Unlock access to Thinkers360 AI to fast-track your search for analysts and influencers.
This feature is available for Enterprise Lite and Enterprise Members Only.
You have been temporarily restricted. Please be more thoughtful when adding content for your portfolio. Your portfolio and digital media kit and should be reflective of the professional image you wish to convey. Accounts may be temporarily restricted if we receive reports of spamming or if the system detects excessive entries.
Membership
Publish your original ideas on the Thinkers360 platform!
This feature is available for Pro and Pro-Plus Members Only.
Speaker Bureau functionality whereby individuals can be featured speakers within our Speaker Bureau service and enterprises can find and work with speakers.
This feature is available for Pro, Pro-Plus, Premium and Enterprise Members Only.
Highlight your featured products and services within our company directory for enhanced visibility to active B2B buyers worldwide. This feature is available for Pro, Pro Plus, Premium and Enterprise Members Only.
Contribute to the Thinkers360 Member Blog and have your thought leadership featured on our web site, newsletter and social channels. Reach our opt-in B2B thought leader community and influencer marketplace with over 100M followers on social media combined!
You’ve reached your daily limit for entering quotes. Please only add personally-authored content which is reflective of your digital media kit and thought leadership portfolio.
Thinkers360 Content Library
For full access to the Thinkers360 content library, please join ourContent Planor become a contributor by posting your own personally-authored content into the system viaAdd PublicationorImport Publication.
Dashboard
Unlock your personalized dashboard including metrics for your member blogs and press releases as well as all the features and benefits of our member plans!
Interested in getting your own thought leader profile? Get Started Today.
Kayne McGladrey
Field CISO at Hyperproof
Bellingham, United States
I’m Kayne McGladrey, CISSP, the Field CISO for Hyperproof, senior IEEE member, and author of the GRC Maturity Model. With nearly three decades of experience in cybersecurity, I specialize in helping organizations navigate the intersection of governance, risk, and compliance (GRC) to build more secure and resilient businesses.
My work focuses on enabling CISOs, internal audit teams, and executives to align cybersecurity and business goals, communicate effectively with boards, and proactively address evolving global regulations. As a recognized thought leader, I’ve been spoken at events like Gartner IT Security & Risk, RSA, ISACA GRC, and the ISC2 Congress. My presentations are nuanced, accessible, and actionable, offering attendees practical guidance on current cybersecurity challenges and opportunities.
Throughout my career, I’ve advised Fortune 500 and Global 1000 companies, leveraging my ability to bridge the gap between business and technology. I’m passionate about reducing organizational friction, improving GRC maturity, and inspiring underrepresented communities to pursue cybersecurity careers.
Available For: Influencing, Speaking Travels From: Bellingham, WA
Speaking Topics: Cybersecurity, Compliance, Risk
· Working to increase the diversity of perspectives on enterprise cyber security challenges and opportunities.
· Dynamically responding to and anticipating the needs of the cyber security marketplace through unique and timely content.
· Serving as an “early explainer” to articulate “why” the subject matter is important to current practitioners and the next generation of cyber professionals.
An Analysis of Section 1C Disclosures in Q1 of 2024
Hyperproof
June 14, 2024
Late in 2023, the Securities and Exchange Commission (SEC) in the United States published Regulation S-K Item 106, which requires public companies to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats. Historically, companies were not required to disclose these processes to investors or market regulators, and there were no established guidelines for what a “good” disclosure would look like. Hyperproof reviewed disclosures from nearly 3,000 companies across over three hundred industries and have identified trends for what goes into a robust, meaningful disclosure.
Hyperproof's 5th Annual IT Risk and Compliance Benchmark Report Reveals a Pressing Need for Unified GRC Solutions
Hyperproof
February 22, 2024
"Each year, our benchmark report provides invaluable insights into the evolving priorities and challenges facing IT and GRC professionals," said Kayne McGladrey, Field CISO at Hyperproof. "This year's findings underscore the growing need for organizations to streamline their GRC processes and adopt integrated solutions to effectively navigate the complex risk and compliance landscape."
Survey Findings Show Link Between Data Silos and Security Vulnerabilities
Dark Reading
April 13, 2023
A recent survey showed a surprising correlation between those who operate their businesses with risk and compliance data in silos and those who experienced data breaches in the last 24 months.
Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement
CSHub
March 29, 2021
Read this report on:
- Identifying accountability for cloud security across the enterprise
- Conceiving of a cloud security strategy to ensure that the business consults and informs the cyber security operation
- Gaining true visibility of the entire organization from on-prem to the cloud
- Adopting common language along with a newly assumed forward posture to find the edge of business innovation and enable it
Preparing for EU AI Act’s Chapter 1 & 2 Compliance by Feb 2nd
LinkedIn
January 24, 2025
The EU AI Act's upcoming compliance deadline, February 2, requires focused preparation. Two critical areas demand attention:
- AI Literacy: Chapter 1, Article 4 mandates organizations to ensure their teams understand AI systems. Training programs tailored to different expertise levels can help meet this requirement. Documenting progress and updating knowledge regularly are equally important.
- Prohibited Practices: Chapter 2, Article 5 bans AI systems that manipulate behavior or exploit vulnerabilities. Conducting thorough risk assessments and embedding privacy-by-design principles can mitigate risks. Regular audits and controls ensure systems stay within legal and ethical boundaries.
Organizations that prioritize these controls not only meet compliance standards but also build a foundation for responsible AI use. Preparing now avoids unnecessary challenges as the deadline approaches.
#AI #regulation #EU #risk #law
Aligning OpenAI’s Red Teaming with the FLI AI Safety Index
LinkedIn
January 23, 2025
I've evaluated OpenAI’s red teaming practices against the Future of Life Institute's AI Safety Index. Here are some key themes from the analysis:
- Transparency and communication: OpenAI’s documentation of red teaming efforts supports openness. However, gaps remain in disclosing security incidents, near-misses, and engagement with governments.
- Governance and accountability: A dedicated safety team highlights a strong internal focus, but limited clarity on staff allocations and risk thresholds indicates room for improvement.
- Risk assessment: External red teaming and regular updates show progress. Yet, addressing risks earlier in the AI lifecycle could strengthen overall safety.
AI safety remains a shared responsibility. Advancing transparency and accountability will be key for alignment with broader safety standards.
#cybersecurity #AI #risk #GRC #reports
What to Know About the Proposed New HIPAA Rules
Security Boulevard
January 22, 2025
If approved, the proposed new HIPAA rules will reshape the landscape of healthcare cybersecurity, partially addressing the recent OIG report’s findings on the ineffectiveness of current HIPAA audits. For CISOs, these changes present both opportunities and challenges as they work to enhance their organizations’ cybersecurity practices. The updated compliance requirements for electronic protected health information promise significant benefits but also come with associated costs. As these rules are open for public comment over the next sixty days, healthcare CISOs have a window to provide their insights and influence the final regulations, ensuring they align with the practical realities of safeguarding sensitive health data.
Navigating CPPA Data Broker Registration Requirements Before the January 31 Deadline
LinkedIn
January 22, 2025
The CPPA's data broker registration deadline is January 31, 2025. Businesses that collect and sell personal information without direct consumer relationships need to take action. Key points to consider:
- Registration requires submitting a form with details about operations, personal information collected, and its purposes. A $6,600 fee applies, with additional processing costs for electronic payments.
- Compliance obligations include reporting consumer data requests, such as access, deletion, or opting out of sales. Businesses must document how requests are handled and the time taken to respond.
- Non-compliance can result in fines and reputational harm. Ensuring proper registration and data handling processes is essential for maintaining trust and legal alignment.
Preparing ahead reduces risks and demonstrates a commitment to protecting consumer data.
#privacy #CPPA #law #deadline
Key SEC Enforcement Actions & Litigation Outcomes for CISOs since 2024
LinkedIn
January 21, 2025
The SEC's enforcement actions under the 2023 cybersecurity rule influenced how companies approach risk management and disclosures. Key takeaways include:
- Companies are being held accountable for misleading disclosures about cybersecurity incidents. Several firms faced significant penalties for downplaying breaches or omitting critical details.
- CISOs must strengthen cybersecurity governance, aligning controls with frameworks like NIST and ISO. Transparent, detailed risk disclosures are essential to meet regulatory expectations.
- Robust incident response plans, regular simulations, and clear internal processes are now critical to mitigate regulatory and financial risks.
These developments emphasize the growing regulatory focus on cybersecurity as an integral part of corporate accountability. Staying informed about enforcement trends and aligning practices with global standards can help organizations navigate these challenges effectively.
#cybersecurity #SEC #law #litigation #solarwinds
Insights for CISOs from the Global Cybersecurity Outlook 2025
LinkedIn
January 17, 2025
The Global Cybersecurity Outlook 2025 highlights pressing challenges and opportunities in cyber resilience. Key takeaways include:
- A growing gap in cyber capabilities between large and small organizations. Larger organizations report higher confidence in their defenses compared to smaller ones.
- Ransomware and adversarial use of AI are top concerns, with 66% expecting AI to influence cybersecurity within the year, yet only 37% have controls for its safe use.
- A global cyber skills gap, with up to 4.8 million roles unfilled. Programs like Cyber Girls aim to bridge this gap while promoting diversity.
- The importance of integrating cybersecurity into enterprise risk management to align with business goals.
Emerging technologies like AI offer benefits but must be balanced with robust security. Ultimately, cyber resilience requires a strategic and inclusive approach.
#cybersecurity #risk #report #WEF #GRC
A CISO’s Guide to Navigating Governance, Incident Reporting, and Avoiding Coverage Gaps with Board Collaboration
LinkedIn
January 16, 2025
Integrating the SEC’s 2023 cybersecurity rules requires aligning incident reporting, governance, and insurance strategies with organizational goals. Key areas to address include:
- Incident reporting: Ensure disclosures of material incidents occur within four business days, with accurate assessments of financial, operational, and reputational impacts.
- Governance: Strengthen board collaboration to integrate cybersecurity into corporate strategy and decision-making, promoting accountability and transparency.
- Insurance coverage: Regularly review cyber and D&O policies to identify and close gaps, considering overlaps and exclusions in coverage.
Effective communication between CISOs, board members, and key stakeholders helps prioritize resources and align cybersecurity controls with updated regulatory requirements. A proactive approach to these areas enhances trust with stakeholders and supports compliance.
#cybersecurity #SEC #regulations #insurance
Oregon AG’s AI Stance Mirrors Texas & Massachusetts
LinkedIn
January 15, 2025
State attorneys general in Oregon, Texas, and Massachusetts are aligning their guidance on artificial intelligence, signaling increased regulatory attention on AI use. This focus highlights critical themes:
- Transparency: Businesses must clearly communicate how AI systems operate and process data.
- Bias prevention: AI systems should undergo rigorous testing to mitigate discriminatory practices.
- Accountability: Organizations need to demonstrate compliance with consumer protection laws.
Regulations like these urge companies to adapt compliance strategies. Regular audits, robust risk assessments, and training programs are essential to meet expectations.
How Internal Collaboration Transforms Utilities’ Cybersecurity Strategy for CISOs
LinkedIn
January 14, 2025
Utility companies face increasing risks from sophisticated cyber threats targeting critical infrastructure. Strengthening defenses requires a shift in approach.
- Internal collaboration can bridge gaps across departments, creating a unified cybersecurity strategy. Breaking down silos allows for shared expertise and faster responses.
- Effective collaboration relies on clear communication channels, regular cross-departmental meetings, and leadership support.
- Encouraging a culture of shared responsibility ensures cybersecurity aligns with overall business objectives. Employees become active participants in reducing risks.
- Structured pathways for information sharing, supported by collaborative tools, improve alignment and resilience.
Utility providers adopting these practices can better safeguard operations and protect critical services from emerging threats. Addressing cyber risks is not just a technological challenge - it is an organizational one.
#cybersecurity #GRC #utilities #DoD
Essential ICT Risk Management & Incident Reporting Steps for CISOs by Jan 17, 2025
LinkedIn
January 13, 2025
As the January 17, 2025 DORA compliance deadline approaches, organizations in the financial sector need to align their ICT risk management and incident reporting practices. Here are key considerations:
- A comprehensive risk management framework is essential. Policies should include clear objectives, risk metrics, and tolerance levels to address ICT risks effectively.
- Regular assessments help identify vulnerabilities. Updating systems and mitigating risks ensures resilience.
- Structured incident reporting is required. Major incidents must be reported within specific timelines to regulators and, where necessary, communicated to clients.
- Training employees across all levels on DORA’s requirements supports a culture of compliance.
By addressing these areas, organizations can meet regulatory expectations and strengthen operational resilience.
#cybersecuity #DORA #deadline #EU #ICT
The Year of Global AI and Cybersecurity Regulations: 7 GRC Predictions for 2025
Hyperproof
January 12, 2025
In 2025, global cybersecurity laws will see significant changes, reflecting the growing need for comprehensive regulatory frameworks based on cyber norms. As cyber threats become more sophisticated, governments worldwide are likely to introduce stricter regulations to protect consumer data and ensure organizational compliance. Global harmonization of privacy laws will help to reduce the friction caused by varying regulations like GDPR, CCPA, and PIPL.
NIST AI 100-4’s Guide to Detecting Synthetic Media for CISOs
LinkedIn
January 10, 2025
Synthetic media detection is a growing priority for security teams. The NIST AI 100-4 report highlights key strategies that CISOs can integrate into their security controls:
- Synthetic content detection: Advanced tools like neural networks analyze inconsistencies in images, videos, and text. These methods support identifying AI-generated content.
- Provenance data detection: Digital watermarks and cryptographically signed metadata verify content origin and modifications, though their reliability varies based on the source.
- Human-assisted detection: Automated systems process large volumes quickly, but human review ensures context and intent are assessed accurately.
Combining automated technologies with human expertise strengthens the ability to identify and respond to threats posed by synthetic media. Each method offers unique strengths, and integrating them provides comprehensive protection.
#cybersecurity #AI #research #deepfake
How FTC, DOJ, and SEC’s Conflicting Views on Ephemeral Messaging Challenge CISOs in Regulated Sectors
LinkedIn
January 09, 2025
Conflicting regulations on ephemeral messaging are reshaping compliance for regulated industries.
• FTC, DOJ, and SEC each approach ephemeral messaging differently, adding complexity to recordkeeping.
• Platforms like Signal and Slack enhance security but create challenges for preserving business records.
• Compliance with regulatory requirements involves addressing automatic deletion and encryption while maintaining transparency.
• Penalties for non-compliance are significant, with recent enforcement actions exceeding $600 million in fines.
CISOs must bridge the gap between cybersecurity and legal obligations. This involves implementing clear policies, using technology to store communications, and collaborating across teams to meet regulatory expectations.
Managing this balance is becoming a cornerstone of effective governance in sectors reliant on these tools for communication.
#encryption #FBI #CISA #SEC #FTC #DOJ
How Loper-Bright Shaped FCC’s Net Neutrality End
LinkedIn
January 08, 2025
The recent Loper-Bright decision has changed how regulatory frameworks are interpreted, impacting key areas like net neutrality.
- Courts now scrutinize regulatory agencies more strictly, requiring adherence to the exact language of statutes.
- The FCC’s authority to enforce net neutrality rules was limited, shifting focus to Congress for potential legislative solutions.
- A fragmented regulatory landscape may emerge, increasing complexity for compliance and cybersecurity teams.
For CISOs and compliance leaders, this highlights the importance of proactive approaches: adapting strategies, monitoring legislative developments, and fostering collaboration with legal teams. Navigating these changes requires alignment between organizational policies and emerging legal requirements to maintain resilience.
Understanding these shifts is essential for ensuring compliance in a changing regulatory environment.
#cybersecurity #GRC #FCC #law
Best Practices for CISOs to Enhance Incident Response Plans to Safeguard Attorney-Client Privilege
LinkedIn
January 07, 2025
Cyber incidents demand swift action and clear planning. Here are some ways CISOs can strengthen incident response plans while preserving attorney-client privilege:
- Legal counsel's role: Engage legal counsel early to oversee response efforts, ensuring communications and reports are directed through them.
- Third-party coordination: Channel third-party forensic investigations through legal counsel to protect findings under privilege.
- Limited access: Control distribution of privileged reports to reduce risks of inadvertent waivers.
- Education matters: Train teams on privilege protocols, ensuring everyone understands the importance of safeguarding sensitive information.
- Dual investigations: Use a two-track approach—one for operational response, another for legal preparedness—tailored to maintain confidentiality.
Protecting privilege is not just a legal strategy but an integral part of effective incident response. Planning and preparation are key to safeguarding organizational interests.
#cybersecurity #law #incident
New HIPAA Rules: CISOs, Share Your Insights in the 60-Day Comment Period
LinkedIn
January 06, 2025
Proposed HIPAA rules are introducing important changes for healthcare cybersecurity.
* Multi-factor authentication and enhanced encryption standards aim to better protect electronic protected health information (ePHI).
* Expanded audit requirements address gaps identified in the OIG report, focusing on both technical and physical controls.
* Updated compliance obligations clarify expectations and set a baseline for security practices.
* The estimated $34 billion cost over five years reflects the need for investments in technology, staff, and training.
The 60-day comment period is an opportunity for healthcare leaders to influence these regulations. Providing insights into the practical implications of the proposed rules could help shape a framework that balances security, compliance, and operational feasibility.
#cybersecurity #HIPAA #GRC #rulemaking
The Year of Global AI and Cybersecurity Regulations: 7 GRC Predictions for 2025
Security Boulevard
December 20, 2024
As 2025 approaches, emerging regulations and laws will affect how CISOs strategize and protect their organizations. With the increasing complexity of global compliance frameworks, understanding these changes is crucial for maintaining security and operational efficiency. Let’s discuss what I expect regarding regulatory shifts and their implications in 2025 and explore what CISOs and CCOs should prepare for in the coming year.
2025 SEC Form 10-K: Essential AI, Data Privacy & Cybersecurity Disclosures
LinkedIn
December 20, 2024
SEC Form 10-K filings for 2025 bring changes to AI, data privacy, and cybersecurity disclosures. Organizations must align with these expectations to maintain compliance and trust.
AI in Business: Companies need to disclose AI applications in operations, assess associated risks, and avoid misleading claims. Regulations like the EU AI Act may impact disclosures.
️ Data Privacy Practices: Transparent reporting on data controls and compliance with laws such as GDPR and CCPA is required. This includes addressing recent state-level privacy laws.
Cybersecurity Controls: Organizations should highlight frameworks, risk management strategies, and incident response plans. Custom disclosures on vulnerabilities and breaches are critical.
These updates underscore the need for clear documentation and accountability in corporate practices. Automated tools can support accuracy and efficiency in disclosures.
#cybersecurity #AI #privacy #SEC
FLI AI Safety Index 2024: How Leading Gen AI Firms Scored on Safety
LinkedIn
December 19, 2024
The FLI AI Safety Index 2024 highlights how top generative AI companies manage risk and safety, with significant differences in their approaches.
• Grading System: Scores range from A to F. Anthropic and OpenAI showed better safety practices but still earned only a “C”. Meta received an “F,” reflecting substantial gaps.
• Key Concerns: Lack of transparency and limited efforts to mitigate catastrophic risks remain common challenges. Some firms also lobbied against the EU AI Act.
• ISO 42001: Adopting frameworks like ISO 42001 can help improve governance, transparency, and risk management for AI systems.
For CISOs, the report provides benchmarks for evaluating internal AI strategies and aligning with safer, standardized practices.
#AI #research #safety #ethics
SEC Cyber Rules: Insights from S&P 100 Disclosures & Research Report
LinkedIn
December 18, 2024
The SEC Cyber Rules changed how publicly traded companies manage and report cybersecurity. Recent disclosures from 97 S&P 100 companies show clear trends:
• 90% have integrated cybersecurity into their overall risk management systems
• Most referenced established frameworks, like the NIST Cybersecurity Framework
• 87% reported active incident response plans, with many validating them through audits and drills
Board oversight has also increased. Nearly all companies shared regular cybersecurity updates with their boards or committees, signaling a broader focus on governance.
For CISOs, these rules bring both challenges and opportunities. Improved frameworks and reporting practices are necessary to align with regulatory demands and strengthen organizational resilience.
Aligning Ethics & Compliance: CISOs & Compliance Chiefs Addressing AI Integration Amid Emerging Regulations
LinkedIn
December 17, 2024
The integration of AI into business operations introduces new opportunities and challenges. Ensuring compliance and ethical responsibility requires collaboration between CISOs and Chief Compliance Officers.
AI systems must align with emerging regulations while addressing risks like bias and data misuse.
Clear ethical guidelines, such as ISO 42001 or the NIST AI RMF, provide a framework for managing AI risks effectively.
Regular audits and cross-functional collaboration strengthen accountability and transparency.
Rapid technological advancements often outpace regulations. Proactive engagement with regulatory bodies and industry discussions helps organizations stay prepared. Investing in training programs and fostering open communication across teams ensures ethical AI implementation while meeting compliance goals.
Responsible AI governance is not just about controls; it reflects organizational values and builds trust with stakeholders.
#cybersecurity #AI #ethics #law #GRC
Security leaders top 10 takeaways for 2024
CSO Online
December 16, 2024
At issue is whether the incident led to significant risk to the organization and its shareholders. If so, it’s defined as material and must be reported within four days of this determination being made (not its initial discovery). “Materiality extends beyond quantitative losses, such as direct financial impacts, to include qualitative aspects, like reputational damage and operational disruptions,” he says. McGladrey says the SEC’s materiality guidance underscores the importance of investor protection in relation to cybersecurity events and, if in doubt, the safest path is reporting. “If a disclosure is uncertain, erring on the side of transparency safeguards shareholders,” he tells CSO.
ABA on Generative AI: What CISOs Must Know About Ethical Legal Practices and Cybersecurity Implications
LinkedIn
December 16, 2024
The American Bar Association has released guidance on generative AI in legal practices, highlighting ethical and cybersecurity considerations. Key takeaways for CISOs:
• Protecting client confidentiality is paramount. AI tools must be evaluated for data handling and potential vulnerabilities.
• Legal professionals are urged to verify AI-generated outputs to maintain accuracy and integrity.
• CISOs should assess law firms as high-risk third parties, particularly regarding their AI usage and data security practices.
• Collaboration between CISOs and legal counsel is essential to address supply chain risks tied to generative AI tools.
• Implementing AI governance platforms and cybersecurity controls can support compliance with the ABA’s ethical standards.
Understanding these guidelines can help organizations and law firms navigate the evolving intersection of technology, ethics, and legal practice.
#law #ABA #AI #ethics #cybersecurity
2025 Cybersecurity & AI Predictions: How Emerging Regulations Will Reshape CISO Strategies
LinkedIn
December 13, 2024
The regulatory and legal landscape for cybersecurity and AI is changing next year. CISOs face new challenges and opportunities as they navigate these changes.
• Emerging global cybersecurity laws will demand agility. Stricter privacy and data-handling controls are on the horizon, especially in regions like the EU.
• AI-powered threats are growing. Sophistication in attacks requires organizations to integrate AI into defense strategies.
• Compliance costs will rise. Adapting processes to meet stricter standards can strain resources but also encourage innovation.
• Advanced governance tools are becoming essential. Automation and predictive analytics will help align risk management with strategic goals.
Organizations prepared to integrate compliance within their strategy will navigate these changes more effectively while enhancing resilience and security.
#cybersecurity #regulation #predictions #GRC
2024 Cybersecurity Oversight Insights: EY Americas Center’s Key Findings for CISOs and Board Collaboration
LinkedIn
December 12, 2024
Cybersecurity governance is improving, with boards and CISOs playing pivotal roles in addressing emerging risks. Key takeaways from the EY 2024 report:
• Nearly three-quarters of Fortune 100 boards now prioritize cybersecurity expertise, improving oversight and decision-making.
• Voluntary disclosures about cybersecurity strategies have risen, enhancing transparency with stakeholders.
• CISOs are increasingly involved in board-level discussions, with 70% of disclosures referencing their role.
• Managing third-party vendor risks remains a significant focus, with an emphasis on proactive assessments and streamlined processes.
• Regular scenario planning and stress-testing are encouraged to strengthen cyber resilience and maintain operations during incidents.
Board members and CISOs are working closer than ever to align cybersecurity with organizational goals, ensuring a more informed approach to governance.
#cybersecurity #GRC #reports
Weekly news context for January 24th, 2024
LinkedIn
January 24, 2025
Stay updated on key compliance and cybersecurity topics this week:
- SEC Enforcement Actions: Recent penalties highlight the importance of aligning with disclosure requirements under the 2023 SEC Cybersecurity Rule. Companies have faced substantial fines for non-compliance.
- CPPA Data Broker Deadlines: Organizations must register by January 31. This includes submitting required documents, maintaining detailed records, and ensuring privacy policies are updated to avoid penalties.
- EU AI Act Compliance: February 2 brings new requirements, including AI literacy for staff and prohibitions on specific practices. Compliance demands training, audits, and robust controls to meet legal and ethical standards.
Weekly news context for January 17th, 2025
LinkedIn
January 17, 2025
Cybersecurity challenges this week highlight key areas for CISOs to focus on:
* Resilience strategies: The Global Cybersecurity Outlook 2025 underscores the need for risk-based approaches. Smaller organizations are vulnerable, with 35% reporting inadequate resilience. Understanding threats and their potential impacts is central to effective planning.
* AI governance: Oregon, Texas, and Massachusetts stress ethical AI use, targeting bias and enhancing transparency. This regulatory focus requires organizations to conduct risk assessments and establish data policies to ensure compliance.
* Compliance deadlines: With the DORA deadline now in effect, ICT risk management and incident reporting controls must align with strict requirements. Incident reports are due within hours, ensuring operational resilience.
Geopolitical tensions, AI vulnerabilities, and compliance frameworks remain significant themes as organizations address emerging risks.
#cybersecurity #risk #DORA #AI
Weekly news context for January 10th, 2025
LinkedIn
January 10, 2025
Key updates in cybersecurity this week:
* HIPAA rule changes: New proposals aim to enhance safeguards for electronic health data, including multi-factor authentication. The changes address audit gaps highlighted by the OIG. CISOs have 60 days to provide feedback on these updates, which could involve significant costs over five years.
* FCC and net neutrality: The Sixth Circuit court's ruling challenges the FCC's authority to enforce net neutrality. This decision, rooted in legal definitions, creates new regulatory challenges for organizations. Flexible compliance strategies are essential.
* Incident response planning: Preserving attorney-client privilege during cybersecurity incidents requires careful coordination with legal counsel. A “two-track” approach can separate business operations from litigation-focused investigations, protecting sensitive information. Regular updates and training are critical for readiness.
Companies with mature GRC programs have an advantage over their competitors. However, something has been missing in the GRC world: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. That’s where the GRC Maturity Model comes in.
Hyperproof’s GRC Maturity model is a practical roadmap for organizations to improve their GRC maturity business processes to enter new markets and successfully navigate our rapidly changing regulatory and legal space. By providing a vendor-agnostic roadmap for how companies can improve key business operations, we can help even the playing field for everyone in GRC.
This extensive, peer-reviewed model written by Kayne McGladrey includes:
An overview and definition of Governance, Risk, and Compliance (GRC)
A summary of the four maturity levels defined in the model: Traditional, Initial, Advanced, and Optimal
An overview of the most common business practices associated with governance, risk, and compliance
A simplified maturity chart listing the attributes associated with each maturity level
A list of observable behaviors or characteristics associated with the maturity level to help you assess where your organization falls
A set of high-level recommendations for how to move from a lower level to a higher level
What’s new in cybersecurity for physical security systems?
Source Security
June 01, 2023
The article explores the growing cyber resilience in the physical security industry, highlighting increased customer demands for compliance testing, the burgeoning use of cyber-safe cloud services, and the global adoption of the zero trust framework. It underscores the role of robust cybersecurity controls and the impact of IoT technologies in transforming physical security systems' connectivity and security posture.
Expert Panel Roundtable: What's new in cybersecurity for physical security systems?
Security Informed
June 01, 2023
Discover how manufacturers in the physical security industry are embracing enhanced cybersecurity measures and implementing them at scale. From streamlining maintenance and updates to integrating cloud solutions, these efforts aim to protect against evolving threats and human error. The article highlights the importance of compliance, secure communication, and training employees on best practices. Explore insights on zero trust principles, secure APIs, and evolving certifications, all contributing to the continuous improvement of cybersecurity in physical security systems.
Cyber Threat Prevention for PSOs: Credential Stuffing (Part 1 of 8)
PSVillage
May 17, 2017
Credential Stuffing, unfortunately, is not a new attack rather an existing attack that the bad guys have found a way to operate at economies of scale. Credential stuffing is a type of automated...
Cyber Threat Prevention for PSOs: Provisioning and De-provisioning (Part 2 of 8)
PSVillage
May 17, 2017
In this second episode of our 8 part series, Kayne McGladrey will be discussing Provisioning and De-Provisioning. In general, provisioning means "providing" or making a resource available. De-...
Cyber Threat Prevention for PSOs: Identity and Access Management (Part 3 of 8)
PSVillage
May 17, 2017
In this third episode of our 8 part series, Kayne McGladrey will walk you through three primary Identity and Access Management (IAM) systems available for your end users to have access to your...
Cyber Threat Prevention for PSOs: Privileged Access Management (Part 4 of 8)
PSVillage
May 17, 2017
In this fourth episode of our 8 part series, Kayne McGladrey will cover Identity Access Management system and a specific resource when it comes to where your client files are stored, or your...
Cyber Threat Prevention for PSOs: User and Entity Behavior Analysis (Part 5 of 8)
PSVillage
May 17, 2017
When a hacker has intercepted your credentials and login information and attempts to use that information, an effective User and Entity Behavior Analysis (UEBA) solution can be what saves you from...
Cyber Threat Prevention for PSOs: Multi-Factor Authentication (Part 6 of 8)
PSVillage
May 17, 2017
In this sixth episode of our 8 part series, Kayne McGladrey reviews Multi-Factor Authentication (MFA). MFA can be used in many instances to ensure the identity of a person trying to access or...
Cyber Threat Prevention for PSOs: Attestation Reporting (Part 7 of 8)
PSVillage
May 17, 2017
Kayne McGladrey discusses Attestation Reporting in the seventh video in this series. The goal of Attestation Reporting is to ensure that a user should have the access that has been requested and...
Cyber Threat Prevention for PSOs: Certification Campaigns (Part 8 of 8)
PSVillage
May 17, 2017
In this last video in the series of 8, We will see how the process of certification in consulting works. IGA, a governance administration tool, will produce certification reports and should work...
The proverbial endpoint is everywhere. Consumers have more IoT and mobile devices than ever before. Industrial IoT is becoming ubiquitous and IoT malware is as common as cell phones. While conveniences are making their way into every facet of life, so are malicious software, social engineering attack and all manner of bad actors.
Include Cybersecurity
Include Cybersecurity
January 05, 2018
Include Cybersecurity is a non-profit organization dedicated to changing the face of cybersecurity professionals. As a co-founder alongside Carmen Marsh, I am responsible for helping to find volunteers and speakers, moderating panel discussions, social media outreach, fundraising, and establishing connections with the many underrepresented communities in cybersecurity.
Senior member is the highest grade for which IEEE members can apply. IEEE members can self-nominate, or be nominated, for Senior Member grade.
To be eligible for application or nomination, candidates must:
* Be engineers, scientists, educators, technical executives, or originators in IEEE-designated fields
* Have experience reflecting professional maturity
* Have been in professional practice for at least ten years (with some credit for certain degrees)
* Show significant performance over a period of at least five of their years in professional practice
Top 50 IoT Influencers to follow in 2023
Engatica
November 08, 2022
Can IoT reach a level where businesses can build scalable solutions for the future? Will it help us have a better 2030? Well, the experts should know. And they should have a better idea of it.
Cloud Thought Leader of the Day ️
WhizLabs
July 09, 2021
Having 28+ years of experience in the field, Kayne McGladrey's role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors.
His consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies. One of his career priorities is to inspire underrepresented communities to pursue careers in cybersecurity.
His simplification of complex concepts to non-tech audiences has given him more reach on his social platforms. His blogs are a must-read for both tech and non-tech people who are interested in cybersecurity.
Check out his blogs here: https://lnkd.in/efHU2Mp
Currently, he is working as Security Architect / Strategy and GRC Practice Lead at Ascent Solutions LLC, a premier productivity, security, and innovation consulting firm.
We thank Kayne for his exceptional contribution to the cloud discipline.
150+ Top Global Cloud Thought Leaders and Next Generation Leaders of 2021
WhizLabs
April 19, 2021
Having 28+ years of experience in the field, Kayne’s expert approach on how to uphold that social contract by managing risks and deterring and denying threat actors is appreciated by many companies. One of his priorities is to inspire under-represented communities to pursue careers in cybersecurity. His simplification of complex concepts to non-tech audiences has given him more reach on his social platform. His blogs are must read for both technical and non-technical people who are interested in cybersecurity.
Top Cyber Pro Awards for 2020
Top Cyber Pro
December 01, 2020
Kayne McGladrey is a senior member of the IEEE and the cybersecurity strategist for Ascent Solutions. He has over two decades of experience in cybersecurity and has served as a CISO and advisory board member, and focuses on the policy, social, and economic effects of cybersecurity lapses to individuals, communities, and the nation.
How to Enhance Cloud Security Measures
Cyngular
May 14, 2024
In a post written by Kayne about what happens when agencies rely upon existing frameworks or rules that weren't originally designed for regulatory purposes, he states that there is the potential for complications: "Standards may evolve, leading to ambiguous regulations," he wrote, and, "In some cases, these standards could be outdated or not applicable to the current context."
Getting AI Right: 3 Challenges for the Future
IEEE Transmitter
October 25, 2023
AI systems need to be trained using data. But data sets are frequently made by people who can be biased or inaccurate. As a result, AI systems can perpetuate biases. This is especially true in hiring practices and in criminal justice, and managing those biases can be difficult.
“We can audit software code, manually or automatically, for privacy defects,” said IEEE Senior Member Kayne McGladrey. “Similarly, we can audit software code for security defects. We cannot currently audit software code for ethical defects or bias, and much of the coming regulation is going to screen the outcomes of AI models for discriminatory outcomes.”
Cybersecurity Concerns Continue
IEEE Transmitter
October 25, 2023
Realistically, the use of AI in cybersecurity will help to reduce the punishing cognitive load on tier 1 security operation center (SOC) analysts and incident responders. Rather than having to comb through a needlestack looking for a needle, AI promises to automate much of the correlation across vast amounts of data that humans struggle with.
What is End-To-End Encryption? 7 Questions Answered
IEEE Transmitter
August 17, 2023
“End-to-end encryption is generally agreed upon as being a useful technology for protecting the data of businesses and consumers,” said IEEE Senior Member Kayne McGladrey. “Online shopping, for example, would not be as popular or feasible if a consumer’s payment information could easily be intercepted. Similarly, private video calls over the internet by senior executives or government officials would be far too risky if anyone could watch.”
Telehealth is Booming: Here’s What You Need to Know
IEEE Transmitter
October 26, 2020
Telehealth, often referred to as virtual doctor appointments, has been utilized in remote regions that do not have local medical resources for several decades. But when COVID-19 began impacting many countries across the globe, telehealth became the go-to method for checking in with your doctor about possible COVID-19 symptoms or other healthcare check-ups.
How to Keep Your Video Conferences Secure From Intruders
IEEE Transmitter
April 16, 2020
As the world adjusts to a “new normal” of remote education and work, video conferencing services have surged in demand as people take to these platforms to connect digitally. Yet, these platforms are susceptible to a variety of intrusions that could lead to the theft of private and company data or inappropriately distracting calls and meetings that leave participants feeling they have no control.
To protect your students, employees, families and yourself from these types of cyber disruptions, we asked IEEE Member Kayne McGladrey for cybersecurity tips for safe video conferencing.
Decreasing Risk Through Enterprise Compliance
CSHub
March 02, 2020
Compliance is often viewed as a reaction for organizations. The auditing of compliance becomes the event that is anticipated with resources and preparation aligned to culminate in the audit itself. A famous approach used in product development is that launch is a process, not an event. The spirit of that message is important for security leaders to consider in building a sustainable business case for compliance. Compliance should be viewed as a continuous, organizational process.
Should You Be Worried About Airport Cybersecurity Threats?
IEEE Transmitter
February 13, 2020
Navigating and traveling through an airport can be stressful. Trying to get through security while searching for a boarding pass and assessing whether there’s enough time to jump on that long line for a desperately needed cup of coffee is a universal experience.
With all of that juggling going on, the last thing on your mind are the cybersecurity threats that you might encounter at the airport along the way. Luckily, cybersecurity experts have already put into place a variety of technologies to protect us and keep our cyber lives safe while we travel. So take a deep breath and focus on getting to your seat in a timely manner instead.
Passwords, Multi-Factor Authentication and Cybersecurity
IEEE Transmitter
April 16, 2018
Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”
Why AI Could be Cybersecurity’s Next Big Thing
IEEE Transmitter
February 16, 2018
For many organizations, analysts in security operations centers spend their days sifting through hoards of log files for suspicious activity. The repetitive nature of this work makes AI an ideal replacement, says Kayne McGladrey, IEEE Member, Director of Information Security Services at Integral Partners (US): “Artificial intelligence has been shown to be good at pattern recognition and correlation over a vast number of data points, and can make connections faster than human analysts would.”
Smart Office Controls
IEEE Transmitter
April 20, 2017
Forget light switches and thermostat buttons in the office. IoT sensors can control when lights go on and off, as well as heating and cooling in the office. Lights can go on and off based on your location.
IOT and Big Data: A Day in a Connected Life
IEEE Transmitter
April 05, 2017
How could your data be used?
“Office workers often find that all the meeting rooms are booked, which can mean consulting teams that arrive to meet with a client must search for an unoccupied meeting room in which to squat. Regardless of reservation status, IoT sensors can impassively detect if meeting rooms are unoccupied and offer them on a first-come, first-served basis.”
What are the security and privacy concerns with this device?
“Insecure IoT heating, ventilation and air conditioning systems are a threat to buildings and cities. For example, in the summer, a hard-coded administrative password in an IoT thermostat deployed in smart buildings in New York City could be compromised by an adversary who forces the thermostats to continuously run cooling systems. The spike in electrical usage could cause a very costly, life-threatening blackout.”
Understanding Cybersecurity Breaches at Consulting Firms
IEEE Transmitter
March 30, 2017
Cybersecurity threats are affecting consulting and professional service firms causing substantial losses. Kayne McGladrey (@kaynemcgladrey), an IEEE Member and professional services director, weighed in on how consulting firms can mitigate threats, keep client data safe and learn from current breaches.
Unveiling the 2025 IT Risk and Compliance Benchmark Report: Top Findings to Start Your Year
Hyperproof
January 23, 2025
Join us on January 23rd at 11am PT / 2pm ET as we unveil the findings from Hyperproof’s sixth annual IT risk and compliance benchmark report. Each year, we ask over 1,000 GRC professionals about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to provide an in-depth view of the market’s current state and what to expect for the coming year.
2024 was a milestone year for governance, risk, and compliance (GRC). As companies grappled with increasing regulatory demands, growing stakeholder expectations, and an ever-expanding risk landscape, the importance of maturing GRC programs rose to prominence. Learn about how over the last year, the perception of GRC across organizations has transformed from merely a checkbox exercise to a driver of operational excellence and strategic growth — a trend that is strongly represented in the data.
Join us as we explore:
- Our top findings, an in-depth look at the data from 2024, and an analysis of how these findings will impact GRC in 2025
- How organizations responded to new EU regulations and how these regulations might affect 2025
- Why and how organizations are making deliberate efforts to mature their GRC practices
- The drivers behind why GRC teams expanded in 2024 and why they are expected to continue to grow in 2025
- How organizations in 2024 leveraged generative AI to streamline their processes
Unveiling the 2025 IT Risk and Compliance Benchmark Report
ISC2
January 23, 2025
Join Erin Nelson and me for the unveiling of Hyperproof’s 2025 IT Risk and Compliance Benchmark Report. This year’s report captures the insights of over 1,000 GRC professionals and reflects a transformative year for governance, risk, and compliance. We’ll break down the data to reveal how organizations responded to evolving regulations, scaled their teams, and leveraged generative AI to optimize risk management processes.
You’ll also hear about the growing recognition of GRC’s role in driving strategic growth and operational excellence. Erin and I will walk through the drivers behind these trends, examine the impact of new EU regulations, and provide a forward-looking analysis of how these findings set the tone for 2025. Don’t miss this opportunity to gain practical insights that can help guide your organization’s approach to IT risk and compliance in the year ahead.
January 23, 2025 10:00 a.m. - 11:00 a.m. Eastern time
New Year, New Standards: Preparing for SEC Cybersecurity Disclosures in 2025 and Beyond
CIO & CISO Atlanta Summit
December 05, 2024
The SEC’s new cybersecurity disclosure requirements have set a new benchmark for transparency and accountability, compelling public companies to enhance their cybersecurity practices and reporting.
In this session, you’ll learn how to align your organizations with these evolving requirements and take proactive steps to stay ahead of regulatory expectations.
In this session, we’ll join Kayne McGladrey, Field CISO at Hyperproof, to discuss:
An overview of the 2024 SEC cybersecurity requirements
Best practices for cybersecurity disclosures
How to prepare for the 2025 disclosure season
Bridging the Gap: Communicating Cyber Risks as Business Imperatives
ISC2
October 25, 2023
As CISOs make plans to secure operating budgets for the new financial year, they face the age-old challenge of convincing stakeholders, who often see cybersecurity and privacy as a cost center, to invest in this area. It's time to change the narrative. Discover how to drive more productive conversations about cybersecurity as a strategic growth enabler. Take home actionable ideas for proactively managing controls and risks, increasing efficiency and reducing costs.
2023 IT Compliance and Risk Benchmark Report Findings: The Top 5 Game-Changers
Hyperproof
February 23, 2023
Hyperproof conducts an annual survey to uncover the top challenges IT compliance professionals face and what hot topics they’re focused on in the coming year. We’ve asked over 1,000 survey respondents about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to provide an in-depth view of the market’s current state and what to prepare for this year.
We’ll cover:
The top five findings from the survey
How your peers are planning to handle compliance, audit management, and risk management in the midst of a volatile economy
What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations
Leading practices for ensuring security, compliance, and risk management today
Closing Keynote - The Most Common Visibility and Compliance Lapses in Your Cloud Vendors’ Environments.
SC Magazine
May 17, 2022
Whenever a key business function is hosted by a cloud-based vendor, your organization cedes a certain amount of control to the service provider. And that sometimes means that your security team lacks visibility into how this third party handles sensitive data and to what degree it successfully meets regulatory compliance standards around privacy and data security. This session will identify some of the most common gaps in visibility and compliance to develop between companies and their SaaS, PaaS and IaaS providers, and explain the root causes behind these lapses so that your own company hopefully can avoid some of these pitfalls.
Opening keynote speech at the Seattle Electrical Conference
Seattle Electrical Conference
December 22, 2020
Our key note speaker Kayne McGladrey today will discuss Cybersecurity. Keeping our websites and our networks secure is one of our biggest challenges in our digital age.
Keynote speech at CIA Conference 2020
CIA Conference
October 26, 2020
Prepare and adapt yourself to evolving threat landscape by listening to our next keynote speaker Mr. Kayne McGladrey, will speak on "Deter, Deny and Defend Against Cyber Attacks."
24th Annual Colloquium for Information Systems Security Education - November 4th, 2020
Colloquium for Information Systems Security Education
September 28, 2020
On November 4th at 8:15 AM Pacific, Kayne McGladrey, CISSP, will give the keynote speech at the Colloquium for Information Systems Security Education and discuss the social and economic impacts of cyber security during a pandemic. Registration is free.
Tags: COVID19, Cybersecurity, Diversity and Inclusion
TAG Cybersecurity - February 2020 Meeting
TAG NW
February 03, 2020
Featured Presentation:
"Best practices for cyber security training programs" by Kayne McGladrey, CISSP
Employees dread the meeting invitation that reads 'Annual mandatory cyber security training in the break room at 1 PM Wednesday'. In this presentation, we'll discuss best practices for creating a reality-based training program that encourages employee participation and builds organizational muscle memory for responding to active threats.
Deter, Deny, and Defend Against the Three Most Common Cyber Attacks
TagNW
November 08, 2019
Cyber attacks are bad and getting worse, and you’d like to turn things around before it’s too late. In this session, you’ll learn how the three most common attacks target people, how to deter and deny threat actors attacking your applications, and how to defend yourself and your community.
Cybersecurity Career Accelerator EXPO
Include Cybersecurity
December 01, 2018
The Cybersecurity Career Accelerator Expo 2018 program is an opportunity for anyone interested in cybersecurity to come receive – and share – useful and relevant information critical to launching – or advancing – a career in cybersecurity. This day-long symposium will be divided into two tracks with sessions designed to benefit novice, entry-level and advanced cybersecurity professionals. The content will be presented in a combination of lectures, workshops and expert panel formats.
Cybersecurity Career Accelerator Expo 2018 is part of the “Include Cybersecurity” initiative focusing on cybersecurity workforce development in the Sacramento Valley. Our mission is to spark interest within traditionally underrepresented groups in exploring an exciting and rewarding career in cybersecurity.
Include Cybersecurity Event 2018
Include Cybersecurity
September 06, 2018
Our panel discussion on September 6th, 2018 presents an opportunity for anyone interested in cybersecurity to learn firsthand from the experts what it takes to succeed. A significant portion of this event will be questions from the audience.
The panelists and speakers are passionate cybersecurity defenders. They are experts in the field and bring first-hand knowledge of what it’s like working as part of a cybersecurity team and how to take the first steps to join this growing community.
Include Cybersecurity 2018
Conferize
September 06, 2018
Every day your news feed has a story about cybersecurity. About a friend that has to replace their credit card due to a breach. A couple that’s trying to repair their credit report due to identity theft. A business laying off staff because of losses from a phishing email.
You are not powerless. All communities are affected by cybercrime, but not all groups of people are working together to fight back against cybercriminals. Our goal is to educate and empower job seekers of all stripes to take the plunge into the cybersecurity world. We want to dispel common myths about what it takes to succeed in a cybersecurity job so that the cybersecurity industry represents the diversity of our nation.
Cybersecurity for Outside Counsel
Clear Law Institute
October 05, 2017
A 2016 American Bar Association survey showed that more than 25% of law firms had at least one data security breach in that year. In the spring of 2017, the Association of Corporate Counsel (“ACC”) released their Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information (“Model ”). The Model provides best practices for data security that outside counsel should use to safeguard their company’s confidential information.
This webinar will show how outside counsel can best implement the ACC’s recommendations to avoid a potentially catastrophic data security breach. Instead of focusing on the easy and self-evident solutions to sections 3, 4, 7, and 8 of the Model, this presentation will focus on the areas where external counsel is most likely to encounter difficulties.
CYBER SECURITY FOR SMALL BUSINESSES AND CONSULTANTS
IEEE
August 08, 2017
Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey, speaker, author and Director of Information Security Services for Integral Partners (http://www.ipllc.co) for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses.
Kayne will discuss:
- Why you should manage risks based on user identity instead of chasing the latest threats
- How individual consultants can protect themselves
- A vendor-neutral reference architecture for cyber security at small businesses
We will have time for Q&A at the end of the presentation.
Cybersecurity for consultants and small businesses
IEEE-USA
March 30, 2017
Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey , speaker, author, and IEEE Member for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses. Kayne will discuss:
- Why you should manage risks based on user identity instead of chasing the latest threats
- How individual consultants can protect themselves
- A vendor-neutral reference architecture for cyber security at small businesses
We will have time for Q&A at the end of the presentation.
Bridging the AI Skills Gap: Top Strategies for IT Teams in 2025
ITPro Today
December 11, 2024
Kayne McGladrey, IEEE senior member and field CISO at Hyperproof, said AI ethics skills are important because they ensure that AI systems are developed and used responsibly, aligning with ethical standards and societal values.
How AI poses a threat to election security
Security Magazine
October 07, 2024
“We can anticipate a significant increase in disinformation and phishing attacks as the United States prepares for early or mail-in voting in the 2024 elections. The majority of these attacks will likely come from cybercriminals spreading disinformation about how and where to vote. This year’s phishing campaigns may be more sophisticated and widespread, as non-native English or Spanish speakers will be able to leverage large language models to produce realistic messaging,” says Kayne McGladrey, IEEE Senior Member.
AI’s Human Mimicry Spurs ‘Personhood Credential’ Proposal
PYMNTS
September 05, 2024
"Security concerns also loom. As McGladrey said, threat actors would likely constantly attack centralized personhood credential providers. However, the level of encryption used in such a system may improve current security measures."
How Safe and Secure Is GenAI Really?
Information Week
August 08, 2024
“After all, AI serves as both a force accelerator, as it will allow those threat actors to operate at large scale without having to increase the size of their workforce. At the same time, the ability of AI to generate convincing-enough speech in another language will serve to open new markets to threat actors who might have previously employed linguists,” says Kayne McGladrey, Field CISO a Hyperproof.
6 tips for consolidating your IT security tool set
CSO Online
July 11, 2024
All controls and tools should be linked to a reduction in the probability or likelihood of a risk that’s above the organization’s tolerance level, says Kayne McGladrey, CISO at risk management provider Hyperproof and a senior member of IEEE. If there’s no longer a need for a product, it should go.
SEC Cyber Risk Disclosures: What Companies Need to Know
ISMG
June 12, 2024
In this video interview with Information Security Media Group at the Cybersecurity Implications of AI Summit, McGladrey also discussed:
* Why companies should use tools and software to collect and automatically gather evidence of compliance;
* The consequences of false cyber risk disclosures;
* The impact that SEC requirements have on private companies and supply chains.
AI system poisoning is a growing threat — is your security regime ready?
CSO Online
June 10, 2024
Although motivations like that mean any organization using AI could be a victim, Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), a nonprofit professional association, and field CISO at Hyperproof, says he expects hackers will be more likely to target the tech companies making and training AI systems.
But CISOs shouldn’t breathe a sigh of relief, McGladrey says, as their organizations could be impacted by those attacks if they are using the vendor-supplied corrupted AI systems.
Lodi, Calif., Built a Ransomware Defense Matrix with Multiple Solutions
State Tech
June 04, 2024
“To defend against ransomware, organizations must adopt a comprehensive, layered approach to cybersecurity, encompassing people, technology and processes,” says IEEE Senior Member Kayne McGladrey.
In addition to identifying suspicious emails, “technologies such as anti-virus software, endpoint detection and response systems, automated patching, threat intelligence feeds, and encrypted offline backups further mitigate the risk of ransomware,” he says.
AI models inch closer to hacking on their own
Axios
April 26, 2024
The big picture: AI model operators don't have a good way of reigning in these malicious use cases, Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), told Axios. Allowing LLMs to digest and train on CVE data can help defenders synthesize the wave of threat alerts coming their way each day. Operators have only two real choices in this type of situation: allow the models to train on security vulnerability data or completely block them from accessing vulnerability lists, he added. "It's going to be a feature of the landscape because it is a dual-use technology at the end of the day," McGladrey said.
The Jobs of Tomorrow: Insights on AI and the Future of Work
CXOToday
April 23, 2024
Kayne McGladrey, IEEE Senior Member, noted that the use of generative AI models in business hinges on their ability to provide accurate information. He cited as examples studies of AI models’ abilities to extract information from documents used for financial sector regulation that are frequently relied on to make investment decisions. “Right now, the best AI models get 80 percent of the questions right,” McGladrey said. “They hallucinate the other 20 percent of the time. That’s not a good sign if you think you are making investment decisions based on artificial intelligence telling you this is a great strategy four out of five times.”
The Evolution of the CISO Role in Modern Cybersecurity
Ask a CISSP
April 18, 2024
Welcome back to this week's "Ask A CISSP," where we dive deep into the evolving world of cybersecurity with key industry leaders. In a recent enlightening episode, we were joined by Kayne McGladrey, Field CISO at Hyperproof, to discuss the pressing challenges and transformations within the role of Chief Information Security Officers (CISOs).
For a larger overview of our conversation please check out, "Navigating the Future of Cybersecurity with Kayne McGladrey"
What are the biggest ethical considerations of security technology?
Source Security
April 04, 2024
Algorithmic bias is one of the primary risks associated with emerging physical surveillance technologies. While the risks of facial recognition software are well known and documented, efforts are being taken to adapt computer vision to new and novel use cases. For example, one of the more deeply flawed failures was an attempt to detect aggressive behaviour or body language, which was unfeasible as there was not enough training data available. Other physical security systems will face a similar challenge of not discriminating against individuals based on protected factors due to a lack of training data, or more likely, a lack of gender or racially unbiased training data. Companies considering purchasing advanced or emerging physical security systems should enquire about the training data used in the development of those systems to not be subject to civil penalties resulting from discrimination caused by using said systems.
The Evolving Landscape of Cybersecurity for Medium-Sized Businesses
Cyberfame
February 16, 2024
In recent years, we've seen a significant shift in the threats targeting businesses. "Everybody focused on the human harms, people couldn't check into their hotel rooms; people couldn't use an ATM... the nature of the technical exploits is not what we focus on in terms of harm... that's not what we focus on in terms of harm," states Kayne McGladrey, a field CISO at Hyperproof and senior IEEE member. This reiterates the transition from mere inconvenience to significant operational disruptions and economic consequences that cyber threats now pose.
Kayne McGladrey: The CISO’s Role Is To Advise on Business Risk
The PrOTect OT Cybersecurity Podcast
November 09, 2023
In this episode of The PrOTect OT Cybersecurity Podcast, Aaron and Kayne McGladrey discuss:
Strategic alignment of cybersecurity with business risk
Navigating the changing landscape of cybersecurity
Empowering CISOs in the evolving landscape of cybersecurity
The challenges and opportunities of generative AI
Key Takeaways:
The key to a successful cybersecurity strategy lies in reframing it as a business imperative, focusing on aligning security efforts with business risks, engaging with cross-functional teams, proactively obtaining certifications, and leveraging control design expertise, ensuring a competitive advantage and effective risk management beyond mere compliance and technology concerns.In today's dynamic cybersecurity landscape, CISOs must continually reassess their controls and their alignment with business risks, while also considering the personal liability they bear, making succession planning and strategic adaptability vital for maintaining effective security programs.The role of a CISO is crucial, yet often misunderstood; empowering and respecting CISOs' authority is essential to effectively manage cyber risks and avoid potential disasters, as generic approaches and AI-driven risk registers fall short of addressing the unique challenges faced by businesses.In a world where cybersecurity threats are inevitable, the key lies in fostering resiliency rather than aiming for an unattainable zero-risk goal; while a lot are excited about the potential of education and automation, the lack of regulatory control over generative AI poses a daunting challenge, risking societal upheaval and economic unrest.
"If we don't decide to manage the economic impacts of artificial intelligence, potentially a lot of industries could be at least partially automated. And that has the potential for a lot of social arm where people just don't have jobs. And when you get people who are automated out of a job, what are they going to go do? They're going to do something that everybody can do fine, but it doesn't pay well. Like you end up going and driving for a living or doing deliveries for a living. And you end up with a highly educated workforce that is unhappy. That's like a recipe right there for civil unrest." — Kayne McGladrey
Next-Generation Cybersecurity Defenses Coalesce for Space Systems
Via Satellite
October 23, 2023
“There's the cybersecurity threat and then there's the real threat,” explains Kayne McGladrey, field chief information security officer (CISO) of compliance company Hyperproof, and senior member of the Institute of Electrical and Electronics Engineers (IEEE). “A cybersecurity threat is disruption, like when we saw the Russians invade Ukraine as part of their illegal war, they took down Viasat and not by attacking the satellites themselves, instead, they attacked the firmware of satellite modems on the ground."
PCI Compliance & the Importance of Penetration Testing
StateTech Magazine
October 23, 2023
By asking the right questions and implementing appropriate controls according to a defined standard, state and local agencies can go a long way toward improving security. “If you're compliant with PCI, it really does reduce the likelihood of data breaches and the reputational damage associated with that,” says Kayne McGladrey, IEEE Senior Member and field CISO at compliance management platform Hyperproof.
Why a return to the office brings identity and mental health challenges
SDX Central
October 10, 2023
Another newer issue is that “the transition from a fully remote to a partially on-site work environment creates substantive cybersecurity concerns based on the ongoing mental health crisis,’’ said IEEE senior member Kayne McGladrey. As some businesses attempt to mandate a return to the office, they should be aware of the mental health challenges employees are facing, he said. “Research shows a significant decline in workers’ mental well-being, resulting in stress and anxiety. These mental states can negatively affect decision-making and lead to cybersecurity lapses.”
The Job Of Security Director Is Expanding: How Does It Impact Technology?
Security Informed
October 10, 2023
The enduring trend of allowing employees to work either partially or entirely from home has significantly impacted the role of the security director. No longer limited to overseeing an organization's physical office or campus, security director must look outside of their four walls to understand the full spectrum of modern risks. This expanded view necessitates close partnerships with cybersecurity experts to implement effective controls. For instance, while certain systems like operational technology systems (OT) remain bound to specific locations, many essential business tools, like laptops, often function remotely. The theft of an unencrypted laptop is often the cause of a security breach. In contrast, addressing the theft of an encrypted laptop simply involves filing a police report and replacing the affected device for the user. Additionally, security directors now find themselves working hand in hand with HR departments to enforce compliance measures, such as the heightened background checks and employee risk assessments mandated by FedRAMP and various financial regulations.
Is basic cyber hygiene enough in the age of AI?
APN News
September 27, 2023
IEEE Senior Member Kayne McGladrey said that “These threats are not merely theoretical, although at the moment, they are still relatively limited in their application. It is reasonable to expect that threat actors will continue to find innovative new uses of generative AI, extending beyond business email compromise, deepfakes and the generation of attack code.”
Emerging cyber threats in 2023 from AI to quantum to data poisoning
CSO Online
September 08, 2023
Kayne McGladrey, field CISO at Hyperproof, has seen the evidence. He worked with one organization whose executives received a contract for review and signature. "Nearly everything looked right," McGladrey says. The only noticeable mistake was a minor error in the company's name, which the chief counsel caught. But Gen AI isn't just boosting the hackers' speed and sophistication, it's also expanding their reach, McGladrey says. Hackers can now use gen AI to create phishing campaigns with believable text in nearly any language, including those that have seen fewer attack attempts to date because the language is hard to learn or rarely spoken by non-native speakers.
Universities Tap Student Talent to Support Security Operations
EdTech Magazine
August 25, 2023
“Not all high schools are promoting cybersecurity as a career option, and working in the SOC can have the knock-on effect of bringing people in who were unaware of the field before,” says Kayne McGladrey, a senior member at IEEE. Even if they don’t go on to take cyber jobs, “working in the SOC gives them exposure to some of the language and risks common in cybersecurity,” he says. “Then, if they’re working as developers, it’ll influence the direction by which they create things. They’ll at least have security in mind.”
Expert: Generative AI won’t harm cybersecurity workforce
SC Media
August 23, 2023
TechRepublic reports that generative artificial intelligence has been touted by Hyperproof Field Chief Information Security Officer Kayne McGladrey to not hamper employment opportunities in cybersecurity.
Continuous cyberattack innovation and supply chain diversity among threat actors would ensure that humans will not be displaced by generative AI, said McGladrey in an interview at the Black Hat security conference.
"We're going to need to continuously adapt the tools that we have with the people we have in order to face the threats and risks that businesses and society continue to face," said McGladrey.
Navigating the World of US Regulations: What You Need to Know
Data Protection World Forum
December 10, 2024
Navigating the complex web of US regulations is critical for organizations striving to ensure compliance and mitigate risk. This session will offer a comprehensive overview of the current US regulatory landscape, highlighting key regulations, trends, and their implications for businesses across various sectors.
Expert Predictions for 2024
GPSec
November 27, 2023
An illuminating panel discussion, ‘Expert Predictions for 2024’, where seasoned experts delve into the future of cybersecurity. This dynamic discussion explores controversial key areas shaping the landscape in the coming year.
Cyber Budgets Taking a Step Back
Maturity in Vulnerability Management
AI Effects on Cybersecurity Job Market
Experts provide valuable predictions and actionable insights to help you navigate the complex cybersecurity terrain of 2024.
Don’t miss the opportunity to stay ahead of the curve in a rapidly evolving digital world.
Keynote Panelists
Michael Fulton, Vernovis, Chief Information Officer
Warner Moore, Gamma Force, Founder & vCISO
Joe Otten, Fifth Third Bank, Sr. Director, Information Security
KEYNOTE PRESENTATION: Expert Predictions for 2024 at GPSEC Columbus Tech Summit 2023
Whova
November 14, 2023
Join us for an illuminating panel discussion, ‘Expert Predictions for 2024’, where seasoned experts delve into the future of cybersecurity. This dynamic discussion will explore controversial key areas shaping the landscape in the coming year.
- Microsoft Security Co-pilot Effects
- Cyber Budgets Taking a Step Back
- Impact of War Climate on Cybersecurity
- Maturity in Vulnerability Management
- AI Effects on Cybersecurity Job Market
Our panel of experts will provide valuable predictions and actionable insights to help you navigate the complex cybersecurity terrain of 2024. Don’t miss this opportunity to stay ahead of the curve in a rapidly evolving digital world.
A 2023 Regulatory Round-Up and How to Prepare for 2024
ISACA
October 30, 2023
This year has brought a number of regulatory changes and updates. From the SEC’s new guidance to updates to the industry go-to standards of NIST CSF, 2023 was yet another year of cyber security and compliance evolution. With every shift in regulatory guidance or requirement, should come a shift in the way organizations are thinking about the way they are protecting their data and the data of their customers. Join our panel of experts as they not only discuss what we’ve seen change in 2023, but also how they suggest security and risk professionals strategically prepare for the year ahead.