Keynote slides from TagNW Summit 2019
TagNW
December 07, 2019
Cyber attacks are bad and getting worse, and you’d like to turn things around before it’s too late. In this session, you’ll learn how the three most common attacks target people, how to deter and deny threat actors attacking your applications, and how to defend yourself and your community.
These slides were originally presented at the 2019 TagNW Summit in Bellingham, WA.
See publication
Tags: Cybersecurity
We Talk to Global Cybersecurity Influencer and Expert Kayne McGladrey!
My Hacker Tech
November 29, 2019
We thought it would be a great idea to get Kayne's take on some key issues facing the world from a cybersecurity perspective, and also learn more about his journey. We get lots of questions from readers about how to break into the cybersecurity industry, how to get their foot in the door, and all manner of other questions relating to getting started. This is why we think it's so important to share the experiences of those in the industry.
See publication
Tags: Cybersecurity, IoT
A cybersecurity skills gap demands thinking outside the box
Tech Target
November 04, 2019
According to McGladrey, HR's fear of bringing in the wrong person -- and indirectly causing a breach -- often drives such postings. That, in turn, fuels the perception that there's an insurmountable shortage of security candidates, he said, when, in fact, a broad spectrum of diverse, talented individuals exists if organizations are willing to find and train them.
But security leaders need to make the case to HR for hiring people based on aptitude and skill, even if they aren't "a certified ethical hacker since 2000, with 10 years of experience with Kali Linux and a Purple Heart."
"Flexibility is really important" to successfully fill the cybersecurity skills gap, McGladrey said.
See publication
Tags: Cybersecurity
3 Ways To Prepare Now For Future Endpoint Defense
CSHub
September 26, 2019
“The explosion of connected devices also requires re-thinking the protection mechanisms to apply to those endpoints,” says Kayne McGladrey, Director of Security and IT, Pensar Development. “Similarly, the widespread adoption of cloud-based services means that there’s no single network to protect.”
See publication
Tags: Cybersecurity, IoT
4 Cybersecurity Best Practices for Electrical Engineers
Dark Reading
September 24, 2019
Threat actors have increased their focus on supply chain attacks since 2017, with 73% of engineering firms reporting a supply chain attack in 2018. In the first quarter of 2019, Operation Shadowhammer was revealed to have compromised the software update mechanism of a major PC manufacturer. According to eSentire, 44% of firms have suffered a significant supply chain breach through a vendor.
These high-profile breaches have either been used to deploy ransomware or steal the intellectual property produced by engineers. As engineers create and access intellectual property such as CAD designs or manufacturing data, achieving persistence in an engineering firm gives a threat actor unparalleled insight into upcoming product designs and manufacturing processes.
Much of the media focus has been on the financial damage from supply chain breaches, the nation-state actors behind the breaches, and the ill-defined "supply chain" itself. But surprisingly, despite the overheated media coverage, most electrical engineering (EE) firms are not the targets of a bear, kitten, or panda, which are frequently cited as advanced persistent threat groups behind the attacks. Most EE firms are targeted by threat actors of opportunity because they have two necessary ingredients: people and computers. This article lays out four best practices for individual EEs to help protect their firms.
See publication
Tags: Cybersecurity
Changing The Course Of History Means Every Month Needs To Be Cyber Security Month
Cyber Security Hub
September 09, 2019
There’s a communications breakdown between those working in cyber security and those who are not. This failure to communicate is leading to the greatest transfer of wealth in history. People aren’t seeking actionable advice during “October is National Cyber Security Month”, and they’re tuning out of their mandatory corporate drop-ceiling one-hour cyber security training in the breakroom. Even though individuals are harmed, there’s the persistent belief that this must be someone else’s problem.
See publication
Tags: Cybersecurity
The Ethics Of The IoT: Are Engineers Failing To Speak Up?
CSHub
June 25, 2019
The overwhelming majority of IoT devices on the market are hot garbage that do not follow security best practices. Allowing consumers to use passwords that have appeared in breaches before makes it easy for threat actors to gain persistence on devices. Devices with no update mechanism means IoT devices become a perpetual threat once the first vulnerability is found. Most people have no way of knowing that their IoT sensor needs an update, so it’s unrealistic to shift the responsibility of software updates to consumers.
See publication
Tags: Cybersecurity, IoT
Securing IoT: Whose responsibility is it?
Tech Target
February 26, 2019
Enterprises and consumers alike are rewarding vendors that produce low-cost, insecure devices, such as $20 IP-based security cameras. It'd be easier for everyone if those consumers instead sent $20 to threat actors who will inevitably compromise those devices, as this would only be a $20 problem.
However, when threat actors conscript thousands of insecure IP-based security cameras into a botnet that can knock major brands off the internet -- such as what happened with the Mirai botnet attacks in the fall of 2016, it potentially becomes a multimillion-dollar problem that affects major markets and international relations.
See publication
Tags: Cybersecurity, IoT
How can a security automation tool help mitigate unknown threats?
Tech Target
January 25, 2019
Security automation tools help ease the deluge of alerts security teams receive, according to IEEE member Kayne McGladrey, letting them focus on more interesting aspects of IT security.
See publication
Tags: Cybersecurity, Risk Management
How do AI algorithms automate IoT threat detection?
IoT Agenda
January 09, 2019
IoT threat detection is about to get easier, thanks to the automating abilities of AI algorithms. But, as IEEE member Kayne McGladrey explains, it doesn't mean humans are out of the picture.
See publication
Tags: AI, Cybersecurity, IoT
How Awareness, Attention Can Improve Cyber Security
CS Hub
October 10, 2018
Besides working nights, I learned in my fifteen-minute conversation that Rosa volunteers at an elementary school. She’d met no one who worked in cyber security, and the kids she worked with hadn’t considered it as a career option. They wanted to be rappers, they wanted to be marine biologists; they didn’t know there was a high-paying position called “security operations center analyst.”
See publication
Tags: Cybersecurity
3 Cybersecurity Challenges for IIoT Devices in 2018
Robotics Business Review
September 25, 2018
As the clock ticks towards a massive and preventable cyberattack on IIoT devices, manufacturers and companies deploying them must address three challenges.
See publication
Tags: Cybersecurity, IoT
Budgetary Foresight: 3 Essential Cyber Security Programs For 2019
CSHub
July 16, 2018
The back-to-school sales circulars are arriving, a reminder that fall is on its way. For most organizations, fall also brings an annual budgetary exercise for which many mid-level managers and executives will be unprepared.
See publication
Tags: Cybersecurity
Video: Certification Campaigns (Core Identity and Access Management Part 8 of 8)
linkedin
July 11, 2018
In this last video in the series of 8 about Identity and Access Management, we will see how the process of certification in consulting works. IGA, a governance administration tool, will produce certification reports and should work with all the systems. The auditor will use the tool, and the tool will interrogate all the resources. All the logic and process for the campaign will be saved in this tool. This reduces the need to keep questioning participants constantly.
See publication
Tags: Cybersecurity
Video: Attestation Reporting (Core Identity and Access Management Part 7 of 8)
linkedin
June 27, 2018
Kayne McGladrey discusses Attestation Reporting in the seventh video in this series about Identity and Access Management. The goal of Attestation Reporting is to ensure that a user should have the access that has been requested and if not, being able to revoke that access.
See publication
Tags: Cybersecurity
3 Tips To Thwart Insider Attacks: An Essential Guide For Summer Travels
CS Hub
June 25, 2018
Dos And Dont's For Privileged Accounts
See publication
Tags: Cybersecurity
Video: Multi-Factor Authentication (Core Identity and Access Management Part 6 of 8)
linkedin
June 20, 2018
In this sixth episode of this 8 part series on Identity and Access Management, Kayne McGladrey reviews Multi-Factor Authentication (MFA). MFA can be used in many instances to ensure the identity of a person trying to access or approve items on your system. There are several different types of MFA that can be used, and this video discusses which ones are recommended or not and why. Several different scenarios are also presented to discuss when/why you want to have MFA set up to work with your Identity and Access Management and User and Entity Behavior Analysis systems. You will learn:
See publication
Tags: Cybersecurity
The 'Internet of Payments' puts ID security on the smartphone
Payments Source
May 29, 2018
When a "pay restroom" 100 miles from the nearest major city accepts frictionless mobile payments, stores that force buyers to wait a minute for a chip-and-PIN transaction seem dated, and cash-only transactions are inconvenient.
See publication
Tags: Cybersecurity
Three Preventative Measures for Cybersecurity Health-Care Disorders
Bloomberg Law
April 25, 2018
The regulatory environment for health-care organizations places a high value on personal health information, writes Kayne McGladrey of Integral Partners. However, the dark web market value of PHI has cratered, according to cybersecurity firm Flashpoint. A PHI record that sold for an average of $75 to $100 in 2015 would net $0.50 to $1 in 2017, he writes.
See publication
Tags: Cybersecurity
Two Easy Steps To Reduce And Detect Threats In A Cloud Environment
CS Hub
March 19, 2018
Although organizations believe the cloud to be inherently more secure, this two-step strategy will improve the security of cloud-based solutions for each organization. When combined with a larger cyber security program, these reduce the risks of a damaging breach.
See publication
Tags: Cloud, Cybersecurity
‘Cyber Security’s Not An Install Process’: Q&A With Kayne McGladrey
CS Hub
February 12, 2018
McGladrey, whose work focuses on identity and access management, leads a team that assists clients in multiple industries. The focus: insider and outsider threats on non-privileged or privileged credentials. McGladrey said that technology has matured so much, that overall cyber security is not about software installation.
See publication
Tags: Cybersecurity
‘It Comes Back To You’: Evaluating Third-Party Cyber Risk Management
CS Hub
February 07, 2018
Expanding on this, national cyber security expert and the Director of Information Security Services at Integral Partners, Kayne McGladrey, told the Cyber Security Hub that, “If you’re breached by a third party, nobody cares that it’s the third party’s fault. It comes back to you.”
He continued: “It’s your fault for not having adequate controls. And the single easiest third-party control is around onboarding and off-boarding third-party accounts.”
Even if you’re rotating passwords, monitoring privileged access, auditing, etc., McGladrey said you must know, empirically, who’s accessing your network.
See publication
Tags: Cybersecurity, Risk Management
Welcoming the robo-nannies
HP Enterprise
January 30, 2018
"Things that were unthinkable 10 years ago are being accepted as commonplace. And that trend will continue.”
See publication
Tags: AI, Cybersecurity
"Universal fingerprint" can crack 65% of the real fingerprint identification
China Business Network
April 25, 2017
In modern society, the fingerprint recognition function makes the smart phone become miraculous convenience. Just a touch can be unlocked, to achieve payment, no need to enter the password. From the shop a small package of snacks, to a laptop, and even the value of one million US dollars Aston - Martin retro car, can be used to solve the fingerprints. In some of the bank's App application, with fingerprint identification can also pay bills, tens of thousands of dollars on the transfer and so on.
See publication
Tags: Cybersecurity
Five spring cleaning tips for your Identity and Access Management program
(IN)Secure Magazine by Helpnet Security
March 30, 2017
Spring cleaning is a tradition for millions of families, but most companies lack the same tradition when it comes to the long-term management of their Identity and Access Management (IAM) programs. This is not benign neglect, but rather an underlying fear that the IAM program resembles a shaky tower of cardboard boxes full with random stuff, sitting in the garage.
See publication
Tags: Cybersecurity
Understanding Cybersecurity Breaches at Consulting Firms
IEEE Transmitter
March 29, 2017
Cybersecurity threats are affecting consulting and professional service firms causing substantial losses. Kayne McGladrey (@kaynemcgladrey), an IEEE Member and professional services director, weighed in on how consulting firms can mitigate threats, keep client data safe and learn from current breaches.
See publication
Tags: Cybersecurity
Three Lessons about Cloud Security from 1980s Horror Movies
ISSA Journal
March 10, 2017
This article discusses how businesses can apply three fundamental best practices for adapting current security programs to mitigate insider threats as applications and data migrate to the cloud.
See publication
Tags: Cloud, Cybersecurity
What is the California Consumer Privacy Act of 2018? Influencers in the know break down the details
CIO
December 02, 2019
For some organizations CCPA will require a total overhaul on their privacy policies, while others might only need to make minor changes due to existing GDPR compliance. But as Kayne McGladrey, Chief Information Security Officer at Pensar Development, pointed out, there will certainly be another round of endless privacy disclosure emails.
See publication
Tags: Cybersecurity, Privacy
Thinkers360 Predictions Series – 2020 Predictions for Cybersecurity
Thinkers360
November 23, 2019
Venture capitalists will accelerate feature development via mergers and acquisitions. In recent years, VCs have funded point solution vendors for technologies like SOAR and UEBA. These are features, not stand-alone technologies, and it’s often cheaper for market leaders to buy rather than build new features. CISOs should be aware of this market reality, as buying early-stage cybersecurity from a startup carries the risk of unintentionally having a business relationship with a much larger vendor within two years, and consequently needing to either buy the larger technology solution or rip and replace after the acquisition closes.
See publication
Tags: Cybersecurity
Thinkers360 Predictions Series – 2020 Predictions for Cloud Computing
Thinkers360
November 03, 2019
Cloud computing will continue to grow despite the frequency of breaches due to a lack of administrative controls and unintentional configuration errors. When an administrator had access to an on-premises server, they could only administer that server; a “cloud administrator” can administer all the assets in a given cloud instance, including backing up and exfiltrating entire servers. This is like the unintentional configuration errors that have plagued so many Amazon S3 buckets in 2019, where organizations have stored PII in S3 in a default configuration, and then those data have been accessed by security researchers.
See publication
Tags: Cloud, Cybersecurity
Cyberattacks Make World Economic Forum Top 10 Global Risks For The Next Decade
CSHub
October 29, 2019
Keeping an organization secure is every employee’s job. Instead of the obligatory employee training, Director of Security & IT for Pensar Development Kayne McGladrey recommends continuous engagement with the end-user community. “Provide opportunities and instrumentation to demonstrate policy violations rather than lecture at people.” Examples include leaving a USB data stick in a break room or using phishing tools to falsify emails from known employees that seem suspicious. “This helps educate and creates healthy suspicion,” said McGladrey.
See publication
Tags: Cybersecurity
Thinkers360 Predictions Series – 2020 Predictions for IoT
Thinkers360
October 28, 2019
The Internet of Things is a dumpster fire and upcoming regulatory controls aren’t going to put it out. Putting a sticker on a box with a username and random password and providing an updated privacy policy that consumers ignore isn’t adequate, although it is compliant. Manufacturers need to invest in user behavior analysis, require multi factor authentication, and to force patching of IoT devices. Otherwise, threat actors will continue to violate the privacy of people’s homes and nation states will built botnets as part of battlespace preparations.
See publication
Tags: Cybersecurity, IoT
Users are the target: How employees can be the strongest line of defense
SC Magazine
October 08, 2019
Recognizing that fact, Kayne McGladrey, director of security and information technology at Pensar Development, an engineering consultancy in Seattle, says continuously phishing end users is the best way to help them identify phishing and other potentially malicious content. “This continuous exposure [to phishing] should take a variety of forms, from email-based phishing to direct messages on social media.”
McGladrey says short, actionable, culturally relevant education initiatives on a regular schedule are recommended because “users don’t want to sleep through the mandatory ‘October is cybersecurity month,’ two-hour, PowerPoint presentations.”
Training modules should be short — five minutes or less — and sent out regularly. If possible, they should be tailored to an individual’s role in the organization, so that the finance department is receiving training about business email compromise (BEC) and identity validation procedures rather than the latest zero-day exploits, he says.
See publication
Tags: Cybersecurity
Yahoo porn hacking breach shows need for better security: 5 ways to protect your company
Tech Republic
October 02, 2019
Security expert Kayne McGladrey, who serves as director of security and IT at Pensar Development and is a member of the Institute of Electrical and Electronics Engineers, said companies need to add extra steps to everything.
"The company could choose to add friction, whether it's multi-factor authentication or an email link just to put a little additional scrutiny and raise the bar so it is materially more difficult for threat actors who have obtained someone's credentials to be able to reuse those," he said.
"The benefit of this strategy is that it applies universally. All of the automated attacks these days around credential stuffing and credential spraying do what the Yahoo hacker had done on a much larger scale. They get compromised credentials and test them across a whole bunch of websites using a distributed botnet."
See publication
Tags: Cybersecurity
Cyber Security Digital Summit Explores Who Owns Enterprise Security
Cyber Security Hub
October 02, 2019
A comprehensive information security program is a standard practice for every organization. In addition to securing company and employee data, organizations must also consider the privacy of their clients. For integrated design and manufacturing firm Pensar Development, clients need confidence that their intellectual property (IP) is only accessible to Pensar employees contributing to that specific project. The Seattle-based design firm is known for mechanical integration for medical devices and the enclosure design of gaming consoles among other client solutions.
Cyber Security Hub recently had the chance to speak with Pensar’s Director of Security Kayne McGladrey to learn about his approach to maintaining the confidentiality of both employee and client data.
In addition to his company security role, Kayne is an IEEE member, the professional engineers association often associated with developing technology standards. Members agree to a code of ethics to help people and society understand the social implications of emerging technologies. For his part, McGladrey is a spokesperson for cyber security and the broader technology to both industry and the general public. He is also proud of building a cyber security team at Pensar of entirely military veterans.
See publication
Tags: Cybersecurity
12 Signs Your Computer Has a Virus
Reader's Digest
September 06, 2019
“Viruses are most commonly spread through phishing, which is a technique of sending emails designed to prey on a person’s emotions to make them click a link or open a malicious attachment,” says Kayne McGladrey IEEE member and director of security and IT for Pensar Development. “Besides running up-to-date commercial antivirus software, the easiest way to avoid viruses is to pause before acting on messages. Get a cup of coffee, or at least get up and stretch, before deciding if the email is trying to manipulate your emotions through a sense of authority (someone impersonating your boss or a police officer), a sense of urgency (because of an artificial time constraint), or scarcity (supplies are limited, act now).” These are the same psychological techniques used by con artists since time immemorial, with the only difference being that con artists had to con one person at a time. “With email, social media, and text messages, threat actors can con thousands of people. No antivirus software is perfect, but pausing before acting can stop most of today’s viruses.”
See publication
Tags: Cybersecurity
Lack of cyber investment could spell trouble for smart cities: report
SC Magazine
August 22, 2019
For smart cities, investing in cyber defense means being able to support a cyber workforce capable of supporting their IoT initiatives. “We’ve seen many failures with widespread deployment of IoT devices, whether due to insecure authentication methods, static passwords, or a lack of centralized and automated patch distribution. As city governments look to the future.....
See publication
Tags: Cybersecurity, IoT
Intuitive, Cognitive Technologies Are Changing the Business and Its Workforce
CIO.com
July 17, 2019
The workforce of tomorrow still will be technically savvy, well-versed in machine learning and data science. Advanced machine learning skills will be important, but Kayne McGladrey (@kaynemcgladrey), Director of Security and Information Technology at Pensar Development, recommended that those looking for future employment also consider learning a programming language.
“The intent here is not to master it,” McGladrey explained, “but rather to gain an understanding and appreciation of how things work from the inside out. Employers are also looking for career stability so that they can invest in their people, so don’t hop from company to company on an annual basis.”
See publication
Tags: Business Strategy, Digital Transformation
How hackers used little-known credit-card feature to defraud Lansdale woman, $1.99 at a time
The Philadelphia Inquirer
June 13, 2019
“It’s low effort for them. Once they set up the subscription and unless the subscription is canceled, they don’t have to do any other work and they can resell access to that subscription," he said. "So it’s a guaranteed line of profit for them until somebody goes and notices there’s been a problem.”
Criminals typically resell access to the services on secondary markets, McGladrey said. Criminals may resell a streaming service that’s normally $10 per month for $5, netting the thieves $5 monthly. While a single crime is not that profitable, there have been cases where groups have reaped millions of dollars by charging small amounts to hundreds of thousands of consumers, he said.
See publication
Tags: Cybersecurity, Privacy
Successful Digital Transformation Begins with a Cultural Transformation
CIO.com
June 12, 2019
Kayne McGladrey (@kaynemcgladrey), Director of Security and Information Technology at Pensar Development, observed that IT leaders are recognizing that building and operating on-premises servers is not a competitive advantage.
“As part of the purchasing cycle they’re replacing outdated infrastructure with infrastructure as a service,” he said. “This gradual transition to the cloud lowers risks and makes disaster recovery simpler and more reliable than in past years. This strategy also significantly lowers the threats of a physical site compromise by threat actors.”
See publication
Tags: Culture, Cybersecurity, Digital Transformation
Prepping for the Data Deluge
CIO.com
May 22, 2019
Companies should pay special attention to consistent classification and labeling of data, as it’s one of the biggest hurdles to effective data governance. Setting default labels for new data (for example, dubbing them confidential) can ensure that policies and technical controls are applied consistently across the organization. This also frees up data creators from having to manually label all newly created information. “In that way, a data steward only needs to review data labels when that data is crossing a security barrier such as preparing a file to send to a client or third-party vendor,” notes Kayne McGladrey (@kaynemcgladrey), director of security and information technology at Pensar Development.
See publication
Tags: Cybersecurity, Digital Transformation
22 Red Flags Someone Is Spying on Your Phone
Reader's Digest
May 11, 2019
You receive a text message or an email notification from your mobile carrier about an account change you didn’t make and, thirty minutes later, your cell phone has no signal, even after a reboot. You can’t log into your email. You’re locked out of your bank account.
See publication
Tags: Cybersecurity, Privacy
CrowdStrike tackles BIOS attacks with new Falcon features
TechTarget.com
May 03, 2019
In the past few years, security researchers and advanced persistent threat actors have demonstrated attacks on the BIOS, said Kayne McGladrey, IEEE member and director of security and IT at Seattle-based Pensar Development.
These rare attacks can provide a persistent and hidden bridgehead into an enterprise network, McGladrey said.
See publication
Tags: Cybersecurity
5G and What it Means for Cybersecurity
bisinfotech.com
May 02, 2019
“Consumers should use the ‘guest’ network of their home Wi-Fi routers as a dedicated network for IoT devices, so if one of those devices were compromised, the threat actor can’t easily pivot to more valuable data.” That’s the case for newer devices, he says. “For older, cheap, IP-based security cameras and digital video recorders (DVRs), the easiest way to secure them is to recycle them responsibly as there often are no security updates available.” The ability to update devices over their lifetime is essential to security, and should factor into buying decisions, he says.
See publication
Tags: Cybersecurity, Mobility
Why security-IT alignment still fails
CSO Online
April 16, 2019
An organization that doesn’t understand or appreciate security won’t be able to adequately identify and prioritize risk, nor articulate its tolerance for those risks based on business goals and objectives, says Kayne McGladrey, director of security and IT for Pensar Development and a member of the professional association IEEE (The Institute of Electrical and Electronics Engineers).
“The CIO won’t see the business impact if there’s not a culture of risk mitigation,” McGladrey says. “A culture where security is seen as someone else’s problem will derail any conversation around security, so the biggest thing for CISOs is to make the conversation with CIOs around risk – not around technologies or shiny objects but around risks to the business.”
See publication
Tags: Cybersecurity, Leadership, Risk Management
DHS-led agency works to visualize, share cyber-risk information
Tech Target
April 09, 2019
Sharing information about threats can help boost overall cybersecurity by alerting others to those risks, as well as providing successful ways to counteract them, said Kayne McGladrey, national cybersecurity expert, director of security and information technology for Pensar Development, and member of the Institute of Electrical and Electronics Engineers.
"They could actually see a reduction in those threats that are commodity threats -- threats that are crimes of opportunity [vs. targeted attacks]," he said.
See publication
Tags: Cybersecurity, Govtech, Risk Management
Insider Threats: A Big Fear for Small Businesses
Security Boulevard
March 21, 2019
This goes hand in hand with the increasing number of vendors, solutions and buzzword technologies. There’s a fear that an SMB will buy the solution that solves a problem defined by a venture capitalist and not address a genuine threat to their business.
See publication
Tags: Cybersecurity
7 hot cybersecurity trends (and 4 going cold)
CSO Online
March 13, 2019
While we hope these points have brought into focus some of the evolving challenges in IT security, we also want to point out that certain best practices will continue to underpin how smart security pros approach problems, no matter what the flavor of the month is. "Enterprises are going back to the basics: patching, inventory management, password policies compliant with recent NIST directives," says Kayne McGladrey, IEEE Member and Director of Security and Information Technology at Pensar Development. "Enterprises are recognizing that it’s impossible to defend what can't be seen and that the easiest wins are to keep systems up to date and to protect against credential stuffing attacks."
See publication
Tags: Cybersecurity
6 Strategies for Transitioning to a Digital World
CIO.com
March 12, 2019
“Identify those elements of your business that are core competitive differentiators,” says Kayne McGladrey, Director of Security and Information Technology. “Focus on improving those. If accounting, cybersecurity, legal affairs, or marketing is not core to your organizational identity, then plan to migrate away from your legacy systems and processes in those areas. Organizations can then focus their limited time and resources on improving what they do well, and what customers value most about those organizations.”
See publication
Tags: Cybersecurity
6 Questions to Ask While Buying a Connected Car
Dark Reading
March 06, 2019
"People need to ask the car companies where they stand on security," says Kayne McGladrey, director of security and IT at Pensar Development and an IEEE member, who cites companies such as Apple and Google, which have made strong public statements on these matters.
When asked if the car companies have followed suit, McGladrey says, "Not really."
See publication
Tags: Autonomous Vehicles, Cybersecurity
How AI cybersecurity thwarts attacks -- and how hackers fight back
Tech Target
February 19, 2019
"If the end user logs on from Seattle, where their mobile phone and laptop is, a connection from New York would be unusual," McGladrey explained. "It is also possible to note the typing style and speed of a user and use that biometric signature to determine if the user is legitimate. These data [points] make it more difficult for a threat actor to operate silently in the environment."
See publication
Tags: AI, Cybersecurity
6 Tips for Conducting a Digital Literacy Assessment
CMS Wire
January 29, 2019
An assessment of digital literacy isn’t a one-time event in an organization, according to McGladrey. “This is a continuous cycle for businesses to assess how employees use the tools provided, how they process information, how they’re creating content, and their critical thinking skills,” McGladrey said. And don't make this a class that's going to drag people down and eat most of their day, he added. “This continuous assessment process should be buttressed by brief just-in-time learning opportunities. No one wants to sit down for a four-hour digital literacy class for things they do know if they can instead get a five-minute tutorial on a new topic or technique they can apply to their current work.”
See publication
Tags: Digital Transformation, Future of Work
Navigating the Rocky Road of Data-Driven Insights
CIO
January 08, 2019
It’s no longer enough to have a Security Information and Even Management (SIEM) system or layer in commercial threat data, deploy a deception system, or prioritize assets--there’s simply no one-size-fits-all security solution. “This is still more art than science,” says Kayne McGladrey (@kaynemcgladrey), a director of security and information technology. “An effective solution needs to incorporate elements of all of those products or solutions to create meaningful and actionable intelligence.”
See publication
Tags: Cybersecurity
Beware the holiday ‘smart toys’ that spy on your kids
The Philadelphia Inquirer
December 04, 2018
Smart toys seemingly come to life utilizing “Internet of Things” [IoT] technology that has wirelessly connected coffeemakers, thermostats, and yes, toilets. But smart toys have proven to be particularly vulnerable to cyber attacks. Manufacturers try to keep toy prices low and lack an incentive to add reasonable security mechanisms, said Kayne McGladrey, member of the Institute of Electrical and Electronics Engineers, the world’s largest technical professional organization
See publication
Tags: Cybersecurity, IoT
How to Make Data More Accessible at All Levels With Access Controls and Strong Governance
CIO
December 03, 2018
What’s needed is “an effective provisioning and de-provisioning system that defines rules for what users can do with data and provides quick auditing of who granted access to the data. There needs to be training around the approval process for granting and revoking access to data; otherwise, organizations risk compliance fatigue and start rubber-stamping all the access requests.”
See publication
Tags: Cybersecurity, Risk Management
Member Spotlight: Kayne McGladrey, Director Of Security And IT, Pensar Development
CSHub
November 05, 2018
Kayne McGladrey is a national cyber security expert helping clients develop proactive risk-based security programs. He's the Director of Security and IT for Pensar Development and has 20+ years of experience, including 10 years in blending information technology and management acumen to cultivate and build best practices within the Professional Services team. He’s a frequent contributor to Cyber Security Hub with valued content you can access here. He took a few minutes out of his busy day to answer 5 questions for Cyber Security Hub's “Member Spotlight” series.
See publication
Tags: Cybersecurity, Leadership
Q&A: Security Thought Leaders Discuss Certs, SMEs & Hiring Process
CSHub
October 19, 2018
One way to combat that involves grassroots efforts to boost the ranks. But do security teams search for qualified, seasoned experts, and do they look for specialization or the proverbial “generalist” who can cover many corners of the cyber space? It is an ongoing debate in the industry, and today, we’ve brought together two security thought leaders to provide their take. We sat down with Kayne McGladrey, Co-Founder and Spokesperson, Include Security, and Rebecca Wynn, Head of Information Security and Data Protection Officer (DPO), Senior Director, Matrix Medical Network.
See publication
Tags: Cybersecurity
The IT exec's reading list
HP Enterprise
October 16, 2018
For creative direction on hiring, Kayne McGladrey, co-founder of Include Cybersecurity, turned to "Who," by Geoff Smart and Randy Street. “This is a book I consistently recommend to all managers and directors who are responsible for hiring personnel, in that it defines a consistent and repeatable technique for identifying and hiring high-performing candidates,” McGladrey says. “When I started as a manager, I followed a lot of the pseudo-science that I’d seen from prior managers and found it wasn’t reliable advice.”
See publication
Tags: Leadership, Management
The Future Workspace: Secure and Collaborative
CIO
October 03, 2018
“The most essential technology for tomorrow’s workspace is a reliable and agreed-upon primary communications technology, with a backup,” says Kayne McGladrey (@kaynemcgladrey), director of Security and IT at Pensar Development. “As organizations recognize the benefits of remote work for employees and contractors, they still need to reach people quickly.”
See publication
Tags: Cybersecurity, Future of Work
How is Hybrid Cloud helping to accelerate innovation? Let’s count the ways.
CIO
September 19, 2018
"Hybrid cloud solutions can help organizations deploy cybersecurity solutions faster, without deploying additional infrastructure or spending staff hours on software and platform updates,” said Kayne McGladrey (@kaynemcgladrey), director of security and IT at Pensar Development. “This will help organizations to deploy innovative solutions rapidly such as deception technologies, which can reduce the ‘dwell time’ associated with breaches.”
See publication
Tags: Cloud, Cybersecurity
Certifications A Part Of ‘Vicious Circle’ In Cyber Security Space?
CS Hub
September 06, 2018
“This (factors into) the broader economic outlook,” McGladrey told the Cyber Security Hub. “If the economy is thriving and people are considering asking for a raise, they may pursue a new certification. If they do not receive the raise, they may mentally justify the time spent by putting the certification on their resume and searching for new openings.”
See publication
Tags: Cybersecurity
AI in cybersecurity: what works and what doesn't
CSO
August 15, 2018
Kayne McGladrey, IEEE member, gave this advice: "Evaluate an AI-based security solution by standing up in a lab, alongside a replica of your environment. Then contract a reputable external red team to repeatedly attempt to breach the environment."
See publication
Tags: AI, Cybersecurity
IoT, Cloud, or Mobile: All Ripe for Exploit and Need Security’s Attention
CSO
April 17, 2018
“IoT security remains one of the most challenging security vulnerabilities to businesses and consumers,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners. “The Mirai and Reaper botnets are results of threat actors leveraging poor security controls on IoT devices, building attack infrastructure out of those devices, and using that stolen infrastructure to attack organizations. Organizations purchasing IoT/IIoT devices should treat them the same as any other endpoint device connecting to the corporate network.”
See publication
Tags: Cybersecurity, IoT
Cybersecurity experts talk about the digital world
AT&T
April 16, 2018
“Administrative passwords — they're sort of interesting," McGladrey says. "If you can get an application’s password, that's what got us to the Panama Papers a few years ago, where the third-party attacker was able to compromise the WordPress password, which, because of poor password storage technologies, happened to be the same as their database password.
"All of a sudden we got — three terabytes or something like that; it was something absurd — of ex-filtrated client data. The prime minister of Iceland got in a little bit of trouble about that, as well as people like Jackie Chan, all because the organization didn't have a good mentality around rotating the passwords that were associated with apps. That problem transitions. It's not a technology problem. It's a cultural problem. And it transitions, regardless of environment.”
See publication
Tags: AI, Cybersecurity
USA Today: Cool cyber jobs
USA Today
April 13, 2018
Cybersecurity is a game of cat and mouse. As a threat hunter, you're the cat. "This role is close to that of a field biologist, as the threat hunter observes their prey - third party attackers - in the wild," says Kayne McGladrey, director of information security services at Integral Partners, a cybersecurity firm whose specialty is identity and access management, and a member of the Institute of Electrical and Electronics Engineers. "Threat hunters set traps and snares that appeal to (cybercriminals) and lead to fake computers where the threat hunter can monitor an attacker's behavior before shutting down the breach."
See publication
Tags: AI, Cybersecurity
Health IT Infrastructure Necessities for AI Cybersecurity
CIO Review
April 10, 2018
According to IEEE Member and Integral Partners Director of Information Security Services, Kayne McGladrey, healthcare sectors embody “Lean IT” as they are not in the cybersecurity line of business.
See publication
Tags: AI, Cybersecurity
The future of enterprise IoT
Network World
April 09, 2018
On a more explicitly enterprise level, “IoT technologies that have a rapid return on investment (ROI) are the most likely to take off first, and that means “reducing costs through automation,” said Kayne McGladrey, IEEE Member.
See publication
Tags: AI, Cybersecurity
Health IT Infrastructure Requirements for AI Cybersecurity
HIT Infrastructure
March 18, 2018
“There are too few defenders to collect, process, and analyze the overwhelming amount of available data to produce threat intelligence,” McGladrey told HITInfrastruture.com. “The promise of machine learning is to allow computers to do what they do well, in automating the collection and processing of indicators of compromise, and analyzing those data against both known and emerging threats.”
See publication
Tags: AI, Cybersecurity, Healthtech
What Are the Implications of Meltdown and Spectre for IoT?
DZone
January 16, 2018
"Patching is a reactive strategy, and there are a couple of challenges that have led us to the current situation. One of those challenges is that the market has rewarded companies that develop and produce products rapidly, and the market has shown a willingness to accept post-release patching as an acceptable trade-off. As a result, developers and architects are rewarded by their employers for producing code and architecture very quickly with less thought given to cybersecurity.
"The other significant challenge is that the cybersecurity community is generally homogenous. We have a diversity problem when just 11% of women work in cybersecurity. This lack of diversity in backgrounds and life experiences has influenced the analytic methodologies that are used to evaluate potential security issues with products. This lack of diversity of thought has led to the unfortunate set of expectations that breaches are inevitable, and this situation will continue until the cybersecurity industry does a better job of including diverse voices and opinions in the global conversation about security."
See publication
Tags: Cybersecurity, IoT
How to Adopt a Human-Centric Approach to Security
CSO
January 10, 2018
“Organizations should focus on defining a least-privilege security model for each permanent or temporary role a user may inhabit, and then apply those roles to every device, server, and service that an individual may interact with over the course of each day,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners.
“Organizations need to move past the quaint but antiquated concept of a network perimeter and recognize that the only measurable unit of security is the individual. Individuals include employees, project team members, contractors, third-party service providers, customers, prospects, and guests at a minimum. “
See publication
Tags: Cybersecurity
3 Tips to Reduce Cybersecurity Gaps
CS Hub
November 03, 2017
“Organizations should focus first on protecting heartbeat user identities with strong identity governance, multifactor authentication and privileged command escalation roles,” says Kayne McGladrey (@kaynemcgladrey), director of information security services at Integral Partners.“Nonheartbeat users, such as service accounts and shared accounts, require protection levels that include vaulting and automatic password rotation, on a defined schedule.”
See publication
Tags: Cybersecurity
Are You Doing All You Can to Protect Your Confidential Documents?
CSO Online
September 30, 2017
Kayne McGladrey (@kaynemcgladrey), director of information security services at Integral Partners, notes that, for several years, we’ve been hearing predictions about millions of Internet of Things (IoT) devices with poor security joining networks and providing an easy attack vector for third parties.
“Printers are a culturally trusted technology because they’re perceived as not being new,” he says. “However, this doesn’t mean that modern organizations should not consider printers separately from a comprehensive strategy for the IoT.”
See publication
Tags: Cybersecurity, IoT
For travelers, chatbots and AI can't quite take you there
USA Today
August 27, 2017
"It can replace some of the simpler tasks," explains Kayne McGladrey, a computer security consultant in Bellingham, Wash. AI can help plan trips, recommend the least agonizing flight itineraries and handle some of the easier tasks handled by a hotel concierge, like recommending restaurants.
See publication
Tags: AI
The Scary Reason Companies Like Verizon Keep Blowing Your Digital Privacy
Fast Company
July 17, 2017
Even software developers often lack formal security training, says Kayne McGladrey, director of information security services at Boulder, Colorado security consulting firm Integral Partners. And even those who do can face pressure to roll code out quickly from employers impatient to see new features and fixes in production, he says.
See publication
Tags: Cybersecurity, Privacy
Cyber Security Hub Advisory Board
ISSA Article of the Year 2017
Deter, Deny, and Defend Against the Three Most Common Cyber Attacks
Cybersecurity Career Accelerator EXPO
Include Cybersecurity Event 2018
Cybersecurity workshop and job opportunities for veterans
#IDGTechtalk : A 2019 Recap and 2020 Predictions
Panel Discussion: Who is responsible for Cyber Security in the enterprise?
TagNW Closing Panel and Comments
Diversity of Mindset: Why It’s Not Just About Gender, Race, or Age
Future of the Security Operations Center
Cyber security for Bellingham families and neighborhoods
IoT & Ethical Obligations of Engineers
Market Report: Cutting-Edge Defense Tactics For Network Endpoints
