a basis for defense in depth for healthcare organizations in 2021.
How Healthcare Organizations Can Prepare For Upcoming Ransomware Attacks
Ascent Solutions
November 02, 2020
Our initial set of recommendations will help to mitigate the immediate risks of a ransomware attack. Continuous planning based on risks will help to support long-term cybersecurity resiliency despite these sustained and evolving adversarial threats to the well-being of our communities.
Although 2020 is the year of the crisis, only one is new
Grey Swan Guild
July 03, 2020
People may aptly sum up 2020 in a single word: crisis. An inadequate response to the COVID-19 pandemic has led to the deaths of hundreds of thousands of people globally. The underlying data are more tragic, as the pandemic has disproportionately affected communities of color that have lived with the daily existing threats of shrinking economic mobility and racism. At the same time, both public and private organizations have struggled to mount an effective defense against cybercrime, which represents not only one of the largest transfers of wealth in human history but also threatens public trust in democracy and civil society. This article provides context and actionable steps to begin to dismantle the underpinnings of these long-standing crises; however, this article is not the solution. Only sustained action will lead to meaningful change.
Tags: COVID19, Cybersecurity, Diversity and Inclusion
10 ways to get more from your security budget
CSO Magazine
April 27, 2020
For years, security budgets seemed to go only one direction: up. As recently as February of this year, some 62% of organizations said they planned to increase their cybersecurity spending for 2020, according research by analyst firm ESG.
But that was then.
Like their C-suite peers, CISOs today are being asked to do more with less – and probably will be for some time, as the world continues in these uncertain economic times.
Could Artificial Intelligence Solve Cybersecurity Staffing Shortages?
EdTech Magazine
April 23, 2020
AI can also help improve retention rates by making entry-level cybersecurity jobs “less dull,” says Kayne McGladrey, CISO and CIO of Pensar and a member of the IEEE. “We get people out of school, and they are excited to be on the team. Then, on their first day, they’re handed a checklist: here’s the things you will do and the order in which you will do them.”
A job that consists of reading logs and chasing down false leads may not be enticing enough to keep workers around, especially when those kinds of skills are in demand at higher pay elsewhere. “We’re asking people to act like machines,” he says, “and that’s not very a very effective engagement model.”
Cyber Security Is Integral To Business Continuity Planning
CSHub.com
April 06, 2020
Communications are critical for an organization when an incident occurs. Leadership must effectively share information with the workforce. For some organizations, this requires enacting the critical communications plan that has been drilled. For others, an incident is a disruption to the normal course of business, which is where business continuity planning demonstrates its value to the organization.
3 Ways Artificial Intelligence Can Improve Campus Cybersecurity
EdTech
March 30, 2020
“Every university has a whole crop of new individuals who come into the organization on an annual or quarterly basis,” McGladrey explains. With such a frequent influx of new arrivals bringing their own devices and computers, it’s essentially impossible for university IT teams to control the sheer number of new endpoints.
AI can identify networking traffic, assess what “normal” looks like on a university network and do it at a larger scale that humans can accomplish. Thus, if a “faculty member normally arrives at 8 a.m., does work until 7 p.m. and then maybe logs on to her email at 9 p.m., you wouldn’t expect that individual to be up at 3 a.m. connecting from China. AI can monitor those patterns of normalcy,” he says.
Design Flaws In Cyber Security Reports And Related CISO Sleep Patterns
Cyber Security Hub
March 10, 2020
I recently stopped using my fitness tracker, though not due to a cyber security breach or privacy concerns. Rather, it came down to the overwhelmingly negative reports provided by the app.
Like many CISOs, I don’t sleep much; in my case, getting by on five to six hours of sleep a night is hereditary. Although the tracker collected detailed telemetry, the app only provided comparative reports against other people. Despite my experience, the app alarmingly claimed I’d been having terrible problems sleeping for weeks in a row.
Producing highly accurate reports without individual customization is a consistent design flaw of many cyber security solutions available today.
How Secure Is Your Home Wi-Fi?
How To Geek
March 03, 2020
When it comes to modern technology, everything is a compromise between convenience and security. Everyone wants fast access to the internet, which is why Wi-Fi is everywhere. But how secure is your home Wi-Fi router? What can you do to protect your network? Something you rarely hear these days is that as long as you follow a few common-sense and easily implemented best practices, you probably have very little to worry about.
DoD Introduces New Information Security Standard
Zyston
February 24, 2020
At the end of January 2020, the U.S. Department of Defense (DoD) approved the Cybersecurity Maturity Model Certification (CMMC) with plans to apply this new standard to up to 3,000 subcontractors by the end of 2020. How does this apply to your organization?
ICS security challenges and how to overcome them
TechTarget
December 20, 2019
The internet of things has brought several security risks into the limelight -- from the use of default or hardcoded passwords on cameras to the inability of resource-constrained sensors to run security mechanisms, such as encryption.
One of the biggest security challenges, however, might be IT/OT convergence -- the merging of information technology with operational technology. IT teams are no strangers to infosec, but their OT counterparts working among industrial control systems (ICSes) have generally never worked in internet-connected networks. Yet, as the benefits of IoT and industrial IoT (IIoT) become apparent, more ICSes and OT environments are becoming connected -- bringing multiple benefits but also creating multiple security threats. Compounding the risk is that IT teams don't know how to handle threats in such environments, leaving many IT and OT teams unsure exactly where the security responsibility lies.
Four 2019 Enterprise Cyber Focal Points And The 2020 Ramifications
Cyber Security Hub
December 16, 2019
2019 wasn’t a great year for cyber security. Although the number and scope of solutions available on the market increased, blue teams around the globe have been stymied by the increasing complexity and tactics of threat actors and the sheer volume of data to review. Here are four predictions for the coming storm, based on events in 2019.
Keynote slides from TagNW Summit 2019
TagNW
December 07, 2019
Cyber attacks are bad and getting worse, and you’d like to turn things around before it’s too late. In this session, you’ll learn how the three most common attacks target people, how to deter and deny threat actors attacking your applications, and how to defend yourself and your community.
These slides were originally presented at the 2019 TagNW Summit in Bellingham, WA.
We Talk to Global Cybersecurity Influencer and Expert Kayne McGladrey!
My Hacker Tech
November 29, 2019
We thought it would be a great idea to get Kayne's take on some key issues facing the world from a cybersecurity perspective, and also learn more about his journey. We get lots of questions from readers about how to break into the cybersecurity industry, how to get their foot in the door, and all manner of other questions relating to getting started. This is why we think it's so important to share the experiences of those in the industry.
A cybersecurity skills gap demands thinking outside the box
Tech Target
November 04, 2019
According to McGladrey, HR's fear of bringing in the wrong person -- and indirectly causing a breach -- often drives such postings. That, in turn, fuels the perception that there's an insurmountable shortage of security candidates, he said, when, in fact, a broad spectrum of diverse, talented individuals exists if organizations are willing to find and train them.
But security leaders need to make the case to HR for hiring people based on aptitude and skill, even if they aren't "a certified ethical hacker since 2000, with 10 years of experience with Kali Linux and a Purple Heart."
"Flexibility is really important" to successfully fill the cybersecurity skills gap, McGladrey said.
3 Ways To Prepare Now For Future Endpoint Defense
Top CyberNews
September 27, 2019
“The explosion of connected devices also requires re-thinking the protection mechanisms to apply to those endpoints,” says Kayne McGladrey, Director of Security and IT, Pensar Development. “Similarly, the widespread adoption of cloud-based services means that there’s no single network to protect.”
3 Ways To Prepare Now For Future Endpoint Defense
CSHub
September 26, 2019
“The explosion of connected devices also requires re-thinking the protection mechanisms to apply to those endpoints,” says Kayne McGladrey, Director of Security and IT, Pensar Development. “Similarly, the widespread adoption of cloud-based services means that there’s no single network to protect.”
4 Cybersecurity Best Practices for Electrical Engineers
Dark Reading
September 24, 2019
Threat actors have increased their focus on supply chain attacks since 2017, with 73% of engineering firms reporting a supply chain attack in 2018. In the first quarter of 2019, Operation Shadowhammer was revealed to have compromised the software update mechanism of a major PC manufacturer. According to eSentire, 44% of firms have suffered a significant supply chain breach through a vendor.
These high-profile breaches have either been used to deploy ransomware or steal the intellectual property produced by engineers. As engineers create and access intellectual property such as CAD designs or manufacturing data, achieving persistence in an engineering firm gives a threat actor unparalleled insight into upcoming product designs and manufacturing processes.
Much of the media focus has been on the financial damage from supply chain breaches, the nation-state actors behind the breaches, and the ill-defined "supply chain" itself. But surprisingly, despite the overheated media coverage, most electrical engineering (EE) firms are not the targets of a bear, kitten, or panda, which are frequently cited as advanced persistent threat groups behind the attacks. Most EE firms are targeted by threat actors of opportunity because they have two necessary ingredients: people and computers. This article lays out four best practices for individual EEs to help protect their firms.
Changing The Course Of History Means Every Month Needs To Be Cyber Security Month
Cyber Security Hub
September 09, 2019
There’s a communications breakdown between those working in cyber security and those who are not. This failure to communicate is leading to the greatest transfer of wealth in history. People aren’t seeking actionable advice during “October is National Cyber Security Month”, and they’re tuning out of their mandatory corporate drop-ceiling one-hour cyber security training in the breakroom. Even though individuals are harmed, there’s the persistent belief that this must be someone else’s problem.
The Ethics Of The IoT: Are Engineers Failing To Speak Up?
CSHub
June 25, 2019
The overwhelming majority of IoT devices on the market are hot garbage that do not follow security best practices. Allowing consumers to use passwords that have appeared in breaches before makes it easy for threat actors to gain persistence on devices. Devices with no update mechanism means IoT devices become a perpetual threat once the first vulnerability is found. Most people have no way of knowing that their IoT sensor needs an update, so it’s unrealistic to shift the responsibility of software updates to consumers.
Securing IoT: Whose responsibility is it?
Tech Target
February 26, 2019
Enterprises and consumers alike are rewarding vendors that produce low-cost, insecure devices, such as $20 IP-based security cameras. It'd be easier for everyone if those consumers instead sent $20 to threat actors who will inevitably compromise those devices, as this would only be a $20 problem.
However, when threat actors conscript thousands of insecure IP-based security cameras into a botnet that can knock major brands off the internet -- such as what happened with the Mirai botnet attacks in the fall of 2016, it potentially becomes a multimillion-dollar problem that affects major markets and international relations.
How can a security automation tool help mitigate unknown threats?
Tech Target
January 25, 2019
Security automation tools help ease the deluge of alerts security teams receive, according to IEEE member Kayne McGladrey, letting them focus on more interesting aspects of IT security.
How do AI algorithms automate IoT threat detection?
IoT Agenda
January 09, 2019
IoT threat detection is about to get easier, thanks to the automating abilities of AI algorithms. But, as IEEE member Kayne McGladrey explains, it doesn't mean humans are out of the picture.
How Awareness, Attention Can Improve Cyber Security
CS Hub
October 10, 2018
Besides working nights, I learned in my fifteen-minute conversation that Rosa volunteers at an elementary school. She’d met no one who worked in cyber security, and the kids she worked with hadn’t considered it as a career option. They wanted to be rappers, they wanted to be marine biologists; they didn’t know there was a high-paying position called “security operations center analyst.”
3 Cybersecurity Challenges for IIoT Devices in 2018
Robotics Business Review
September 25, 2018
As the clock ticks towards a massive and preventable cyberattack on IIoT devices, manufacturers and companies deploying them must address three challenges.
Budgetary Foresight: 3 Essential Cyber Security Programs For 2019
CSHub
July 16, 2018
The back-to-school sales circulars are arriving, a reminder that fall is on its way. For most organizations, fall also brings an annual budgetary exercise for which many mid-level managers and executives will be unprepared.
Video: Certification Campaigns (Core Identity and Access Management Part 8 of 8)
linkedin
July 11, 2018
In this last video in the series of 8 about Identity and Access Management, we will see how the process of certification in consulting works. IGA, a governance administration tool, will produce certification reports and should work with all the systems. The auditor will use the tool, and the tool will interrogate all the resources. All the logic and process for the campaign will be saved in this tool. This reduces the need to keep questioning participants constantly.
Video: Attestation Reporting (Core Identity and Access Management Part 7 of 8)
linkedin
June 27, 2018
Kayne McGladrey discusses Attestation Reporting in the seventh video in this series about Identity and Access Management. The goal of Attestation Reporting is to ensure that a user should have the access that has been requested and if not, being able to revoke that access.
Video: Multi-Factor Authentication (Core Identity and Access Management Part 6 of 8)
linkedin
June 20, 2018
In this sixth episode of this 8 part series on Identity and Access Management, Kayne McGladrey reviews Multi-Factor Authentication (MFA). MFA can be used in many instances to ensure the identity of a person trying to access or approve items on your system. There are several different types of MFA that can be used, and this video discusses which ones are recommended or not and why. Several different scenarios are also presented to discuss when/why you want to have MFA set up to work with your Identity and Access Management and User and Entity Behavior Analysis systems. You will learn:
The 'Internet of Payments' puts ID security on the smartphone
Payments Source
May 29, 2018
When a "pay restroom" 100 miles from the nearest major city accepts frictionless mobile payments, stores that force buyers to wait a minute for a chip-and-PIN transaction seem dated, and cash-only transactions are inconvenient.
Three Preventative Measures for Cybersecurity Health-Care Disorders
Bloomberg Law
April 25, 2018
The regulatory environment for health-care organizations places a high value on personal health information, writes Kayne McGladrey of Integral Partners. However, the dark web market value of PHI has cratered, according to cybersecurity firm Flashpoint. A PHI record that sold for an average of $75 to $100 in 2015 would net $0.50 to $1 in 2017, he writes.
Two Easy Steps To Reduce And Detect Threats In A Cloud Environment
CS Hub
March 19, 2018
Although organizations believe the cloud to be inherently more secure, this two-step strategy will improve the security of cloud-based solutions for each organization. When combined with a larger cyber security program, these reduce the risks of a damaging breach.
‘Cyber Security’s Not An Install Process’: Q&A With Kayne McGladrey
CS Hub
February 12, 2018
McGladrey, whose work focuses on identity and access management, leads a team that assists clients in multiple industries. The focus: insider and outsider threats on non-privileged or privileged credentials. McGladrey said that technology has matured so much, that overall cyber security is not about software installation.
‘It Comes Back To You’: Evaluating Third-Party Cyber Risk Management
CS Hub
February 07, 2018
Expanding on this, national cyber security expert and the Director of Information Security Services at Integral Partners, Kayne McGladrey, told the Cyber Security Hub that, “If you’re breached by a third party, nobody cares that it’s the third party’s fault. It comes back to you.”
He continued: “It’s your fault for not having adequate controls. And the single easiest third-party control is around onboarding and off-boarding third-party accounts.”
Even if you’re rotating passwords, monitoring privileged access, auditing, etc., McGladrey said you must know, empirically, who’s accessing your network.
Back-of-the-cocktail-napkin math
Integral Partners
November 30, 2017
The attendees we met who did not have a PAM program all expressed the same underlying frustration that while they understood PAM technology was important, they could not get budgetary approvals. These organizations had no automated way to rotate passwords on a regular, scheduled basis. They were also generally afraid of rebooting systems, despite the agreed-upon values of clearing stored password hashes that can be obtained by tools like Mimikatz, which can scrape memory in Windows to obtain passwords and hashes.
Mind the gap: three actions to take today based on AT&T’s latest Cybersecurity Insights report
Kayne McGladrey
November 02, 2017
AT&T recently released volume 6 of their Cybersecurity Insights report, titled “Mind the Gap: Cybersecurity’s Big Disconnect.” You can download a copy of the report here.
The report helps to explain some of the reasons underlying the massive breaches we have seen this year. As Robert F. Kennedy once said, “Like it or not, we live in interesting times.”
To put this interesting year in context:
Half of the U.S. population became victims of identity theft due to malfeasance by Equifax.
All three billion Yahoo! users lost their passwords in the biggest hack ever.
Deloitte, one of the Big Four professional services firms that offer cybersecurity consulting, had their email hacked.
The NSA’s hacking tools were stolen twice in the same year and put to immediate use by criminals building cyberweapons like Petya/NotPetya and WannaCry.
Here are three things that organizations should do immediately based on the report’s findings:
"Universal fingerprint" can crack 65% of the real fingerprint identification
China Business Network
April 25, 2017
In modern society, the fingerprint recognition function makes the smart phone become miraculous convenience. Just a touch can be unlocked, to achieve payment, no need to enter the password. From the shop a small package of snacks, to a laptop, and even the value of one million US dollars Aston - Martin retro car, can be used to solve the fingerprints. In some of the bank's App application, with fingerprint identification can also pay bills, tens of thousands of dollars on the transfer and so on.
Five spring cleaning tips for your Identity and Access Management program
(IN)Secure Magazine by Helpnet Security
March 30, 2017
Spring cleaning is a tradition for millions of families, but most companies lack the same tradition when it comes to the long-term management of their Identity and Access Management (IAM) programs. This is not benign neglect, but rather an underlying fear that the IAM program resembles a shaky tower of cardboard boxes full with random stuff, sitting in the garage.
Understanding Cybersecurity Breaches at Consulting Firms
IEEE Transmitter
March 29, 2017
Cybersecurity threats are affecting consulting and professional service firms causing substantial losses. Kayne McGladrey (@kaynemcgladrey), an IEEE Member and professional services director, weighed in on how consulting firms can mitigate threats, keep client data safe and learn from current breaches.
Three Lessons about Cloud Security from 1980s Horror Movies
ISSA Journal
March 10, 2017
This article discusses how businesses can apply three fundamental best practices for adapting current security programs to mitigate insider threats as applications and data migrate to the cloud.
The Truth-Bias and How It Affects IAM, IGA and PAM Programs
Integral Partners
February 11, 2017
In his research on deception, Jeff Hancock often refers to the Truth-Bias, formally recognized by Levine, McCornack, and Park in 1999. In essence, people have a higher tendency to believe other people, particularly via email as there is a permanent record of the conversation. Unfortunately, people are only able to detect lies about 50% of the time, which is equivalent to a coin toss. What are the implications for Identity Governance and Administration (IGA), Identity and Access Management (IAM) and Privileged Access Management (PAM) programs, all of which often incorporate email or other permanent logs of access requests?
IAM market consolidation looms in 2017
Integral Partners
January 04, 2017
I predict that 2017 will be a year of market consolidation in the Identity and Access Management (IAM) market, driven by organizational changes rather than revolutionary improvements in technology. Consequently, niche vendors will resort to increasingly desperate discounting schedules, funding rounds, or mergers to stay solvent as the year progresses.
Getting Started with Identity Analytics for an Identity and Access Management (IAM) Program
LinkedIn
November 30, 2016
User and device analytics have been a primary focus of this year’s Gartner Identity and Access Management (IAM) Summit. Keynote speakers, research analysts, and vendors have all shown a vision of how companies can help to improve an organization’s security posture through deploying User and Entity Behavior Analytics (UEBA). Unfortunately, there’s been no general direction of how to get started with this technology, outside of ‘get your stakeholders involved’ and ‘talk to vendors.'
Cyber Threat Prevention for PSOs: Credential Stuffing (Part 1 of 8)
PSVillage
May 17, 2017
Credential Stuffing, unfortunately, is not a new attack rather an existing attack that the bad guys have found a way to operate at economies of scale. Credential stuffing is a type of automated...
Cyber Threat Prevention for PSOs: Provisioning and De-provisioning (Part 2 of 8)
PSVillage
May 17, 2017
In this second episode of our 8 part series, Kayne McGladrey will be discussing Provisioning and De-Provisioning. In general, provisioning means "providing" or making a resource available. De-...
Cyber Threat Prevention for PSOs: Identity and Access Management (Part 3 of 8)
PSVillage
May 17, 2017
In this third episode of our 8 part series, Kayne McGladrey will walk you through three primary Identity and Access Management (IAM) systems available for your end users to have access to your...
Cyber Threat Prevention for PSOs: Privileged Access Management (Part 4 of 8)
PSVillage
May 17, 2017
In this fourth episode of our 8 part series, Kayne McGladrey will cover Identity Access Management system and a specific resource when it comes to where your client files are stored, or your...
Cyber Threat Prevention for PSOs: User and Entity Behavior Analysis (Part 5 of 8)
PSVillage
May 17, 2017
When a hacker has intercepted your credentials and login information and attempts to use that information, an effective User and Entity Behavior Analysis (UEBA) solution can be what saves you from...
Cyber Threat Prevention for PSOs: Multi-Factor Authentication (Part 6 of 8)
PSVillage
May 17, 2017
In this sixth episode of our 8 part series, Kayne McGladrey reviews Multi-Factor Authentication (MFA). MFA can be used in many instances to ensure the identity of a person trying to access or...
Cyber Threat Prevention for PSOs: Attestation Reporting (Part 7 of 8)
PSVillage
May 17, 2017
Kayne McGladrey discusses Attestation Reporting in the seventh video in this series. The goal of Attestation Reporting is to ensure that a user should have the access that has been requested and...
Cyber Threat Prevention for PSOs: Certification Campaigns (Part 8 of 8)
PSVillage
May 17, 2017
In this last video in the series of 8, We will see how the process of certification in consulting works. IGA, a governance administration tool, will produce certification reports and should work...
The proverbial endpoint is everywhere. Consumers have more IoT and mobile devices than ever before. Industrial IoT is becoming ubiquitous and IoT malware is as common as cell phones. While conveniences are making their way into every facet of life, so are malicious software, social engineering attack and all manner of bad actors.
Include Cybersecurity
Include Cybersecurity
January 05, 2018
Include Cybersecurity is a non-profit organization dedicated to changing the face of cybersecurity professionals. As a co-founder alongside Carmen Marsh, I am responsible for helping to find volunteers and speakers, moderating panel discussions, social media outreach, fundraising, and establishing connections with the many underrepresented communities in cybersecurity.
Senior member is the highest grade for which IEEE members can apply. IEEE members can self-nominate, or be nominated, for Senior Member grade.
To be eligible for application or nomination, candidates must:
* Be engineers, scientists, educators, technical executives, or originators in IEEE-designated fields
* Have experience reflecting professional maturity
* Have been in professional practice for at least ten years (with some credit for certain degrees)
* Show significant performance over a period of at least five of their years in professional practice
Top 50 IoT Influencers to follow in 2023
Engatica
November 08, 2022
Can IoT reach a level where businesses can build scalable solutions for the future? Will it help us have a better 2030? Well, the experts should know. And they should have a better idea of it.
Cloud Thought Leader of the Day ️
WhizLabs
July 09, 2021
Having 28+ years of experience in the field, Kayne McGladrey's role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors.
His consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies. One of his career priorities is to inspire underrepresented communities to pursue careers in cybersecurity.
His simplification of complex concepts to non-tech audiences has given him more reach on his social platforms. His blogs are a must-read for both tech and non-tech people who are interested in cybersecurity.
Check out his blogs here: https://lnkd.in/efHU2Mp
Currently, he is working as Security Architect / Strategy and GRC Practice Lead at Ascent Solutions LLC, a premier productivity, security, and innovation consulting firm.
We thank Kayne for his exceptional contribution to the cloud discipline.
150+ Top Global Cloud Thought Leaders and Next Generation Leaders of 2021
WhizLabs
April 19, 2021
Having 28+ years of experience in the field, Kayne’s expert approach on how to uphold that social contract by managing risks and deterring and denying threat actors is appreciated by many companies. One of his priorities is to inspire under-represented communities to pursue careers in cybersecurity. His simplification of complex concepts to non-tech audiences has given him more reach on his social platform. His blogs are must read for both technical and non-technical people who are interested in cybersecurity.
Top Cyber Pro Awards for 2020
Top Cyber Pro
December 01, 2020
Kayne McGladrey is a senior member of the IEEE and the cybersecurity strategist for Ascent Solutions. He has over two decades of experience in cybersecurity and has served as a CISO and advisory board member, and focuses on the policy, social, and economic effects of cybersecurity lapses to individuals, communities, and the nation.
Telehealth is Booming: Here’s What You Need to Know
IEEE Transmitter
October 26, 2020
Telehealth, often referred to as virtual doctor appointments, has been utilized in remote regions that do not have local medical resources for several decades. But when COVID-19 began impacting many countries across the globe, telehealth became the go-to method for checking in with your doctor about possible COVID-19 symptoms or other healthcare check-ups.
How to Keep Your Video Conferences Secure From Intruders
IEEE Transmitter
April 16, 2020
As the world adjusts to a “new normal” of remote education and work, video conferencing services have surged in demand as people take to these platforms to connect digitally. Yet, these platforms are susceptible to a variety of intrusions that could lead to the theft of private and company data or inappropriately distracting calls and meetings that leave participants feeling they have no control.
To protect your students, employees, families and yourself from these types of cyber disruptions, we asked IEEE Member Kayne McGladrey for cybersecurity tips for safe video conferencing.
Decreasing Risk Through Enterprise Compliance
CSHub
March 02, 2020
Compliance is often viewed as a reaction for organizations. The auditing of compliance becomes the event that is anticipated with resources and preparation aligned to culminate in the audit itself. A famous approach used in product development is that launch is a process, not an event. The spirit of that message is important for security leaders to consider in building a sustainable business case for compliance. Compliance should be viewed as a continuous, organizational process.
Should You Be Worried About Airport Cybersecurity Threats?
IEEE Transmitter
February 13, 2020
Navigating and traveling through an airport can be stressful. Trying to get through security while searching for a boarding pass and assessing whether there’s enough time to jump on that long line for a desperately needed cup of coffee is a universal experience.
With all of that juggling going on, the last thing on your mind are the cybersecurity threats that you might encounter at the airport along the way. Luckily, cybersecurity experts have already put into place a variety of technologies to protect us and keep our cyber lives safe while we travel. So take a deep breath and focus on getting to your seat in a timely manner instead.
Passwords, Multi-Factor Authentication and Cybersecurity
IEEE Transmitter
April 16, 2018
Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”
Why AI Could be Cybersecurity’s Next Big Thing
IEEE Transmitter
February 16, 2018
For many organizations, analysts in security operations centers spend their days sifting through hoards of log files for suspicious activity. The repetitive nature of this work makes AI an ideal replacement, says Kayne McGladrey, IEEE Member, Director of Information Security Services at Integral Partners (US): “Artificial intelligence has been shown to be good at pattern recognition and correlation over a vast number of data points, and can make connections faster than human analysts would.”
Smart Office Controls
IEEE Transmitter
April 20, 2017
Forget light switches and thermostat buttons in the office. IoT sensors can control when lights go on and off, as well as heating and cooling in the office. Lights can go on and off based on your location.
IOT and Big Data: A Day in a Connected Life
IEEE Transmitter
April 05, 2017
How could your data be used?
“Office workers often find that all the meeting rooms are booked, which can mean consulting teams that arrive to meet with a client must search for an unoccupied meeting room in which to squat. Regardless of reservation status, IoT sensors can impassively detect if meeting rooms are unoccupied and offer them on a first-come, first-served basis.”
What are the security and privacy concerns with this device?
“Insecure IoT heating, ventilation and air conditioning systems are a threat to buildings and cities. For example, in the summer, a hard-coded administrative password in an IoT thermostat deployed in smart buildings in New York City could be compromised by an adversary who forces the thermostats to continuously run cooling systems. The spike in electrical usage could cause a very costly, life-threatening blackout.”
Understanding Cybersecurity Breaches at Consulting Firms
IEEE Transmitter
March 30, 2017
Cybersecurity threats are affecting consulting and professional service firms causing substantial losses. Kayne McGladrey (@kaynemcgladrey), an IEEE Member and professional services director, weighed in on how consulting firms can mitigate threats, keep client data safe and learn from current breaches.
2023 IT Compliance and Risk Benchmark Report Findings: The Top 5 Game-Changers
Hyperproof
February 23, 2023
Hyperproof conducts an annual survey to uncover the top challenges IT compliance professionals face and what hot topics they’re focused on in the coming year. We’ve asked over 1,000 survey respondents about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to provide an in-depth view of the market’s current state and what to prepare for this year.
We’ll cover:
The top five findings from the survey
How your peers are planning to handle compliance, audit management, and risk management in the midst of a volatile economy
What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations
Leading practices for ensuring security, compliance, and risk management today
Closing Keynote - The Most Common Visibility and Compliance Lapses in Your Cloud Vendors’ Environments.
SC Magazine
May 17, 2022
Whenever a key business function is hosted by a cloud-based vendor, your organization cedes a certain amount of control to the service provider. And that sometimes means that your security team lacks visibility into how this third party handles sensitive data and to what degree it successfully meets regulatory compliance standards around privacy and data security. This session will identify some of the most common gaps in visibility and compliance to develop between companies and their SaaS, PaaS and IaaS providers, and explain the root causes behind these lapses so that your own company hopefully can avoid some of these pitfalls.
Opening keynote speech at the Seattle Electrical Conference
Seattle Electrical Conference
December 22, 2020
Our key note speaker Kayne McGladrey today will discuss Cybersecurity. Keeping our websites and our networks secure is one of our biggest challenges in our digital age.
Keynote speech at CIA Conference 2020
CIA Conference
October 26, 2020
Prepare and adapt yourself to evolving threat landscape by listening to our next keynote speaker Mr. Kayne McGladrey, will speak on "Deter, Deny and Defend Against Cyber Attacks."
24th Annual Colloquium for Information Systems Security Education - November 4th, 2020
Colloquium for Information Systems Security Education
September 28, 2020
On November 4th at 8:15 AM Pacific, Kayne McGladrey, CISSP, will give the keynote speech at the Colloquium for Information Systems Security Education and discuss the social and economic impacts of cyber security during a pandemic. Registration is free.
Tags: COVID19, Cybersecurity, Diversity and Inclusion
TAG Cybersecurity - February 2020 Meeting
TAG NW
February 03, 2020
Featured Presentation:
"Best practices for cyber security training programs" by Kayne McGladrey, CISSP
Employees dread the meeting invitation that reads 'Annual mandatory cyber security training in the break room at 1 PM Wednesday'. In this presentation, we'll discuss best practices for creating a reality-based training program that encourages employee participation and builds organizational muscle memory for responding to active threats.
Deter, Deny, and Defend Against the Three Most Common Cyber Attacks
TagNW
November 08, 2019
Cyber attacks are bad and getting worse, and you’d like to turn things around before it’s too late. In this session, you’ll learn how the three most common attacks target people, how to deter and deny threat actors attacking your applications, and how to defend yourself and your community.
Cybersecurity Career Accelerator EXPO
Include Cybersecurity
December 01, 2018
The Cybersecurity Career Accelerator Expo 2018 program is an opportunity for anyone interested in cybersecurity to come receive – and share – useful and relevant information critical to launching – or advancing – a career in cybersecurity. This day-long symposium will be divided into two tracks with sessions designed to benefit novice, entry-level and advanced cybersecurity professionals. The content will be presented in a combination of lectures, workshops and expert panel formats.
Cybersecurity Career Accelerator Expo 2018 is part of the “Include Cybersecurity” initiative focusing on cybersecurity workforce development in the Sacramento Valley. Our mission is to spark interest within traditionally underrepresented groups in exploring an exciting and rewarding career in cybersecurity.
Include Cybersecurity Event 2018
Include Cybersecurity
September 06, 2018
Our panel discussion on September 6th, 2018 presents an opportunity for anyone interested in cybersecurity to learn firsthand from the experts what it takes to succeed. A significant portion of this event will be questions from the audience.
The panelists and speakers are passionate cybersecurity defenders. They are experts in the field and bring first-hand knowledge of what it’s like working as part of a cybersecurity team and how to take the first steps to join this growing community.
Include Cybersecurity 2018
Conferize
September 06, 2018
Every day your news feed has a story about cybersecurity. About a friend that has to replace their credit card due to a breach. A couple that’s trying to repair their credit report due to identity theft. A business laying off staff because of losses from a phishing email.
You are not powerless. All communities are affected by cybercrime, but not all groups of people are working together to fight back against cybercriminals. Our goal is to educate and empower job seekers of all stripes to take the plunge into the cybersecurity world. We want to dispel common myths about what it takes to succeed in a cybersecurity job so that the cybersecurity industry represents the diversity of our nation.
Cybersecurity for Outside Counsel
Clear Law Institute
October 05, 2017
A 2016 American Bar Association survey showed that more than 25% of law firms had at least one data security breach in that year. In the spring of 2017, the Association of Corporate Counsel (“ACC”) released their Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information (“Model ”). The Model provides best practices for data security that outside counsel should use to safeguard their company’s confidential information.
This webinar will show how outside counsel can best implement the ACC’s recommendations to avoid a potentially catastrophic data security breach. Instead of focusing on the easy and self-evident solutions to sections 3, 4, 7, and 8 of the Model, this presentation will focus on the areas where external counsel is most likely to encounter difficulties.
CYBER SECURITY FOR SMALL BUSINESSES AND CONSULTANTS
IEEE
August 08, 2017
Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey, speaker, author and Director of Information Security Services for Integral Partners (http://www.ipllc.co) for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses.
Kayne will discuss:
- Why you should manage risks based on user identity instead of chasing the latest threats
- How individual consultants can protect themselves
- A vendor-neutral reference architecture for cyber security at small businesses
We will have time for Q&A at the end of the presentation.
Cybersecurity for consultants and small businesses
IEEE-USA
March 30, 2017
Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey , speaker, author, and IEEE Member for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses. Kayne will discuss:
- Why you should manage risks based on user identity instead of chasing the latest threats
- How individual consultants can protect themselves
- A vendor-neutral reference architecture for cyber security at small businesses
We will have time for Q&A at the end of the presentation.
The risks of 5G security
TechRepublic
January 25, 2023
Kayne McGladrey, field CISO at HyperProof.io, explained the dangers of such an approach. “Low-cost, high-speed and generally unmonitored networking devices provide threat actors a reliable and robust infrastructure for launching attacks or running command and control infrastructure that will take longer to detect and evict,” he said. McGladrey also pointed out that as organizations deploy 5G as a replacement for Wi-Fi, they may not correctly configure or manage the optional but recommended security controls. “While telecommunications providers will have adequate budget and staffing to ensure the security of their networks, private 5G networks may not and thus become an ideal target for a threat actor,” he said.
Three Keys to Protecting the Corporate Network in the Era of Hybrid Work
CIO
January 19, 2023
“Organizations should invest in a combination of asset management, endpoint detection, data loss prevention, cloud-based managed detection and response, and patch or vulnerability management,” says Kayne McGladrey (@kaynemcgladrey), Field CISO at Hyperproof and Senior IEEE Member. “Of those, asset management is the starting point, as an organization should have visibility into the devices accessing corporate data and be able to select and apply appropriate controls to those devices. Those controls then may include endpoint protection or data loss protection, for example, if exfiltration of sensitive corporate data may result in compliance violations.”
How to design a cyber-secure organizational structure
Workflow
January 17, 2023
Kayne McGladrey, who consults with individual clients for the security firm Hyperproof, recommends reviewing corporate governance procedures to ensure that a committee can have real clout. “If it doesn’t have the authority to make independent decisions, you can have a lot of smart people who make recommendations that go nowhere,” he says.
GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3. Our guest is Kayne McGladrey with insights on 2023 from the IEEE. And Positive Hack Days and the growing isolation of Russia's cyber sector.
The four pillars of cloud security
CSHub
December 13, 2022
“We talk about ‘data breaches’ because of regulatory and statutory definitions that focus on the disclosure of data. An organization’s security strategy should work with the end in mind and focus heavily on denying threat actors access to those data with the highest regulatory, statutory, or contractual risks.” Kayne McGladrey, Field CISO at Hyperproof
Top cybersecurity threats for 2023
Tech Republic
November 22, 2022
“Out of all the CISO’s and security leaders I’ve spoken with over the last three months, the main theme of 2023 is going to be ‘the year of risk,’ and a lot of that risk we’re talking about at this level is regulatory,” said Kayne McGladrey, Field CISO at Hyperproof.
Are we building cyber vulnerability into EV charging infrastructure?
GCN
November 22, 2022
“Right now, there's a bit of a Wild West mentality out there,” said Kayne McGladrey, field chief information security officer at security software company Hyperproof and a senior member of the Institute of Electrical and Electronics Engineers. “Companies are incentivized for being first to market, not necessarily most secure to market. Because security costs money and because it requires time and resources, naturally that becomes a lower priority.”
Using Technology To Address Loss Prevention During The Holidays
Security Informed
November 16, 2022
Although retail shrink may happen through administrative errors and employee fraud, many retailers may choose this year to focus primarily on customer theft, which includes organized retail crime (ORC) and shoplifting. Numerous solutions providers are touting AI-based solutions that often leverage the existing surveillance cameras in stores and add facial recognition. Facial recognition technology, however, has legitimate privacy concerns and issues with accuracy. A more robust and secure solution for retailers is to deploy RFID tags on merchandise. These are superior to traditional electronic article surveillance (EAS) systems, as they can record specific details about inventory and the movements of those goods throughout a retail environment. The use of RFID tags when combined with EAS allows retailers to reduce retail shrink without unintended consequences.
What Are The New Developments In Networking And Connectivity For Security?
Security Informed
November 11, 2022
The growing acceptance of Zero Trust as a legitimate security architecture is a significant improvement in the past decade for modern cyber security. Although initially maligned as a marketing buzzword, and still unfortunately misused in product announcements, zero trust now reflects table stakes to support the needs of hybrid and fully remote workforces. Network connections should no longer be implicitly trusted because of a user’s location behind a corporate firewall or the use of a company’s VPN. Rather, each transaction and connection from a user and their associated device should be inspected and validated to confirm that the access is appropriate. The ability of network solutions to provide both real-time telemetry and controls, so that an automated and external policy engine can take enforcement actions is also a recent improvement, as networking equipment vendors historically tried to place their products and subscriptions at the center of cyber security strategies. Today’s effective networking solutions integrate well with other solutions to provide one part of a holistic cyber security strategy.
Plugging the gaps: Can the metaverse be a safer place than today’s internet?
Financial Express
November 08, 2022
“We already have security challenges that we haven’t been able to adequately address,” said Kayne McGladrey, IEEE Senior Member and Field CISO at Hyperproof. “The metaverse is likely to inherit these challenges. For example, phishing and theft of credentials have carried over to the metaverse. We’ve seen NFT and cryptocurrency scams, too, in the metaverse.”
How to prevent security practitioner burnout
CSO Online
October 18, 2022
Stress and burnout are endemic in our industry, and companies need to evaluate that as they're considering how to retain cybersecurity experts. We're already facing a hiring shortage of new folks.
Noberus Amps Its Tactics: How IT Leaders Can Keep Up with Evolving Ransomware
Information Week
September 30, 2022
The updates to Noberus are concerning but expected. “This is the new normal. Criminal groups will continue to reinvest part of their profits in research and development to drive the innovation cycle of development and distribution of their unwanted products,” says Kayne McGladrey, field CISO at Hyperproof.
The tools and strategies schools need for ransomware defense
Cybersecurity Dive
September 22, 2022
Schools also contend with risk born of constant user shifts in the student population. This puts schools in an unusual and unenviable position, Kayne McGladrey, field CISO at Hyperproof, said via email. “Being able to apply real-time policies based on user and device behavior via zero-trust networking becomes critical in this environment,” McGladrey said. Absent these tools, strategies and adequate staff, schools will remain a frequent target for cybercriminals. They could also, at the very least, give schools the confidence needed to refuse ransom demands.
Is there an expiry date for connected vehicle software support?
Automotive World
August 18, 2022
Another issue associated with connected vehicles is around the data they collect and transmit. ”We have seen nation states that want to conduct surveillance, whether on their own domestic population or on foreign populations, use telemetry from hotels, airports, and rental car carriers to determine where individuals are moving,” notes McGladrey. “If it is possible for a dedicated adversary to subvert that communications channel—either directly with a vehicle or by gaining a foothold inside of some telemetry aggregator service, probably the manufacturer—all of a sudden they can know where people are going within in a few feet. If you can associate a user’s identity with their vehicle or location, you have a high degree of fidelity to conduct attacks.”
The truth about quantum risk cryptography and being ‘quantum safe’
Venture Beat
August 13, 2022
“This means those organizations facing advanced persistent threats (from nation-states, in particular) now have guidance on how to select quantum-resistant encryption for their highest-secrecy data moving forward,” said Kayne McGladrey, IEEE senior member.
Why a Hybrid Workplace Increases the Need to Modernize Your Data-Protection Strategy
CIO
August 04, 2022
To reduce the risks of an accidental or intentional cybersecurity incident, companies must deploy an effective data loss prevention and associated data retention strategy across endpoints and data storage locations, including cloud services, noted Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions LLC.
“Many data breaches would have been less extensive and severe if organizations had automated data disposition schedules, as threat actors cannot steal what companies are not storing,” he continued. “Data covered by one or more regulatory or statutory requirements should be automatically labeled where possible so that controls (like encryption) follow the data regardless of storage location.”
What you need to land a six-figure cybersecurity job
Fortune
July 27, 2022
“Cybersecurity remains a clear path to a middle-class salary for people with a two-year degree, a relevant certification to overcome gatekeeping by HR departments, a desire to help protect one’s friends and community, and a willingness to continuously learn as part of a team,” he tells Fortune.
Tags: Cybersecurity, Diversity and Inclusion, Security
BLOG: Managing a Hybrid Workforce: What Are the Key Concerns?
CIO
July 14, 2022
Kayne McGladrey (@kaynemcgladrey), security architect at Ascent Solutions LLC, said that providing secure access to corporate data for employees regardless of the location of either the employees or the data is still the biggest concern for companies with a hybrid workforce. “Solving this is the core of a Zero Trust strategy, he added. “Zero Trust is now the foundation of modern defensive architectures that companies should use to reduce the material risks associated with legitimate threats.”
An Interview with Kayne McGladrey, CISSP
Onalytica
April 01, 2022
How did you get to become an expert in your key topics?
My first professional job was working as a programmer and systems administrator contracting with several government agencies. My view on information security at that time was informed by the startling lack of controls applied to people’s personal, medical, and financial information, and how the risk of abuse of those data could affect individuals and communities. I’ve had the opportunity since to work on cybersecurity technology and policy programs with small businesses, government agencies, the Fortune 500, and Global 1000 companies across three continents. Throughout that time, I’ve had the privilege of serving disabled veterans, minorities, and the LGBTQ community as a mentor, consultant, CISO, and public speaker. My current role requires I have a comprehensive knowledge of regulatory and statutory challenges aligned to current cybersecurity threats so that I can provide Clients with actionable strategies to manage their unique cyber risks.
Vigilance and Planning: Experts Share Their IT and Data Security Strategies
CSO Online
February 09, 2022
Kayne McGladrey (@kaynemcgladrey), security architect/strategy and GRC practice lead at Ascent Solutions, recommends following the Cybersecurity Maturity Model Certification 2.0, which was developed by the U.S. Department of Defense. It offers a framework that incorporates “Zero Trust tenets that will help companies maintain regulatory compliance and ensure that data are adequately protected against evolving threats from nation states and advanced persistent threats,” he says.
Denial of Service Attacks Expected To Get Bigger, Nastier
Denial of service attacks aren’t always top of mind for organizations dealing with cyber threats. Often, they’re seen as nuisance threats, said Kayne McGladrey, IEEE senior member and cybersecurity strategist at Ascent Solutions. When hit, companies can often just hire a mitigation vendor and block the attack traffic.
“And our politicians aren’t really talking about this,” he said. “They haven’t personally been affected by it.”
These kinds of attacks also don’t have the same kind of compliance implications as other types of cybersecurity incidents, he added. Data breaches, for example, have to be reported and remediated, both of which can be costly.
Critical Infrastructure Requires Modernization
IEEE Transmitter
September 28, 2021
“The monetization and weaponization of digital threats was comparably new when the critical infrastructure components that manage our modern world were being designed for reliability a decade or two ago,” said IEEE Senior Member Kayne McGladrey. McGladrey says that it’s time consuming to patch security flaws in many of these older components, some of which were designed to run uninterrupted for decades.
Pro-China Operatives Push Protests, Pandemic Conspiracies
GovInfoSecurity
September 08, 2021
"We can anticipate that any nation-state with a propaganda department or agency is working to right-size their capabilities to spread disinformation." It's especially true, he adds, among nation-states with larger budgetary allocations since they can use automation and "office employees" to distribute the narratives.
Where Should Hospitals Direct Their Cybersecurity Focus?
Health Tech Magazine
June 04, 2021
“If an organization learns that there is a vulnerability being actively exploited — or that a proof of concept for a vulnerability has been developed and is in the wild — they can accelerate patching the affected, vulnerable assets to reduce the likelihood of a successful attack.”
6 tips for better collaboration between security and cloud teams
CSO Online
April 28, 2021
Kayne McGladrey, CISSP and cybersecurity strategist at Ascent Solutions, advocates tight management over account privileges. It gives a granular view into your cloud team user accounts and privileges. It’s important that both teams understand and accept the need for controlling access up front.
Healthcare’s Biggest Cybersecurity Blind Spots and Misconceptions
Health IT Security
April 26, 2021
“There’s not a one-size-fits-all approach to securing healthcare,” McGladrey said. “All organizations are doing the best they can, working hard against insurmountable odds. It’s important to respect and understand not where they are relative to the standard, but how they’ve improved over time.”
VERIFY: No, scammers can't access your SIM card by dialing a few numbers
CBS WUSA9
April 15, 2021
"McGladrey told us there is a grain of truth to the claim made in the Facebook post. He says on certain office landline phones, like corporate PBX systems, pressing a variation of those digits allows a call transfer to happen. But this does not affect cell phones or residential landlines."
How healthcare organizations can prepare for a data breach: 7 tips
Becker's Hospital Review
March 09, 2021
Incident responses and recovery plans should be updated biannually. Kayne McGladrey, CISSP and cybersecurity strategist for Ascent Solutions said, "Effective incident response plans must cover preparation, detection and analysis, containment, eradication and recovery, and post-incident activity."
https://www.westernfrontonline.com/2021/02/23/state-cybersecurity-office-bill-introduced-after-breach/
The Western Front
February 23, 2021
Most government agencies won’t notice a breach within 24 hours, Kayne McGladrey, CISSP said, and they can even last up to 90 days until someone notices. “Hackers can wipe files off hard drives, create industrial accidents and even shut off things in a manufacturing facility,” McGladrey said.
The Importance of Supply Chain Risk Management in Government
FedTech Magazine
February 22, 2021
In the wake of the attack “we are seeing people who were previously not aware of supply chain risk who are now really concerned about this,” says Kayne McGladrey, cybersecurity strategist at Ascent Solutions. Such attacks could give bad actors significant leeway. “The real fear is that an external entity can breach that third party to gain a foothold in a federal network. They would then be able to move laterally within that network, with privileges that they should not have,” McGladrey says.
Healthcare Voices on Telehealth Security Concerns
Lifewire
February 12, 2021
“Changes made to medical organizations' cybersecurity maturity should be considered carefully against external audit requirements, such as HITRUST. A proactive stance provides the best defense to organizations and to society, as a breach of patient records or the loss of service at a medical facility during a pandemic poses a danger to the health and well-being of people."
2021 IT priorities require security considerations
Tech Target
January 11, 2021
2020 was the year no one could have predicted. IT and security teams had to quickly adapt to shutdowns that brought remote workforce security issues, COVID-19-related phishing campaigns, ransomware attacks on schools and hospitals, and more. Now, as enterprises begin 2021, there are three more pandemic response challenges to potentially contend with: securing a hybrid remote and office work structure; securely reopening offices and facilities; and adapting to a permanent remote working environment. Kayne McGladrey, IEEE senior member and security architect and governance, risk and compliance practice lead at Ascent Solutions, outlined the most significant challenges each scenario presents and how security teams should prepare for them now to thwart potential security issues.
Strike a balance: Ensuring secure remote work without hindering productivity
CIO
December 16, 2020
Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions, agrees: “Microsoft 365, for example, allows for automatic classification and labeling of unstructured data, but also permits users to provide a justification when the automation gets it wrong.
“Combined with automated data loss prevention, this can allow a business to easily enforce and report on policies for sharing non-public data both inside and outside of their organization,” he says.
How to ensure virtual roadshows, negotiations are safe amid COVID-19
CFO Dive
December 14, 2020
Companies should record video calls when doing so poses an obvious business benefit, the participants have consented to it, and there are adequate controls in place to limit access to the resulting video to only authorized parties, Kayne McGladrey, security architect at cybersecurity consultancy Ascent Solutions, said.
To ensure accessibility,companies should also strongly consider using closed captioning on call recordings, McGladrey added.
Maximizing the Impact of Data Analytics
CIO
December 09, 2020
“Being able to rapidly detect and evict threats is necessary in the modern enterprise to avoid regulatory and legal penalties while protecting confidential data or trade secrets,” says Kayne McGladrey, CISSP (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions.
What is your favorite quote, charity, book, and/or anything else you want to share?
The work by the NSA and DoD in providing cybersecurity internships at historically Black colleges and universities is a compelling force for diversity in my workforce.
What do you do for fun?
Live Twitter chats about cybersecurity and the economy as part of #IDGTechTalk; I enjoy them as I learn a lot and can also leverage my large library of GIFs to keep the conversation light.
What is the last thing to do before the end of the year?
Cybersecurity Hub
November 18, 2020
Get your budgets in. I think that's the main thing everybody needs to do is get their 2021 budget in if you're on an annual fiscal year. I hope you've already had a risk definition conversation- get in front of the board or in front of your CIO or in front of your CFO, whoever is going to ultimately pay the bill. And then for anything where you know you can't afford it because you've seen a reduction in your budget as a consequence of the pandemic- have that conversation early with your cyber insurance broker. (Cyber insurance should be paid out of legal). Because for every one of those things your budget ain't going to cover- it's got to either flow to insurance or to where you have written down somewhere that you accept the risk.
Open Source Mindset Bolsters Hybrid Cloud Strategies
CIO
November 12, 2020
Linux continues to be a popular deployment choice for new virtual machines on Azure. “Organizations moving legacy on-premises Linux servers to the cloud can quickly gain the benefits of robust disaster recovery and security without needing to change platforms or applications”.
Threat Landscaping
Cybersecurity Hub
November 03, 2020
"Have a KPI about value that came out of your threat intelligence feed. Did it actually cause you to do something differently? Were your analysts able to act on this, or was it just another thing that they had to go look at? Because when you think of time as being our chief enemy, if it's sucking time and not producing value, why do you keep it? It's a data feed, ultimately. At the end of the day, you have to contextualize it in terms of your organization. Threat actors tend to vary in terms of behavior in their TTPs. And consequently, you need to really tailor your threat intelligence. And if you're not getting that tailored information, drop it."
The Impact of Remote Work on Enterprise Security
Network World
October 28, 2020
IT and security response to the coronavirus pandemic was heroic. Although many organizations had some degree of remote-work capabilities pre-COVID-19, the past year brought this work to new levels.
Enterprise security has had to quickly evolve alongside the shift to remote work and cloud adoption. For example, companies successfully ramped up VPN infrastructure, shifted to online models of collaboration software, and re-examined security policies in light of a highly distributed workforce.
Interview with Kayne McGladrey – vCISO / Spokesperson / Global Cybersecurity Thought Leader / Strategy and GRC Practice Lead
The Security Noob
October 26, 2020
Today I have an interview with Kayne McGladrey, he is a vCISO / Spokesperson / Global Cybersecurity Thought Leader / Strategy and GRC Practice Lead who I follow on twitter and find extremely interesting J
He is a national cybersecurity expert, helping clients develop proactive programs to manage cyber-risk. He is the cybersecurity strategist at Ascent Solutions and has 20-plus years of experience, including 10 years in blending information technology and management acumen to cultivate and build cybersecurity best practices.
"On a related note, #ZeroTrust isn't a sticker on your router or a #cybersecurity product that you buy. It's a shift in architectural patterns that have to be supported by policies."
Cross-Site Scripting Attacks: How to Prevent XSS Vulnerabilities
FedTech Magazine
October 22, 2020
“If an attacker can steal the user’s cookies, that attacker can impersonate that end user,” says Kayne McGladrey, a senior member and impact creator of the Institute of Electrical and Electronics Engineers. “In an XSS exploit, if I can steal your cookies, I can become you or impersonate you. I can change your password. I can change your backup email account. I can take over that entire account.”
The COVID-19 Pandemic Has Become a Catalyst for Cyberattacks
CIO
October 06, 2020
Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions, said delaying or cancelling security projects is “an acceptable trade-off” only if bankruptcy is the alternative.
“Due to the pandemic, this is the choice that some organizations face today,” he continued. “Other organizations should first prioritize their security projects to mitigate those risks with the highest potential impact to the business. Organizations should then have a difficult conversation about residual risks with their cyber insurance providers, and plan to implement monitoring of those risks not transferred to insurance or mitigated through implementation of technical controls.”
Extracting value from data: How the cloud can help
CIO
August 31, 2020
Cloud-based analytics can also help security teams find signals in the noise, said Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions. “Where cloud analytics shine is in detecting a repeated series of risky actions by an individual user account [that signal] a business email compromise followed by a ransomware attack,” he said. “Cloud analytics allow organizations to detect and prevent these and other attacks not only at scale but also faster than traditional investigative techniques.”
Kayne posits, “If you want to see what your new product features are going to be in the next 12 to 18 months, see where the VCs are spending their dollars. If we've seen something consistently in the past, in the past 10 years we've seen $30 billion of investment inside of cyber security.”
McGladrey is a gadfly for cyber security leaders to forecast budgets based on the newest in new technology. Whether the CISO in question is a bleeding edge, leading edge, fast follower or back-with-the-pack type executive is up to them. Any which way you slice it, you should be able to see where you are spending money in the future based on where venture capitalists are putting their money now.
Tags: Business Strategy, Cybersecurity, Leadership
Data Is The New Perimeter
CSHub
August 12, 2020
The focus has been on knowing where the crown jewels sit and protecting that space. CSHub Executive Board Member and IEEE Public Visibility Initiative spokesperson Kayne McGladrey notes, “if you don't know where your data live, you can't apply any effective policies around access controls or do any meaningful incident response or do any meaningful security awareness.”
The New CISO Journey Includes Tried & True Old Steps
CSHub
August 04, 2020
“It remains a very complicated role because you have to ultimately be able to speak, to three separate audiences: the business folks- who are interested in cost controls and also cost savings and cost improvements, and material effect of the business. The technology folks: who want to know that you're doing the cyber right. And legal folks: who want to know that they're adequately shielding the business from legal and regulatory risk.”
Data privacy and data security are not the same
ZDNet
August 03, 2020
"Today's data privacy is primarily concerned with the processing of personal data based on laws, regulations, and social norms," McGladrey said. "Often this is represented by a consumer ignoring an incomprehensible privacy policy (that would take nearly 20 minutes to read) before clicking a button to acknowledge their consent to that policy. Their acceptance of the policy allows the organization to handle their data in documented ways, such as using it to show them targeted advertising based on their inferred interests. However, if that organization sold those personal data to another organization to do something unexpected (like using it to suppress protected free speech) without the consumer's consent, that would be a breach of privacy, either by regulatory control or by a violation of social norms."
What Is The Most Cogent CISO Reporting Structure?
CSHub
July 29, 2020
Kayne McGladrey, CISSP is the Spokesperson for IEEE’s Public Visibility Initiative. He’s been working at a high level with Fortune 500 and Global 1000 companies for decades. He’s got a pretty definitive point of view. “Ultimately the CSO should report to the Chief Risk Officer, the CRO- because ultimately cyber security is about managing risk at a technical level and at a regulatory level. The natural alignment is with risk. Also maintain a very healthy relationship with internal counsel- especially if there's chief counsel. Have a coffee every once in a while. And have a healthy relationship with the CIO.”
Lessons in IT resiliency for the COVID-19 era
CIO
July 10, 2020
“Few companies had a binder marked `global pandemic,’ but many had policies that called for annual DR testing that they didn’t enact,” said Kayne McGladrey, CISSP and cybersecurity expert. “Teams play how they train, but not having table-topped crisis communications, DR, or IR hurt their responses.”
A 10-point plan to vet SaaS provider security
CSO Online
June 08, 2020
Companies should also pay close attention to privacy policies or terms of service pledges by providers to not share personal information. “Although that sounds promising, it’s a glaring omission,” says Kayne McGladrey, cybersecurity strategist at IT consulting firm Ascent Solutions.
It's a red flag if the vendor “does not state that the SaaS provider will not sell your business data or sell pseudonymized aggregate data about your organization’s use of the service for ‘market research’ or similar purposes,” McGladrey says. If it’s not spelled out, confirm that the provider will not resell your data.
Assessing the Value of Corporate Data
CIO
May 08, 2020
“For some organizations, regulatory and legal risks associated with storing data will be at the top of the [risk] rankings,” says Kayne McGladrey (@kaynemcgladrey), IEEE member. “For others, the reputational damages associated with a data breach will claim the top spot.”
Post Pandemic, Technologists Pose Secure Certification for Immunity
Dark Reading
April 16, 2020
Yet digital immunity certificates also pose a number of challenges in terms of infrastructure, education, and economics, says Kayne McGladrey, chief information security officer at prototyping firm Pensar Development and a member of the IEEE, the world's largest technical professional organization.
"Businesses and organizations would need to ... educate their workforce on how to validate that a certificate was correct," he says. "And there would need to be a substantial educational investment to combat the inevitable phishing campaigns that’d spring up, such as fake websites to collect personally identifiable information and fake security alerts associated with these digital certificates."
How to keep business data safe while working from home
Tech Observer
March 24, 2020
Many employees beginning a remote work situation for the first time may not be up to date on how to keep their devices safe, confidential information private and networks secure. We asked cybersecurity experts to weigh in and share their tips for staying safe online while working, as well as practicing social distancing:
Beat common types of cyberfraud with security awareness
Tech Target
February 10, 2020
Fraud isn't new, but the internet has provided hackers with the capabilities to easily use the threat vector to trick employees into providing access to their enterprises.
Cyberfraud attacks, often distributed via phishing or spear-phishing campaigns, consistently plague and sometimes even completely disable enterprises. Despite the growing number of technologies available to detect and prevent such social engineering attacks from being successful, the weakest link remains human error -- be it negligence, maliciousness or apathy.
Here, Institute of Electrical and Electronics Engineers member Kayne McGladrey describes the types of cyberfraud attacks enterprises will inevitably face, from credential harvesting to typosquatting attacks. He also offers best practices for creating and instituting a cybersecurity awareness program to prevent employees from falling victim to such threats.
AI, automation emerge as critical tools for cybersecurity
CIO
January 22, 2020
“The effectiveness of AI solutions this year can be measured via the time-to-discovery metric, which measures how long it takes an organization to detect a breach,” says Kayne McGladrey (@kaynemcgladrey), CISO, Pensar Development. “Reducing time to discovery can be achieved through AI’s tenacity, which doesn’t need holidays, coffee breaks, or sleep, which is unlike Tier 1 security operations center analysts who also get bored reading endless log files and alerts.”
7 Tips for Infosec Pros Considering A Lateral Career Move
Dark Reading
January 21, 2020
"Human resources, in a lot of organizations, has become a regulatory control function and inhibits hiring because of its focus on certifications," McGladrey says. This is partly why it's difficult for blue teamers to jump to the red team, a process that "looks to be an insurmountable and very difficult series of certifications," he points out.
Better HR security could help thwart Iranian cyberattack
Tech Target
January 10, 2020
McGladrey advocated for "persistent engagement" with employees on cybersecurity risks as well as testing. Testing can include fake phishing attacks to see what "your users are susceptible to," he said. The IRS has warned that phishing attacks are a top HR threat.
Savvy vehicles are defenseless against cyberattacks
Broadcast Offer
January 07, 2020
"because vehicle manufacturers are working with several different hardware and software companies, it has emerged that no one is technically responsible for the vehicles' central computer systems of many smart cars"
We observe that once an organization has gained awareness about the downsides of Shadow IT and security is brought into earlier-stage discussions, it is less likely to go back to the “bolted on” behavior.
IPQC Digital
December 17, 2019
In our Cyber Security Trends and Predictions 2020 our respondents (enterprise security professionals) shared:
*budget allocations for 2020
*biggest cyber security focus
*status of hacker sophistication
and much more, including insights from Kayne McGladrey
Ask questions about Internet-connected toys
Jackson Sun
December 11, 2019
Experts say that smart toys are particularly vulnerable to cyber attacks. Kayne McGladrey, a member of the Institute of Electrical and Electronics Engineers, said their desire to keep toy prices low means manufacturers have little incentive to add reasonable security mechanisms.
What is the California Consumer Privacy Act of 2018? Influencers in the know break down the details
CIO
December 02, 2019
For some organizations CCPA will require a total overhaul on their privacy policies, while others might only need to make minor changes due to existing GDPR compliance. But as Kayne McGladrey, Chief Information Security Officer at Pensar Development, pointed out, there will certainly be another round of endless privacy disclosure emails.
Thinkers360 Predictions Series – 2020 Predictions for Cybersecurity
Thinkers360
November 23, 2019
Venture capitalists will accelerate feature development via mergers and acquisitions. In recent years, VCs have funded point solution vendors for technologies like SOAR and UEBA. These are features, not stand-alone technologies, and it’s often cheaper for market leaders to buy rather than build new features. CISOs should be aware of this market reality, as buying early-stage cybersecurity from a startup carries the risk of unintentionally having a business relationship with a much larger vendor within two years, and consequently needing to either buy the larger technology solution or rip and replace after the acquisition closes.
Thinkers360 Predictions Series – 2020 Predictions for Cloud Computing
Thinkers360
November 03, 2019
Cloud computing will continue to grow despite the frequency of breaches due to a lack of administrative controls and unintentional configuration errors. When an administrator had access to an on-premises server, they could only administer that server; a “cloud administrator” can administer all the assets in a given cloud instance, including backing up and exfiltrating entire servers. This is like the unintentional configuration errors that have plagued so many Amazon S3 buckets in 2019, where organizations have stored PII in S3 in a default configuration, and then those data have been accessed by security researchers.
Cyberattacks Make World Economic Forum Top 10 Global Risks For The Next Decade
CSHub
October 29, 2019
Keeping an organization secure is every employee’s job. Instead of the obligatory employee training, Director of Security & IT for Pensar Development Kayne McGladrey recommends continuous engagement with the end-user community. “Provide opportunities and instrumentation to demonstrate policy violations rather than lecture at people.” Examples include leaving a USB data stick in a break room or using phishing tools to falsify emails from known employees that seem suspicious. “This helps educate and creates healthy suspicion,” said McGladrey.
Thinkers360 Predictions Series – 2020 Predictions for IoT
Thinkers360
October 28, 2019
The Internet of Things is a dumpster fire and upcoming regulatory controls aren’t going to put it out. Putting a sticker on a box with a username and random password and providing an updated privacy policy that consumers ignore isn’t adequate, although it is compliant. Manufacturers need to invest in user behavior analysis, require multi factor authentication, and to force patching of IoT devices. Otherwise, threat actors will continue to violate the privacy of people’s homes and nation states will built botnets as part of battlespace preparations.
3 Ways to Begin Strengthening Your Company’s Security Posture
ReadWrite
October 22, 2019
Kayne McGladrey, director of security at design and manufacturing firm Pensar Development, believes company culture is one of the most important aspects of your security posture. He recommends creating a resilient culture by fostering “healthy suspicion” among employees.
Don’t simply mandate employee attendance at a one-time program. Teach your team about security threats by demonstrating them in the real world. Leave a USB stick in the kitchen, or slip a fake phishing email in an employee inbox. Then, show employees how to react to real attacks in the future. The point isn’t to shame or punish employees, but to prepare them for the inevitable.
Users are the target: How employees can be the strongest line of defense
SC Magazine
October 08, 2019
Recognizing that fact, Kayne McGladrey, director of security and information technology at Pensar Development, an engineering consultancy in Seattle, says continuously phishing end users is the best way to help them identify phishing and other potentially malicious content. “This continuous exposure [to phishing] should take a variety of forms, from email-based phishing to direct messages on social media.”
McGladrey says short, actionable, culturally relevant education initiatives on a regular schedule are recommended because “users don’t want to sleep through the mandatory ‘October is cybersecurity month,’ two-hour, PowerPoint presentations.”
Training modules should be short — five minutes or less — and sent out regularly. If possible, they should be tailored to an individual’s role in the organization, so that the finance department is receiving training about business email compromise (BEC) and identity validation procedures rather than the latest zero-day exploits, he says.
Yahoo porn hacking breach shows need for better security: 5 ways to protect your company
Tech Republic
October 02, 2019
Security expert Kayne McGladrey, who serves as director of security and IT at Pensar Development and is a member of the Institute of Electrical and Electronics Engineers, said companies need to add extra steps to everything.
"The company could choose to add friction, whether it's multi-factor authentication or an email link just to put a little additional scrutiny and raise the bar so it is materially more difficult for threat actors who have obtained someone's credentials to be able to reuse those," he said.
"The benefit of this strategy is that it applies universally. All of the automated attacks these days around credential stuffing and credential spraying do what the Yahoo hacker had done on a much larger scale. They get compromised credentials and test them across a whole bunch of websites using a distributed botnet."
Cyber Security Digital Summit Explores Who Owns Enterprise Security
Cyber Security Hub
October 02, 2019
A comprehensive information security program is a standard practice for every organization. In addition to securing company and employee data, organizations must also consider the privacy of their clients. For integrated design and manufacturing firm Pensar Development, clients need confidence that their intellectual property (IP) is only accessible to Pensar employees contributing to that specific project. The Seattle-based design firm is known for mechanical integration for medical devices and the enclosure design of gaming consoles among other client solutions.
Cyber Security Hub recently had the chance to speak with Pensar’s Director of Security Kayne McGladrey to learn about his approach to maintaining the confidentiality of both employee and client data.
In addition to his company security role, Kayne is an IEEE member, the professional engineers association often associated with developing technology standards. Members agree to a code of ethics to help people and society understand the social implications of emerging technologies. For his part, McGladrey is a spokesperson for cyber security and the broader technology to both industry and the general public. He is also proud of building a cyber security team at Pensar of entirely military veterans.
The traditional network endpoint was isolated to desktop PCs and laptop computers that attached to the organization’s network. A dramatic increase in mobile devices, cloud and IoT has broadened the definition. Security leader Kayne McGladrey weighs in on enterprise endpoint defense tactics.
12 Signs Your Computer Has a Virus
Reader's Digest
September 06, 2019
“Viruses are most commonly spread through phishing, which is a technique of sending emails designed to prey on a person’s emotions to make them click a link or open a malicious attachment,” says Kayne McGladrey IEEE member and director of security and IT for Pensar Development. “Besides running up-to-date commercial antivirus software, the easiest way to avoid viruses is to pause before acting on messages. Get a cup of coffee, or at least get up and stretch, before deciding if the email is trying to manipulate your emotions through a sense of authority (someone impersonating your boss or a police officer), a sense of urgency (because of an artificial time constraint), or scarcity (supplies are limited, act now).” These are the same psychological techniques used by con artists since time immemorial, with the only difference being that con artists had to con one person at a time. “With email, social media, and text messages, threat actors can con thousands of people. No antivirus software is perfect, but pausing before acting can stop most of today’s viruses.”
Lack of cyber investment could spell trouble for smart cities: report
SC Magazine
August 22, 2019
For smart cities, investing in cyber defense means being able to support a cyber workforce capable of supporting their IoT initiatives. “We’ve seen many failures with widespread deployment of IoT devices, whether due to insecure authentication methods, static passwords, or a lack of centralized and automated patch distribution. As city governments look to the future.....
Intuitive, Cognitive Technologies Are Changing the Business and Its Workforce
CIO.com
July 17, 2019
The workforce of tomorrow still will be technically savvy, well-versed in machine learning and data science. Advanced machine learning skills will be important, but Kayne McGladrey (@kaynemcgladrey), Director of Security and Information Technology at Pensar Development, recommended that those looking for future employment also consider learning a programming language.
“The intent here is not to master it,” McGladrey explained, “but rather to gain an understanding and appreciation of how things work from the inside out. Employers are also looking for career stability so that they can invest in their people, so don’t hop from company to company on an annual basis.”
How hackers used little-known credit-card feature to defraud Lansdale woman, $1.99 at a time
The Philadelphia Inquirer
June 13, 2019
“It’s low effort for them. Once they set up the subscription and unless the subscription is canceled, they don’t have to do any other work and they can resell access to that subscription," he said. "So it’s a guaranteed line of profit for them until somebody goes and notices there’s been a problem.”
Criminals typically resell access to the services on secondary markets, McGladrey said. Criminals may resell a streaming service that’s normally $10 per month for $5, netting the thieves $5 monthly. While a single crime is not that profitable, there have been cases where groups have reaped millions of dollars by charging small amounts to hundreds of thousands of consumers, he said.
Successful Digital Transformation Begins with a Cultural Transformation
CIO.com
June 12, 2019
Kayne McGladrey (@kaynemcgladrey), Director of Security and Information Technology at Pensar Development, observed that IT leaders are recognizing that building and operating on-premises servers is not a competitive advantage.
“As part of the purchasing cycle they’re replacing outdated infrastructure with infrastructure as a service,” he said. “This gradual transition to the cloud lowers risks and makes disaster recovery simpler and more reliable than in past years. This strategy also significantly lowers the threats of a physical site compromise by threat actors.”
Tags: Culture, Cybersecurity, Digital Transformation
Prepping for the Data Deluge
CIO.com
May 22, 2019
Companies should pay special attention to consistent classification and labeling of data, as it’s one of the biggest hurdles to effective data governance. Setting default labels for new data (for example, dubbing them confidential) can ensure that policies and technical controls are applied consistently across the organization. This also frees up data creators from having to manually label all newly created information. “In that way, a data steward only needs to review data labels when that data is crossing a security barrier such as preparing a file to send to a client or third-party vendor,” notes Kayne McGladrey (@kaynemcgladrey), director of security and information technology at Pensar Development.
How to effectively align security with IT
The Economic Times
May 21, 2019
“The CIO won’t see the business impact if there’s not a culture of risk mitigation,” says Kayne McGladrey, director of security and IT for Pensar Development and a member of the professional association IEEE (The Institute of Electrical and Electronics Engineers).
“A culture where security is seen as someone else’s problem will derail any conversation around security, so the biggest thing for CISOs is to make the conversation with CIOs around risk – not around technologies or shiny objects but around risks to the business.”
22 Red Flags Someone Is Spying on Your Phone
Reader's Digest
May 11, 2019
You receive a text message or an email notification from your mobile carrier about an account change you didn’t make and, thirty minutes later, your cell phone has no signal, even after a reboot. You can’t log into your email. You’re locked out of your bank account.
CrowdStrike tackles BIOS attacks with new Falcon features
TechTarget.com
May 03, 2019
In the past few years, security researchers and advanced persistent threat actors have demonstrated attacks on the BIOS, said Kayne McGladrey, IEEE member and director of security and IT at Seattle-based Pensar Development.
These rare attacks can provide a persistent and hidden bridgehead into an enterprise network, McGladrey said.
What Does 5G Mean For Cybersecurity?
Express Computer
May 02, 2019
For Kayne McGladrey, IEEE Member and Director of Security and Information Technology at Pensar Development, “Consumers should use the ‘guest’ network of their home Wi-Fi routers as a dedicated network for IoT devices, so if one of those devices were compromised, the threat actor can’t easily pivot to more valuable data.” That’s the case for newer devices, he says. “For older, cheap, IP-based security cameras and digital video recorders (DVRs), the easiest way to secure them is to recycle them responsibly as there often are no security updates available.” The ability to update devices over their lifetime is essential to security, and should factor into buying decisions, he says.
5G and What it Means for Cybersecurity
bisinfotech.com
May 02, 2019
“Consumers should use the ‘guest’ network of their home Wi-Fi routers as a dedicated network for IoT devices, so if one of those devices were compromised, the threat actor can’t easily pivot to more valuable data.” That’s the case for newer devices, he says. “For older, cheap, IP-based security cameras and digital video recorders (DVRs), the easiest way to secure them is to recycle them responsibly as there often are no security updates available.” The ability to update devices over their lifetime is essential to security, and should factor into buying decisions, he says.
Why security-IT alignment still fails
CSO Online
April 16, 2019
An organization that doesn’t understand or appreciate security won’t be able to adequately identify and prioritize risk, nor articulate its tolerance for those risks based on business goals and objectives, says Kayne McGladrey, director of security and IT for Pensar Development and a member of the professional association IEEE (The Institute of Electrical and Electronics Engineers).
“The CIO won’t see the business impact if there’s not a culture of risk mitigation,” McGladrey says. “A culture where security is seen as someone else’s problem will derail any conversation around security, so the biggest thing for CISOs is to make the conversation with CIOs around risk – not around technologies or shiny objects but around risks to the business.”
DHS-led agency works to visualize, share cyber-risk information
Tech Target
April 09, 2019
Sharing information about threats can help boost overall cybersecurity by alerting others to those risks, as well as providing successful ways to counteract them, said Kayne McGladrey, national cybersecurity expert, director of security and information technology for Pensar Development, and member of the Institute of Electrical and Electronics Engineers.
"They could actually see a reduction in those threats that are commodity threats -- threats that are crimes of opportunity [vs. targeted attacks]," he said.
Insider Threats: A Big Fear for Small Businesses
Security Boulevard
March 21, 2019
This goes hand in hand with the increasing number of vendors, solutions and buzzword technologies. There’s a fear that an SMB will buy the solution that solves a problem defined by a venture capitalist and not address a genuine threat to their business.
7 hot cybersecurity trends (and 4 going cold)
CSO Online
March 13, 2019
While we hope these points have brought into focus some of the evolving challenges in IT security, we also want to point out that certain best practices will continue to underpin how smart security pros approach problems, no matter what the flavor of the month is. "Enterprises are going back to the basics: patching, inventory management, password policies compliant with recent NIST directives," says Kayne McGladrey, IEEE Member and Director of Security and Information Technology at Pensar Development. "Enterprises are recognizing that it’s impossible to defend what can't be seen and that the easiest wins are to keep systems up to date and to protect against credential stuffing attacks."
6 Strategies for Transitioning to a Digital World
CIO.com
March 12, 2019
“Identify those elements of your business that are core competitive differentiators,” says Kayne McGladrey, Director of Security and Information Technology. “Focus on improving those. If accounting, cybersecurity, legal affairs, or marketing is not core to your organizational identity, then plan to migrate away from your legacy systems and processes in those areas. Organizations can then focus their limited time and resources on improving what they do well, and what customers value most about those organizations.”
6 Questions to Ask While Buying a Connected Car
Dark Reading
March 06, 2019
"People need to ask the car companies where they stand on security," says Kayne McGladrey, director of security and IT at Pensar Development and an IEEE member, who cites companies such as Apple and Google, which have made strong public statements on these matters.
When asked if the car companies have followed suit, McGladrey says, "Not really."
How AI cybersecurity thwarts attacks — and how hackers fight back
Elysium Analytics
February 20, 2019
While CIOs should not consider AI a magic bullet, experts also stress they should not overlook its unique capabilities either.
According to IT consultant Kayne McGladrey, a member of the Institute of Electrical and Electronics Engineers, one of the unique benefits of AI is its ability to create individual profiles for each user and then consider what would be abnormal behavior for that particular person. This forces the hackers to limit their actions within the boundaries of normal activity for a specific target account, significantly preventing them from mass-attacking the system.
Another way to strengthen AI would be to give it more data. After all, the AI can only be as strong as the data it gets, and the more data it’s given, the more it can help with classifying what’s natural and what’s not.
“If the end user logs on from Seattle, where their mobile phone and laptop is, a connection from New York would be unusual,” McGladrey explained. “It is also possible to note the typing style and speed of a user and use that biometric signature to determine if the user is legitimate. These data [points] make it more difficult for a threat actor to operate silently in the environment.”
Finally, it is also important to look at the primary risk factor in any security system, and — as CIOs have heard before — it is not software.
How AI cybersecurity thwarts attacks -- and how hackers fight back
Tech Target
February 19, 2019
"If the end user logs on from Seattle, where their mobile phone and laptop is, a connection from New York would be unusual," McGladrey explained. "It is also possible to note the typing style and speed of a user and use that biometric signature to determine if the user is legitimate. These data [points] make it more difficult for a threat actor to operate silently in the environment."
6 Tips for Conducting a Digital Literacy Assessment
CMS Wire
January 29, 2019
An assessment of digital literacy isn’t a one-time event in an organization, according to McGladrey. “This is a continuous cycle for businesses to assess how employees use the tools provided, how they process information, how they’re creating content, and their critical thinking skills,” McGladrey said. And don't make this a class that's going to drag people down and eat most of their day, he added. “This continuous assessment process should be buttressed by brief just-in-time learning opportunities. No one wants to sit down for a four-hour digital literacy class for things they do know if they can instead get a five-minute tutorial on a new topic or technique they can apply to their current work.”
Navigating the Rocky Road of Data-Driven Insights
CIO
January 08, 2019
It’s no longer enough to have a Security Information and Even Management (SIEM) system or layer in commercial threat data, deploy a deception system, or prioritize assets--there’s simply no one-size-fits-all security solution. “This is still more art than science,” says Kayne McGladrey (@kaynemcgladrey), a director of security and information technology. “An effective solution needs to incorporate elements of all of those products or solutions to create meaningful and actionable intelligence.”
How IoT can improve IT operations
The Cyberwire
January 04, 2019
A phone or smart watch with near field communication (NFC) capabilities — the same tech used to pay with a tap at checkout registers — can also be used for authentication, says McGladrey.
Pensar allows this use of devices for authentication, via NFC or similar mechanism, but again could not provide specifics for security reasons. As the number of smart wearable devices proliferates, McGladrey expects this to become more common, as wearables have a particular benefit for authentication, making it both easier and more reliable.
Beware the holiday ‘smart toys’ that spy on your kids
The Philadelphia Inquirer
December 04, 2018
Smart toys seemingly come to life utilizing “Internet of Things” [IoT] technology that has wirelessly connected coffeemakers, thermostats, and yes, toilets. But smart toys have proven to be particularly vulnerable to cyber attacks. Manufacturers try to keep toy prices low and lack an incentive to add reasonable security mechanisms, said Kayne McGladrey, member of the Institute of Electrical and Electronics Engineers, the world’s largest technical professional organization
How to Make Data More Accessible at All Levels With Access Controls and Strong Governance
CIO
December 03, 2018
What’s needed is “an effective provisioning and de-provisioning system that defines rules for what users can do with data and provides quick auditing of who granted access to the data. There needs to be training around the approval process for granting and revoking access to data; otherwise, organizations risk compliance fatigue and start rubber-stamping all the access requests.”
Member Spotlight: Kayne McGladrey, Director Of Security And IT, Pensar Development
CSHub
November 05, 2018
Kayne McGladrey is a national cyber security expert helping clients develop proactive risk-based security programs. He's the Director of Security and IT for Pensar Development and has 20+ years of experience, including 10 years in blending information technology and management acumen to cultivate and build best practices within the Professional Services team. He’s a frequent contributor to Cyber Security Hub with valued content you can access here. He took a few minutes out of his busy day to answer 5 questions for Cyber Security Hub's “Member Spotlight” series.
Q&A: Security Thought Leaders Discuss Certs, SMEs & Hiring Process
CSHub
October 19, 2018
One way to combat that involves grassroots efforts to boost the ranks. But do security teams search for qualified, seasoned experts, and do they look for specialization or the proverbial “generalist” who can cover many corners of the cyber space? It is an ongoing debate in the industry, and today, we’ve brought together two security thought leaders to provide their take. We sat down with Kayne McGladrey, Co-Founder and Spokesperson, Include Security, and Rebecca Wynn, Head of Information Security and Data Protection Officer (DPO), Senior Director, Matrix Medical Network.
AT&T Business Summit 2018 - First Impressions and Recap
AT&T
October 16, 2018
Some talks that particularly stuck out in my mind included a panel with Kayne Mcgladrey and Derek Scheid who discussed what the future of the SOC (Security Operations Centre) looks like and what companies should do. A particular quote that stuck out for me from the discussion was around the importance of an actual action plan, and how companies can sometimes get fixated on pulling in all the information they can without much thought as to what would happen next.
The IT exec's reading list
HP Enterprise
October 16, 2018
For creative direction on hiring, Kayne McGladrey, co-founder of Include Cybersecurity, turned to "Who," by Geoff Smart and Randy Street. “This is a book I consistently recommend to all managers and directors who are responsible for hiring personnel, in that it defines a consistent and repeatable technique for identifying and hiring high-performing candidates,” McGladrey says. “When I started as a manager, I followed a lot of the pseudo-science that I’d seen from prior managers and found it wasn’t reliable advice.”
The Future Workspace: Secure and Collaborative
CIO
October 03, 2018
“The most essential technology for tomorrow’s workspace is a reliable and agreed-upon primary communications technology, with a backup,” says Kayne McGladrey (@kaynemcgladrey), director of Security and IT at Pensar Development. “As organizations recognize the benefits of remote work for employees and contractors, they still need to reach people quickly.”
How is Hybrid Cloud helping to accelerate innovation? Let’s count the ways.
CIO
September 19, 2018
"Hybrid cloud solutions can help organizations deploy cybersecurity solutions faster, without deploying additional infrastructure or spending staff hours on software and platform updates,” said Kayne McGladrey (@kaynemcgladrey), director of security and IT at Pensar Development. “This will help organizations to deploy innovative solutions rapidly such as deception technologies, which can reduce the ‘dwell time’ associated with breaches.”
Certifications A Part Of ‘Vicious Circle’ In Cyber Security Space?
CS Hub
September 06, 2018
“This (factors into) the broader economic outlook,” McGladrey told the Cyber Security Hub. “If the economy is thriving and people are considering asking for a raise, they may pursue a new certification. If they do not receive the raise, they may mentally justify the time spent by putting the certification on their resume and searching for new openings.”
AI in cybersecurity: what works and what doesn't
CSO
August 15, 2018
Kayne McGladrey, IEEE member, gave this advice: "Evaluate an AI-based security solution by standing up in a lab, alongside a replica of your environment. Then contract a reputable external red team to repeatedly attempt to breach the environment."
FBI warns of 'devastating' cyber attacks on IoT networks
Telecom TV
August 07, 2018
As Kayne McGladrey, the Director of Information Security Services at Integral Partners, the cyber security, access and identity management specialist company headquartered in Boulder, Colorado, says, “IoT security remains one of the most challenging security vulnerabilities to businesses and consumers. The Mirai and Reaper botnets are results of threat actors leveraging poor security controls on IoT devices, building attack infrastructure out of those devices, and using that stolen infrastructure to attack organinations. Companies and organisations purchasing IoT/IIoT devices should treat them the same as any other endpoint device connecting to the corporate network.”
IoT, Cloud, or Mobile: All Ripe for Exploit and Need Security’s Attention
CSO
April 17, 2018
“IoT security remains one of the most challenging security vulnerabilities to businesses and consumers,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners. “The Mirai and Reaper botnets are results of threat actors leveraging poor security controls on IoT devices, building attack infrastructure out of those devices, and using that stolen infrastructure to attack organizations. Organizations purchasing IoT/IIoT devices should treat them the same as any other endpoint device connecting to the corporate network.”
Passwords, Multi-Factor Authentication and Cybersecurity
IEEE Transmitter
April 16, 2018
When the word “cybersecurity” comes up, “password” is often not far behind. You’ve doubtlessly heard that people are rather bad at coming up with secure passwords, and that “password” itself makes for a terrible one. (If you’re looking for tips on what makes for a good password, be sure to check out this article from IEEE Spectrum).
Cybersecurity experts talk about the digital world
AT&T
April 16, 2018
“Administrative passwords — they're sort of interesting," McGladrey says. "If you can get an application’s password, that's what got us to the Panama Papers a few years ago, where the third-party attacker was able to compromise the WordPress password, which, because of poor password storage technologies, happened to be the same as their database password.
"All of a sudden we got — three terabytes or something like that; it was something absurd — of ex-filtrated client data. The prime minister of Iceland got in a little bit of trouble about that, as well as people like Jackie Chan, all because the organization didn't have a good mentality around rotating the passwords that were associated with apps. That problem transitions. It's not a technology problem. It's a cultural problem. And it transitions, regardless of environment.”
USA Today: Cool cyber jobs
USA Today
April 13, 2018
Cybersecurity is a game of cat and mouse. As a threat hunter, you're the cat. "This role is close to that of a field biologist, as the threat hunter observes their prey - third party attackers - in the wild," says Kayne McGladrey, director of information security services at Integral Partners, a cybersecurity firm whose specialty is identity and access management, and a member of the Institute of Electrical and Electronics Engineers. "Threat hunters set traps and snares that appeal to (cybercriminals) and lead to fake computers where the threat hunter can monitor an attacker's behavior before shutting down the breach."
Health IT Infrastructure Necessities for AI Cybersecurity
CIO Review
April 10, 2018
According to IEEE Member and Integral Partners Director of Information Security Services, Kayne McGladrey, healthcare sectors embody “Lean IT” as they are not in the cybersecurity line of business.
The future of enterprise IoT
Network World
April 09, 2018
On a more explicitly enterprise level, “IoT technologies that have a rapid return on investment (ROI) are the most likely to take off first, and that means “reducing costs through automation,” said Kayne McGladrey, IEEE Member.
Panera Bread ‘Ignored’ Report Of Leaked Customer Data For Months, Report Suggests
CBS Sacramento
April 03, 2018
The #data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via http://panerabread.com
Health IT Infrastructure Requirements for AI Cybersecurity
HIT Infrastructure
March 18, 2018
“There are too few defenders to collect, process, and analyze the overwhelming amount of available data to produce threat intelligence,” McGladrey told HITInfrastruture.com. “The promise of machine learning is to allow computers to do what they do well, in automating the collection and processing of indicators of compromise, and analyzing those data against both known and emerging threats.”
AI's Future in Cybersecurity
eSecurity Planet
February 07, 2018
"We will continue to see artificial intelligence deployed in the security operations center (SOC). Most SOC jobs are checklist-driven, particularly for first- and second-tier analysts who review logs for indicators of compromise (IoCs)," said Kayne McGladrey, an IEEE member and director of information security services at cybersecurity consultancy Integral Partners.
"This is challenging in a retail environment due to the combination of low margins and a tight labor market, as companies struggle to train and retain analysts for this dull but necessary role," continued McGladrey. It's a big concern, particularly in light of a recently-patched point-of-sale vulnerability like the one found by ERPScan researchers that affects over 300,000 Oracle MICROS terminals.
"The promise of an AI SOC analyst is that it will not get bored and skip a step in a checklist, missing an IoC. Companies can then pivot from the current struggle of train and retain to allow analysts to apply human judgment and experience to current and emerging threats," McGladrey said.
What Are the Implications of Meltdown and Spectre for IoT?
DZone
January 16, 2018
"Patching is a reactive strategy, and there are a couple of challenges that have led us to the current situation. One of those challenges is that the market has rewarded companies that develop and produce products rapidly, and the market has shown a willingness to accept post-release patching as an acceptable trade-off. As a result, developers and architects are rewarded by their employers for producing code and architecture very quickly with less thought given to cybersecurity.
"The other significant challenge is that the cybersecurity community is generally homogenous. We have a diversity problem when just 11% of women work in cybersecurity. This lack of diversity in backgrounds and life experiences has influenced the analytic methodologies that are used to evaluate potential security issues with products. This lack of diversity of thought has led to the unfortunate set of expectations that breaches are inevitable, and this situation will continue until the cybersecurity industry does a better job of including diverse voices and opinions in the global conversation about security."
How to Adopt a Human-Centric Approach to Security
CSO
January 10, 2018
“Organizations should focus on defining a least-privilege security model for each permanent or temporary role a user may inhabit, and then apply those roles to every device, server, and service that an individual may interact with over the course of each day,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners.
“Organizations need to move past the quaint but antiquated concept of a network perimeter and recognize that the only measurable unit of security is the individual. Individuals include employees, project team members, contractors, third-party service providers, customers, prospects, and guests at a minimum. “
3 Tips to Reduce Cybersecurity Gaps
CS Hub
November 03, 2017
“Organizations should focus first on protecting heartbeat user identities with strong identity governance, multifactor authentication and privileged command escalation roles,” says Kayne McGladrey (@kaynemcgladrey), director of information security services at Integral Partners.“Nonheartbeat users, such as service accounts and shared accounts, require protection levels that include vaulting and automatic password rotation, on a defined schedule.”
Are You Doing All You Can to Protect Your Confidential Documents?
CSO Online
September 30, 2017
Kayne McGladrey (@kaynemcgladrey), director of information security services at Integral Partners, notes that, for several years, we’ve been hearing predictions about millions of Internet of Things (IoT) devices with poor security joining networks and providing an easy attack vector for third parties.
“Printers are a culturally trusted technology because they’re perceived as not being new,” he says. “However, this doesn’t mean that modern organizations should not consider printers separately from a comprehensive strategy for the IoT.”
THE ‘GOTCHAS’ OF MULTI-CLOUD MANAGEMENT
Rackspace & CIO.com
September 18, 2017
“Effectively distributing, rotating, and de-provisioning secrets such as SSH keys, service account passwords, and application passwords that are used in DevOps environments is one of the more challenging, yet obscure issues that companies face in multi-cloud environments,” points out Kayne McGladrey, director of information security services at Integral Partners.
For travelers, chatbots and AI can't quite take you there
USA Today
August 27, 2017
"It can replace some of the simpler tasks," explains Kayne McGladrey, a computer security consultant in Bellingham, Wash. AI can help plan trips, recommend the least agonizing flight itineraries and handle some of the easier tasks handled by a hotel concierge, like recommending restaurants.
The Scary Reason Companies Like Verizon Keep Blowing Your Digital Privacy
Fast Company
July 17, 2017
Even software developers often lack formal security training, says Kayne McGladrey, director of information security services at Boulder, Colorado security consulting firm Integral Partners. And even those who do can face pressure to roll code out quickly from employers impatient to see new features and fixes in production, he says.
What the US and UK electronics bans mean for international business travelers
Quartz
March 25, 2017
Even so, make sure its memory is cleared of sensitive information. Someone who “wants to compromise the device could get unfettered long-term access” to it, says Kayne McGladrey, director of information security services at cybersecurity consulting firm Integral Partners. Passwords and encryption may not be enough to protect your data: “They can just clone your drive.”
Cybersecurity Breaches Are in the News: How Internal Assessments Can Help You Avoid One
ISACA
March 22, 2023
Emerging from a global pandemic, businesses must re-evaluate their processes and procedures to adapt to the new normal. This includes the Risk Management processes. It is more than an ever for businesses to implement processes that will safeguard the company’s assets which includes information. An asset is something of value and in today’s society information is very valuable and must be protected. How does an organization ensure the confidentiality, integrity, and availability of its information assets and the systems that support them? The digital transformation continues, and new technologies continue to emerge. This virtual summit will cover topics that will cover tools and techniques necessary to identify, assess and respond to risk associated with emerging technology and the company’s assets.
Panel Discussion: Navigating the Maze of New Cyber & Privacy Regulations – Keys to Avoiding Regulatory Action
Compliance Week
February 15, 2023
* Deep dive look into interpreting the different emerging US data privacy state laws and the consequences of non-compliance
* Learn about the requirements of the SEC cybersecurity rules and the ramifications for public companies
* Discuss the security programs that need to be implemented to comply with local and international regulations and rules.
ISACA Virtual Summit 2022: Pursuing Digital Trust
ISACA
December 07, 2022
The digital space is the primary method of retaining data and transacting in today’s business landscape. But with the increase in cyberattacks, scams and security breaches, a secure digital world is more important than ever. Cybersecurity, risk, data privacy, governance and assurance are essential processes in the modern business landscape and are critical to helping enterprises become digitally trustworthy, enhance their reputations and increase their brand loyalty with consumers.
Streamlining GRC Controls to Optimize Cybersecurity
IT GRC Forum
November 17, 2022
On this webinar, we will discuss how to streamline GRC controls and optimize cybersecurity risk management processes, to enable leaders to determine what investments best reduce risk with the best return on investment (ROI). Attendees will learn how to:
* Simplify GRC and security operations by reducing the number of controls your organization has to deal with, therefore reducing its workload to test and audit the controls
* Develop a set of controls baselined to the internal and external requirements that your organization needs to meet
* Enable both security process automation and enterprise risk decision-making
* Shrink your organizations cybersecurity attack surface
Finding a long-term solution to curb Cybercrimes in the digital sphere: A Global Perspective
WebForum
November 08, 2022
This was the 7th series of WebForum which was in line with this year’s International CyberSecurity Awareness Month theme "See you in cyber - #becybersmart” held on 28th October 2022.
Curbing Cybercrimes in the digital sphere. #becybersmart - DCA Digital WebForum
DotConnectAfrica
October 25, 2022
The findings of the webforum will inform African countries, businesses, and the global community of the key issues that need to be addressed in order to curb cyber crimes from ethical hacking, implications of data sovereignty and cloud, implications of metaverse and Web 3.0, and data privacy in the cloud. It will also demonstrate the global community’s commitment to the shared objective of protecting citizens, businesses, and organizations in the digital era. This will be imperative to prevent more damaging cyber-attacks, which could have devastating impacts.
SECtember 2022: Transforming Security Along with the Business
SECtember
September 28, 2022
As we all know, decisions that get made to transform the business are not always the best decisions for security. Especially with the accelerated digital transformation of the last few years, now is the time to reassess whether security teams have been properly tracking and addressing all cloud and digital assets that their organizations have taken on. This panel of experts will discuss the challenges of tracking cloud assets, if their risk is being properly measured, and ultimately whether security teams are properly supporting business transformation decisions.
The Future of Health Tracking Apps
CIO Tech Talk
September 01, 2022
Join us live on Twitter Spaces as we discuss:
* how safe patient medical information is with tech firms?
* the challenges health tracking apps present for users?
* how can users protect their data while still using health tracking apps
* red flags users should look out for when choosing or using health tracking apps
* What can tech firms do with data from health tracking apps
Cloud Adoption Outpaces Security
Sub-Four Capital
May 24, 2022
Cloud adoption has been rapidly rising for years and exploded as a result of the COVID-19 pandemic. With a remote workforce, companies needed the accessibility, flexibility, and scalability offered by cloud-based solutions. However, while many companies are moving rapidly to the cloud, security is lagging behind. Cloud infrastructure is very different from an on-premise data center, and these differences introduce unique security challenges. Many companies are still working to understand these differences, leaving their cloud deployments at risk. For many companies, the security of their public cloud infrastructure is a significant concern.
Preparing and Issues to Consider in an Incident Response Plan (IRP)
Sub-Four Capital
May 24, 2022
When it comes to data breaches, they say not if but when. Preparing your business to quickly and competently respond to a data incident starts with the creation of an Incident Response Plan. Understanding the topics covered in an IRP and then making choices that are best for your business helps ensure that the IRP will work in your time of crisis response.
Cyber Threats, Cyber Vulnerabilities: Assessing Your Attack Surface
Dark Reading
November 17, 2021
Today’s cybersecurity environment features a wide range of available threat intelligence, ranging from simple vulnerability alerts to commercial services that monitor threat actor behavior. But how can you use that data to assess the security posture of your own organization? How can you harness threat intel to measure cyber risk? In this panel, threat intelligence experts offer advice and recommendations on how threat intelligence can be used as a means to measure your attack surface.
Returning to the Office: Security Threats and Proactive Solutions
Ascent Solutions
May 13, 2021
A year after the pandemic began, employers are now considering how to welcome their employees back to the office. Join Ascent cybersecurity leaders, Derek Swenningsen and Kayne McGladrey for a discussion on the challenges and threats that are emerging in the modern workplace.
While there are obvious threats, such as threat actors sending phishing lures with fake return to work information, there are less obvious threats, such as IT assets that have not connected to your corporate LAN in a year.
Our experts will take audience questions and discuss the proactive cybersecurity steps that businesses and organizations can take to prepare for employees returning to offices in a hybrid working environment.
How Hackers Used and Abused the Pandemic to Profit
Infosecurity Magazine
March 24, 2021
In this session, a panel of experts will reflect on the various ways in which hackers have targeted the pandemic over the past 12 months, lifting a lid on the methods employed and outlining how businesses and users can best protect themselves from ongoing COVID-related attacks, scams and fraudulent activity.
CISO Perspectives: Zero Trust-As-A-Service
CSHub
November 05, 2020
Join Pulse Secure’s Global Chief Security Architect and Ascent Solutions cybersecurity strategist Kayne McGladrey, CISSP in this webcast to learn about:
- The shift in security challenges, current security concerns, and potential challenges in the future
- Main components of Zero Trust-as-a-Service
- How Zero Trust-as-a-Service solves security challenges in a hybrid IT environment
- Zero Trust-as-a-Service implementation and deployment considerations
- How Zero Trust security practices can help you prepare and build a business continuity plan that withstands the unexpected and future security concerns
This webinar will take place on:
November 05, 2020
11:00 AM - 12:00 PM EST
#IDGTechtalk : A 2019 Recap and 2020 Predictions
IDG Communications, Inc.
December 19, 2019
We will be discussing 2019 trends and looking ahead to a new decade of amazing tech advancements at the final #IDGTechTalk of the year. Join us on Twitter by following #IDGTechTalk at 9 AM Pacific on December 19th, 2019.
Panel Discussion: Who is responsible for Cyber Security in the enterprise?
Cyber Security Hub
November 13, 2019
Cyber Security is still primarily seen as an ‘IT issue’ and this often means that security often gets “bolted on” rather than embedded in a company’s ecosystem. In this panel discussion, discover why everyone within the business is responsible for Cyber Security and how to educate the enterprise on safeguarding customer data.
Key takeaways
- Improve security by creating a culture of healthy suspicion
- Encourage the executive board to communicate policies
- Ensure best practice is maintained throughout your business
The Truth Behind Automating Compliance Controls
EM360
February 09, 2023
In this episode of the EM360 Podcast, Analyst Richard Stiennon speaks to Kayne McGladrey, Field CISO at Hyperproof to explore: Automating compliance controls vs SOAR automation, Helping CISOs, and if one master set of controls cover multiple frameworks
What Businesses other than Banks Need to Know about Gramm-Leach-Bliley [Podcast]
Compliance and Ethics
January 17, 2023
The Gramm-Leach-Bliley Act (GLBA) is typically referred to in the context of financial institutions. It requires offerers of consumer financial products to explain how they share information and protect sensitive data. It’s not, however, only banks that fall under GLBA’s umbrella. New rules will affect retailers offering credit terms to their customers, higher education institutions that administer federal student aid and others a well, explains Kayne McGladrey, Field CISO for Hyperproof.
Cyberattacks and How to Defend Against Them with Kayne McGladrey
The Cameron Journal Podcast
June 13, 2022
"In this episode, we're talking with Kayne McGladrey about cybersecurity, cyberterrorism and how to defend against these attacks at the personal, corporate, and national levels. I've been working on research for my next book and I knew that I had to talk to him to see what we could do to defend against this new and pernicious form of war. "
Telehealth: Emerging Security, Privacy Issues
Healthcare InfoSecurity
July 09, 2021
"While the use of telehealth has surged during the COVID-19 pandemic, the data security and privacy concerns for both patients and healthcare providers have also increased, says cybersecurity strategist Kayne McGladrey"
Episode 6: Securing the fast-moving digital world
CIO
March 03, 2021
You have a remarkable economic incentive for threat actors to do their job. Unlike a fire, threat actors innovate. There's not some new way we're going to have a fire. I guarantee you by the end of the week, we're going to have a dozen new ways for threat actors to do their jobs.
Making cybersecurity more effective in the age of cloud and COVID-19
Deloitte
December 10, 2020
Cybersecurity has always been a critical task that must be handled effectively. However, cloud—and more recently—COVID 19—have exacerbated cybersecurity issues and changed the security landscape. In this episode of the podcast, Mike Kavis and guest, Ascent Solutions’ Kayne McGladrey, discuss cybersecurity in the context of cloud, and vis-à-vis the changes wrought by the pandemic. Kayne’s take is that the transition to cloud and the pandemic have exposed and magnified issues that have always been a problem, and that companies should not skimp on cybersecurity, in favor of spending on other “more pressing” projects. The key to success is to focus on data, automation, and risk assessment.
Episode 179: CISO Eye on the Virus Guy – Assessing COVID’s Cyber Risks
The Security Ledger
March 26, 2020
To get a sober assessment, we invited Pensar CISO and IEEE member Kayne McGladrey, CISSP into the studio to talk about the variety of risks that remote working introduces. There are some new risks that companies need to account for: from remote access bottlenecks to prying eyes in insecure home offices to insecure home workstations.
Don't Forget the Cybersecurity!" on The Wave of Change with Tony Flath
The Wave of Change
January 10, 2020
Episode 005 - "Don't Forget the Cybersecurity!" A great chat with IEEE member, spokesperson and cybersecurity ninja, Kayne McGladrey @kaynemcgladrey all about the cybersecurity landscape and emerging technologies. He covers the ways cybersecurity is emerging too to address many cyber concerns providing better threat protection. We also discuss AI, Analytics, and Automation and the role they play in the cybersecurity landscape, and insights on the weird and wild world of Social Media and Cyber Awareness.
The Future is Now: Podcast
Aurora IT
February 27, 2018
The team at Aurora IT interviewed me for a feature-length podcast on cybersecurity. Listen to hear about third-party attacker tactics, managing cyber risk, multi-factor authentication, and why a lack of diversity is a threat to public safety.
Episode 20 - Interview with Kayne McGladrey on Multi-Factor Authentication
Insider Threat Podcast
October 02, 2017
We made it to 20 episodes! I know some people don't like it when you talk about milestones like this, but I'm doubly excited for this one because I finally get to publish my interview with Kayne McGladrey from Integral Partners. I know many of your have been scrambling to finish up the quarter or fiscal year, depending on your industry, so hopefully this will give you an opportunity to sit back, relax, and listen to the excellent information that Kayne provided.
Cloud, 5G to be Decisive Technology Trends in 2023: Study
Geospatial World
November 02, 2022
While homomorphic encryption can require lots of computing power, it has a few big upsides. For one thing, according to Kayne McGladrey, IEEE Senior Member, it allows companies in highly regulated industries, such as finance or healthcare, to store data on a public cloud. “As the data remains encrypted in all phases, even a data breach of a third party will not provide a threat actor with access to encrypted data,” McGladrey said.
Cybersecurity hiring remains red-hot—the industry to surpass $400 billion market size by 2027
Fortune
July 22, 2022
“As a result, those companies with solutions and products in the cybersecurity industry are heavily reinvesting their profits into research and development of artificial intelligence-based solutions intended to automatically detect and remediate actions from these increasingly well-funded adversaries,” McGladrey tells Fortune. “This cycle will continue so long as it remains profitable for cybercrime actors, barring remarkable changes in how companies prioritize and address their cyber risks.”
When More is Not Necessarily Better: The Impacts of Multiple Security Tools
CIO
November 04, 2021
“Organizational collaboration is difficult when different data protection tools perform similar functions, as it may be unclear how to allow a collaborator to access or modify data. Something as simple as data classification and labeling becomes overly complex and a nuisance to end users if they need to set a label in multiple locations, particularly when the labels are not consistent across tools.” — Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions
Sinclair TV Stations Targeted in Weekend Ransomware Attack
GovInfoSecurity
October 18, 2021
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, says once the incident is resolved, Sinclair "should do an internal hot-wash" to identify lessons learned - allowing them to strengthen technical defenses and update/validate their incident response plan.
New Legislation Eyes Both Ransom, Incident Reporting
GovInfoSecurity
September 30, 2021
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, tells ISMG, "These [various legislative efforts] all stem from the issue that there is no single source of truth on the volume or scope of cyberattacks, which has led to the perception that it is difficult to apply commensurate public and private policy responses."
Experts Weigh In on Data-First Modernization
CIO
September 30, 2021
“This will vary by industry and size of business,” notes Kayne McGladrey, cybersecurity strategist at Ascent Solutions. “A social media company losing control of their content for an hour has a very different risk profile than a manufacturing company being unable to manufacture products.”
Remote Work and Cybersecurity: 3 Experts Describe the Tech They Wish Everyone Could Use
IEEE Transmitter
September 27, 2021
“As part of the great resignation of 2021, we’ve seen an increasingly fragmented view of intellectual property on the part of departing employees. Businesses can reduce the substantial risk associated with data exfiltration of trade secrets, regulated data and other sensitive data by deploying and monitoring DLP across the enterprise, including remote endpoints.” — IEEE Senior Member Kayne McGladrey
FTC Warns: SMS Phishing Scam Impersonates State Agencies
Bank InfoSecurity
August 09, 2021
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW, warns that these scams can be effective when highly targeted. He says the schemes work when supporting larger campaigns underway prior to any SMS outreach.
Is my medical device vulnerable to cyber threats?
IEEE Transmitter
August 06, 2021
It is a matter of whether the threat actor has sufficient resources (both staffing and financial resources) and the motivation. The real question is about the likelihood of a threat: an always-on internet-connected medical device will have a very different threat profile than a medical device that requires direct physical access.
Machine learning is demonstrating its mettle across industries
CIO
July 14, 2021
“The modern business has far more potential cybersecurity events to investigate than can be reasonably reviewed by people, and machine learning has the benefit of quickly focusing people’s attention on the signal, not the noise, so that organizations can rapidly respond to potential incidents before threat actors can establish persistence in an environment.” — Kayne McGladrey (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions
The SMB Mission: Data Security Without Compromising User Productivity
CSO Online
June 29, 2021
“Tying data security to user identities is the easiest, lowest-effort way to modernize security for small to medium businesses,” says Kayne McGladrey (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions (@meetascent). “Establishing data security based on user identity means that data remains secure regardless of storage location or medium.”
What is 5G and What Does it Mean for Cybersecurity?
APN News
March 10, 2021
“For older, cheap, IP-based security cameras and digital video recorders (DVRs), the easiest way to secure them is to recycle them responsibly as there often are no security updates available.”
The Resilience of Humanity
IEEE Transmitter
February 23, 2021
“Multi-factor authentication and passwordless technologies help to protect our digital identities and account credentials from theft or impersonation. This matters just as much to an individual using a hardware key to access their online bank as it does for a corporate employee using facial recognition to access a privileged administrative account.”
– Kayne McGladrey, IEEE Senior Member
Cyber security for Bellingham families and neighborhoods
Eventbrite
October 13, 2019
Americans are buying and installing smart speakers, virtual assistants, smart electrical plugs, smart garage door openers, smart light bulbs and connected children's toys at an unprecedented rate. We know to lock the physical doors to our homes, but fewer people appreciate how smart devices can act like unlocked doors for cyber criminals into our homes, our social networks, and our bank accounts.
The lack of communications and understanding between professionals who work in cyber security and their neighbors who don't is one of the reasons cyber crime has grown for fifteen years. There are simple things we can each do to protect our families against the risks to our privacy and security.
In this session, you'll learn:
- how cyber criminals hack into smart devices, bank accounts, and cloud services
- two easy ways you can protect your family's accounts
This session includes a live hacking demo, so please bring your mobile phone (Android or Apple) if you’d like to participate. This is not a sponsored event and there is no cost. Any solutions recommended will be free, and there will be time for questions at the end of the presentation.