Unlock access to Thinkers360 AI to fast-track your search for analysts and influencers.
This feature is available for Enterprise Lite and Enterprise Members Only.
You have been temporarily restricted. Please be more thoughtful when adding content for your portfolio. Your portfolio and digital media kit and should be reflective of the professional image you wish to convey. Accounts may be temporarily restricted if we receive reports of spamming or if the system detects excessive entries.
Membership
Publish your original ideas on the Thinkers360 platform!
This feature is available for Pro and Pro-Plus Members Only.
Speaker Bureau functionality whereby individuals can be featured speakers within our Speaker Bureau service and enterprises can find and work with speakers.
This feature is available for Pro, Pro-Plus, Premium and Enterprise Members Only.
Highlight your featured products and services within our company directory for enhanced visibility to active B2B buyers worldwide. This feature is available for Pro, Pro Plus, Premium and Enterprise Members Only.
Publish on the Web’s #1 Thought Leadership Blog. Join the elite. Ranked the top thought leadership blog by Feedspot (2021–2025), Thinkers360 offers you more than just a platform - it offers authority. Share your insights with our community and tap into a combined network of over 100M followers through our peer-to-peer marketplace.
You’ve reached your daily limit for entering quotes. Please only add personally-authored content which is reflective of your digital media kit and thought leadership portfolio.
Thinkers360 Content Library
For full access to the Thinkers360 content library, please join our Content Plan or become a contributor by posting your own personally-authored content into the system via Add Publication or Import Publication.
Dashboard
Unlock your personalized dashboard including metrics for your member blogs and press releases as well as all the features and benefits of our member plans!
Interested in getting your own thought leader profile? Get Started Today.
Kayne McGladrey
AI Governance, Cybersecurity & Risk Management at Independent Consultant
Bellingham, United States
I'm a cybersecurity thought leader with years of experience helping Fortune 500 and Global 1000 organizations turn complex cybersecurity risk into clear business value.
Over the past decade I have:
* Authored the industry-standard GRC Maturity Model, driving thought leadership for Hyperproof's platform and influencing product roadmaps.
* Hosted private, invite-only CISO roundtables and a bi-monthly compliance podcast, reaching executives worldwide.
* Worked as an industry influencer and delivered 150+ media appearances, 75+ podcast interviews, and 30+ keynote speeches at events such as RSA, Gartner IT Security & Risk, and ISACA GRC.
* Advised CISOs and compliance officers on cybersecurity strategy and regulatory compliance (such as the EU AI Act, SEC, DORA, NIST 800-171, SOC 2, and more)
* Guided 20+ breach investigations and regulatory responses, protecting clients from $100M+ in potential losses.
* Generated $10M+ in consulting revenue and unlocked multi-million dollar strategic reallocations for enterprise security programs.
I'm now leveraging my expertise as an executive advisor, speaker, and author, helping organizations accelerate their GRC initiatives, strengthen incident-response capabilities, and communicate risk effectively to boards and stakeholders.
If you're looking for a strategist who can translate technical risk into actionable business outcomes - or simply want to discuss new regulations, cybersecurity solutions, or consulting opportunities - let's connect.
Available For: Advising, Consulting, Influencing, Speaking Travels From: Bellingham, WA
· Working to increase the diversity of perspectives on enterprise cyber security challenges and opportunities.
· Dynamically responding to and anticipating the needs of the cyber security marketplace through unique and timely content.
· Serving as an “early explainer” to articulate “why” the subject matter is important to current practitioners and the next generation of cyber professionals.
An Analysis of Section 1C Disclosures in Q1 of 2024
Hyperproof
June 14, 2024
Late in 2023, the Securities and Exchange Commission (SEC) in the United States published Regulation S-K Item 106, which requires public companies to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats. Historically, companies were not required to disclose these processes to investors or market regulators, and there were no established guidelines for what a “good” disclosure would look like. Hyperproof reviewed disclosures from nearly 3,000 companies across over three hundred industries and have identified trends for what goes into a robust, meaningful disclosure.
Hyperproof's 5th Annual IT Risk and Compliance Benchmark Report Reveals a Pressing Need for Unified GRC Solutions
Hyperproof
February 22, 2024
"Each year, our benchmark report provides invaluable insights into the evolving priorities and challenges facing IT and GRC professionals," said Kayne McGladrey, Field CISO at Hyperproof. "This year's findings underscore the growing need for organizations to streamline their GRC processes and adopt integrated solutions to effectively navigate the complex risk and compliance landscape."
Survey Findings Show Link Between Data Silos and Security Vulnerabilities
Dark Reading
April 13, 2023
A recent survey showed a surprising correlation between those who operate their businesses with risk and compliance data in silos and those who experienced data breaches in the last 24 months.
Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement
CSHub
March 29, 2021
Read this report on:
- Identifying accountability for cloud security across the enterprise
- Conceiving of a cloud security strategy to ensure that the business consults and informs the cyber security operation
- Gaining true visibility of the entire organization from on-prem to the cloud
- Adopting common language along with a newly assumed forward posture to find the edge of business innovation and enable it
How AI Agents Impact SOC 2 Trust Services Criteria
Teleport
February 25, 2026
Integrating AI into production environments expands the scope of SOC 2 to cover models, training data, and automated decision-making systems. This shift affects every Trust Services Criterion. It also expands “evidentiary requirements,” requiring auditable records for production execution in addition to the AI decisions and automation workflows that triggered those executions.
Tags: AI Governance, Cybersecurity, Risk Management
End of year retrospective on AI failures
LinkedIn
December 19, 2025
ISACA's out with an end-of-year piece about AI incidents (link below). 2025's autonomous-vehicle crashes, deep-fake scams, and biased facial-recognition alerts all shared a common root cause: insufficient governance. Risks multiply when controls are weak and financial incentives to 'move fast and break things' are strong, as we saw in the AI boom this year.
Without clear policies, organizations expose themselves to legal exposure, reputational damage, and financial loss. Recent court rulings show that companies can be held liable for inaccurate chatbot advice or for failing to protect personal data. Proactive governance reduces these risks and builds customer confidence.
An AI governance council that includes legal, risk, engineering, and sustainability functions can help define those policies, monitor incidents, and drive continuous improvement. Quarterly measurement of outcomes keeps controls effective and reveals gaps that need correction. Aligning procurement with environmental criteria adds another layer of responsibility, ensuring that data-center locations and energy sources meet sustainability goals.
Future AI deployments should incorporate continuous testing, transparent model documentation, and defined escalation paths. Building these practices in early prevents costly retrofits and supports sustainable growth.
Key actions for leaders:
- Deploy brand-monitoring tools and create rapid-response playbooks for deep-fake content
- Treat code-generating models as privileged engineering accounts, applying strict rate limits and comprehensive logging
- Build safety-by-design into consumer chatbots, including automatic escalation to human assistance
The full article expands on each lesson and provides a practical blueprint for 2026.
Tags: AI Governance, Cybersecurity, Risk Management
FCA enforcement action shows DOJ still checking FedRAMP claims
LinkedIn
December 18, 2025
An FCA enforcement action right before the end of 2025 shows the serious risks of falsifying federal cybersecurity certifications. Danielle Hillmer, a former senior manager at Accenture Federal Services, faces an indictment that includes two counts of wire fraud, two counts of obstruction of federal audits, and a charge of major government fraud. The alleged scheme ran from March 2020 through November 2021 and involved false claims that a cloud platform met FedRAMP High and DoD Impact Levels 4 and 5. Internal warnings about missing access controls, logging, and multifactor authentication were ignored, and auditors were instructed to conceal deficiencies. Not a great look.
Key points for contractors:
- Misrepresenting FedRAMP or DoD RMF compliance can trigger criminal liability, even without a data breach
- Senior leaders may be held personally responsible for knowingly submitting inaccurate security documentation
- Accenture disclosed the concerns internally, reported them to the government, and is cooperating with investigators
The case underscores the need for immutable audit trails, transparent reporting, and protection for employees who raise compliance issues. Agencies are expected to tighten due-diligence requirements and demand direct evidence of high-level authorizations.
Implementing continuous monitoring and regular third-party reviews can further safeguard against similar violations.
Tags: Cybersecurity, Legal and IP, Risk Management
Preparing for 2026 disclosure season
LinkedIn
December 17, 2025
How the tone at the SEC has changed. In 2024, the SEC maintained a harsh tone, pursuing more cyber incident cases and targeting firms that overstated their use of AI. We saw enforcement actions by SEC against Unisys, Avaya, Mimecast, Check Point, and SolarWinds, showing that vague language about cyber threats did not satisfy regulators. At the same time, two investment advisers settled for claiming they were the first regulated AI advisors, showing that AI washing can trigger material misstatement allegations.
By contrast, published guidance (link below) for 2026 focuses on proactive governance and precise disclosure, rather than punitive reactions.
Here's how to get ready for the 2026 disclosure season:
- Establish a board charter that assigns AI oversight and lists director expertise.
- Require human sign-off for every AI-generated statement before it reaches investors.
- Disclose cyber risk using a recognized framework such as NIST CSF and quantify any material impact.
- Provide regular training for directors on emerging AI risks and cybersecurity trends.
- Keep a log of all AI prompts and data sources used in public disclosures.
These actions help to address the SEC's expectation for clear, quantified risk factors in MD&A. They also reduce the chance of comment letters by showing that companies have documented controls. Companies that incorporate these practices will appear transparent and prepared for future regulator scrutiny.
Read the full set of recommendations https://www.skadden.com/-/media/files/publications/2025/12/matters-to-consider-for-the-2026-annual-meeting-and-reporting-season/matters_to_consider_for_the_2025_annual_meeting_and_reporting_season_121025.pdf?rev=5e2e722f6ff74d5a8be04b410a085b51&hash=46BC8D35B6B7A8927CCCD0C00E4B0B24
Tags: AI Governance, Cybersecurity, Risk Management
CCPA enforcement continues, even in Nevada
LinkedIn
December 16, 2025
The California Privacy Protection Agency's been busy. On December 3, 2025, the CPPA issued a $56,600 penalty to ROR Partners LLC, a Nevada-based marketing firm. Maybe ROR didn't get the note about the California Consumer Privacy Act's geographic reachgeographic reach. Companies outside of California are still expected to follow state privacy rules whenever they process data belonging to California residents.
The agency found that the company acted as a data broker without completing the mandatory registration required by the Delete Act, a component of the CCPA. ROR Partners compiled profiles on more than 262 million Americans, combining demographic, socioeconomic, and behavioral information. The CPPA emphasized that selling personal data, even when bundled with broader marketing services, counts as a sale and triggers broker obligations.
California consumers will be able to use the upcoming DROP platform in 2026 to create a single deletion request to reach every registered broker.
Businesses that create inferred consumer profiles should review their data handling practices promptly. Updating privacy notices, documenting data flows, and integrating deletion request workflows will reduce regulatory risk. The case shows how California's privacy framework continues to shape national data privacy standards.
Companies should also consider appointing a dedicated privacy officer to oversee compliance registrations and audit readiness. Training staff on data minimization practices can further lower exposure.
For a deeper look at the CPPA decision and its broader impact:
Announcement ️ https://cppa.ca.gov/announcements/2025/20251203.html
Order ️ https://cppa.ca.gov/pdf/ror_partners_ood.pdf
D&O trend analysis for 2026
LinkedIn
December 15, 2025
While I was out last week, I saw a great article summarizing the trends of Directors and Officers (D&O) insurance, liability, and coverage. It's a worthwhile read, particularly for new or aspiring CISOs, in order to understand what they're really getting into.
CISOs, as well as other directors and officers, continue to face liability from artificial intelligence misrepresentations and cyber incidents. Recent settlements, such as the $65 million Snap settlement, which is currently pending final approval, show AI-washing claims can trigger securities litigation. Since 2020, more than fifty AI-related class actions have been filed, with twelve occurring in the first half of 2025 alone. Regulators are continuing to scrutinize AI disclosures, and congressional proposals to pre-empt state AI laws are a bit of a mess at the moment.
Cybersecurity remains a primary driver of D&O claims. Ransomware attacks, service outages, and data breaches generate both first-party losses and third-party liabilities. Insurers have responded by offering standalone cyber policies or endorsements attached to D&O programs.
Key trends in policy language include:
- AI and cyber exclusions, often paired with sub-limits or dedicated coverages
- Courts evaluating whether a claim "arises out of" AI or cyber activity to determine applicable coverage
- Insurers applying AI for underwriting, loss modeling, and claim triage
Practical steps for boards involve strengthening AI governance, maintaining accurate public disclosures, reviewing existing D&O contracts for exclusions, and working with insurance brokers early to discuss hybrid solutions. The outlook for 2026 is an a continued increase in AI and cyber D&O claims.
Read the full article for a deeper analysis of these trends.
NDAA AI Moratorium: 10-Year Ban on State Laws
LinkedIn
December 01, 2025
A proposal to include a 10 year moratorium on state AI laws in the NDAA aims to ease compliance for tech firms while raising consumer-protection concerns.
Tags: AI Governance, Cybersecurity, Risk Management
FCC Reverses Cybersecurity Rules Post Salt Typhoon
LinkedIn
November 24, 2025
Explore the FCC's reversal of cybersecurity rules after the Salt Typhoon breach and its impact on telecom security, consumer safety, and future policy.
Tags: AI Governance, Cybersecurity, Risk Management
California SB 243 May Face Legal Challenges
LinkedIn
November 18, 2025
Discover compliance steps, risk insights, and best practices for AI companion chatbots under California SB 243, helping firms stay ahead of legal challenges.
Tags: AI Governance, Cybersecurity, Risk Management
FERC Audit on Critical Infrastructure Cybersecurity
LinkedIn
November 17, 2025
Learn key FERC findings on DERs, third-party oversight, and cloud compliance, plus actionable steps to strengthen critical infrastructure cybersecurity.
ISO 27701:2025 - The Standalone Privacy Standard
LinkedIn
November 12, 2025
Discover how ISO 27701:2025 simplifies privacy management, adds AI and cross-border data controls, and boosts trust without needing an ISO 27001 certification.
Court Finds Data Breach Standing Must Show Concrete Harm
LinkedIn
November 10, 2025
Learn why Florida courts require proof of actual harm for data breach class actions, highlighting the need for concrete injury evidence to survive dismissal.
Tags: Cybersecurity, Legal and IP, Risk Management
Mt. Baker Imaging Data Breach Delayed Notification
LinkedIn
November 07, 2025
Learn how Mt. Baker Imaging's ten-month breach notice failed Washington patients, allegedly violating HIPAA and state law, and how firms can prevent similar lapses.
Tags: AI Governance, Cybersecurity, Risk Management
ISS2025: AI-Powered Threats and Security
LinkedIn
November 03, 2025
Discover how AI observability, identity security, and governance talks from ISS2025 cut breach risk and streamline DevSecOps for better cyber defenses.
Tags: AI Governance, Cybersecurity, Risk Management
ISC2 Congress 2025: AI-Driven GRC Insights
LinkedIn
October 29, 2025
Discover how AI automation, risk quantification, and extended supply-chain security reshape GRC at ISC2 Congress 2025, delivering faster, data-rich compliance.
Tags: AI Governance, Cybersecurity, Risk Management
Weekly news context for March 13th, 2026
Linkedln
March 13, 2026
As a result, this memorandum rescinds the Federal CIO’s December 8, 2011 memorandum, and replaces it with an updated vision, scope, and governance structure for FedRAMP that is responsive to developments in Federal cybersecurity and substantial changes to the commercial cloud marketplace that have occurred since the program was established.
Tags: AI Governance, Cybersecurity, Risk Management
Weekly news context for February 20th, 2026
Linkedln
February 20, 2026
The Agency modified subsection (a)(6) to add language regarding the types of safeguards that must be identified and documented and clarify that the list of safeguards provided in this subsection is nonexhaustive. It also deleted the requirement regarding identification of how the safeguards address the negative impacts identified, and the requirement to identify certain evaluations and policies, procedures, and training when using ADMT.
AI Rules, Legal Fines and CA Privacy Updates
LinkedIn
February 20, 2026
California just put AI-based decision tools under the microscope, demanding documented safeguards for any algorithm that replaces human judgment. Meanwhile, a courtroom fiasco where ChatGPT generated bogus citations landed a lawyer with a default judgment and steep fines, proving that compliance missteps cost real money.
Tags: AI Governance, Cybersecurity, Risk Management
AI lawsuits: Amazon, Meta, and legal guide
LinkedIn
February 13, 2026
Amazon sues Perplexity for password-protected store breaches; Meta faces wiretap and privacy claims over WhatsApp; Illinois releases AI use guide for attorneys.
Tags: AI Governance, Cybersecurity, Risk Management
AI Hiring Lawsuit, Spreadsheet Risks, AI Growth
LinkedIn
February 06, 2026
Eightfold sued for undisclosed AI hiring data; 27% of firms share spreadsheets via open links; 25% of CEOs say AI is transformative, raising productivity 11.5%.
Tags: AI Governance, Cybersecurity, Risk Management
AI Risks, Colorado Law Pause, Governance Gaps
LinkedIn
January 30, 2026
Companies prep AI risk disclosures for SEC, Colorado pauses pioneering AI law to fine-tune rules, and experts warn governance gaps threaten public trust.
Tags: AI Governance, Cybersecurity, Risk Management
AI Governance Risks and Legal Updates This Week
LinkedIn
January 23, 2026
This week's briefing covers AI model retirement risks for finance, a Kentucky lawsuit over Character.AI safety, and a contract covenant ruling impacting vendors.
Tags: AI Governance, Cybersecurity, Risk Management
Weekly news context for January 16th, 2026
LinkedIn
January 16, 2026
The Federal Trade Commission has reversed its stance on the Rytr case, emphasizing enforcement against actual misconduct rather than preemptive bans. This change protects innovative tools while targeting deliberate fraud. A new Gallup poll shows that 80 percent of Americans prioritize AI safety over speed, and more than half expect the government to create regulatory frameworks. These findings suggest that public trust will influence future adoption rates.
Meanwhile, Moody’s warning highlights that AI-driven attacks now operate at machine speed. Phishing campaigns leverage deep-fake personalization, and techniques such as model poisoning are expected to rise throughout 2026. Organizations that rely solely on manual defenses risk falling behind. Effective protection requires a blend of governance, continuous monitoring, and skilled human expertise alongside advanced tools.
Tags: AI Governance, Cybersecurity, Risk Management
Weekly news context for December 5th, 2025
Linkedln
December 05, 2025
A decade-long ban on state AI laws is not a new concept in recent U.S. politics. Prior federal preemption attempts include the 2025 Senate-budget reconciliation moratorium vote (99-1), the inclusion and later removal of the proposal in the "Big Beautiful Bill," and subsequent House NDAA discussions.
Tags: AI Governance, Cybersecurity, Risk Management
Weekly news context for October 3rd, 2025
LinkedIn
October 03, 2025
Recent regulatory moves highlight growing pressure on AI and cybersecurity.
* California's Transparency in Frontier AI Act forces large AI firms to disclose safety frameworks and model specs.
* Georgia Tech's $875K DOJ settlement shows missing NIST 800-171 controls can trigger False Claims Act liability.
* The Ascension ransomware case treats health data security as a fiduciary duty like clinical care.
Contractors must treat compliance as mandatory to avoid treble damages and loss of DoD work. MFA, strong passwords, network segmentation and immutable backups align with NIST and HIPAA standards.
Tags: AI Governance, Cybersecurity, Risk Management
Cyber News: CCPA Updates & NY Hospital Rules
LinkedIn
September 26, 2025
This week:
* The California Office of Administrative Law approved sweeping CCPA amendments. Firms must keep audit records for 24 months in immutable, searchable systems. Non‑compliance can trigger fines of $2,500 to $7,500 and possible injunctions.
* New York hospitals face a mandatory cyber risk program beginning Oct 2, 2025. Requirements include a dedicated CISO, MFA, encryption, IAM and annual penetration testing. Breaches must be reported within 72 hours or risk penalties and license loss.
* And AI‑generated prompts and logs are now discoverable evidence, so organizations should lock down privileged data before a legal hold.
Tags: AI Governance, Cybersecurity, Risk Management
News: Consumer Data Protection & AI Incident Response
LinkedIn
September 19, 2025
This week's news:
* New state regulators are turning the Global Privacy Control signal into law, forcing retailers to honor opt‑out requests. The GPC header, if ignored, can lead to multi‑million‑dollar penalties, as shown by the recent Sephora settlement.
* AI‑driven services bring fresh incident‑response challenges. Probabilistic outputs mean identical inputs may yield different results, complicating root‑cause analysis. Threat actors can poison training data or launch prompt‑injection attacks, raising privacy and liability risks.
* Compliance programs often become static checklists that satisfy auditors but fail during crises. Compliance teams that treat the function as a strategic asset, link incentives to risk reduction, and integrate AI governance can turn regulation into a competitive advantage.
Tags: AI Governance, Cybersecurity, Risk Management
Weekly news context for September 19th, 2025
Linkedln
September 19, 2025
Why it matters: State regulators in California, Colorado and Connecticut now require the Global Privacy Control signal, turning opt‑out into law. A recent study found thirty percent of major retailers ignore GPC, often because servers miss the Sec‑GPC header or consent platforms aren’t re‑configured.
Weekly Cyber News: SBOM, CMMC & AI Updates
LinkedIn
September 05, 2025
Weekly cybersecurity news: International SBOM standards, DFARS CMMC rule cleared, Colorado AI law delayed. Important compliance updates for security teams.
Tags: AI Governance, Cybersecurity, Risk Management
What the Butler Snow AI Sanctions Mean for Law Firm Governance
Linkedln
August 08, 2025
Judge Anna M. Manasco sanctioned three Butler Snow attorneys for filing fabricated ChatGPT citations, marking a shift from individual mistakes to institutional accountability failures.
Companies with mature GRC programs have an advantage over their competitors. However, something has been missing in the GRC world: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. That’s where the GRC Maturity Model comes in.
Hyperproof’s GRC Maturity model is a practical roadmap for organizations to improve their GRC maturity business processes to enter new markets and successfully navigate our rapidly changing regulatory and legal space. By providing a vendor-agnostic roadmap for how companies can improve key business operations, we can help even the playing field for everyone in GRC.
This extensive, peer-reviewed model written by Kayne McGladrey includes:
An overview and definition of Governance, Risk, and Compliance (GRC)
A summary of the four maturity levels defined in the model: Traditional, Initial, Advanced, and Optimal
An overview of the most common business practices associated with governance, risk, and compliance
A simplified maturity chart listing the attributes associated with each maturity level
A list of observable behaviors or characteristics associated with the maturity level to help you assess where your organization falls
A set of high-level recommendations for how to move from a lower level to a higher level
What’s new in cybersecurity for physical security systems?
Source Security
June 01, 2023
The article explores the growing cyber resilience in the physical security industry, highlighting increased customer demands for compliance testing, the burgeoning use of cyber-safe cloud services, and the global adoption of the zero trust framework. It underscores the role of robust cybersecurity controls and the impact of IoT technologies in transforming physical security systems' connectivity and security posture.
Expert Panel Roundtable: What's new in cybersecurity for physical security systems?
Security Informed
June 01, 2023
Discover how manufacturers in the physical security industry are embracing enhanced cybersecurity measures and implementing them at scale. From streamlining maintenance and updates to integrating cloud solutions, these efforts aim to protect against evolving threats and human error. The article highlights the importance of compliance, secure communication, and training employees on best practices. Explore insights on zero trust principles, secure APIs, and evolving certifications, all contributing to the continuous improvement of cybersecurity in physical security systems.
Cyber Threat Prevention for PSOs: Credential Stuffing (Part 1 of 8)
PSVillage
May 17, 2017
Credential Stuffing, unfortunately, is not a new attack rather an existing attack that the bad guys have found a way to operate at economies of scale. Credential stuffing is a type of automated...
Cyber Threat Prevention for PSOs: Provisioning and De-provisioning (Part 2 of 8)
PSVillage
May 17, 2017
In this second episode of our 8 part series, Kayne McGladrey will be discussing Provisioning and De-Provisioning. In general, provisioning means "providing" or making a resource available. De-...
Cyber Threat Prevention for PSOs: Identity and Access Management (Part 3 of 8)
PSVillage
May 17, 2017
In this third episode of our 8 part series, Kayne McGladrey will walk you through three primary Identity and Access Management (IAM) systems available for your end users to have access to your...
Cyber Threat Prevention for PSOs: Privileged Access Management (Part 4 of 8)
PSVillage
May 17, 2017
In this fourth episode of our 8 part series, Kayne McGladrey will cover Identity Access Management system and a specific resource when it comes to where your client files are stored, or your...
Cyber Threat Prevention for PSOs: User and Entity Behavior Analysis (Part 5 of 8)
PSVillage
May 17, 2017
When a hacker has intercepted your credentials and login information and attempts to use that information, an effective User and Entity Behavior Analysis (UEBA) solution can be what saves you from...
Cyber Threat Prevention for PSOs: Multi-Factor Authentication (Part 6 of 8)
PSVillage
May 17, 2017
In this sixth episode of our 8 part series, Kayne McGladrey reviews Multi-Factor Authentication (MFA). MFA can be used in many instances to ensure the identity of a person trying to access or...
Cyber Threat Prevention for PSOs: Attestation Reporting (Part 7 of 8)
PSVillage
May 17, 2017
Kayne McGladrey discusses Attestation Reporting in the seventh video in this series. The goal of Attestation Reporting is to ensure that a user should have the access that has been requested and...
Cyber Threat Prevention for PSOs: Certification Campaigns (Part 8 of 8)
PSVillage
May 17, 2017
In this last video in the series of 8, We will see how the process of certification in consulting works. IGA, a governance administration tool, will produce certification reports and should work...
The proverbial endpoint is everywhere. Consumers have more IoT and mobile devices than ever before. Industrial IoT is becoming ubiquitous and IoT malware is as common as cell phones. While conveniences are making their way into every facet of life, so are malicious software, social engineering attack and all manner of bad actors.
Include Cybersecurity
Include Cybersecurity
January 05, 2018
Include Cybersecurity is a non-profit organization dedicated to changing the face of cybersecurity professionals. As a co-founder alongside Carmen Marsh, I am responsible for helping to find volunteers and speakers, moderating panel discussions, social media outreach, fundraising, and establishing connections with the many underrepresented communities in cybersecurity.
Senior member is the highest grade for which IEEE members can apply. IEEE members can self-nominate, or be nominated, for Senior Member grade.
To be eligible for application or nomination, candidates must:
* Be engineers, scientists, educators, technical executives, or originators in IEEE-designated fields
* Have experience reflecting professional maturity
* Have been in professional practice for at least ten years (with some credit for certain degrees)
* Show significant performance over a period of at least five of their years in professional practice
Top 50 IoT Influencers to follow in 2023
Engatica
November 08, 2022
Can IoT reach a level where businesses can build scalable solutions for the future? Will it help us have a better 2030? Well, the experts should know. And they should have a better idea of it.
Cloud Thought Leader of the Day ️
WhizLabs
July 09, 2021
Having 28+ years of experience in the field, Kayne McGladrey's role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors.
His consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies. One of his career priorities is to inspire underrepresented communities to pursue careers in cybersecurity.
His simplification of complex concepts to non-tech audiences has given him more reach on his social platforms. His blogs are a must-read for both tech and non-tech people who are interested in cybersecurity.
Check out his blogs here: https://lnkd.in/efHU2Mp
Currently, he is working as Security Architect / Strategy and GRC Practice Lead at Ascent Solutions LLC, a premier productivity, security, and innovation consulting firm.
We thank Kayne for his exceptional contribution to the cloud discipline.
150+ Top Global Cloud Thought Leaders and Next Generation Leaders of 2021
WhizLabs
April 19, 2021
Having 28+ years of experience in the field, Kayne’s expert approach on how to uphold that social contract by managing risks and deterring and denying threat actors is appreciated by many companies. One of his priorities is to inspire under-represented communities to pursue careers in cybersecurity. His simplification of complex concepts to non-tech audiences has given him more reach on his social platform. His blogs are must read for both technical and non-technical people who are interested in cybersecurity.
Top Cyber Pro Awards for 2020
Top Cyber Pro
December 01, 2020
Kayne McGladrey is a senior member of the IEEE and the cybersecurity strategist for Ascent Solutions. He has over two decades of experience in cybersecurity and has served as a CISO and advisory board member, and focuses on the policy, social, and economic effects of cybersecurity lapses to individuals, communities, and the nation.
How to Enhance Cloud Security Measures
Cyngular
May 14, 2024
In a post written by Kayne about what happens when agencies rely upon existing frameworks or rules that weren't originally designed for regulatory purposes, he states that there is the potential for complications: "Standards may evolve, leading to ambiguous regulations," he wrote, and, "In some cases, these standards could be outdated or not applicable to the current context."
Getting AI Right: 3 Challenges for the Future
IEEE Transmitter
October 25, 2023
AI systems need to be trained using data. But data sets are frequently made by people who can be biased or inaccurate. As a result, AI systems can perpetuate biases. This is especially true in hiring practices and in criminal justice, and managing those biases can be difficult.
“We can audit software code, manually or automatically, for privacy defects,” said IEEE Senior Member Kayne McGladrey. “Similarly, we can audit software code for security defects. We cannot currently audit software code for ethical defects or bias, and much of the coming regulation is going to screen the outcomes of AI models for discriminatory outcomes.”
Cybersecurity Concerns Continue
IEEE Transmitter
October 25, 2023
Realistically, the use of AI in cybersecurity will help to reduce the punishing cognitive load on tier 1 security operation center (SOC) analysts and incident responders. Rather than having to comb through a needlestack looking for a needle, AI promises to automate much of the correlation across vast amounts of data that humans struggle with.
What is End-To-End Encryption? 7 Questions Answered
IEEE Transmitter
August 17, 2023
“End-to-end encryption is generally agreed upon as being a useful technology for protecting the data of businesses and consumers,” said IEEE Senior Member Kayne McGladrey. “Online shopping, for example, would not be as popular or feasible if a consumer’s payment information could easily be intercepted. Similarly, private video calls over the internet by senior executives or government officials would be far too risky if anyone could watch.”
Telehealth is Booming: Here’s What You Need to Know
IEEE Transmitter
October 26, 2020
Telehealth, often referred to as virtual doctor appointments, has been utilized in remote regions that do not have local medical resources for several decades. But when COVID-19 began impacting many countries across the globe, telehealth became the go-to method for checking in with your doctor about possible COVID-19 symptoms or other healthcare check-ups.
How to Keep Your Video Conferences Secure From Intruders
IEEE Transmitter
April 16, 2020
As the world adjusts to a “new normal” of remote education and work, video conferencing services have surged in demand as people take to these platforms to connect digitally. Yet, these platforms are susceptible to a variety of intrusions that could lead to the theft of private and company data or inappropriately distracting calls and meetings that leave participants feeling they have no control.
To protect your students, employees, families and yourself from these types of cyber disruptions, we asked IEEE Member Kayne McGladrey for cybersecurity tips for safe video conferencing.
Decreasing Risk Through Enterprise Compliance
CSHub
March 02, 2020
Compliance is often viewed as a reaction for organizations. The auditing of compliance becomes the event that is anticipated with resources and preparation aligned to culminate in the audit itself. A famous approach used in product development is that launch is a process, not an event. The spirit of that message is important for security leaders to consider in building a sustainable business case for compliance. Compliance should be viewed as a continuous, organizational process.
Should You Be Worried About Airport Cybersecurity Threats?
IEEE Transmitter
February 13, 2020
Navigating and traveling through an airport can be stressful. Trying to get through security while searching for a boarding pass and assessing whether there’s enough time to jump on that long line for a desperately needed cup of coffee is a universal experience.
With all of that juggling going on, the last thing on your mind are the cybersecurity threats that you might encounter at the airport along the way. Luckily, cybersecurity experts have already put into place a variety of technologies to protect us and keep our cyber lives safe while we travel. So take a deep breath and focus on getting to your seat in a timely manner instead.
Passwords, Multi-Factor Authentication and Cybersecurity
IEEE Transmitter
April 16, 2018
Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”
Why AI Could be Cybersecurity’s Next Big Thing
IEEE Transmitter
February 16, 2018
For many organizations, analysts in security operations centers spend their days sifting through hoards of log files for suspicious activity. The repetitive nature of this work makes AI an ideal replacement, says Kayne McGladrey, IEEE Member, Director of Information Security Services at Integral Partners (US): “Artificial intelligence has been shown to be good at pattern recognition and correlation over a vast number of data points, and can make connections faster than human analysts would.”
Smart Office Controls
IEEE Transmitter
April 20, 2017
Forget light switches and thermostat buttons in the office. IoT sensors can control when lights go on and off, as well as heating and cooling in the office. Lights can go on and off based on your location.
IOT and Big Data: A Day in a Connected Life
IEEE Transmitter
April 05, 2017
How could your data be used?
“Office workers often find that all the meeting rooms are booked, which can mean consulting teams that arrive to meet with a client must search for an unoccupied meeting room in which to squat. Regardless of reservation status, IoT sensors can impassively detect if meeting rooms are unoccupied and offer them on a first-come, first-served basis.”
What are the security and privacy concerns with this device?
“Insecure IoT heating, ventilation and air conditioning systems are a threat to buildings and cities. For example, in the summer, a hard-coded administrative password in an IoT thermostat deployed in smart buildings in New York City could be compromised by an adversary who forces the thermostats to continuously run cooling systems. The spike in electrical usage could cause a very costly, life-threatening blackout.”
Understanding Cybersecurity Breaches at Consulting Firms
IEEE Transmitter
March 30, 2017
Cybersecurity threats are affecting consulting and professional service firms causing substantial losses. Kayne McGladrey (@kaynemcgladrey), an IEEE Member and professional services director, weighed in on how consulting firms can mitigate threats, keep client data safe and learn from current breaches.
How AI Is Changing the GRC Game
ISC2
October 28, 2025
Agentic AI is opening new possibilities — and raising new questions — for Governance, Risk, and Compliance (GRC). As organizations experiment with AI-driven agents, the path forward is full of both opportunities. In this session, we’ll share real-world experiences, insights, and a forward-looking perspective on how AI is reshaping GRC. Whether you’re just beginning to explore AI or already testing use cases, this session will help you understand what’s working, what to watch out for, and what’s ahead. What we’ll cover: - Early learnings from applying agentic AI in GRC - Firsthand experiences with AI-driven agents in compliance workflows - Common pitfalls and risks to be aware of when using AI - The future of GRC in an AI-driven world and where the opportunities lie
Tags: AI Governance, Cybersecurity, Risk Management
Introducing Hyperproof AI: Changing the Game for AI in GRC
Hyperproof
October 09, 2025
Agentic AI is opening new possibilities — and raising new questions — for Governance, Risk, and Compliance (GRC). As organizations experiment with AI-driven agents, the path forward is full of both opportunities. In this session, we’ll share real-world experiences, insights, and a forward-looking perspective on how AI is reshaping GRC and introduce you to Hyperproof AI: a full suite of AI features that will change the way you manage GRC.
Whether you’re just beginning to explore AI or already testing use cases, this session will help you understand what’s working, what to watch out for, and what’s ahead.
What we’ll cover:
- Early learnings from applying agentic AI in GRC
- Firsthand experiences with AI-driven agents in compliance workflows
- Common pitfalls and risks to be aware of when using AI
- The future of GRC in an AI-driven world and where the opportunities lie
- Hyperproof’s new AI features and how we’re partnering with customers and leading organizations to shape the future together
Join us for an engaging conversation about the future of AI in GRC and to get a look at Hyperproof’s new and exciting AI capabilities.
Tags: AI Governance, Cybersecurity, Risk Management
Executive Keynote on Cyber Risk as a Business Imperative
IEEE Computer Society Florida West Coast Section
June 18, 2025
You’re Invited: Executive Keynote on Cyber Risk as a Business Imperative
Cyber risks are no longer just IT issues—they are core business challenges with serious financial and reputational stakes. Join us for a powerful keynote that explores how cybersecurity must be integrated into business strategy at the highest levels.
What to Expect
Gain practical insights on:
Framing cyber risks as business risks
Communicating security priorities to stakeholders
Integrating cybersecurity into enterprise strategy
Allocating resources and measuring effectiveness
Building resilience across your organization
With real-world examples and actionable frameworks, this session is designed to empower executives and business leaders to make informed decisions that balance cost, compliance, and risk reduction.
Cyber Risk as a Business Imperative: Translating Threats into Strategic Action
ISC2 Southern Connecticut Chapter
May 29, 2025
Cyber risks are not just technical issues; they are fundamental business challenges with profound financial and reputational implications. This keynote addresses the intersection of cybersecurity and business strategy, offering practical insights to help executives and business leaders prioritize and act on cyber risks in a meaningful way.
Attendees will gain an understanding of how to frame cyber risks as business risks, communicate them effectively to stakeholders, and integrate them into broader organizational strategies. Real-world examples and actionable frameworks will equip leaders with the tools to translate technical threats into business priorities. This presentation will also explore how to allocate resources, measure the effectiveness of cybersecurity programs, and foster resilience across the enterprise.
Cyber Risk as a Business Imperative: Translating Threats into Strategic Action
IEEE Computer Society Santa Clara Chapter
May 28, 2025
Abstract
Cyber risks are not just technical issues but fundamental business challenges with profound financial and reputational implications. This keynote addresses the intersection of cybersecurity and business strategy, offering practical insights to help executives and business leaders prioritize and act on cyber risks meaningfully.
Attendees will gain an understanding of how to frame cyber risks as business risks, communicate them effectively to stakeholders, and integrate them into broader organizational strategies. Real-world examples and actionable frameworks will equip leaders with the tools to translate technical threats into business priorities. This presentation will also explore how to allocate resources, measure the effectiveness of cybersecurity programs, and foster resilience across the enterprise.
By the end of the session, you will be prepared to engage in informed decision-making that balances cost, compliance, and risk reduction, ensuring your organization is prepared for the challenges of today’s complex risk landscape.
GRC Maturity Model: A Roadmap for Cybersecurity Leaders
Hampton Roads Chapter of ISSA
May 06, 2025
This presentation delivers three essential insights for cybersecurity professionals: a comprehensive understanding of how the GRC Maturity Model's four levels influence compliance strategies, risk management approaches, and business operations; practical methodologies for evaluating organizational maturity and overcoming implementation challenges; and proven techniques for embedding compliance within strategic planning, implementing automation solutions, and cultivating a culture that proactively addresses compliance requirements. Attendees will gain actionable knowledge to advance their organization's compliance maturity framework, directly contributing to reduced risk exposure and enhanced operational efficiency across the enterprise.
Cyber Risk as a Business Imperative: Translating Threats into Strategic Action
IEEE Computer Society Central Indiana Chapter
April 14, 2025
Cyber risks are not just technical issues; they are fundamental business challenges with
profound financial and reputational implications. This keynote addresses the intersection of
cybersecurity and business strategy, offering practical insights to help executives and business
leaders prioritize and act on cyber risks in a meaningful way.
Attendees will gain an understanding of how to frame cyber risks as business risks,
communicate them effectively to stakeholders, and integrate them into broader organizational
strategies. Real-world examples and actionable frameworks will equip leaders with the tools to
translate technical threats into business priorities. This presentation will also explore how to
allocate resources, measure the effectiveness of cybersecurity programs, and foster resilience
across the enterprise.
By the end of the session, you will be prepared to engage in informed decision-making that
balances cost, compliance, and risk reduction, ensuring your organization is prepared for the
challenges of today’s complex risk landscape.
Cyber Risk as a Business Imperative: Translating Threats into Strategic Action
IEEE CS Richland
April 04, 2025
In today’s business environment, cyber risk is a growing concern that goes beyond IT departments. It is a strategic issue that requires the attention of executives and business leaders. This keynote presentation offers a business-centric approach to understanding, managing, and mitigating cyber risks, enabling leaders to address these challenges with confidence.
Act One begins with an overview of the modern cyber risk landscape, positioning cybersecurity as a core business issue. We will examine the financial and reputational stakes of cyber incidents, grounding the conversation in tangible impacts that resonate with business decision-makers. The audience will leave this section with a clear understanding of why addressing cyber threats is critical to their organization’s success.
Act Two focuses on practical strategies for integrating cyber risk into business strategy. This includes defining cyber risks in business terms, aligning cybersecurity efforts with organizational goals, and translating technical concerns into actionable business insights. Attendees will learn how to communicate cyber risks effectively to stakeholders, including boards, executives, and external partners.
Key points will include:
Bridging the gap between IT and business through shared understanding.
Prioritizing cyber threats based on their business impact.
Building business-centric cybersecurity strategies that support enterprise objectives.
Act Three explores methods for reducing enterprise risk through focused cybersecurity efforts. This includes identifying critical areas for investment, implementing effective controls, and measuring the success of cybersecurity programs. Attendees will learn how to allocate resources efficiently, design controls with maximum impact, and track the business value of their cybersecurity initiatives.
By the end of the presentation, participants will have actionable insights and tools to:
View cyber risks through a business lens.
Communicate their significance to internal and external stakeholders.
Develop and implement strategies that prioritize business resilience.
This session is ideal for executives, board members, and business leaders looking to enhance their organization’s approach to cyber risk and align cybersecurity efforts with strategic goals.
Cyber Risk - a Business Imperative: Translate Threats into Strategic Action
ISC2 Seattle
April 03, 2025
Summary:
Cyber risks are not just technical issues; they are fundamental business challenges with profound financial and reputational implications. This keynote addresses the intersection of cybersecurity and business strategy, offering practical insights to help executives and business leaders prioritize and act on cyber risks in a meaningful way.
Attendees will gain an understanding of how to frame cyber risks as business risks, communicate them effectively to stakeholders, and integrate them into broader organizational strategies. Real-world examples and actionable frameworks will equip leaders with the tools to translate technical threats into business priorities. This presentation will also explore how to allocate resources, measure the effectiveness of cybersecurity programs, and foster resilience across the enterprise.
By the end of the session, you will be prepared to engage in informed decision-making that balances cost, compliance, and risk reduction, ensuring your organization is prepared for the challenges of today’s complex risk landscape.
Cyber Risk as a Business Imperative
ISC2 SoAZ
March 20, 2025
The meeting will be held online via Zoom and you will receive the link when you register. In this meeting, we will have a cybersecurity-related presentation, an ISC2 Corporate and Chapter update, discuss recent cybersecurity news and community announcements, and have a group discussion on a cybersecurity topic.
When:
Thursday, March 20th, 6:00pm to 8:00pm
Agenda:
ISC2 Southern Arizona Chapter Meeting
Introductions
Chapter Business
ISC2 Corporate Update
Cybersecurity News
Community Announcements (Events, Jobs, etc.)
Presentation: Cyber Risk as a Business Imperative by Kayne McGladrey, CISSP
Group Discussion: Open Cybersecurity Topics
March ISC2 Boulder Chapter Meeting
ISC2 Boulder Chapter
March 20, 2025
Calling all cyber security professionals to the March Chapter meeting for the ISC2 Boulder Chapter. Guest speaker Kayne McGladrey will share a strategic look at translating cyber threats into business priorities, helping security leaders communicate risk effectively and integrate cybersecurity into organizational decision-making.
https://us02web.zoom.us/meeting/register/XZwV7C0BQ5O-JsW3TJctuA?_x_zm_rtaid=T-wxLuIMTFWKn1FJguURXw.1740686574566.c1dc2f2350c612f0cec2095b50f7ac37&_x_zm_rhtaid=6#/registration
IEEE CS Boise Section Chapter
March 17, 2025
Cyber risks are not just technical issues; they are fundamental business challenges with
profound financial and reputational implications. This keynote addresses the intersection of
cybersecurity and business strategy, offering practical insights to help executives and business
leaders prioritize and act on cyber risks in a meaningful way.
Attendees will gain an understanding of how to frame cyber risks as business risks,
communicate them effectively to stakeholders, and integrate them into broader organizational
strategies. Real-world examples and actionable frameworks will equip leaders with the tools to
translate technical threats into business priorities. This presentation will also explore how to
allocate resources, measure the effectiveness of cybersecurity programs, and foster resilience
across the enterprise.
By the end of the session, you will be prepared to engage in informed decision-making that
balances cost, compliance, and risk reduction, ensuring your organization is prepared for the
challenges of today’s complex risk landscape.
Kayne McGladrey Presents: Cyber Risk as a Business Imperative
Rochester Professional Consultants Network
March 14, 2025
Cyber risks are not just technical issues; they are fundamental business challenges with profound financial and reputational implications. This keynote addresses the intersection of cybersecurity and business strategy, offering practical insights to help executives and business leaders prioritize and act on cyber risks in a meaningful way.
Attendees will gain an understanding of how to frame cyber risks as business risks, communicate them effectively to stakeholders, and integrate them into broader organizational strategies. Real-world examples and actionable frameworks will equip leaders with the tools to translate technical threats into business priorities. This presentation will also explore how to allocate resources, measure the effectiveness of cybersecurity programs, and foster resilience across the enterprise.
By the end of the session, you will be prepared to engage in informed decision-making that balances cost, compliance, and risk reduction, ensuring your organization is prepared for the challenges of today’s complex risk landscape.
In today’s business environment, cyber risk is a growing concern that goes beyond IT departments. It is a strategic issue that requires the attention of executives and business leaders. This keynote presentation offers a business-centric approach to understanding, managing, and mitigating cyber risks, enabling leaders to address these challenges with confidence.
Cyber Risk as a Business Imperative
ISC2 Central Mississippi Chapter
March 11, 2025
I'm pleased to announce the March 2025 meeting of the ISC2 Central Mississippi Chapter. It will be held Tuesday, March 11th at 12:15 PM on Google Meet. This meeting will be virtual only.
Our speaker will be Kayne McGladrey, an ISC2 CISSP holder, a senior IEEE member, and author of the GRC Maturity Model. With nearly three decades of experience in cybersecurity, he specializes in helping organizations navigate governance, risk, and compliance (GRC). His presentation will be on "Cyber Risk as a Business Imperative".
Advancing Compliance with the GRC Maturity Model: A Roadmap for Cybersecurity Leaders
IEEE Rock River Valley Section
February 27, 2025
Organizations face increasing regulatory, contractual, and legal compliance requirements, yet many struggle with fragmented processes and reactive approaches. The Governance, Risk, and Compliance (GRC) Maturity Model provides a structured framework to assess and enhance compliance programs, aligning them with strategic business objectives.
This session will guide cybersecurity professionals through the four levels of GRC maturity—traditional, initial, advanced, and optimal—illustrating how each stage impacts risk management and operational efficiency. Attendees will learn how to evaluate their organization's current maturity level, identify gaps, and implement targeted improvements to streamline compliance efforts.
Through real-world examples and practical strategies, this presentation will demonstrate how advancing GRC maturity enhances collaboration, reduces compliance risks, and supports long-term business resilience. Whether an organization is starting to formalize compliance processes or aiming for an optimized, risk-based approach, attendees will gain actionable insights to drive meaningful improvements.
Unveiling the 2025 IT Risk and Compliance Benchmark Report: Top Findings to Start Your Year
Hyperproof
January 23, 2025
Join us on January 23rd at 11am PT / 2pm ET as we unveil the findings from Hyperproof’s sixth annual IT risk and compliance benchmark report. Each year, we ask over 1,000 GRC professionals about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to provide an in-depth view of the market’s current state and what to expect for the coming year.
2024 was a milestone year for governance, risk, and compliance (GRC). As companies grappled with increasing regulatory demands, growing stakeholder expectations, and an ever-expanding risk landscape, the importance of maturing GRC programs rose to prominence. Learn about how over the last year, the perception of GRC across organizations has transformed from merely a checkbox exercise to a driver of operational excellence and strategic growth — a trend that is strongly represented in the data.
Join us as we explore:
- Our top findings, an in-depth look at the data from 2024, and an analysis of how these findings will impact GRC in 2025
- How organizations responded to new EU regulations and how these regulations might affect 2025
- Why and how organizations are making deliberate efforts to mature their GRC practices
- The drivers behind why GRC teams expanded in 2024 and why they are expected to continue to grow in 2025
- How organizations in 2024 leveraged generative AI to streamline their processes
Unveiling the 2025 IT Risk and Compliance Benchmark Report
ISC2
January 23, 2025
Join Erin Nelson and me for the unveiling of Hyperproof’s 2025 IT Risk and Compliance Benchmark Report. This year’s report captures the insights of over 1,000 GRC professionals and reflects a transformative year for governance, risk, and compliance. We’ll break down the data to reveal how organizations responded to evolving regulations, scaled their teams, and leveraged generative AI to optimize risk management processes.
You’ll also hear about the growing recognition of GRC’s role in driving strategic growth and operational excellence. Erin and I will walk through the drivers behind these trends, examine the impact of new EU regulations, and provide a forward-looking analysis of how these findings set the tone for 2025. Don’t miss this opportunity to gain practical insights that can help guide your organization’s approach to IT risk and compliance in the year ahead.
January 23, 2025 10:00 a.m. - 11:00 a.m. Eastern time
New Year, New Standards: Preparing for SEC Cybersecurity Disclosures in 2025 and Beyond
CIO & CISO Atlanta Summit
December 05, 2024
The SEC’s new cybersecurity disclosure requirements have set a new benchmark for transparency and accountability, compelling public companies to enhance their cybersecurity practices and reporting.
In this session, you’ll learn how to align your organizations with these evolving requirements and take proactive steps to stay ahead of regulatory expectations.
In this session, we’ll join Kayne McGladrey, Field CISO at Hyperproof, to discuss:
An overview of the 2024 SEC cybersecurity requirements
Best practices for cybersecurity disclosures
How to prepare for the 2025 disclosure season
Bridging the Gap: Communicating Cyber Risks as Business Imperatives
ISC2
October 25, 2023
As CISOs make plans to secure operating budgets for the new financial year, they face the age-old challenge of convincing stakeholders, who often see cybersecurity and privacy as a cost center, to invest in this area. It's time to change the narrative. Discover how to drive more productive conversations about cybersecurity as a strategic growth enabler. Take home actionable ideas for proactively managing controls and risks, increasing efficiency and reducing costs.
2023 IT Compliance and Risk Benchmark Report Findings: The Top 5 Game-Changers
Hyperproof
February 23, 2023
Hyperproof conducts an annual survey to uncover the top challenges IT compliance professionals face and what hot topics they’re focused on in the coming year. We’ve asked over 1,000 survey respondents about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to provide an in-depth view of the market’s current state and what to prepare for this year.
We’ll cover:
The top five findings from the survey
How your peers are planning to handle compliance, audit management, and risk management in the midst of a volatile economy
What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations
Leading practices for ensuring security, compliance, and risk management today
Closing Keynote - The Most Common Visibility and Compliance Lapses in Your Cloud Vendors’ Environments.
SC Magazine
May 17, 2022
Whenever a key business function is hosted by a cloud-based vendor, your organization cedes a certain amount of control to the service provider. And that sometimes means that your security team lacks visibility into how this third party handles sensitive data and to what degree it successfully meets regulatory compliance standards around privacy and data security. This session will identify some of the most common gaps in visibility and compliance to develop between companies and their SaaS, PaaS and IaaS providers, and explain the root causes behind these lapses so that your own company hopefully can avoid some of these pitfalls.
Opening keynote speech at the Seattle Electrical Conference
Seattle Electrical Conference
December 22, 2020
Our key note speaker Kayne McGladrey today will discuss Cybersecurity. Keeping our websites and our networks secure is one of our biggest challenges in our digital age.
Keynote speech at CIA Conference 2020
CIA Conference
October 26, 2020
Prepare and adapt yourself to evolving threat landscape by listening to our next keynote speaker Mr. Kayne McGladrey, will speak on "Deter, Deny and Defend Against Cyber Attacks."
24th Annual Colloquium for Information Systems Security Education - November 4th, 2020
Colloquium for Information Systems Security Education
September 28, 2020
On November 4th at 8:15 AM Pacific, Kayne McGladrey, CISSP, will give the keynote speech at the Colloquium for Information Systems Security Education and discuss the social and economic impacts of cyber security during a pandemic. Registration is free.
Episode 42: Stop Thinking Servers, Start Thinking Systems
Zero Trust Journey
March 11, 2026
We move past the buzzwords to discuss the gritty reality of ripping out legacy "flat" networks and replacing them with Zero Trust architectures that actually improve performance while reducing liability. Kayne breaks down why the private sector continues to struggle with risk and how the rise of Agentic AI is changing the identity landscape in 2026.
Ep08 - Cyber Risk Is a Myth. Are You Framing Risk in Business Terms? with Kayne McGladrey
MYGRCPOV
March 04, 2026
In this episode of MY GRC POV, Monica sits down with Kayne McGladrey to challenge a common leadership trap. Teams talk cyber. Executives hear noise. Budgets stall. Decisions slow. Kayne breaks down how to translate security and compliance risk into business outcomes leaders act on. Revenue impact. Cost exposure. Operational uptime. Customer trust.
Tags: AI Governance, Cybersecurity, Risk Management
Closing the Skills Gap the Smart Way
Root To CISO Podcast
February 24, 2026
In this episode of Root to CISO Byte Size, Kayne McGladrey shares practical insights on how cybersecurity professionals can align technical skills with business priorities to strengthen their impact. From conducting meaningful skills gap analyses to communicating security in revenue-focused terms, Kayne explains how CISOs can protect budget, support growth, and position security as a strategic enabler. He also offers grounded advice for early-career professionals on building the right skills, engaging with the community, and making informed career decisions in today’s evolving market.
Tags: AI Governance, Cybersecurity, Risk Management
What CISOs need to know about the OpenClaw security nightmare
CSO Online
February 12, 2026
“If this was easy, Microsoft would have written this,” says IEEE’s McGladrey. “But there aren’t a lot of options out there. I think that’s the real thing we’re working against here.”
Tags: AI Governance, Cybersecurity, Risk Management
How shopping chatbots might transform retail
FT
January 29, 2026
One problem is that agentic AI reads all the text that it encounters and retains the data it absorbs, McGladrey adds. Embedded text, contained in website code but not visible to the human user, can trick agents into purchasing unwanted products while clones of legitimate retail websites can extract customer payment credentials.
Tags: AI Governance, Cybersecurity, Risk Management
The Cybersecurity Debt We Pretend Isn’t There
Adopting Zero Trust
January 29, 2026
"As organizations push return-to-office (RTO) mandates and chase efficiency, many security teams are quietly accumulating debt they don’t know how to unwind.
In this episode, we are joined by Lea Cure Thorpe and Kayne McGladrey to unpack the less-discussed consequences of recent security decisions: RTO exposure, endpoint blind spots, tooling overload, analyst burnout, and the slow erosion of junior talent (thanks AI)."
Tags: AI Governance, Cybersecurity, Risk Management
AI shoppers open the door to a world of uncertainty
IT Brew
November 26, 2025
“I’ve seen working concepts where the AI will get tricked into not only finding the wrong object, but getting the credit card information from you and sending that credit card information off to whoever’s hosting the fake scam object, and taking your bank account and collecting those credentials too, because it’s got access to all of that,” McGladrey said.
Tags: AI Governance, Cybersecurity, Risk Management
We can't - and shouldn't - fix everything - The Industrial Security Podcast
The Industrial Security Podcast
November 21, 2025
We know there are problems in our security systems, but we can't and shouldn't fix everything. What do we fix? Who decides? How do we explain what's reasonable to people who do decide? Kayne McGladrey, CISO In Residence at Hyperproof, joins us to explore risk, communication, and a surprising role for insurance.
Cloudflare behind the latest outage to break the internet
Fierce Network
November 18, 2025
"While there’s no real regulation for cloud providers in the U.S., IEEE Senior Member Kayne McGladrey noted that the European Union does have rules on the books under the Digital Operational Resilience Act (DORA), which directly regulates cloud providers serving financial entities in the EU and their ICT providers."
Why Phishing Training Doesn’t Work
IEEE Transmitter
October 10, 2025
IEEE Senior Member, Kayne McGladrey said that “AI-generated phishing removes all the traditional warning signs that training programs teach people to look for.” Typical training tells people to watch for bad grammar, weird formatting or implausible scenarios. “However, AI can now create emails that are grammatically perfect, properly formatted and believable. It can even personalize attacks using information scraped from social media or data breaches.”
Zero trust isn’t a feature, it’s a philosophy
SpiceWorks
September 18, 2025
That’s an excellent point. Hyperproof CISO in residence Kayne McGladrey observed, “The zero trust concept itself isn’t broken – it’s more about how it’s being implemented in practice.”
Digital twins are here…and cybersecurity risks are right behind them
IT Brew
September 17, 2025
Kayne McGladrey, CISO in residence at Hyperproof, added that intellectual property theft is another risk for organizations, as a malicious actor may seek to access a digital twin to find a way to gain a competitive advantage over another company.
Securing Smart Water
Water Online
September 05, 2025
In the following Q&A, I discuss these and other issues with Kayne McGladrey, IEEE senior member and field CISO at Hyperproof, who has more than 20 years of experience in building effective cybersecurity programs for organizations of all types, including Fortune 500 and Global 100 companies. But today Kayne is keen on water, addressing the developments, needs, and requirements regarding cybersecurity for those who steward the nation’s critical infrastructure.
Under siege: Why airlines have been prime targets for cyberattacks
Travel Weekly
September 02, 2025
As far as attacks by state espionage services, McGladrey said airlines aren't the only target within the travel industry. An attack on the reservation system of Marriott's Starwood brands in 2018, which exposed nearly 500 million customer records, is believed to have been perpetrated by China. Generally, espionage attacks aren't geared toward credit card fraud and personal account takeovers the way criminal cyberattacks can be, McGladrey said, but there's always a chance a government hacker will moonlight on the dark web.
How Agentic AI Could Expose Your Most Sensitive Personal Data
Business News this Week
August 28, 2025
The privacy risks associated with agentic AI are orders of magnitude greater than those we encounter today.
“Agentic AI requires comprehensive data integration that’s fundamentally different from today’s siloed approach, meaning the risk multiplies instead of simply adding up,” IEEE Senior Member Kayne McGladrey said.
Tags: AI Governance, Cybersecurity, Risk Management
Skepticism, Cybersecurity & AI: Leadership Lessons from Kayne McGladrey | Top Innovator Series
Top Innovator
August 26, 2025
In this Top Innovator episode, host Josef Martens interviews Kayne McGladrey, Hyperproof's CISO in residence and globally recognized cybersecurity thought leader, about his leadership journey. Kayne highlights two core traits - intellectual curiosity and skepticism - as essential for navigating today’s noisy, AI-driven business landscape. He credits mentors and extensive cultural travel for teaching him to seek others’ perspectives and avoid value-based assumptions about motives. To deepen empathy and organizational insight, he urges professionals to rotate through different functions, from help desk to marketing, even if only for short stints. Kayne also stresses the importance of adapting one’s communication style based on feedback and audience, especially for technically inclined leaders. He advises separating personal pride from recommendations, acknowledging that well-founded proposals may not always be acted upon. Looking ahead, Kayne is channeling his experiences into writing a book about risk management and believes AI will soon reshape how leaders learn, make decisions, and deliver value.
Tags: AI Governance, Cybersecurity, Risk Management
Dark Reading News Desk Is Back at Black Hat
Dark Reading
August 01, 2025
Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on the latest research from Black Hat — no trip to Las Vegas required.
Tags: AI Governance, Cybersecurity, Risk Management
How Agentic AI Could Expose Your Most Sensitive Personal Data
IEEE Transmitter
July 30, 2025
“Agentic AI requires comprehensive data integration that’s fundamentally different from today’s siloed approach, meaning the risk multiplies instead of simply adding up,” IEEE Senior Member Kayne McGladrey said.
The current crop of consumer algorithms processes data for specific purposes, and they usually ask for permission.
“Agentic AI proactively gathers information across multiple domains and makes autonomous decisions about how to use it,” McGladrey said. “Today’s systems typically require user approval for actions, but agentic AI is designed to operate independently with minimal human oversight, creating new categories of liability exposure.”
Tags: AI Governance, Cybersecurity, Risk Management
Microsoft hack risk spreads as cybercriminals and nation-states pile in
Axios
July 22, 2025
"Because the attack blends in with just normal, legitimate activity, it's quite hard to detect what's unusual and what's atypical," Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers, told Axios.
Local Governments Streamline Remote Access With SASE
State Tech Magazine
July 22, 2025
“State agencies facing budget constraints might appreciate SASE’s potential cost efficiency through reduced hardware investments and the ability to scale security services based on actual needs,” says IEEE Senior Member Kayne McGladrey.
AI, Business Risk & Threat Management: a CISO’s guide
Cyber Sidekicks
June 24, 2025
This week’s special guest Kayne McGladrey, (blog: kaynemcgladrey.com ), CISO-in-Residence at Hyperproof, outlines the business challenges that CISO's face, as we discuss new types of risk in daily threat management.
Bridging the AI Skills Gap: Top Strategies for IT Teams in 2025
ITPro Today
December 11, 2024
Kayne McGladrey, IEEE senior member and field CISO at Hyperproof, said AI ethics skills are important because they ensure that AI systems are developed and used responsibly, aligning with ethical standards and societal values.
Hacker Summer Camp at the Leatherneck Club
SemperSec
August 07, 2025
Get ready for an exciting in-person event at the Leatherneck Club! Join us for a weekend filled with hacking challenges, workshops, and networking opportunities. Whether you're a seasoned hacker or just starting out, there's something for everyone at Hacker Summer Camp. Don't miss out on this unique opportunity to learn, connect, and have fun with fellow hackers. See you there!
Tags: AI Governance, Cybersecurity, Risk Management
EU Regulations as a Strategic Compass for US Companies
#RISK New York
July 10, 2025
In an era of global uncertainty, EU regulations are emerging as a critical guidepost for US companies navigating complex compliance landscapes.
This panel will explore how aligning with EU regulatory standards can offer strategic advantages, from enhancing global market access to strengthening risk management and corporate governance.
Navigating the World of US Regulations: What You Need to Know
Data Protection World Forum
December 10, 2024
Navigating the complex web of US regulations is critical for organizations striving to ensure compliance and mitigate risk. This session will offer a comprehensive overview of the current US regulatory landscape, highlighting key regulations, trends, and their implications for businesses across various sectors.
Expert Predictions for 2024
GPSec
November 27, 2023
An illuminating panel discussion, ‘Expert Predictions for 2024’, where seasoned experts delve into the future of cybersecurity. This dynamic discussion explores controversial key areas shaping the landscape in the coming year.
Cyber Budgets Taking a Step Back
Maturity in Vulnerability Management
AI Effects on Cybersecurity Job Market
Experts provide valuable predictions and actionable insights to help you navigate the complex cybersecurity terrain of 2024.
Don’t miss the opportunity to stay ahead of the curve in a rapidly evolving digital world.
Keynote Panelists
Michael Fulton, Vernovis, Chief Information Officer
Warner Moore, Gamma Force, Founder & vCISO
Joe Otten, Fifth Third Bank, Sr. Director, Information Security
KEYNOTE PRESENTATION: Expert Predictions for 2024 at GPSEC Columbus Tech Summit 2023
Whova
November 14, 2023
Join us for an illuminating panel discussion, ‘Expert Predictions for 2024’, where seasoned experts delve into the future of cybersecurity. This dynamic discussion will explore controversial key areas shaping the landscape in the coming year.
- Microsoft Security Co-pilot Effects
- Cyber Budgets Taking a Step Back
- Impact of War Climate on Cybersecurity
- Maturity in Vulnerability Management
- AI Effects on Cybersecurity Job Market
Our panel of experts will provide valuable predictions and actionable insights to help you navigate the complex cybersecurity terrain of 2024. Don’t miss this opportunity to stay ahead of the curve in a rapidly evolving digital world.
A 2023 Regulatory Round-Up and How to Prepare for 2024
ISACA
October 30, 2023
This year has brought a number of regulatory changes and updates. From the SEC’s new guidance to updates to the industry go-to standards of NIST CSF, 2023 was yet another year of cyber security and compliance evolution. With every shift in regulatory guidance or requirement, should come a shift in the way organizations are thinking about the way they are protecting their data and the data of their customers. Join our panel of experts as they not only discuss what we’ve seen change in 2023, but also how they suggest security and risk professionals strategically prepare for the year ahead.
Cybersecurity Breaches Are in the News: How Internal Assessments Can Help You Avoid One
ISACA
March 22, 2023
Emerging from a global pandemic, businesses must re-evaluate their processes and procedures to adapt to the new normal. This includes the Risk Management processes. It is more than an ever for businesses to implement processes that will safeguard the company’s assets which includes information. An asset is something of value and in today’s society information is very valuable and must be protected. How does an organization ensure the confidentiality, integrity, and availability of its information assets and the systems that support them? The digital transformation continues, and new technologies continue to emerge. This virtual summit will cover topics that will cover tools and techniques necessary to identify, assess and respond to risk associated with emerging technology and the company’s assets.
Panel Discussion: Navigating the Maze of New Cyber & Privacy Regulations – Keys to Avoiding Regulatory Action
Compliance Week
February 15, 2023
* Deep dive look into interpreting the different emerging US data privacy state laws and the consequences of non-compliance
* Learn about the requirements of the SEC cybersecurity rules and the ramifications for public companies
* Discuss the security programs that need to be implemented to comply with local and international regulations and rules.
ISACA Virtual Summit 2022: Pursuing Digital Trust
ISACA
December 07, 2022
The digital space is the primary method of retaining data and transacting in today’s business landscape. But with the increase in cyberattacks, scams and security breaches, a secure digital world is more important than ever. Cybersecurity, risk, data privacy, governance and assurance are essential processes in the modern business landscape and are critical to helping enterprises become digitally trustworthy, enhance their reputations and increase their brand loyalty with consumers.
Streamlining GRC Controls to Optimize Cybersecurity
IT GRC Forum
November 17, 2022
On this webinar, we will discuss how to streamline GRC controls and optimize cybersecurity risk management processes, to enable leaders to determine what investments best reduce risk with the best return on investment (ROI). Attendees will learn how to:
* Simplify GRC and security operations by reducing the number of controls your organization has to deal with, therefore reducing its workload to test and audit the controls
* Develop a set of controls baselined to the internal and external requirements that your organization needs to meet
* Enable both security process automation and enterprise risk decision-making
* Shrink your organizations cybersecurity attack surface
Finding a long-term solution to curb Cybercrimes in the digital sphere: A Global Perspective
WebForum
November 08, 2022
This was the 7th series of WebForum which was in line with this year’s International CyberSecurity Awareness Month theme "See you in cyber - #becybersmart” held on 28th October 2022.
Curbing Cybercrimes in the digital sphere. #becybersmart - DCA Digital WebForum
DotConnectAfrica
October 25, 2022
The findings of the webforum will inform African countries, businesses, and the global community of the key issues that need to be addressed in order to curb cyber crimes from ethical hacking, implications of data sovereignty and cloud, implications of metaverse and Web 3.0, and data privacy in the cloud. It will also demonstrate the global community’s commitment to the shared objective of protecting citizens, businesses, and organizations in the digital era. This will be imperative to prevent more damaging cyber-attacks, which could have devastating impacts.
SECtember 2022: Transforming Security Along with the Business
SECtember
September 28, 2022
As we all know, decisions that get made to transform the business are not always the best decisions for security. Especially with the accelerated digital transformation of the last few years, now is the time to reassess whether security teams have been properly tracking and addressing all cloud and digital assets that their organizations have taken on. This panel of experts will discuss the challenges of tracking cloud assets, if their risk is being properly measured, and ultimately whether security teams are properly supporting business transformation decisions.
The Future of Health Tracking Apps
CIO Tech Talk
September 01, 2022
Join us live on Twitter Spaces as we discuss:
* how safe patient medical information is with tech firms?
* the challenges health tracking apps present for users?
* how can users protect their data while still using health tracking apps
* red flags users should look out for when choosing or using health tracking apps
* What can tech firms do with data from health tracking apps
Cloud Adoption Outpaces Security
Sub-Four Capital
May 24, 2022
Cloud adoption has been rapidly rising for years and exploded as a result of the COVID-19 pandemic. With a remote workforce, companies needed the accessibility, flexibility, and scalability offered by cloud-based solutions. However, while many companies are moving rapidly to the cloud, security is lagging behind. Cloud infrastructure is very different from an on-premise data center, and these differences introduce unique security challenges. Many companies are still working to understand these differences, leaving their cloud deployments at risk. For many companies, the security of their public cloud infrastructure is a significant concern.
Preparing and Issues to Consider in an Incident Response Plan (IRP)
Sub-Four Capital
May 24, 2022
When it comes to data breaches, they say not if but when. Preparing your business to quickly and competently respond to a data incident starts with the creation of an Incident Response Plan. Understanding the topics covered in an IRP and then making choices that are best for your business helps ensure that the IRP will work in your time of crisis response.
Cyber Threats, Cyber Vulnerabilities: Assessing Your Attack Surface
Dark Reading
November 17, 2021
Today’s cybersecurity environment features a wide range of available threat intelligence, ranging from simple vulnerability alerts to commercial services that monitor threat actor behavior. But how can you use that data to assess the security posture of your own organization? How can you harness threat intel to measure cyber risk? In this panel, threat intelligence experts offer advice and recommendations on how threat intelligence can be used as a means to measure your attack surface.
Returning to the Office: Security Threats and Proactive Solutions
Ascent Solutions
May 13, 2021
A year after the pandemic began, employers are now considering how to welcome their employees back to the office. Join Ascent cybersecurity leaders, Derek Swenningsen and Kayne McGladrey for a discussion on the challenges and threats that are emerging in the modern workplace.
While there are obvious threats, such as threat actors sending phishing lures with fake return to work information, there are less obvious threats, such as IT assets that have not connected to your corporate LAN in a year.
Our experts will take audience questions and discuss the proactive cybersecurity steps that businesses and organizations can take to prepare for employees returning to offices in a hybrid working environment.
How Hackers Used and Abused the Pandemic to Profit
Infosecurity Magazine
March 24, 2021
In this session, a panel of experts will reflect on the various ways in which hackers have targeted the pandemic over the past 12 months, lifting a lid on the methods employed and outlining how businesses and users can best protect themselves from ongoing COVID-related attacks, scams and fraudulent activity.
CISO Perspectives: Zero Trust-As-A-Service
CSHub
November 05, 2020
Join Pulse Secure’s Global Chief Security Architect and Ascent Solutions cybersecurity strategist Kayne McGladrey, CISSP in this webcast to learn about:
- The shift in security challenges, current security concerns, and potential challenges in the future
- Main components of Zero Trust-as-a-Service
- How Zero Trust-as-a-Service solves security challenges in a hybrid IT environment
- Zero Trust-as-a-Service implementation and deployment considerations
- How Zero Trust security practices can help you prepare and build a business continuity plan that withstands the unexpected and future security concerns
This webinar will take place on:
November 05, 2020
11:00 AM - 12:00 PM EST
#IDGTechtalk : A 2019 Recap and 2020 Predictions
IDG Communications, Inc.
December 19, 2019
We will be discussing 2019 trends and looking ahead to a new decade of amazing tech advancements at the final #IDGTechTalk of the year. Join us on Twitter by following #IDGTechTalk at 9 AM Pacific on December 19th, 2019.
Panel Discussion: Who is responsible for Cyber Security in the enterprise?
Cyber Security Hub
November 13, 2019
Cyber Security is still primarily seen as an ‘IT issue’ and this often means that security often gets “bolted on” rather than embedded in a company’s ecosystem. In this panel discussion, discover why everyone within the business is responsible for Cyber Security and how to educate the enterprise on safeguarding customer data.
Key takeaways
- Improve security by creating a culture of healthy suspicion
- Encourage the executive board to communicate policies
- Ensure best practice is maintained throughout your business
AI Brain Fry Is Just Multitasking Gone Wrong
YouTube
March 27, 2026
Think "AI brain fry" is new? It's just classic multitasking wearing a fancy AI mask, and the data proves it kills productivity. Watch to discover why using more than two tools backfires and how to stop the mental crash before you quit your job.
Tags: AI Governance, Cybersecurity, Risk Management
Lawyers Doubled Down on Fake AI Citations
YouTube
March 26, 2026
Two attorneys cited over 24 fake cases in federal court and then tried to blame the judges for harassment. Watch to see how their refusal to apologize cost them $15,000 each plus all legal fees.
Tags: AI Governance, Cybersecurity, Risk Management
AI Hype vs Reality: Why Average Americans Are Skeptical
YouTube
March 25, 2026
AI experts are wildly optimistic about the future, but regular Americans are far more worried about the risks. Discover why the people building the technology see a utopia, while everyone else sees an existential threat.
Tags: AI Governance, Cybersecurity, Risk Management
California's Age Verification Law is a Developer Nightmare
YouTube
March 23, 2026
California just mandated age verification for all apps starting in 2027, but does anyone actually believe teenagers will tell the truth? Watch this breakdown of the Digital Age Assurance Act and discover why this law is doomed to fail before it even begins.
Companies Lie About AI and Get Rewarded #shorts
YouTube
March 20, 2026
Companies get rich bragging about AI while hiring zero experts, but the market eventually punishes the liars. Watch how smart investors spot the fakes and why your stock could tank if you talk big but walk small.
Tags: AI Governance, Cybersecurity, Risk Management
California Hits PlayOn With $1.1M Fine Over Student Privacy #shorts
YouTube
March 19, 2026
Think buying a high school ticket was harmless? PlayOn Sports secretly sold your kids' data and got slapped with an 1.1 million dollar fine for blocking screens until you agreed to tracking.
Tags: AI Governance, Cybersecurity, Risk Management
AI Art Can't Be Copyrighted in the US #shorts
YouTube
March 18, 2026
The Supreme Court ruled in 2026 that robots cannot own art, so your prompts count for nothing. See why creators will not secure copyright protection for their AI work anymore.
Tags: AI Governance, Cybersecurity, Risk Management
Lenovo Lawsuit vs DOJ Data Rule: Will It Stick? #shorts
YouTube
March 17, 2026
A tiny tracking pixel could now trigger massive federal fines under a bold new legal theory targeting data flows to China. Watch how plaintiffs are weaponizing the DOJ's 2025 Bulk Data Transfer Rule to sue tech giants over everyday website cookies.
Tags: AI Governance, Cybersecurity, Risk Management
Amazon Blocks Perplexity AI Shopping Tool #shorts
YouTube
March 16, 2026
Your AI shopping assistant just got blocked by a federal judge in a landmark 2026 ruling. See why Amazon won and what this means for your next online purchase.
Tags: AI Governance, Cybersecurity, Risk Management
Why schools need holistic compliance, not just tech alerts
YouTube
March 13, 2026
Thinkers360 Short Post
Discover why a Florida boarding school paid $1.7 million dollars after ignoring a basic sanctions screen. Learn how a single compliance blind spot can turn ordinary tuition payments into a legal nightmare, and what every organization can do to avoid it.
Tags: AI Governance, Cybersecurity, Risk Management
Why a 60-year-old privacy law is turning your site into a lawsuit magnet
YouTube
March 12, 2026
Find out how the California Invasion of Privacy Act, a law from 1967, is fueling a wave of pixel lawsuits against any site with tracking code. Learn the quick steps that can keep your business out of court and protect your users' privacy.
Tags: AI Governance, Cybersecurity, Risk Management
AI can link your old posts to your future job prospects
YouTube
March 11, 2026
Watch how AI can turn a single LinkedIn line into a full identity, threatening free speech and making hiring even more of a privacy nightmare. Find out why companies should think twice before feeding such tools into their applicant tracking systems.
Tags: AI Governance, Cybersecurity, Risk Management
2027 FedRAMP rule forces all cloud providers for federal data to be authorized
YouTube
March 10, 2026
Missing the FedRAMP deadline could cost your firm a federal contract. Find out why the 2027 rule matters and how early compliance gives you a legal edge.
Tags: AI Governance, Cybersecurity, Risk Management
CIOs Face AI Accountability Crunch - Budgets, Jobs, Security
YouTube
March 09, 2026
Your AI strategy could become a legal nightmare. Find out why CIOs are sweating over hidden AI, budget freezes and executive pay tied to measurable outcomes.
Tags: AI Governance, Cybersecurity, Risk Management
NY RAISE Act forces CISOs to act fast on AI incidents
YouTube
March 06, 2026
Seventy-two hours to report a dangerous AI incident - miss it and face up to three million dollars in fines. Discover how New York’s RAISE Act forces the biggest developers to publish safety frameworks and what CISOs need to do now.
AI Baby Monitor Claims Unpacked: What NAD Found
YouTube
March 05, 2026
Discover how regulators busted an "AI-powered" baby monitor that bragged about safety while its AI struggled to spot laughs and cries. Learn why third-party testing and on-device storage matter more than flashy labels.
When a senior manager tried to fake FedRAMP High clearance, the DOJ turned her paperwork into a criminal case. Find out why CISOs must double-check every control, and how a single lie could land you behind bars.
Discover how a landmark court ruling helps companies keep cyber investigation secrets safe from prying eyes. Learn the simple steps that turn legal privilege into a strong defense for CISOs and their teams.
AI hiring tools promise speed, yet hidden bias laws are closing in fast. Discover why every recruiter needs a lawyer in the loop before March 7th, 2026.
Find out why a simple tracking pixel could turn your site into a wiretap and cost your business millions in penalties. Learn the legal loophole judges are talking about, and how to protect your business today.
Tags: AI Governance, Cybersecurity, Risk Management
California Audit Alert
YouTube
February 25, 2026
California now mandates an annual cybersecurity audit for any firm handling 250,000 consumer records or 50,000 sensitive records. Learn how a mock audit this year can help dodge penalties and keep executives safe from perjury charges.
Tags: AI Governance, Cybersecurity, Risk Management
AI Beats Judges
YouTube
February 24, 2026
Watch how GPT-5 outperformed sixty one federal judges, delivering the correct legal outcome every time. Discover why this perfect score is reason for a cautious debate over AI’s role in law and what it means for future regulations.
Tags: AI Governance, Cybersecurity, Risk Management
Crypto AI Scam Unveiled: $50 Million Vanished in Fake Token
YouTube
February 23, 2026
Discover how two crypto founders staged a fake death, spun a phantom AI platform and siphoned millions through hidden wallets. Watch the shocking details of the alleged fraud that sparked a New York class action lawsuit.
Cyber Risk as a Business Imperative: Translating Threats into Strategic Action
IEEE Computer Society of Chicago
February 27, 2025
Cyber threats continue to grow, but many organizations still treat them as technical problems instead of business risks. This presentation challenges that mindset, providing a business-centric approach to understanding, prioritizing, and mitigating cyber risks in a way that makes sense to executives, boards, and other key stakeholders.
I’ll be covering how to bridge the gap between cybersecurity and business strategy, helping leaders take a proactive role in cyber risk management. We’ll discuss how to effectively communicate risks in terms of financial and operational impact, integrate cybersecurity into broader business planning, and allocate resources where they matter most. With real-world examples and practical frameworks, I’ll outline how organizations can build a more resilient and risk-aware culture.
Whether you're a business executive, security leader, or decision-maker, this session will equip you with the tools to engage in meaningful conversations about cyber risk and ensure your organization is prepared for what’s next.
Feb 27th from 6 PM - 7 PM Central Time
#cybersecurity #risk #webinar #presentation
Kayne McGladrey Of Hyperproof On Cybersecurity Compliance in the Age of AI Threats
Authority Magazine
December 09, 2024
"Compliance with regulatory standards and industry-specific guidelines for product security is an indispensable part of cybersecurity. In an age where malicious AI poses a significant threat, how do organizations ensure their product security strategies are not just effective, but also fully compliant? As a part of this series, I had the pleasure of interviewing Kayne McGladrey."
Zero trust secures agile business transformation
CIO
October 30, 2023
CIOs should collaborate closely with CISOs to evaluate which zero trust controls will offer the most significant mitigation of agreed-upon business risks. Once specific controls are implemented, they can be centralized and reused across the various compliance standards like SOC 2 Type 2, ISO 27001, and PCI, delivering greater flexibility. “The key lies in the deliberate selection of zero trust controls aimed at reducing specific business risks while potentially streamlining existing compliance efforts,” explains Kayne McGladrey (@kaynemcgladrey), field CISO at Hyperproof and senior IEEE member.
AI lifts workforces to new heights of efficiency and innovation
CIO
February 07, 2025
Kayne McGladrey, Field CISO at Hyperproof and Senior IEEE Member, says cybersecurity is also fertile ground for AI. “CISOs are looking at AI and automation solutions that handle common cybersecurity tasks. These include collecting evidence of control operations for the internal audit team, testing that evidence automatically, and producing regular reports on such things as false-positive cybersecurity events. These tasks help overworked cybersecurity analysts and engineers to focus on the parts of the job that they love without burdening them with excessive paperwork.”
How to Protect and Secure Your Data in 10 Ways
TechRepublic
January 28, 2025
“Companies should conduct thorough risk assessments to identify and mitigate potential harms associated with AI products, understanding their limitations and potential misuse,” McGladrey said. “Maintaining clear documentation of AI system metrics and methodologies, along with disclosing any known risks or limitations to customers, is essential for transparency.”
Data Privacy Day 2025: Insights from Over 50 Industry Experts
Solutions Review
January 28, 2025
“To protect their personal data, consumers can take several practical steps to remove their information from data broker websites and opt-out of marketing. First, they should identify where their data is held by searching major data broker sites, public records, and credit reports. Once identified, consumers can use the “Opt Out” or “Remove My Data” links provided on these websites to submit removal requests, ensuring they confirm their identity and track the progress.
Additionally, they should familiarize themselves with regulations like the California Consumer Privacy Act (CCPA), which allows them to request the deletion of their personal data and opt-out of its sale. Consumers can also use online tools and services designed to automate the opt-out process from marketing lists and data brokers.
How Can The Industry Do A Better Job Of Promoting Emerging Technologies In Physical Security Environments?
Security Informed
November 25, 2024
The security industry can do a better job of promoting emerging technologies in security environments by linking their solutions to measurable outcomes that matter to CISOs. Those outcomes could be to either reduce sales friction or to show measurable progress in key risk indicators that board members care about. For example, while according to the recent "The Impact of Technology in 2025 and Beyond: an IEEE Global Study,” 48% of technologists said that the top application for AI in 2025 will be real-time cybersecurity vulnerability identification and attack prevention, vendors should still be prepared to explain how investments in their solutions can produce progress over time and support agreed-upon business objectives, outside of the technical benefits. Unfortunately, most emerging technologies primarily discuss technical benefits and features, not business outcomes. For example, if a CISO cares about multifactor authentication coverage, vendors should explain how their solution improves coverage and ties that to higher business resiliency. That would also reduce friction in B2B sales where a high degree of MFA coverage could be cited as a key control in a SOC 2 type 2 report, for example.
How AI could change threat detection
Techtarget
September 13, 2024
Early threat detection practices mostly involved identifying "something bad on a device by detecting that it matched a known signature," explained Kayne McGladrey, a senior member of IEEE, a nonprofit professional association, and field CISO at Hyperproof. This signature-based detection was, and still is, a key part of threat detection, but other rules-based detection practices -- where computer activities are analyzed to determine if they follow set rules -- have become foundational components of threat detection over the years, too.
How are wearable technologies impacting the security market?
SourceSecurity
August 29, 2024
Wearable technologies offer many benefits but pose unique security challenges requiring robust controls and for users to keep their devices updated. These devices collect large amounts of personal data, such as health metrics and location information. As a result, manufacturers should implement robust encryption, provide frequent updates, and establish transparent data policies that maintain compliance with Europe’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). Similarly, consumers should request stronger security controls from manufacturers, and should regularly update software, use strong passwords, and monitor app permissions.
AI in Cybersecurity: The Good and the Bad
Builtin
August 22, 2024
“[AI] allows a threat actor to scale a lot faster and across multiple channels,” Kayne McGladrey, chief information security officer at compliance management company Hyperproof, told Built In. “And the defensive tools haven’t quite caught up. Unfortunately, none of this stuff is going away. This has now become a fixture of the landscape. It’s part of our new, modern cybersecurity hellscape that we inhabit continuously.”
Quantum and AI: Safeguards or Threats to Cybersecurity?
IEEE Transmitter
July 29, 2024
AI models are vulnerable to numerous threats. One common attack involves data poisoning, in which malicious data is introduced into an AI’s training data set, causing it to learn incorrect patterns or behaviors and leading to inaccurate or harmful outputs. Watermarking and metadata embedding can help to support the integrity of training data and model outputs. These methods can be cryptographically verified and authenticated, ensuring the trustworthiness and traceability of the data used in AI models.
What Are The Benefits, And Drawbacks, Of AI In Security
Security Informed
June 21, 2024
By automating routine tasks and improving threat detection and response capabilities in cybersecurity, AI allows security teams to focus on more strategic activities. It is likely that cybersecurity professionals will soon use AI tools as an interface to less-familiar tools, similar to how programmers are currently using AI to generate code based on a task description when writing code for unfamiliar programming languages. However, one drawback of the rapid adoption of AI in enterprise security applications is that the accelerated development cycle and limited user base mean these tools have not seen extensive real-world security testing. As a result, some AI security tools may include vulnerabilities that can be exploited by threat actors. This is like the latest trends of enterprise file transfer applications or enterprise VPNs being compromised, which happened before the current increased development cycle to incorporate AI based on investor demands. It's very likely we will see zero-days used against AI-powered cybersecurity solutions in the short term.
AI Summit: Fortifying Cyber Defense Amid Privacy Challenges
BankInfoSecurity
April 30, 2024
A session by Kayne McGladrey, field CISO of Hyperproof, and Casey Allen, CIO of Concentric, discussed the importance of privacy regulations when maturing organizational security programs. McGladrey and Allen shared methodologies for CIOs and CISOs to embed privacy into security initiatives in the age of AI and digital transformation.
The Jobs of Tomorrow: Insights on AI and the Future of Work
IEEE Transmitter
January 19, 2024
Kayne McGladrey, Field CISO at Hyperproof and IEEE Senior Member, noted that the use of generative AI models in business hinges on their ability to provide accurate information. He cited as examples studies of AI models’ abilities to extract information from documents used for financial sector regulation that are frequently relied on to make investment decisions.
“Right now, the best AI models get 80 percent of the questions right,” McGladrey said. “They hallucinate the other 20 percent of the time. That’s not a good sign if you think you are making investment decisions based on artificial intelligence telling you this is a great strategy four out of five times.”
What Will Be The Biggest Surprise For Security In 2024?
Security Informed
December 26, 2023
"In 2024, the most significant cybersecurity surprise will be the widespread recognition that Chief Information Security Officers (CISOs) are primarily risk advisors, not risk owners. This distinction contrasts with some companies' previous perceptions and the operational reality. With cybersecurity concerns such as data center vulnerability, cloud vulnerability, and ransomware attacks still being a top concern for business leaders in 2024, this distinction is important to keep in mind to ensure the success of corporate security. Business systems are managed by business owners, whose performance is measured based on the system's effectiveness. Historically, some companies have incorrectly assumed that the CISO is responsible for authorizing or mitigating some of the risks associated with these business systems. This is a misconception. The business owner, likely the individual who has approved the business continuity plan or is most affected by operational disruptions, also bears the responsibility of deciding how to address each risk. While CISOs can identify and propose mitigation strategies for business risks related to cybersecurity, they do not and should not accept or authorize the mitigation of risks for systems outside their ownership."
Tags: Cybersecurity, Business Continuity, Data Center
Article: Experts advise on how to build a successful hybrid work security strategy
CIO
December 15, 2023
Next, commit to solving the complexity issue. In practice, this involves consolidation and integration of tools while striking “a balance between robust protection and user convenience,” said Kayne McGladrey (@kaynemcgladrey), Field CISO at Hyperproof and Senior IEEE Member. For example, “automation and integration of security controls are crucial in achieving scalability and simplifying validation of efficient control operations.”
We’ve compiled the best VPNs for Netflix to show you those that have secure servers, optimum speed and allow you to stream Netflix on different devices.
How to develop an application modernization strategy that delivers tangible results
CIO
November 17, 2023
Kayne McGladrey, (@kaynemcgladrey), senior IEEE member and field CISO at Hyperproof, which provides SaaS-based compliance and security operations solutions, says: “Developing an application modernization strategy requires careful assessment, planning and execution. First, you must understand your business goals and objectives. Only then can you create an aligned business and application roadmap.”
Using AI Isn’t As Easy As It Seems
CXOToday
November 12, 2023
“Realistically, the use of AI in cybersecurity will help to reduce the punishing cognitive load on tier one analysts in the security operation center,” said IEEE Senior Member Kayne McGladrey. “Rather than having to comb through a needlestack looking for a needle, AI promises to automate much of the correlation across vast amounts of data that humans struggle with.”
Data loss prevention vendors tackle gen AI data risks
CSO
October 31, 2023
“Employees across industries are finding new and innovative ways to perform their tasks at work faster,” says Kayne McGladrey, IEEE senior member and field CISO at Hyperproof. “However, this can lead to the sharing of confidential or regulated information unintentionally. For instance, if a physician sends personal health information to an AI tool to assist in drafting an insurance letter, they may be in violation of HIPAA regulations.” The problem is that many public AI platforms are continually trained based on their interactions with users. This means that if a user uploads company secrets to the AI, the AI will then know those secrets — and will spill them to the next person who asks about them. It's not just public AIs that have this problem. An internal large language model that ingested sensitive company data might then provide that data to employees who shouldn’t be allowed to see it.
Zero trust from edge to cloud: not one-and-done
CIO Magazine
August 30, 2023
“The only meaningful consideration of zero trust adoption is when the board and CEO are willing to trust and partner with the CISO to effectively mitigate business risks. A recent Gartner study found that a CISO who can effectively tie business outcomes to a material reduction in business risk through practical implementation of zero trust controls will make security an asset for their organization that enables them to compete more effectively.” — Kayne McGladrey, field CISO, Hyperproof
Cloud, 5G to be Decisive Technology Trends in 2023: Study
Geospatial World
November 02, 2022
While homomorphic encryption can require lots of computing power, it has a few big upsides. For one thing, according to Kayne McGladrey, IEEE Senior Member, it allows companies in highly regulated industries, such as finance or healthcare, to store data on a public cloud. “As the data remains encrypted in all phases, even a data breach of a third party will not provide a threat actor with access to encrypted data,” McGladrey said.
Cybersecurity hiring remains red-hot—the industry to surpass $400 billion market size by 2027
Fortune
July 22, 2022
“As a result, those companies with solutions and products in the cybersecurity industry are heavily reinvesting their profits into research and development of artificial intelligence-based solutions intended to automatically detect and remediate actions from these increasingly well-funded adversaries,” McGladrey tells Fortune. “This cycle will continue so long as it remains profitable for cybercrime actors, barring remarkable changes in how companies prioritize and address their cyber risks.”
When More is Not Necessarily Better: The Impacts of Multiple Security Tools
CIO
November 04, 2021
“Organizational collaboration is difficult when different data protection tools perform similar functions, as it may be unclear how to allow a collaborator to access or modify data. Something as simple as data classification and labeling becomes overly complex and a nuisance to end users if they need to set a label in multiple locations, particularly when the labels are not consistent across tools.” — Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions
Sinclair TV Stations Targeted in Weekend Ransomware Attack
GovInfoSecurity
October 18, 2021
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, says once the incident is resolved, Sinclair "should do an internal hot-wash" to identify lessons learned - allowing them to strengthen technical defenses and update/validate their incident response plan.
New Legislation Eyes Both Ransom, Incident Reporting
GovInfoSecurity
September 30, 2021
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, tells ISMG, "These [various legislative efforts] all stem from the issue that there is no single source of truth on the volume or scope of cyberattacks, which has led to the perception that it is difficult to apply commensurate public and private policy responses."
Experts Weigh In on Data-First Modernization
CIO
September 30, 2021
“This will vary by industry and size of business,” notes Kayne McGladrey, cybersecurity strategist at Ascent Solutions. “A social media company losing control of their content for an hour has a very different risk profile than a manufacturing company being unable to manufacture products.”
Tags: AI Governance, Cybersecurity, Risk Management
Transforming Security Compliance from Cost Center to Competitive Edge
Hyperproof
October 22, 2024
Enterprise security professionals face pressure to minimize spending on risk and compliance while maximizing efficiency and security. Traditionally seen as cost centers, security compliance solutions have untapped potential for better decision-making and competitive advantage. In this session. you will discover how adopting new cybersecurity frameworks can save money and enable market entry, how automation reduces engineering's role in evidence collection for control operations, and how to convey the value of cybersecurity investments to the board.
Kayne McGladrey, FIELD CISO, Hyperproof
Andrew Cunje, CHIEF INFORMATION SECURITY OFFICERT, Appian
Tuesday, October 22, 2024 / 12:05 PM - 12:25 PM EDT at Gartner IT XPO
Communicating Risk with Your Leadership Team
FutureCon
December 06, 2023
In response to the ever-changing risk environment, company leadership is asking more and more questions about how to best manage risk. But being able to answer those questions means having a system and process in place to accurately document, manage, mitigate, and report on those risks.
Luckily, some frameworks and processes already exist to help guide you through that process. Kayne McGladrey, Field CISO, will walk you through the current state of risk and how to effectively and accurately communicate risk to your leadership team.
In this presentation, you’ll learn:
● What the 2023 risk landscape looks like
● How risk managers are planning on updating their risk workflows to adapt
● How to communicate risk to leadership
December 6th at 10:45 AM at FutureCon in Atlanta, GA
How Instacart Created Strong Relationships with Engineering to Build a More Compliant Product
ISACA
August 21, 2023
In a world where compliance and engineering teams must work together to build compliant products, competing goals and philosophies can make collaboration frustrating for both sides. Join representatives from Instacart as they share their story on how they worked with engineering to build a compliant product, best practices for collaborating across teams to build scalable, compliant solutions and how to foster a culture of security and compliance across your organization.
After completing this session, participants will be able to:
• Build more credibility with engineering teams.
• Incorporate features that enable compliance into products.
• Work with your engineering team—not against them—to build high-quality, compliant products.
• Make long-term continuous compliance a reality with automation tools.
Cyber security for Bellingham families and neighborhoods
Eventbrite
October 13, 2019
Americans are buying and installing smart speakers, virtual assistants, smart electrical plugs, smart garage door openers, smart light bulbs and connected children's toys at an unprecedented rate. We know to lock the physical doors to our homes, but fewer people appreciate how smart devices can act like unlocked doors for cyber criminals into our homes, our social networks, and our bank accounts.
The lack of communications and understanding between professionals who work in cyber security and their neighbors who don't is one of the reasons cyber crime has grown for fifteen years. There are simple things we can each do to protect our families against the risks to our privacy and security.
In this session, you'll learn:
- how cyber criminals hack into smart devices, bank accounts, and cloud services
- two easy ways you can protect your family's accounts
This session includes a live hacking demo, so please bring your mobile phone (Android or Apple) if you’d like to participate. This is not a sponsored event and there is no cost. Any solutions recommended will be free, and there will be time for questions at the end of the presentation.
All about DORA | Drafting Compliance Ep. 38
Hyperproof
December 13, 2024
Kayne and Tom talk about DORA and its applicability. Learn where DORA applies, how you may need to be concerned about DORA even if you think you don’t and why DORA is causing confusion in US companies. Kayne and Tom try an unusual option to drink and we come close on the scoring.
Controls, Questionnaires, and Risks with Eric Hammersley | Drafting Compliance Ep. 37
Hyperproof
November 19, 2024
On this episode, we're expanding the show to talk about more than FedRAMP. But before we get to that, I want to mention: we're sitting in the same room in San Diego, in front of a live audience at HyperConnect 2024 , with our special guest Eric Hammersley of Nutanix, and we have some beers.
How digital wallets work, and best practices to use them safely
Help Net Security
September 19, 2024
In this Help Net Security video, Kayne McGladrey, IEEE Senior Member, discusses best practices for using digital wallets safely. With the adoption of digital wallets and the increasing embedding of consumer digital payments into daily life, ensuring security measures is essential. According to a McKinsey report, digital payments are now mainstream and continually evolving, bringing advancements and new data protection and fraud prevention challenges.
CISO Communication Skills With Kayne McGladrey
Cyvergence
January 09, 2026
In this conversation, Matthew Webster and Kayne McGladrey delve into the complexities of cybersecurity governance, focusing on the role of CISOs in aligning cybersecurity with business strategy. They discuss the importance of effective communication, the need for CISOs to understand business impacts, and the challenges posed by cognitive biases in decision-making. The conversation also touches on the evolving landscape of AI in cybersecurity and the future responsibilities of CISOs, emphasizing the necessity of building relationships with other executives to enhance collaboration and understanding.
From Cost Center to Competitive Edge: Operationalizing GRC
Hyperproof
July 07, 2025
This presentation from Hotman Group and Hyperproof explains how to transform governance, risk, and compliance (GRC) from a reactive cost center into a strategic advantage. Kayne and Cheri stress understanding your organization’s core drivers—such as avoiding risk, meeting regulatory demands, and supporting financial disclosures—to justify executive sponsorship and resource allocation.
Threat Model Updates, AI, and LLMs | Bill Dougherty, Omada Health | InfoSec Pros on the Road
Hyperproof
June 12, 2025
Filmed live at RSAC 2025 in San Francisco, we are joined by Bill Dougherty, CISO at Omada Health, to discuss an update to his threat model to include AI and LLMs and more!
Scalable Risk Management and GRC | Paul Kunas, Accenture | InfoSec Pros on the Road
Hyperproof
June 06, 2025
Filmed live at RSAC 2025 in San Francisco, we are joined by Paul Kunas, Director and Global Lead of Cyber Risk, Regulations and Standards with Accenture, to discuss his evolution from internal GRC to client-facing consultant, scalable risk management across budget constraints, and more!
Cyber Leaders S02 E03 (Feat. Kayne McGladrey)
The Decloaked Podcast
February 05, 2025
It's time we heard from people who live and breathe cybersecurity. Join me as we discuss the highs and lows of working in this industry, the topics that need clarifying, and those that need the B.S. removed. Kayne is active in the community and has offered some GRC maturity models to help anyone.
Cyber Privacy, Ethics, and Abuse CISS 417 at WWU
Western Washington University
February 17, 2021
On February 17th, 2021 Kayne McGladrey, CISSP will be leading a tabletop exercise for the students of CISS 471 at Western Washington University. The tabletop exercise explores the ethical decisions associated with a ransomware attack at a fictional international organization.
2024 IT Risk and Compliance Benchmark Report Findings: Turning Cybersecurity Challenges into Opportunity
Hyperproof
March 01, 2024
It’s that time again! Hyperproof’s fifth annual benchmark survey is here. Each year, we ask over 1,000 GRC professionals about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to compare results from the previous year, provide an in-depth view of the market’s current state, and prepare for this year and into the future. What we found this year is highly interesting: there’s been a change in the overarching narrative of cybersecurity — long relegated to the role of a cost center — to make cybersecurity compliance a key competitive differentiator.
Join us for our webinar to learn:
* The top findings from the survey (hint: trust and transparency are top-of-mind in 2024)
* How unifying risk and compliance data affected survey respondents’ ability to mitigate risk, improve cybersecurity, and avoid breaches
* How highly publicized breaches in 2023 have made business operations more challenging for both B2B and B2C companies
* How the market has responded to AI risks in 2023 and how cybersecurity professionals plan on leveraging AI in 2024
* Why cybersecurity decision-making among organizations with an integrated view of risk and compliance data is becoming more collaborative
How to Overcome Policy Challenges
Hyperproof
April 22, 2025
Policies are the backbone of effective governance, yet many organizations struggle with implementation, oversight, and adaptation. In this webinar, we will explore strategies organizations can use to mature their approach to policy and see where they sit on the Policy Maturity Model. We’ll unveil Hyperproof’s new policy capabilities and how they can help you navigate the complexities of policy governance. In this webinar, we’ll discuss:
- Common challenges associated with policy and real-world examples of policy failures.
- How to assess your organization's policy maturity and identify gaps through the Policy Maturity Model.
- Hyperproof’s new policy capabilities and how they can help your organization scale with confidence.
InfoSec Pros: Joe Erle on Cyberinsurance Key Controls and AI Considerations
LinkedIn
February 21, 2025
When a company experiences a cyber incident, cyberinsurance can make a significant difference in financial recovery—but only if the right controls are in place. In this episode of Hyperproof’s live stream series, Joe Erle from C3 Risk & Insurance Services joins Kayne McGladrey to discuss how organizations can approach cyberinsurance in a landscape shaped by artificial intelligence and evolving threats. We will explore the controls insurance providers require, how claims are handled when AI-driven fraud is involved, and what businesses need to prepare for in the event of a breach. We will also dig into the latest trends in financial fraud, including fake invoicing and social engineering attacks. Questions from the audience are welcome, so join the conversation and get real-time insights from an expert in the field.
Trends from Hyperproof's 2024 IT Risk and Compliance Benchmark Report
ISC(2)
April 09, 2024
Is your IT risk and compliance program ready for 2024 and beyond?
For the last five years, Hyperproof has asked over 1,000 GRC professionals about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more. We then compare results from the previous year, and provide an in-depth view of the market’s current state in our annual benchmark report. The 2024’s IT Risk and Compliance Benchmark report highlights a fascinating change in the overarching narrative of cybersecurity: respondents and key stakeholders from other departments are thinking about cybersecurity compliance as a key competitive differentiator rather than just a cost center.
Join Hyperproof and ISC2 April 9, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific to learn:
-How unifying risk and compliance data affected survey respondents’ ability to mitigate risk, improve cybersecurity, and avoid breaches
-Key trends for cybersecurity in 2024
-How the market has responded to AI risks in 2023 and how cybersecurity professionals plan on leveraging AI in 2024
-Why cybersecurity decision-making is becoming more collaborative with an integrated view of risk and compliance data.
From Cost Center to Competitive Edge: Operationalizing GRC
Hyperproof
April 02, 2024
Enterprise GRC professionals are often pressured to minimize spend on risk and compliance initiatives while still maximizing their efficiency and keeping their organizations secure and compliant. Fortunately, there's a growing realization that the right GRC solution, traditionally seen as a cost center, holds untapped potential for better decision-making, unlocking a significant competitive advantage. As a result, they need to break down the data silos between risk and compliance activities to get a transparent, holistic view of their compliance and risk postures, but they aren’t always sure where to start.
Join our experts Cheri Hotman, Partner, vCISO, Hotman Group and Kayne McGladrey, Field CISO from Hyperproof to learn more about:
- The drivers creating a growing need for transition from viewing GRC as a compliance obligation to operationalizing it as a strategic solution
- Practical strategies for transforming GRC operations, with a focus on breaking down silos
- Best practices for unifying risk and compliance data
- How to best prioritize GRC initiatives
Elevating Security: The Power of CIS Critical Security Controls
Hyperproof
December 05, 2023
Presented by
Kayne McGladrey, Field CISO - Hyperproof | Charity Otwell, Director, Critical Security Controls - CIS
Dec 05 2023, 11:00am PST
CIS Critical Security controls are a prescriptive, prioritized, and simplified set of best practices that can strengthen your cybersecurity posture. The CIS Controls include foundational security measures that you can use to achieve essential hygiene and protect yourself against a cyber attack. Are you curious whether CIS Critical Security Controls is the right choice for your organization? Or are you currently using CIS Critical Security Controls and wondering how to maximize your experience? Join Charity Otwell, Director at Critical Security Controls - CIS, and Kayne McGladrey, Field CISO at Hyperproof, to discuss areas of focus for CIS controls and how they can best apply to organizational security.
Participants will:
- Learn the basic foundation of CIS Controls
- Understand how to assess applicability for their organization
- Learn how to adopt best practices around CIS Controls
- Learn the upcoming changes that will be made to the CIS Controls
Working with ChatGPT: The Dos and Don’ts for Your Organization’s Security
BrightTalk
June 15, 2023
As generative AI tools like ChatGPT continue to evolve and impact various industries, compliance experts are left wondering about the potential security implications for their businesses. Join us for this enlightening webinar as we discuss the dos and don'ts of working with ChatGPT and similar technologies to equip compliance experts with the knowledge to navigate the security challenges presented by generative AI. We’ll also explore how you can ensure the safe and secure implementation of AI technologies within your organization and what security threats to anticipate.
Join speakers Kayne McGladrey, Field CISO at Hyperproof, and Dr. Rebecca Wynn, Global Chief Security Strategist & CISO at Click Solutions group, as they discuss:
- Valid use cases for using generative AI tools like ChatGPT in your business practices
- How to teach your organization to responsibly use AI tools how they can negatively impact enterprise risk and liability
- Security policy considerations that organizations should examine before incorporating ChatGPT or similar AI technologies
Insights into enterprise risk management frameworks that can help manage this new risk
Level Up Your Security: How to Build Compliance and Risk Mgmt Programs to Scale
ISC(2)
April 11, 2023
Maintaining cybersecurity compliance and building reliable risk management practices isn’t a simple to-do item you check off anymore. The livelihood (and ultimately the growth) of your business depends on resilient security and compliance programs. Add in changing regulatory requirements, and the challenge becomes exponentially more complex.
Join Hyperproof and (ISC)2 on April 11, 2023 at 1:00 p.m. Eastern/10:00 a.m. Pacific to hear more about:
• The value of connecting compliance and risk
• Optimizing stakeholder visibility and communication
• Using GRC tools to scale your business
• Long-term impacts of streamlining compliance, security, and risk management workflows
Communicating Risk With Your Leadership Team
FutureCon
March 22, 2023
In response to the ever-changing risk environment, company leadership is asking more and more questions about how to best manage risk. But being able to answer those questions means having a system and process in place to accurately document, manage, mitigate, and report on those risks.
Luckily, some frameworks and processes already exist to help guide you through that process. Kayne McGladrey, Field CISO, will walk you through the current state of risk and how to effectively and accurately communicate risk to your leadership team.
Scale Your Security Questionnaire Response and Audit Preparedness Processes
BrightTalk
October 26, 2022
What do answering security questionnaires and preparing for IT compliance assessments (i.e. SOC 2 Type 2 assessment) have in common?
It turns out, a whole lot. Responding to security questionnaires and Document Request Lists for audits are things you absolutely have to do to land customers. Both processes are data intensive, repetitive and require getting accurate answers from domain subject experts across your company. Further, both processes tend to grow in volume and become exponentially more painful to manage as your company expands its footprint.
What if you can respond to a question from a security questionnaire or a request from an auditor in minutes instead of hours or days? What if you didn’t have to bother domain subject matter experts or search through corporate file systems for answers anymore? What if you knew the status of each item at all times?
On this webinar, join Loopio and Hyperproof to see how you can scale the security questionnaire response process and your audit preparation process as your company grows – without having to hire more staff.
Kayne McGladrey, Field CISO - Hyperproof and John Forsyth, Director, Data & Infrastructure in Engineering - Loopio
Scale Your Security Questionnaire Response and Audit Preparedness Processes
Hyperproof
October 05, 2022
What do answering security questionnaires and preparing for IT compliance assessments (i.e. SOC 2 Type 2 assessment) have in common?
It turns out, a whole lot. Responding to security questionnaires and Document Request Lists for audits are things you absolutely have to do to land customers. Both processes are data intensive, repetitive and require getting accurate answers from domain subject experts across your company. Further, both processes tend to grow in volume and become exponentially more painful to manage as your company expands its footprint.
What if you can respond to a question from a security questionnaire or a request from an auditor in minutes instead of hours or days? What if you didn’t have to bother domain subject matter experts or search through corporate file systems for answers anymore? What if you knew the status of each item at all times?
On this webinar, join Loopio, Hyperproof, and our special guest to see how you can scale the security questionnaire response process and your audit preparation process as your company grows – without having to hire more staff.
The CISO Experience
The CISO Experience
July 26, 2022
Save the date for a very special “The CISO Experience” hosted by myself with our star guest Kayne McGladrey taking a Macro Economic view of the industry.
Very honoured to have Kayne as a speaker where we will be discussing a variety of topics including:
- Industry hiring practises
- Gatekeeping
- Burnout
Followed by a LIVE Q and A for the audience to participate
Tags: Cybersecurity, Diversity and Inclusion, Security
6 Steps to Prepare Your Company for CMMC 2.0
Ascent
June 22, 2022
Join us this Wednesday for an actionable six-step roadmap, prioritized under CMMC 2.0 and aligned to Zero Trust tenets, to improve your cyber program and reduce cyber risks to your business. #cybersecurity
Watch: Supply Chain Congestion: A Golden Opportunity for Hackers
Supply Chain Brain
November 19, 2021
Global supply chains have been under intense strain in recent months, a situation that has been made even worse by the growth of cyber attacks, especially in the form of ransomware. The transportation sector, which has been largely deregulated, needs to adopt recommendations by industry and government organizations for implementing measures that they might have overlooked in years. The price of failing to do so can be high, with ransomware attacks threatening to shut down critical logistics operations for days or even longer.
Webinar: Zero Trust-As-A-Service
CSHub
November 05, 2020
Gain perspective on: The shift in security challenges, current security concerns, and future challenges; Main components of Zero Trust-as-a-Service; Zero Trust-as-a-Service implementation and deployment best practice; How Zero Trust-as-a-Service solving security challenges in a hybrid IT environment.
This is a pre-recorded webinar.
CISO Perspectives: Zero Trust-As-A-Service
Cybersecurity Hub
October 26, 2020
The rapid shift to work-from-home has accelerated the adoption of Zero Trust frameworks. Zero Trust-as-a-Service will be a necessary component of security strategies for 2021 and beyond.
Join Pulse Secure's Global Chief Security Architect, Mike Riemer and industry veteran Kayne McGladrey in this webinar to learn about:
- The shift in security challenges, current security concerns, and potential challenges in the future
- Main components of Zero Trust-as-a-Service
- How Zero Trust-as-a-Service solves security challenges in a hybrid IT environment
- Zero Trust-as-a-Service implementation and deployment considerations
- How Zero Trust security practices can help you prepare and build a business continuity plan that withstands the unexpected and future security concerns
Futureproofing Now (Season #2, Ep. 11) - Cybersecurity & Cybertrust - Predictions & Implications
Futureproofing
July 14, 2020
“Bob Gourley emphasized that despite the dark topic of cyberthreats, we all leave with optimism. Carol Tang addressed the importance of continuous learning as part of a business leader’s proactive approach to mitigating risk and providing safety for customers. Kayne McGladrey emphasized the dual responsibility of today’s corporate decision makers with regard to cybersecurity: understand the complexity but act with transparency and specificity. It’s important to integrate cybersecurity awareness into the fabric of the organization, not sequester cybertrust solely within the domain of technology.”
Understanding CMMC - It’s a Process, Not a Project
GovWhitepapers
May 22, 2025
“ If a manufacturing strategy can be exfiltrated from even one part of the supply chain it gives enemies an inside look at how equipment works. If they leverage that knowledge, warfighter lives are at risk. ”
- Kayne McGladrey, Hyperproof
Kayne's Top Five in Five for April 2023
Hyperproof
April 05, 2023
April has brought a range of important cybersecurity developments to my attention. Here are the key takeaways:
• ChatGPT Risk Solutions: Addressing confidentiality, intellectual property, and compliance risks with practical recommendations.
• CISO Preparedness: Discussing generative AI risks and governance with senior executives, while considering supply chain disclosures.
• National Cybersecurity Strategy: Exploring breach responsibility, potential market regulation, and guidance from the NIST Secure Software Development Framework.
• Board Expertise Trends: Analyzing cybersecurity representation on Fortune 500 boards and the impact of SEC proposed rule changes.
• Credit Rating Implications: Evaluating the effect of cyber risk on companies' and municipalities' credit ratings.
CISO Strategies & Tactics For Incident Repsonse
CSHub
August 31, 2020
“Your incident response plan will be examined during discovery, period, point blank. Keep that in mind. It’s your policy and your plan that are going to be examined by our discovery, and make sure that you can actually do what that policy says and make sure you can do what the procedures say.”
Kayne McGladrey, Cybersecurity Strategist at Ascent Solutions
Enterprise Cyber Security Trends and Predictions 2020
Cyber Security Hub
November 27, 2019
“Effective defense in depth is not just shiny overlapping technical controls,” said Director of IT and Security Kayne McGladrey. “Rather, it’s the combination of culture, documented and tested processes, policies, and technical controls. For example, an organization with a policy of least privilege, a process for approving account privileges, and a process for auditing and harvesting unused privileges does not need multiple technical controls to implement the desired outcome.” It’s best to start with policy and then enact that in culture, where feasible.
Market Report: Cutting-Edge Defense Tactics For Network Endpoints
Cyber Security Hub
September 23, 2019
Data has historically been contained to the computing devices that accessed it within the enterprise campus perimeter. The traditional network endpoint was isolated to desktop PCs, laptop computers and most server components that attached to the organization’s network. In recent years, a dramatic increase in mobile devices has broadened the endpoint definition. Mobile devices require access to a company’s data anytime and from anywhere. With the addition of always-connected, sensor-powered Internet of Things (IoT) devices, the range of endpoints can now include everything from IP cameras to smart vending machines to biomedical devices.
The original definition still holds true to this day; however, the presence of more sophisticated devices requesting an IP address from the network, and often without a user interface, also suggests that the approach to endpoint defense must change. Bi-directional communications means the endpoint can be an entry point into a network or application. What does the device need to communicate with? Does it require internet connectivity? Does a device with an embedded OS provide some form of protection?
The Phishing Phenomenon: How To Keep Your Head Above Water
CSHub
January 30, 2019
Phishing is the lowest cost way for a threat actor to gain access to an organization’s network and assets, according to Kayne McGladrey, an IEEE member and director of Security and IT at Pensar Development. “While it might be fashionable to worry about the latest zero-day, or shadowy nation-state threat actors developing crippling remote exploits, the fact is that it’s cheaper to ask users for their passwords.”
The fact that nearly a billion people had their personal information exposed in November 2018 “has further helped threat actors to develop more compelling and targeted phishing content,’’ McGladrey adds.
Charting a new course: AT&T Cybersecurity report volume 8
AT&T
October 31, 2018
“Organizations that don’t have cybersecurity as a core business differentiator, or as a core business function, are often struggling to adapt modern cybersecurity practices,” says Kayne McGladrey, Director of Security and IT at Pensar Development.
AT&T Cybersecurity Insights, Vol. 7
AT&T
April 16, 2018
Migration is a transformative process, which means it needs the full backing of the C-suite. Kayne McGladrey, Director of Information Security Services for Integral Partners, LLC, says it is vital to offer “an effective presentation to the board about the benefits and challenges associated with
the migration, and it has to have a narrative. You have to find stories of success and failure inside
of your industry in order to present the full picture to the board.”
“There are many lessons that the enterprise will learn through piloting—whether it’s identified
security risks, user communication risks, or education risks—all of which provide future guidance,” says Kayne McGladrey, Director of Information Security Services for Integral Partners LLC. “By the time you get to the harder transition elements, including full infrastructure rollout, you’ve already sorted through the main issues, thanks to your pilot-based learning journey.”
The EU will lean hard into enforcement of the EU AI Act after August 2nd, 2026, which is when the bulk of the rules begin to apply for high-risk AI systems. This will follow the same pattern as the EU’s initial GDPR enforcement motions, with splashy news headlines and high fines. Under the EU AI Act, we can expect high-profile companies being fined up to €15?million or?3?% of worldwide annual turnover, whichever is higher. We can similarly expect regulators to find flaws in the documentation accompanying AI systems provided by deployers or providers, which will incur fines up to €7.5 million or 1% of global annual turnover. This documentation must include risk management, resilience, adversarial testing, cybersecurity controls for the underlying infrastructure, and more.
In response to increasing regulatory burdens and the risk of civil litigation, successful companies in 2024 will lean into enhancements in their compliance operations. They will actively collect and test evidence of security control effectiveness, linking these controls directly to their risks, across all critical assets or systems. This approach ensures companies are confident in accurately describing how well they manage their risk portfolio, including in SEC filings. The automation of compliance operations enables security and audit professionals to spend more time doing the parts of their jobs that they love. Furthermore, as supply chain risks intensify scrutiny of B2B transactions, companies will efficiently repurpose many of their controls and control evidence. This strategy not only allows companies to secure additional attestations or certifications such as ISO or SOC 2 without increasing their workforce, but it also provides a significant competitive business advantage.
A review of the events of 2022 shows that 2023 will not be the year of dire new cyber attacks waged by hoodie-wearing cyber criminals or office-bound nation state APTs. Instead, 2023 will be the year where multiple regulatory bodies express their mounting frustration with public and private companies' collective inability to reduce the volume and impact of prior cyber attacks. In short, 2023 will be the year of risk.
An unprecedented six regulatory entities all have announced separate plans to enact additional rules in 2023 to instruct companies on how to manage their risks. These are the Department of Defense (DOD), the Federal Reserve, the Federal Trade Commission (FTC), the New York Department of Financial Services (NYDFS), the Office of the Comptroller of the Currency (OCC, part of Treasury), and the Securities and Exchange Commission (SEC). These entities wouldn’t be telling companies how to manage their risks if they believed that there was adequate risk management being conducted today. Instead, the pending regulatory changes are intended to cover perceived systemic shortcomings associated with cyber risk management.
Ransomware threat actors will continue to find new and innovative ways of generating revenue for their criminal operations throughout 2022. If organizations deploy adequate governance and technical controls in 2022 alongside an effective multinational policy response, we can anticipate a gradual ransomware slowdown in the fourth quarter as those threat actors not in prison re-skill as part of a workforce transition to other profitable criminal enterprises. Those countries giving license to ransomware threat actors inside their borders have a unique opportunity to provide a path to legitimate careers for those criminals who choose to voluntarily leave the market, and while this should not necessarily relieve them of any legal actions pending, it may be a useful incentive when considering sentencing.
Venture capitalists will accelerate feature development via mergers and acquisitions. In recent years, VCs have funded point solution vendors for technologies like SOAR and UEBA. These are features, not stand-alone technologies, and it’s often cheaper for market leaders to buy rather than build new features. CISOs should be aware of this market reality, as buying early-stage cybersecurity from a startup carries the risk of unintentionally having a business relationship with a much larger vendor within two years, and consequently needing to either buy the larger technology solution or rip and replace after the acquisition closes.
Cloud computing will continue to grow despite the frequency of breaches due to a lack of administrative controls and unintentional configuration errors. When an administrator had access to an on-premises server, they could only administer that server; a “cloud administrator” can administer all the assets in a given cloud instance, including backing up and exfiltrating entire servers. This is like the unintentional configuration errors that have plagued so many Amazon S3 buckets in 2019, where organizations have stored PII in S3 in a default configuration, and then those data have been accessed by security researchers.
The Internet of Things is a dumpster fire and upcoming regulatory controls aren’t going to put it out. Putting a sticker on a box with a username and random password and providing an updated privacy policy that consumers ignore isn’t adequate, although it is compliant. Manufacturers need to invest in user behavior analysis, require multi factor authentication, and to force patching of IoT devices. Otherwise, threat actors will continue to violate the privacy of people’s homes and nation states will built botnets as part of battlespace preparations.
Media source for expertise on AI, Cybersecurity, IoT
Location: Virtual Fees: 0
Service Type: Service Offered
As a CISSP I have an ethical responsibility to help educate the public about cybersecurity issues, and have been featured in Reader's Digest, USA Today, Fast Company, the Philadelphia Inquirer, Dark Reading, Cyber Security Hub, CIO.com, Robotics Business Review, The Institute, and more. Please contact me via email if you need a source for a story, an alternate perspective, or a longer-form piece. It'd be favorite if I had at least a day to reply.
Transforming Security Compliance from Cost Center to Competitive Edge
Location: Orlando, FL Date : October 22, 2024 - October 22, 2024 Organizer: Gartner
Enterprise security professionals face pressure to minimize spending on risk and compliance while maximizing efficiency and security. Traditionally seen as cost centers, security compliance solutions have untapped potential for better decision-making and competitive advantage. In this session. you will discover how adopting new cybersecurity frameworks can save money and enable market entry, how automation reduces engineering's role in evidence collection for control operations, and how to convey the value of cybersecurity investments to the board.
Location: Columbus, OH Date : July 18, 2024 - July 18, 2024 Organizer: CDM
Welcome to the CISO Ohio Summit, a premier gathering that brings together top-level executives from the cybersecurity domain. This exclusive event serves as a dynamic platform for Chief Information Security Officers (CISOs) to exchange insights, strategies, and best practices in navigating the ever-evolving landscape of security challenges. Through engaging keynote presentations, panel discussions, and interactive workshops, the summit fosters invaluable networking opportunities and empowers attendees to harness innovation while safeguarding their organizations against emerging cyber threats. Join us to explore the intersection of leadership and cybersecurity resilience at the forefront of business advancement.
In the heart of this summit lies the convergence of visionary leadership and resilient protection. As technology continues to redefine industries, CISOs play a pivotal role in ensuring the integrity of their digital assets. The CISO Ohio Summit stands as a testament to the critical natureof this role, providing a holistic platform that delves into risk management, compliance, data privacy, and proactive defense mechanisms. By bringing together a select gathering of forward-thinking professionals, this summit not only facilitates knowledge exchange but also encourages collaborative solutions that are imperative to thriving in today's complex and interconnected business landscape.
How to Operationalize Your Risk Assessments at Data Connectors Dallas
Location: Hilton Fort Worth Date : May 16, 2024 - May 16, 2024 Organizer: Data Connectors
Risk assessments have moved beyond a check-the-box approach, especially with the SEC’s new disclosure requirements. Join us for our session, How to Operationalize Your Risk Assessment Process, to get practical guidance on navigating the complexities of risk assessments to drive tangible business outcomes. Kayne McGladrey, Field CISO at Hyperproof, will navigate through the essential steps required to operationalize risk assessments effectively within diverse organizational structures. From conceptualization to execution, participants will gain actionable insights into crafting and implementing tailored risk assessment strategies tailored to their unique organizational contexts.
We’ll cover:
Navigating the complexities of risk assessments amidst emerging SEC disclosure requirements
Actionable steps to effectively operationalize risk assessments
How to empower CISOs and their teams with insights to drive tangible business outcomes with risk assessments
How GRC software can help the risk assessment process and eliminate data silos between controls and risks
Best Practices for Maturing Your Security Programs Without Leaving Privacy Behind
Location: Meydenbauer Center, Bellevue, WA Date : April 16, 2024 - April 16, 2024 Organizer: ISMG
Join this session on 'Best Practices for Maturing Your Security Programs Without Leaving Privacy Behind' sponsored by Hyperproof which will explore the complexities of enhancing security measures and compliance, and fostering a culture of privacy by design, against the backdrop of increasing reliance on #AI and digital technologies.
Location: https://www.brighttalk.com/webcast/18576/620555 Date : August 01, 2024 - August 01, 2024 Organizer: Hyperproof
Join our Field CISO, Kayne McGladrey, as he kicks off our GRC Maturity Model series. After in-depth conversations with CISOs worldwide, Kayne realized something was missing in the GRC world: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. In this webinar, Kayne will unveil Hyperproof’s GRC Maturity Model, an extensive guide he crafted using over 30 years of experience in GRC, in-depth conversations with CISOs, and a thorough literature review. Discover how this model represents a pivotal advancement in the GRC landscape and get insights that will empower your organization's governance, risk, and compliance strategies.
During this session, we will provide a foundational understanding of the GRC Maturity Model and explore its parts. We’ll discuss:
- Understanding the fundamentals of the GRC Maturity Model
- Why the GRC Maturity Model is significant for your organization
- The components and application of the GRC Maturity Model
Streamlining Audits Year-Round: Transitioning from Ad-Hoc to Proactive Processes
Location: Eventbrite Date : July 16, 2024 - July 16, 2024 Organizer: Hyperproof
Join us for a panel discussion on how organizations can transition from ad-hoc audit processes to a proactive approach to acing your audits. Our speakers will dive into the nuances of continuous monitoring, strategies for implementation, and the future landscape of audit and compliance.
In this webinar, we’ll discuss:
- Understanding continuous control monitoring: Learn how to differentiate frameworks, build a business case, gain executive buy-in, and get real-world examples of risk mitigation.
- Getting started: Explore initial steps, setting up systems, early issue detection, key metrics, and selecting the right compliance platform.
- Ethical considerations: Understand the ethical considerations and potential risks associated with AI throughout the audit process and how organizations can address them.
- Planning for the future: Discover best practices for maintaining audit readiness, addressing potential issues preemptively, and navigating the evolving landscape of automation and AI in the GRC space.
Don't miss this opportunity to gain insights from industry experts and take your audit processes to the next level.
Infosec Pros: Carmen Marsh and Confidence Staveley
Location: LinkedIn Events Date : June 14, 2024 - June 14, 2024 Organizer: Hyperproof
You don't want to miss this
Next week, we're bringing together two powerhouse female leaders in cybersecurity: Carmen Marsh from United Cybersecurity Alliance and Confidence Staveley from CyberSafe Foundation to join our host Kayne McGladrey!
Join us to learn more about all things cybersecurity and how to protect companies from tactical risks.
Location: LinkedIn Live Date : June 06, 2024 - June 06, 2024 Organizer: Solutions Review
Access management and authentication solutions providers have been chasing the "password killer" dream since MFA, and right now, passkeys are at the front and have experts on both sides of the discussion answering the question, "Is this the password killer or just another tool in a growing list of tools?
Elevating Trust Together: The Hyperproof and SafeBase Partnership
Location: BrightTalk Date : May 30, 2024 - May 30, 2024 Organizer: Hyperproof
In today’s ever-evolving GRC landscape, organizations face multifaceted challenges in ensuring compliance, managing risks, and addressing security reviews efficiently. To tackle these hurdles effectively, businesses need a robust tech stack that works together to not only assess their compliance and risk posture but also streamlines the process of responding to security reviews. That's why the Safebase and Hyperproof teams are excited to announce their partnership, creating better access to the tools that make this possible. Through this partnership, our mutual customers will have the tools they need for their compliance management and trust center visibility. In doing so, users will be able to confidently build trust with their customers through transparency and demonstrated security commitment.
Join our experts, Lisa Hall, CISO at SafeBase and Kayne McGladrey, Field CISO at Hyperproof, to learn more about:
- Identifying common challenges associated with compliance and security posture
- How to transform your approach to security to save time by automating your compliance and security-related tasks
- Learn how SafeBase and Hyperproof combined can transform your compliance programs
- Learn how to increase customer trust and improve the customer experience
Infosec Pros: Jeff Costlow, Security Architect at Pryon, Inc.
Location: LinkedIn Date : April 19, 2024 - April 19, 2024 Organizer: Hyperproof
During this Hyperproof live stream series, leaders in information security shed light on crucial topics that shape the modern cybersecurity landscape. This month’s episode features Jeff Costlow, Security Architect at Pryon, Inc., and our host, Kayne McGladrey, Field CISO at Hyperproof. Guided by Kayne and audience questions, Jeff will share insights into his current work and past experiences in the field. Register now for your chance to learn from one of today’s top InfoSec pros.
Trends from Hyperproof's 2024 IT Risk and Compliance Benchmark Report
Location: BrightTalk Date : April 09, 2024 - April 09, 2024 Organizer: ISC(2)
Is your IT risk and compliance program ready for 2024 and beyond?
For the last five years, Hyperproof has asked over 1,000 GRC professionals about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more. We then compare results from the previous year, and provide an in-depth view of the market’s current state in our annual benchmark report. The 2024’s IT Risk and Compliance Benchmark report highlights a fascinating change in the overarching narrative of cybersecurity: respondents and key stakeholders from other departments are thinking about cybersecurity compliance as a key competitive differentiator rather than just a cost center.
Join Hyperproof and ISC2 April 9, 2024 at 1:00 p.m. Eastern/10:00 a.m. Pacific to learn:
-How unifying risk and compliance data affected survey respondents’ ability to mitigate risk, improve cybersecurity, and avoid breaches
-Key trends for cybersecurity in 2024
-How the market has responded to AI risks in 2023 and how cybersecurity professionals plan on leveraging AI in 2024
-Why cybersecurity decision-making is becoming more collaborative with an integrated view of risk and compliance data.
2024 IT Risk and Compliance Benchmark Report Findings
Location: BrightTalk Date : February 22, 2024 - February 22, 2024 Organizer: Hyperproof
It’s that time again! Hyperproof’s fifth annual benchmark survey is here. Each year, we ask over 1,000 GRC professionals about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to compare results from the previous year, provide an in-depth view of the market’s current state, and prepare for this year and into the future. Our results were fascinating: point solutions are no longer fulfilling the needs of GRC professionals, and internal audit, risk, IT, and compliance teams are looking for a single solution. The question is: which team’s priorities will take precedence?
Join us for our webinar to learn about:
* The top findings from the survey (hint: trust and transparency are top-of-mind for GRC professionals in 2024)
* Why GRC professionals are searching for a single, holistic solution that can solve the challenges of multiple teams
* How data silos between risk and compliance are affecting respondents’ ability to address their GRC challenges
* How the market has responded to AI risks in 2023 and how GRC professionals plan on leveraging AI in 2024
* How decision-making around GRC has shifted toward a more collaborative approach
Location: Online Date : November 05, 2020 - November 05, 2020 Organizer: Cyber Security Hub
Join Pulse Secure’s Global Chief Security Architect and industry veteran Kayne McGladrey in this webcast to learn about:
-The shift in security challenges, current security concerns, and potential challenges in the future
-Main components of Zero Trust-as-a-Service
-How Zero Trust-as-a-Service solves security challenges in a hybrid IT environment
-Zero Trust-as-a-Service implementation and deployment considerations
-How Zero Trust security practices can help you prepare and build a business continuity plan that withstands the unexpected and future security concerns
Join Thinkers360 for free! Are you a Reader/Writer, Thought Leader/Influencer (looking to increase your earnings), or an Enterprise User (looking to work with experts)?
Cyber Security Hub Advisory Board
An Analysis of Section 1C Disclosures in Q1 of 2024
Hyperproof's 5th Annual IT Risk and Compliance Benchmark Report Reveals a Pressing Need for Unified GRC Solutions
Survey Findings Show Link Between Data Silos and Security Vulnerabilities
Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement
How AI Agents Impact SOC 2 Trust Services Criteria
2025 Cybersecurity & AI Disclosure Trends
ISC2 Congress 2025: AI-Driven GRC Insights
March 2026 Cyber News Weekly
Weekly news context for March 13th, 2026
Cyber Fraud Cases and AI Safety Rules
Weekly news context for February 27th, 2026
Weekly news context for February 20th, 2026
AI Rules, Legal Fines and CA Privacy Updates
AI lawsuits: Amazon, Meta, and legal guide
AI Hiring Lawsuit, Spreadsheet Risks, AI Growth
AI Risks, Colorado Law Pause, Governance Gaps
AI Governance Risks and Legal Updates This Week
Weekly news context for December 5th, 2025
AI Regulation Update: NDAA, CCPA Fine & Fraud Act
Cybersecurity Weekly: EU, CA & Health AI
Weekly news context for October 3rd, 2025
News: Consumer Data Protection & AI Incident Response
Weekly news context for September 19th, 2025
Weekly news context for August 22nd, 2025
What the Butler Snow AI Sanctions Mean for Law Firm Governance
The GRC Maturity Model
What’s new in cybersecurity for physical security systems?
Expert Panel Roundtable: What's new in cybersecurity for physical security systems?
Educated Endpoints
Senior IEEE Member
Top 50 IoT Influencers to follow in 2023
Cloud Thought Leader of the Day ️
150+ Top Global Cloud Thought Leaders and Next Generation Leaders of 2021
Top Cyber Pro Awards for 2020
Top 50 Global Thought Leaders and Influencers on Internet of Things
100 B2B Thought Leaders and Influencers to Follow in 2020
ISSA Article of the Year 2017
How to Enhance Cloud Security Measures
Getting AI Right: 3 Challenges for the Future
Cybersecurity Concerns Continue
What is End-To-End Encryption? 7 Questions Answered
Telehealth is Booming: Here’s What You Need to Know
How to Keep Your Video Conferences Secure From Intruders
Decreasing Risk Through Enterprise Compliance
Should You Be Worried About Airport Cybersecurity Threats?
Introducing Hyperproof AI: Changing the Game for AI in GRC
Cyber Risk as a Business Imperative: Translating Threats into Strategic Action
Unveiling the 2025 IT Risk and Compliance Benchmark Report: Top Findings to Start Your Year
Unveiling the 2025 IT Risk and Compliance Benchmark Report
New Year, New Standards: Preparing for SEC Cybersecurity Disclosures in 2025 and Beyond
Bridging the Gap: Communicating Cyber Risks as Business Imperatives
2023 IT Compliance and Risk Benchmark Report Findings: The Top 5 Game-Changers
Closing Keynote - The Most Common Visibility and Compliance Lapses in Your Cloud Vendors’ Environments.
Opening keynote speech at the Seattle Electrical Conference
Keynote speech at CIA Conference 2020
24th Annual Colloquium for Information Systems Security Education - November 4th, 2020
What CISOs need to know about the OpenClaw security nightmare
How shopping chatbots might transform retail
Under siege: Why airlines have been prime targets for cyberattacks
How Agentic AI Could Expose Your Most Sensitive Personal Data
Microsoft hack risk spreads as cybercriminals and nation-states pile in
AI, Business Risk & Threat Management: a CISO’s guide
Bridging the AI Skills Gap: Top Strategies for IT Teams in 2025
EU Regulations as a Strategic Compass for US Companies
2025 DoD Utilities Privatization Post Award Workshop
Navigating the World of US Regulations: What You Need to Know
How Will AI Impact the Jobs of the Future?
KEYNOTE PRESENTATION: Expert Predictions for 2024 at GPSEC Columbus Tech Summit 2023
A 2023 Regulatory Round-Up and How to Prepare for 2024
Cybersecurity Breaches Are in the News: How Internal Assessments Can Help You Avoid One
Panel Discussion: Navigating the Maze of New Cyber & Privacy Regulations – Keys to Avoiding Regulatory Action
ISACA Virtual Summit 2022: Pursuing Digital Trust
Streamlining GRC Controls to Optimize Cybersecurity
Curbing Cybercrimes in the digital sphere. #becybersmart - DCA Digital WebForum
SECtember 2022: Transforming Security Along with the Business
The Future of Health Tracking Apps
Cloud Adoption Outpaces Security
Preparing and Issues to Consider in an Incident Response Plan (IRP)
Cyber Threats, Cyber Vulnerabilities: Assessing Your Attack Surface
Returning to the Office: Security Threats and Proactive Solutions
How Hackers Used and Abused the Pandemic to Profit
CISO Perspectives: Zero Trust-As-A-Service
#IDGTechtalk : A 2019 Recap and 2020 Predictions
Panel Discussion: Who is responsible for Cyber Security in the enterprise?
TagNW Closing Panel and Comments
Zero trust secures agile business transformation
AI lifts workforces to new heights of efficiency and innovation
How Can The Industry Do A Better Job Of Promoting Emerging Technologies In Physical Security Environments?
How are wearable technologies impacting the security market?
AI in Cybersecurity: The Good and the Bad
Quantum and AI: Safeguards or Threats to Cybersecurity?
What Are The Benefits, And Drawbacks, Of AI In Security
AI Summit: Fortifying Cyber Defense Amid Privacy Challenges
The Jobs of Tomorrow: Insights on AI and the Future of Work
Article: Experts advise on how to build a successful hybrid work security strategy
How to develop an application modernization strategy that delivers tangible results
Integration of AI: A strategic imperative for organizations
Using AI Isn’t As Easy As It Seems
Data loss prevention vendors tackle gen AI data risks
Zero trust from edge to cloud: not one-and-done
Cloud, 5G to be Decisive Technology Trends in 2023: Study
Cybersecurity hiring remains red-hot—the industry to surpass $400 billion market size by 2027
When More is Not Necessarily Better: The Impacts of Multiple Security Tools
Sinclair TV Stations Targeted in Weekend Ransomware Attack
New Legislation Eyes Both Ransom, Incident Reporting
Experts Weigh In on Data-First Modernization
Transforming Security Compliance from Cost Center to Competitive Edge
Communicating Risk with Your Leadership Team
How Instacart Created Strong Relationships with Engineering to Build a More Compliant Product
Cyber security for Bellingham families and neighborhoods
IoT & Ethical Obligations of Engineers
The EU’s updated Product Liability Directive now includes software and AI! #EU #AI #cybersecurity
Top cybersecurity news for September 19th, 2024
How digital wallets work, and best practices to use them safely
Top cybersecurity news for September 11, 2024
#Meta shareholders just settled an eight billion dollar #privacy lawsuit? #cybersecurity #news
A #CISO charged? #solarwinds #SEC #news #cybersecurity #america #security
Another UK deadline! #UK #news #FCA #thirdpartyrisk #CISO #cybersecurity
Cyber Privacy, Ethics, and Abuse CISS 417 at WWU
2024 IT Risk and Compliance Benchmark Report Findings: Turning Cybersecurity Challenges into Opportunity
InfoSec Pros: Joe Erle on Cyberinsurance Key Controls and AI Considerations
Trends from Hyperproof's 2024 IT Risk and Compliance Benchmark Report
From Cost Center to Competitive Edge: Operationalizing GRC
Elevating Security: The Power of CIS Critical Security Controls
Working with ChatGPT: The Dos and Don’ts for Your Organization’s Security
Level Up Your Security: How to Build Compliance and Risk Mgmt Programs to Scale
Communicating Risk With Your Leadership Team
Scale Your Security Questionnaire Response and Audit Preparedness Processes
Scale Your Security Questionnaire Response and Audit Preparedness Processes
The CISO Experience
6 Steps to Prepare Your Company for CMMC 2.0
Watch: Supply Chain Congestion: A Golden Opportunity for Hackers
Webinar: Zero Trust-As-A-Service
CISO Perspectives: Zero Trust-As-A-Service
Kayne's Top Five in Five for April 2023
CISO Strategies & Tactics For Incident Repsonse
Enterprise Cyber Security Trends and Predictions 2020
Market Report: Cutting-Edge Defense Tactics For Network Endpoints
Transforming Security Compliance from Cost Center to Competitive Edge
CISO Ohio Summit
How to Operationalize Your Risk Assessments at Data Connectors Dallas
Best Practices for Maturing Your Security Programs Without Leaving Privacy Behind
Introduction to Hyperproof’s GRC Maturity Model
Streamlining Audits Year-Round: Transitioning from Ad-Hoc to Proactive Processes
Infosec Pros: Carmen Marsh and Confidence Staveley
Passkeys: The Great 'Password Killer'
Elevating Trust Together: The Hyperproof and SafeBase Partnership
Infosec Pros: Jeff Costlow, Security Architect at Pryon, Inc.
Trends from Hyperproof's 2024 IT Risk and Compliance Benchmark Report
Infosec Pros: Dustin Lehr, Sr Dir Platform Security/Deputy CISO at Fivetran
2024 IT Risk and Compliance Benchmark Report Findings
CISO Perspectives: Zero Trust-As-A-Service
AI Brain Fry Is Just Multitasking Gone Wrong
