Thinkers360
Interested in getting your own thought leader profile? Get Started Today.

Kayne McGladrey

Field CISO at Hyperproof

Bellingham, United States

The modern company has an implicit social contract to protect the data entrusted to it. As a cybersecurity professional, my role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors. My consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies.

The ability to fluently speak the languages of both business and technology and effectively communicate complex concepts to non-technical audiences has not only facilitated conversation with company leadership in developing and implementing effective policies to reduce cyber threat, it has made me the go-to person for multiple media outlets and a spokesperson for IEEE’s Public Visibility Initiative.

One of my career priorities is to inspire under-represented communities to pursue careers in cybersecurity. Talent is not limited by geography or background. Because I look beyond the usual circles for talent, trust their abilities, and have an eagerness to help people succeed, I have been able to build effective teams despite the continued challenges of low unemployment in cybersecurity careers.

Available For: Influencing, Speaking
Travels From: Bellingham, WA
Speaking Topics: Cybersecurity, Compliance, Risk

Speaking Fee $1 (In-Person)

Personal Speaking Website: www.kaynemcgladrey.com
Kayne McGladrey Points
Academic 65
Author 337
Influencer 546
Speaker 295
Entrepreneur 65
Total 1308

Points based upon Thinkers360 patent-pending algorithm.

Thought Leader Profile

Portfolio Mix

Featured Videos

Kayne's 5 Under 5 in Cybersecurity: February, 2023
February 06, 2023
What is FedRAMP? Drafting Compliance
February 06, 2023
Interview on Diversity and Cybersecurity
February 06, 2023

Featured Topics

Cybersecurity

I'm comfortable speaking to audiences about the social, ethical, business and technical aspects of cybersecurity.

Company Information

Company Type: Company
Minimum Project Size: N/A
Average Hourly Rate: N/A
Number of Employees: N/A
Company Founded Date: Undisclosed
Last Media Training: 02/08/2017
Last Media Interview: 08/25/2022

Areas of Expertise

5G 30.34
AI 30.77
Autonomous Vehicles 30.58
Business Continuity 31.30
Business Strategy 30.54
Cloud 30.98
COVID19 43.29
Culture 30.06
Cybersecurity 76.81
Digital Transformation 30.15
Diversity and Inclusion 32.94
Ecosystems 30.25
EdTech 30.12
Emerging Technology 30.20
Future of Work 30.25
GovTech 30.88
Health and Safety 30.80
HealthTech 30.71
HR 30.12
IoT 34.96
Leadership 30.67
Management 30.31
Mergers and Acquisitions 30.15
Mobility 30.58
Privacy 31.56
Risk Management 78.38
RPA 30.80
Smart Cities 32.08
Supply Chain 30.29
Legal and IP 30.27
DevOps 31.98
Security 59.20
AR/VR 30.66
International Relations 30.26
IT Operations 33.50

Industry Experience

Aerospace & Defense
Automotive
Consumer Products
Financial Services & Banking
Healthcare
High Tech & Electronics
Higher Education & Research
Hospitality
Industrial Machinery & Components
Insurance
Manufacturing
Oil & Gas
Pharmaceuticals
Professional Services
Retail
Telecommunications
Travel & Transportation
Utilities

Publications

2 Advisory Board Memberships
Cybersecurity Executive Advisory Board Member
TagNW
April 10, 2020
Executive Advisory Board Member to Technology Alliance Group Northwest.

See publication

Tags: Cybersecurity

Cyber Security Hub Advisory Board
Cyber Security Hub
October 07, 2019
· Working to increase the diversity of perspectives on enterprise cyber security challenges and opportunities.
· Dynamically responding to and anticipating the needs of the cyber security marketplace through unique and timely content.
· Serving as an “early explainer” to articulate “why” the subject matter is important to current practitioners and the next generation of cyber professionals.

See publication

Tags: Cybersecurity, IoT

2 Analyst Reports
Survey Findings Show Link Between Data Silos and Security Vulnerabilities
Dark Reading
April 13, 2023
A recent survey showed a surprising correlation between those who operate their businesses with risk and compliance data in silos and those who experienced data breaches in the last 24 months.

See publication

Tags: Cybersecurity, Risk Management, Security

Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement
CSHub
March 29, 2021
Read this report on:
- Identifying accountability for cloud security across the enterprise
- Conceiving of a cloud security strategy to ensure that the business consults and informs the cyber security operation
- Gaining true visibility of the entire organization from on-prem to the cloud
- Adopting common language along with a newly assumed forward posture to find the edge of business innovation and enable it

See publication

Tags: Cybersecurity

78 Article/Blogs
Businesses need to provide better cybersecurity training – here's how
Raconteur
January 03, 2024
Training should be tailored to specific cyber risks in each learner’s role, monitored and regularly updated, according to McGladrey, whose company provides a platform offering risk, security and compliance assurance.

For instance, “while all employees should be made aware of phishing techniques, specialised training in, say, incident-handling procedures should be delivered to the incident-response team only”, he explains. “Similarly, organisations should provide training only if it’s intended to reduce a specific risk, as it’s unreasonable to expect employees to become knowledgeable about every possible topic in this field.”

McGladrey adds that employers “should provide annual training at the very minimum, supplemented by micro-training modules after policy violations or incidents”.

While a firm’s CISO and their team will typically lead the training, there are other options. These include engaging external expertise such as dedicated cybersecurity consultancies or a virtual CISO to develop a tailored programme.

Designing and delivering well-targeted courses is only half the battle for firms seeking to improve employee awareness. It’s vital to assess the effectiveness of these interventions to ensure that they’re having the desired effect.

See publication

Tags: Cybersecurity, Risk Management, Security

Is Basic Cyber Hygiene Enough in the Age of AI?
CXOToday
January 02, 2024
“These threats are not merely theoretical, although, at the moment, they are still relatively limited in their application,” McGladrey said. “It is reasonable to expect that threat actors will continue to find innovative new uses of generative AI, extending beyond business email compromise, deepfakes, and the generation of attack code.”

See publication

Tags: Cybersecurity, Risk Management, Security

Why enterprises need cyber insurance — how and what to buy
SDXCentral
December 20, 2023
“It should be a strategic choice for a company to transfer certain business risks associated with cybersecurity threats, which exceed an acceptable level of risk, to an insurer,” says Kayne McGladrey, a senior member of the IEEE. “The expectation is that the insurer will help lessen the financial impact of significant cyber incidents or data breaches.”

However, this approach assumes companies maintain risk registers with clear definitions and measurement criteria for various risk categories, he notes. “It also presumes they use compliance operations to continuously assess the effectiveness of their current controls in reducing or mitigating these risks.”

See publication

Tags: Cybersecurity, Risk Management, Security

3 ways to fix old, unsafe code that lingers from open-source and legacy programs
CSO Online
November 29, 2023
The biggest issue with prioritizing software fixes is that there’s often a disconnect between security controls and business risk outcomes, according to Kayne McGladrey, IEEE senior member and field CISO at Hyperproof, a security and risk company. That makes it harder to get executive support, he says. Code maintenance and dependency management aren’t sexy topics. Instead, executive interest tends to focus “on the financial or reputational repercussions of downtime,” McGladrey tells CSO.
“To address this problem, organizations should document and agree upon the business risks associated with both first-party and third-party code. Then they need to determine how much risk they’re willing to accept in areas like reputational damage, financial damage, or legal scrutiny. After there’s executive-level consensus, business owners of critical systems should work to identify and implement controls to reduce those risks,” McGladrey says.

See publication

Tags: Cybersecurity, Risk Management, Security

The FTC updated the Safeguards Rule. Here’s how to avoid notification events.
Hyperproof
November 17, 2023
The primary emphasis of the new revision is that a ‘notification event’ now triggers the reporting process, described as any unauthorized acquisition of unencrypted customer information. This is a change from the earlier draft of the Rule, which used the term ‘security event’ to describe unauthorized system access or information misuse. This change may result in some confusion, unfortunately, described below.

See publication

Tags: Cybersecurity, Risk Management, Security

FedRAMP Rev. 5: How Cloud Service Providers Can Prepare
Dark Reading
October 23, 2023
This article covers high-level information that cloud service providers (CSPs) need to know to prepare for their transition to FedRAMP Rev. 5, as documented in the "FedRAMP Baselines Rev. 5 Transition Guide."

See publication

Tags: Cybersecurity, Risk Management, Security

37 Cybersecurity Awareness Month Quotes from Industry Experts in 2023
Solutions Review
October 11, 2023
When CISOs work with go-to-market teams, cybersecurity transforms from a mere cost center into a valuable business function. This change is crucial in B2B interactions where robust cybersecurity controls offer a competitive advantage. A centralized inventory of cybersecurity controls, grounded in current and past contracts, helps businesses gauge the financial impact of these partnerships. This inventory also identifies unnecessary or redundant controls, offering an opportunity for cost reduction and operational streamlining. By updating this centralized list after the termination of contracts, the business can further optimize both its security posture and operational costs. This integrated strategy empowers the business to make well-informed, data-driven decisions that enhance profitability while maintaining robust security controls.

See publication

Tags: Cybersecurity, Risk Management, Security

Tasks that bog down security teams (and what to do about them)
CSO Online
August 23, 2023
With security now a board-level concern and the focus of a growing number of regulations, today's CISOs and their team members are spending a lot more time responding to questions about their security programs. Providing answers -- whether to internal compliance teams who need the information to fulfil legal obligations or external business partners who want assurances -- is now an expected part of the modern security department's responsibilities. Yet it's not the most effective use of worker time. "It's not only frustrating, but it also sucks up a lot of time," says Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), a nonprofit professional association, and field CISO at Hyperproof. There are strategies for meeting security's obligations to provide information without tying up CISOs and their teams too much, he and others say. McGladrey says automation is one such strategy, saying that "evidence of control operations should be automated, and evidence of effectiveness can also be automated."

See publication

Tags: Cybersecurity, Risk Management, Security

The SEC approved new disclosure requirements. Here’s what you need to know.
Security Boulevard
August 01, 2023
Public companies will have to change a lot of their processes to adhere to these new rules. They’ll need to carefully evaluate the information they disclose about cybersecurity incidents, and those that don’t comply will potentially face investor lawsuits, SEC enforcement actions, and potential damage to their reputations. Board members will have to get up-to-speed quickly on their understanding of cybersecurity risk. CISOs will likely lean on platforms like Hyperproof to help educate their boards about their risk postures and how risk is mitigated at their companies. They can also use Hyperproof to inventory their controls when describing how they’re managing threats and risks to better answer questions from the board.

See publication

Tags: Cybersecurity, Risk Management, Security

Managing Risk and Compliance Through a Recession
Solutions Review
March 24, 2023
As security professionals, managing risk and compliance efficiently during a recession is essential for our organizations. Here's a structured approach to evaluate control effectiveness and identify potential budgetary efficiencies:

• Gap Analysis: Map existing controls to documented risks, ensuring a consolidated inventory.
• Automate Evidence Collection: Simplify the process of gathering control operation and effectiveness evidence, fostering collaboration.
• Automate Control Testing: Implement automated testing to quickly identify and resolve issues, increasing overall effectiveness.
• Estimate Control Effectiveness: Assess control health to make data-driven decisions for risk reduction strategies.
• Evaluate Outlier Controls: Examine controls for potential budgetary efficiencies, optimizing resource allocation.
• Annual Control Assessment: Revisit the process annually to identify control gaps, inform budget planning, and drive cost savings.
• Leverage for Cyber Insurance: Use control assessments in conversations with insurers, potentially reducing premiums.

Adopting this end-to-end process can lead to a more secure organization, even in a challenging economic climate.

See publication

Tags: Cybersecurity, Risk Management, Security

Hack Me If You Can
American Banker
February 21, 2023
A hacker can say that an institution has 90 days to fix a vulnerability before publicly divulging the secret, and for the vulnerable bank or credit union, that might come off as extortion or a threat. However, it is well within the boundaries of normal security research to do that, according to Kayne McGladrey, Field CISO for the security and compliance company Hyperproof.

See publication

Tags: Cybersecurity, Risk Management, Security

The Ultimate Guide to Enterprise Risk Management
Hyperproof
December 13, 2022
Enterprise risk management is a nebulous, hard-to-define topic area. It encompasses a large variety of risks and procedures for the enterprise and it differs greatly from traditional risk management. So, what exactly is enterprise risk management? In this article, we’ll establish what it is, present common strategies for enterprise risk management, and emphasize the value of having enterprise-ready software to help simplify the process.

See publication

Tags: Cybersecurity, Risk Management, Security

Three Key Predictions for 2023: The Year of Risk
ISACA
December 09, 2022
As we approach 2023, it’s natural to look back on the biggest security events that took place this year and anticipate their effect next year. The previous two years have shown that our world is full of complexity and uncertainty, despite all the advances in data collection, compliance operations automation, and SaaS technology. Risk modelers and analytics experts know we can’t predict or control the world with any degree of certainty, but it’s important to brace ourselves for the upcoming threats and new opportunities the coming year will present. Here are three key risk management predictions we have for 2023 that will shape the risk management industry.

See publication

Tags: Cybersecurity, Risk Management, Security

How to Upgrade Your Security Program from ISO 27001:2013 to ISO 27001:2022
Hyperproof
December 08, 2022
Since the initial release of ISO 27001, the threat actor economy has diversified substantially, with both criminal groups and nation states developing and selling offensive cyber products and cyber surveillance solutions. In response, cybersecurity experts have documented and developed best practices and actionable guidance for organizations to effectively manage their cybersecurity risks. ISO 27001:2022 provides a risk-based reference set of information security, cybersecurity, and privacy controls that have been adopted by modern organizations as part of deploying cloud technologies and addressing data protection requirements driven by GDPR.

See publication

Tags: Cybersecurity, Risk Management, Security

It's Time to Regard Cybersecurity as Human Safety
Industry Week
November 17, 2022
Cultural change takes time and is a journey, not a destination. Senior leaders, managers, and individual contributors all have a role and responsibility in ensuring that manufacturing companies stay safe from cybersecurity risks. Elevating cyber risks to the same level as safety risks will help companies to comprehensively understand and manage their risks now and in the coming years.

See publication

Tags: Cybersecurity, Risk Management, Security

Best practices for cryptocurrency firms and digital currency firms managing money
Security Magazine
October 26, 2022
A Consent Order issued in August 2022 by the New York State Department of Financial Services (“NYDFS”) for a $30 million fine on Robinhood Crypto, LLC (“RHC”) shows that cryptocurrency firms are not immune from regulatory and legal obligations. The Consent Order can be read as a partial roadmap for similar firms in establishing best practices for ongoing successful compliance operations, which help firms to remain compliant and secure concurrently.


Based on the Consent Order, firms in this space should be prepared to demonstrate to NYDFS how their compliance programs meet the standards outlined in DFS regulations, particularly the Virtual Currency Regulation, the Money Transmitter Regulation, the Cybersecurity Regulation, and the Transactions Monitoring Regulation. Firms should also ensure that they have documented policies and procedures required by the Cybersecurity Regulation.

See publication

Tags: Cybersecurity, Risk Management, Security

4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap
Dark Reading
October 17, 2022
ic and International Studies (CSIS) published the report "A Human Capital Crisis in Cybersecurity," which noted "there are about 1,000 security people in the US who have the specialized security skills to operate effectively in cyberspace. We need 10,000 to 30,000." Twelve years later, the Cyberspace Solarium Commission 2.0 Workforce Development Agenda for the National Cyber Director observed that "in the United States, there are almost 600,000 open cybersecurity jobs across the private sector and federal, state, and local governments — a remarkable gap considering that the field currently employs just over a million professionals." This is not an encouraging trend.

See publication

Tags: Cybersecurity, Risk Management, Security

What Thoma Bravo’s latest acquisition reveals about identity management
Venture Beat
October 14, 2022
Identity management of users and devices is key for CISOs to manage the risks associated with unauthorized access to sensitive data and systems, according to Kayne McGladrey, Field CISO at Hyperproof and Senior IEEE Member. “From a control operations standpoint, the two most important capabilities are the ability to validate a user’s behavior when it deviates from the norm, and the ability to quickly de-provision access when it is no longer needed,’’ McGladrey told VentureBeat.
For example, if a user regularly logs in from Washington State using their Windows-powered computer to access a single program, there’s little reason to prompt them for a second authentication factor, he said. “But when the device changes, perhaps a new Mac computer that’s not configured correctly, or their location suddenly changes to Australia, they should be prompted for multifactor authentication as part of identity validation before being allowed to access those data,” McGladrey said. When a user leaves an organization, their identity access should be rapidly revoked across all platforms and devices. Otherwise, organizations run the risk of a threat actor using the older access and credentials, McGladrey added.

See publication

Tags: Cybersecurity, Risk Management, Security

Banks can leverage automation, regulation for cyberattack prevention
Bank Automation News
October 13, 2022
Financial institutions can avoid becoming the next victim of a costly cyberattack by leveraging automation and existing legislation. Automation can help to mitigate risk when handling personal client information by storing records efficiently and securely, Kayne McGladrey, field chief information security officer at Hyperproof, told Bank Automation News. “If you don’t automate, that has a cost, because now people are spending their time doing control testing,” he said. “The organizations that recognize that are going to probably spend a lot less time on compliance and have a happier team, because they’re not doing routine stuff that they should have automated.”

See publication

Tags: Cybersecurity, Risk Management, Security

GRC Platforms: 5 Features You Need
Hyperproof
September 29, 2022
"Choosing the right GRC platform is hard, but knowing what’s most important for you and your organization is key to choosing the right one. Ultimately, what matters most is that you find a platform with all the features listed above that will enable your team to maintain compliance without the headache of manual processes or inflexible legacy solutions."

See publication

Tags: Cybersecurity, Risk Management, Security

Exploring the Advantages of Deploying DPUs in the Data Center
CIO Magazine
June 24, 2022
“Moving network and security functions to a DPU allows server CPUs to be more efficient at running core applications and operating systems without sacrificing security controls,” said Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions LLC. “DPUs should also expedite the application of Zero Trust principles by allowing finer-grained micro-segmentation of applications and networks so that there is limited or no unearned trust.”

See publication

Tags: Cybersecurity, Security

Secure Collaboration: Adopt an approach that balances people and technology
CIO
March 21, 2022
“Make the security guardrails as invisible as possible to your end users and ensure that organizational change management is part of your planning for rollout,” says Kayne McGladrey, security architect, strategy and GRC practice lead at Ascent Solutions LLC. “This increases adoption of new collaboration technologies by ensuring that users are aware that the solution exists and understand that it’s easy to use. End users won’t use a solution specifically because it’s secure; rather, they’ll adopt it if it meets their needs easily and quickly.”

See publication

Tags: Cybersecurity

3 Phases to Simplify Cyber Risk Management
Ascent
March 07, 2022
Cybersecurity risk management exists to help businesses make informed decisions when allocating their limited resources. Although there are several ways of measuring risks and several more risk frameworks, there is no “right” way to conduct risk management other than consistency. Provided that a business documents, discusses, and acts on risk data, the supporting technologies and formulas are not particularly relevant to business leaders or board members.

See publication

Tags: Cybersecurity, Risk Management

Top 4 IoT data privacy issues developers must address
Internet of Things Agenda
February 23, 2022
"IoT device monetization strategies have nonobvious supply chain privacy risks. IoT device manufacturers may choose to incorporate one or more advertising or marketing APIs to generate incidental revenue that is unrelated to the primary subscription costs of the IoT device and service."

See publication

Tags: Cybersecurity, IoT

Top Three Use Cases for AI in Cybersecurity
DataCenter Knowledge
February 03, 2022
“The big things we’re seeing effectively in cybersecurity right now around AI is security incident and event management,” said Ascent Solutions’ Kayne McGladrey.
The reason is that it involves large pattern analysis, McGladrey told Data Center Knowledge, and AI is very good at doing large pattern analysis.
“It does that at a scale and speed that human defenders cannot match,” he said.

See publication

Tags: AI, Cybersecurity

2 Citations
What’s new in cybersecurity for physical security systems?
Source Security
June 01, 2023
The article explores the growing cyber resilience in the physical security industry, highlighting increased customer demands for compliance testing, the burgeoning use of cyber-safe cloud services, and the global adoption of the zero trust framework. It underscores the role of robust cybersecurity controls and the impact of IoT technologies in transforming physical security systems' connectivity and security posture.

See publication

Tags: Cybersecurity, Risk Management, Security

Expert Panel Roundtable: What's new in cybersecurity for physical security systems?
Security Informed
June 01, 2023
Discover how manufacturers in the physical security industry are embracing enhanced cybersecurity measures and implementing them at scale. From streamlining maintenance and updates to integrating cloud solutions, these efforts aim to protect against evolving threats and human error. The article highlights the importance of compliance, secure communication, and training employees on best practices. Explore insights on zero trust principles, secure APIs, and evolving certifications, all contributing to the continuous improvement of cybersecurity in physical security systems.

See publication

Tags: Cybersecurity, Risk Management, Security

9 Coursewares
Cyber Threat Prevention for PSOs: Credential Stuffing (Part 1 of 8)
PSVillage
May 17, 2017
Credential Stuffing, unfortunately, is not a new attack rather an existing attack that the bad guys have found a way to operate at economies of scale. Credential stuffing is a type of automated...

See publication

Tags: Cybersecurity

Cyber Threat Prevention for PSOs: Provisioning and De-provisioning (Part 2 of 8)
PSVillage
May 17, 2017
In this second episode of our 8 part series, Kayne McGladrey will be discussing Provisioning and De-Provisioning. In general, provisioning means "providing" or making a resource available. De-...

See publication

Tags: Cybersecurity

Cyber Threat Prevention for PSOs: Identity and Access Management (Part 3 of 8)
PSVillage
May 17, 2017
In this third episode of our 8 part series, Kayne McGladrey will walk you through three primary Identity and Access Management (IAM) systems available for your end users to have access to your...

See publication

Tags: Cybersecurity

Cyber Threat Prevention for PSOs: Privileged Access Management (Part 4 of 8)
PSVillage
May 17, 2017
In this fourth episode of our 8 part series, Kayne McGladrey will cover Identity Access Management system and a specific resource when it comes to where your client files are stored, or your...

See publication

Tags: Cybersecurity

Cyber Threat Prevention for PSOs: User and Entity Behavior Analysis (Part 5 of 8)
PSVillage
May 17, 2017
When a hacker has intercepted your credentials and login information and attempts to use that information, an effective User and Entity Behavior Analysis (UEBA) solution can be what saves you from...

See publication

Tags: AI, Cybersecurity

Cyber Threat Prevention for PSOs: Multi-Factor Authentication (Part 6 of 8)
PSVillage
May 17, 2017
In this sixth episode of our 8 part series, Kayne McGladrey reviews Multi-Factor Authentication (MFA). MFA can be used in many instances to ensure the identity of a person trying to access or...

See publication

Tags: Cybersecurity

Cyber Threat Prevention for PSOs: Attestation Reporting (Part 7 of 8)
PSVillage
May 17, 2017
Kayne McGladrey discusses Attestation Reporting in the seventh video in this series. The goal of Attestation Reporting is to ensure that a user should have the access that has been requested and...

See publication

Tags: Cybersecurity

Cyber Threat Prevention for PSOs: Certification Campaigns (Part 8 of 8)
PSVillage
May 17, 2017
In this last video in the series of 8, We will see how the process of certification in consulting works. IGA, a governance administration tool, will produce certification reports and should work...

See publication

Tags: Cybersecurity

Fundamentals of Professional Services Management
UDemy
April 07, 2017
You can learn to manage a professional services firm in less time than it takes to fly from Seattle to London

See publication

Tags: Management

1 eBook
Educated Endpoints
SC Media
January 16, 2020
The proverbial endpoint is everywhere. Consumers have more IoT and mobile devices than ever before. Industrial IoT is becoming ubiquitous and IoT malware is as common as cell phones. While conveniences are making their way into every facet of life, so are malicious software, social engineering attack and all manner of bad actors.

See publication

Tags: Cybersecurity, IoT

1 Founder
Include Cybersecurity
Include Cybersecurity
January 05, 2018
Include Cybersecurity is a non-profit organization dedicated to changing the face of cybersecurity professionals. As a co-founder alongside Carmen Marsh, I am responsible for helping to find volunteers and speakers, moderating panel discussions, social media outreach, fundraising, and establishing connections with the many underrepresented communities in cybersecurity.

See publication

Tags: Cybersecurity, Leadership

1 Industry Award
Senior IEEE Member
IEEE
June 24, 2020
Senior member is the highest grade for which IEEE members can apply. IEEE members can self-nominate, or be nominated, for Senior Member grade.
To be eligible for application or nomination, candidates must:

* Be engineers, scientists, educators, technical executives, or originators in IEEE-designated fields
* Have experience reflecting professional maturity
* Have been in professional practice for at least ten years (with some credit for certain degrees)
* Show significant performance over a period of at least five of their years in professional practice

See publication

Tags: Cybersecurity

7 Influencer Awards
Top 50 IoT Influencers to follow in 2023
Engatica
November 08, 2022
Can IoT reach a level where businesses can build scalable solutions for the future? Will it help us have a better 2030? Well, the experts should know. And they should have a better idea of it.

See publication

Tags: Cybersecurity

Cloud Thought Leader of the Day ️
WhizLabs
July 09, 2021
Having 28+ years of experience in the field, Kayne McGladrey's role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors.

His consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies. One of his career priorities is to inspire underrepresented communities to pursue careers in cybersecurity.

His simplification of complex concepts to non-tech audiences has given him more reach on his social platforms. His blogs are a must-read for both tech and non-tech people who are interested in cybersecurity.
Check out his blogs here: https://lnkd.in/efHU2Mp

Currently, he is working as Security Architect / Strategy and GRC Practice Lead at Ascent Solutions LLC, a premier productivity, security, and innovation consulting firm.

We thank Kayne for his exceptional contribution to the cloud discipline.

See publication

Tags: Cybersecurity

150+ Top Global Cloud Thought Leaders and Next Generation Leaders of 2021
WhizLabs
April 19, 2021
Having 28+ years of experience in the field, Kayne’s expert approach on how to uphold that social contract by managing risks and deterring and denying threat actors is appreciated by many companies. One of his priorities is to inspire under-represented communities to pursue careers in cybersecurity. His simplification of complex concepts to non-tech audiences has given him more reach on his social platform. His blogs are must read for both technical and non-technical people who are interested in cybersecurity.

See publication

Tags: Cybersecurity

Top Cyber Pro Awards for 2020
Top Cyber Pro
December 01, 2020
Kayne McGladrey is a senior member of the IEEE and the cybersecurity strategist for Ascent Solutions. He has over two decades of experience in cybersecurity and has served as a CISO and advisory board member, and focuses on the policy, social, and economic effects of cybersecurity lapses to individuals, communities, and the nation.

See publication

Tags: Cybersecurity

Top 50 Global Thought Leaders and Influencers on Internet of Things
Thinkers360
February 24, 2020
Top 10 on the Thinkers360 leaderboard for the top 50 global thought leaders and influencers on Internet of Things for February 2020.

See publication

Tags: IoT

100 B2B Thought Leaders and Influencers to Follow in 2020
Thinkers360
January 01, 2020
Thinkers360 award for 100 B2B Thought Leaders and Influencers to Follow in 2020.

See publication

Tags: Cybersecurity

ISSA Article of the Year 2017
ISSA Journal
January 08, 2018
ISSA International Article of the Year for 2017: Lessons about Cloud Security from 1980s Horror Movies

See publication

Tags: Cloud, Cybersecurity

12 Journal Publications
Getting AI Right: 3 Challenges for the Future
IEEE Transmitter
October 25, 2023
AI systems need to be trained using data. But data sets are frequently made by people who can be biased or inaccurate. As a result, AI systems can perpetuate biases. This is especially true in hiring practices and in criminal justice, and managing those biases can be difficult.

“We can audit software code, manually or automatically, for privacy defects,” said IEEE Senior Member Kayne McGladrey. “Similarly, we can audit software code for security defects. We cannot currently audit software code for ethical defects or bias, and much of the coming regulation is going to screen the outcomes of AI models for discriminatory outcomes.”

See publication

Tags: Cybersecurity, Risk Management, Security

Cybersecurity Concerns Continue
IEEE Transmitter
October 25, 2023
Realistically, the use of AI in cybersecurity will help to reduce the punishing cognitive load on tier 1 security operation center (SOC) analysts and incident responders. Rather than having to comb through a needlestack looking for a needle, AI promises to automate much of the correlation across vast amounts of data that humans struggle with.

See publication

Tags: Cybersecurity, Risk Management, Security

What is End-To-End Encryption? 7 Questions Answered
IEEE Transmitter
August 17, 2023
“End-to-end encryption is generally agreed upon as being a useful technology for protecting the data of businesses and consumers,” said IEEE Senior Member Kayne McGladrey. “Online shopping, for example, would not be as popular or feasible if a consumer’s payment information could easily be intercepted. Similarly, private video calls over the internet by senior executives or government officials would be far too risky if anyone could watch.”

See publication

Tags: Cybersecurity, Risk Management, Security

Telehealth is Booming: Here’s What You Need to Know
IEEE Transmitter
October 26, 2020
Telehealth, often referred to as virtual doctor appointments, has been utilized in remote regions that do not have local medical resources for several decades. But when COVID-19 began impacting many countries across the globe, telehealth became the go-to method for checking in with your doctor about possible COVID-19 symptoms or other healthcare check-ups.

See publication

Tags: COVID19, Cybersecurity, HealthTech

How to Keep Your Video Conferences Secure From Intruders
IEEE Transmitter
April 16, 2020
As the world adjusts to a “new normal” of remote education and work, video conferencing services have surged in demand as people take to these platforms to connect digitally. Yet, these platforms are susceptible to a variety of intrusions that could lead to the theft of private and company data or inappropriately distracting calls and meetings that leave participants feeling they have no control.

To protect your students, employees, families and yourself from these types of cyber disruptions, we asked IEEE Member Kayne McGladrey for cybersecurity tips for safe video conferencing.

See publication

Tags: Cybersecurity

Decreasing Risk Through Enterprise Compliance
CSHub
March 02, 2020
Compliance is often viewed as a reaction for organizations. The auditing of compliance becomes the event that is anticipated with resources and preparation aligned to culminate in the audit itself. A famous approach used in product development is that launch is a process, not an event. The spirit of that message is important for security leaders to consider in building a sustainable business case for compliance. Compliance should be viewed as a continuous, organizational process.

See publication

Tags: Business Strategy, Cybersecurity

Should You Be Worried About Airport Cybersecurity Threats?
IEEE Transmitter
February 13, 2020
Navigating and traveling through an airport can be stressful. Trying to get through security while searching for a boarding pass and assessing whether there’s enough time to jump on that long line for a desperately needed cup of coffee is a universal experience.

With all of that juggling going on, the last thing on your mind are the cybersecurity threats that you might encounter at the airport along the way. Luckily, cybersecurity experts have already put into place a variety of technologies to protect us and keep our cyber lives safe while we travel. So take a deep breath and focus on getting to your seat in a timely manner instead.

See publication

Tags: Cybersecurity

Passwords, Multi-Factor Authentication and Cybersecurity
IEEE Transmitter
April 16, 2018
Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”

See publication

Tags: Cybersecurity

Why AI Could be Cybersecurity’s Next Big Thing
IEEE Transmitter
February 16, 2018
For many organizations, analysts in security operations centers spend their days sifting through hoards of log files for suspicious activity. The repetitive nature of this work makes AI an ideal replacement, says Kayne McGladrey, IEEE Member, Director of Information Security Services at Integral Partners (US): “Artificial intelligence has been shown to be good at pattern recognition and correlation over a vast number of data points, and can make connections faster than human analysts would.”

See publication

Tags: AI, Cybersecurity

Smart Office Controls
IEEE Transmitter
April 20, 2017
Forget light switches and thermostat buttons in the office. IoT sensors can control when lights go on and off, as well as heating and cooling in the office. Lights can go on and off based on your location.

See publication

Tags: Cybersecurity, IoT

IOT and Big Data: A Day in a Connected Life
IEEE Transmitter
April 05, 2017
How could your data be used?
“Office workers often find that all the meeting rooms are booked, which can mean consulting teams that arrive to meet with a client must search for an unoccupied meeting room in which to squat. Regardless of reservation status, IoT sensors can impassively detect if meeting rooms are unoccupied and offer them on a first-come, first-served basis.”

What are the security and privacy concerns with this device?
“Insecure IoT heating, ventilation and air conditioning systems are a threat to buildings and cities. For example, in the summer, a hard-coded administrative password in an IoT thermostat deployed in smart buildings in New York City could be compromised by an adversary who forces the thermostats to continuously run cooling systems. The spike in electrical usage could cause a very costly, life-threatening blackout.”

See publication

Tags: Cybersecurity, IoT

Understanding Cybersecurity Breaches at Consulting Firms
IEEE Transmitter
March 30, 2017
Cybersecurity threats are affecting consulting and professional service firms causing substantial losses. Kayne McGladrey (@kaynemcgladrey), an IEEE Member and professional services director, weighed in on how consulting firms can mitigate threats, keep client data safe and learn from current breaches.

See publication

Tags: Cybersecurity

16 Keynotes
Bridging the Gap: Communicating Cyber Risks as Business Imperatives
ISC2
October 25, 2023
As CISOs make plans to secure operating budgets for the new financial year, they face the age-old challenge of convincing stakeholders, who often see cybersecurity and privacy as a cost center, to invest in this area. It's time to change the narrative. Discover how to drive more productive conversations about cybersecurity as a strategic growth enabler. Take home actionable ideas for proactively managing controls and risks, increasing efficiency and reducing costs.

See publication

Tags: Cybersecurity, Risk Management, Security

2023 IT Compliance and Risk Benchmark Report Findings: The Top 5 Game-Changers
Hyperproof
February 23, 2023
Hyperproof conducts an annual survey to uncover the top challenges IT compliance professionals face and what hot topics they’re focused on in the coming year. We’ve asked over 1,000 survey respondents about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to provide an in-depth view of the market’s current state and what to prepare for this year.

We’ll cover:

The top five findings from the survey
How your peers are planning to handle compliance, audit management, and risk management in the midst of a volatile economy
What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations
Leading practices for ensuring security, compliance, and risk management today

See publication

Tags: Cybersecurity, Risk Management, Security

Closing Keynote - The Most Common Visibility and Compliance Lapses in Your Cloud Vendors’ Environments.
SC Magazine
May 17, 2022
Whenever a key business function is hosted by a cloud-based vendor, your organization cedes a certain amount of control to the service provider. And that sometimes means that your security team lacks visibility into how this third party handles sensitive data and to what degree it successfully meets regulatory compliance standards around privacy and data security. This session will identify some of the most common gaps in visibility and compliance to develop between companies and their SaaS, PaaS and IaaS providers, and explain the root causes behind these lapses so that your own company hopefully can avoid some of these pitfalls.

See publication

Tags: Cybersecurity, Risk Management

Opening keynote speech at the Seattle Electrical Conference
Seattle Electrical Conference
December 22, 2020
Our key note speaker Kayne McGladrey today will discuss Cybersecurity. Keeping our websites and our networks secure is one of our biggest challenges in our digital age.

See publication

Tags: Cybersecurity, IoT

Keynote speech at CIA Conference 2020
CIA Conference
October 26, 2020
Prepare and adapt yourself to evolving threat landscape by listening to our next keynote speaker Mr. Kayne McGladrey, will speak on "Deter, Deny and Defend Against Cyber Attacks."

See publication

Tags: Cybersecurity

24th Annual Colloquium for Information Systems Security Education - November 4th, 2020
Colloquium for Information Systems Security Education
September 28, 2020
On November 4th at 8:15 AM Pacific, Kayne McGladrey, CISSP, will give the keynote speech at the Colloquium for Information Systems Security Education and discuss the social and economic impacts of cyber security during a pandemic. Registration is free.

See publication

Tags: COVID19, Cybersecurity, Diversity and Inclusion

TAG Cybersecurity - February 2020 Meeting
TAG NW
February 03, 2020
Featured Presentation:

"Best practices for cyber security training programs" by Kayne McGladrey, CISSP

Employees dread the meeting invitation that reads 'Annual mandatory cyber security training in the break room at 1 PM Wednesday'. In this presentation, we'll discuss best practices for creating a reality-based training program that encourages employee participation and builds organizational muscle memory for responding to active threats.

See publication

Tags: Cybersecurity

Deter, Deny, and Defend Against the Three Most Common Cyber Attacks
TagNW
November 08, 2019
Cyber attacks are bad and getting worse, and you’d like to turn things around before it’s too late. In this session, you’ll learn how the three most common attacks target people, how to deter and deny threat actors attacking your applications, and how to defend yourself and your community.

See publication

Tags: Cybersecurity, IoT

Cybersecurity Career Accelerator EXPO
Include Cybersecurity
December 01, 2018
The Cybersecurity Career Accelerator Expo 2018 program is an opportunity for anyone interested in cybersecurity to come receive – and share – useful and relevant information critical to launching – or advancing – a career in cybersecurity. This day-long symposium will be divided into two tracks with sessions designed to benefit novice, entry-level and advanced cybersecurity professionals. The content will be presented in a combination of lectures, workshops and expert panel formats.

Cybersecurity Career Accelerator Expo 2018 is part of the “Include Cybersecurity” initiative focusing on cybersecurity workforce development in the Sacramento Valley. Our mission is to spark interest within traditionally underrepresented groups in exploring an exciting and rewarding career in cybersecurity.

See publication

Tags: Cybersecurity

Cyber Security Workshop and Employment Opportunities
Worksource
November 05, 2018
Presentation to veterans on how to pursue careers in cyber security.

See publication

Tags: Cybersecurity

Include Cybersecurity Event 2018
Include Cybersecurity
September 06, 2018
Our panel discussion on September 6th, 2018 presents an opportunity for anyone interested in cybersecurity to learn firsthand from the experts what it takes to succeed. A significant portion of this event will be questions from the audience.

The panelists and speakers are passionate cybersecurity defenders. They are experts in the field and bring first-hand knowledge of what it’s like working as part of a cybersecurity team and how to take the first steps to join this growing community.

See publication

Tags: Cybersecurity, IoT

Include Cybersecurity 2018
Conferize
September 06, 2018
Every day your news feed has a story about cybersecurity. About a friend that has to replace their credit card due to a breach. A couple that’s trying to repair their credit report due to identity theft. A business laying off staff because of losses from a phishing email.

You are not powerless. All communities are affected by cybercrime, but not all groups of people are working together to fight back against cybercriminals. Our goal is to educate and empower job seekers of all stripes to take the plunge into the cybersecurity world. We want to dispel common myths about what it takes to succeed in a cybersecurity job so that the cybersecurity industry represents the diversity of our nation.

See publication

Tags: Cybersecurity

Cybersecurity workshop and job opportunities for veterans
Worksource Rainier
September 05, 2018
Presentation on how to get started in careers in cybersecurity for veterans

See publication

Tags: Cybersecurity

Cybersecurity for Outside Counsel
Clear Law Institute
October 05, 2017
A 2016 American Bar Association survey showed that more than 25% of law firms had at least one data security breach in that year. In the spring of 2017, the Association of Corporate Counsel (“ACC”) released their Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information (“Model ”). The Model provides best practices for data security that outside counsel should use to safeguard their company’s confidential information.

This webinar will show how outside counsel can best implement the ACC’s recommendations to avoid a potentially catastrophic data security breach. Instead of focusing on the easy and self-evident solutions to sections 3, 4, 7, and 8 of the Model, this presentation will focus on the areas where external counsel is most likely to encounter difficulties.

See publication

Tags: Cybersecurity

CYBER SECURITY FOR SMALL BUSINESSES AND CONSULTANTS
IEEE
August 08, 2017
Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey, speaker, author and Director of Information Security Services for Integral Partners (http://www.ipllc.co) for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses.

Kayne will discuss:
- Why you should manage risks based on user identity instead of chasing the latest threats
- How individual consultants can protect themselves
- A vendor-neutral reference architecture for cyber security at small businesses

We will have time for Q&A at the end of the presentation.

See publication

Tags: Cybersecurity

Cybersecurity for consultants and small businesses
IEEE-USA
March 30, 2017
Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey , speaker, author, and IEEE Member for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses. Kayne will discuss:
- Why you should manage risks based on user identity instead of chasing the latest threats
- How individual consultants can protect themselves
- A vendor-neutral reference architecture for cyber security at small businesses
We will have time for Q&A at the end of the presentation.

See publication

Tags: Cybersecurity

142 Media Interviews
The Evolving Landscape of Cybersecurity for Medium-Sized Businesses
Cyberfame
February 16, 2024
In recent years, we've seen a significant shift in the threats targeting businesses. "Everybody focused on the human harms, people couldn't check into their hotel rooms; people couldn't use an ATM... the nature of the technical exploits is not what we focus on in terms of harm... that's not what we focus on in terms of harm," states Kayne McGladrey, a field CISO at Hyperproof and senior IEEE member. This reiterates the transition from mere inconvenience to significant operational disruptions and economic consequences that cyber threats now pose.

See publication

Tags: Cybersecurity, Risk Management, Security

Kayne McGladrey: The CISO’s Role Is To Advise on Business Risk
The PrOTect OT Cybersecurity Podcast
November 09, 2023
In this episode of The PrOTect OT Cybersecurity Podcast, Aaron and Kayne McGladrey discuss:

Strategic alignment of cybersecurity with business risk
Navigating the changing landscape of cybersecurity
Empowering CISOs in the evolving landscape of cybersecurity
The challenges and opportunities of generative AI

Key Takeaways:

The key to a successful cybersecurity strategy lies in reframing it as a business imperative, focusing on aligning security efforts with business risks, engaging with cross-functional teams, proactively obtaining certifications, and leveraging control design expertise, ensuring a competitive advantage and effective risk management beyond mere compliance and technology concerns.In today's dynamic cybersecurity landscape, CISOs must continually reassess their controls and their alignment with business risks, while also considering the personal liability they bear, making succession planning and strategic adaptability vital for maintaining effective security programs.The role of a CISO is crucial, yet often misunderstood; empowering and respecting CISOs' authority is essential to effectively manage cyber risks and avoid potential disasters, as generic approaches and AI-driven risk registers fall short of addressing the unique challenges faced by businesses.In a world where cybersecurity threats are inevitable, the key lies in fostering resiliency rather than aiming for an unattainable zero-risk goal; while a lot are excited about the potential of education and automation, the lack of regulatory control over generative AI poses a daunting challenge, risking societal upheaval and economic unrest.

"If we don't decide to manage the economic impacts of artificial intelligence, potentially a lot of industries could be at least partially automated. And that has the potential for a lot of social arm where people just don't have jobs. And when you get people who are automated out of a job, what are they going to go do? They're going to do something that everybody can do fine, but it doesn't pay well. Like you end up going and driving for a living or doing deliveries for a living. And you end up with a highly educated workforce that is unhappy. That's like a recipe right there for civil unrest." — Kayne McGladrey

See publication

Tags: Cybersecurity, Risk Management, Security

Next-Generation Cybersecurity Defenses Coalesce for Space Systems
Via Satellite
October 23, 2023
“There's the cybersecurity threat and then there's the real threat,” explains Kayne McGladrey, field chief information security officer (CISO) of compliance company Hyperproof, and senior member of the Institute of Electrical and Electronics Engineers (IEEE). “A cybersecurity threat is disruption, like when we saw the Russians invade Ukraine as part of their illegal war, they took down Viasat and not by attacking the satellites themselves, instead, they attacked the firmware of satellite modems on the ground."

See publication

Tags: Cybersecurity, Risk Management, Security

PCI Compliance & the Importance of Penetration Testing
StateTech Magazine
October 23, 2023
By asking the right questions and implementing appropriate controls according to a defined standard, state and local agencies can go a long way toward improving security. “If you're compliant with PCI, it really does reduce the likelihood of data breaches and the reputational damage associated with that,” says Kayne McGladrey, IEEE Senior Member and field CISO at compliance management platform Hyperproof.

See publication

Tags: Cybersecurity, Risk Management, Security

Why a return to the office brings identity and mental health challenges
SDX Central
October 10, 2023
Another newer issue is that “the transition from a fully remote to a partially on-site work environment creates substantive cybersecurity concerns based on the ongoing mental health crisis,’’ said IEEE senior member Kayne McGladrey. As some businesses attempt to mandate a return to the office, they should be aware of the mental health challenges employees are facing, he said. “Research shows a significant decline in workers’ mental well-being, resulting in stress and anxiety. These mental states can negatively affect decision-making and lead to cybersecurity lapses.”

See publication

Tags: Cybersecurity, Risk Management, Security

The Job Of Security Director Is Expanding: How Does It Impact Technology?
Security Informed
October 10, 2023
The enduring trend of allowing employees to work either partially or entirely from home has significantly impacted the role of the security director. No longer limited to overseeing an organization's physical office or campus, security director must look outside of their four walls to understand the full spectrum of modern risks. This expanded view necessitates close partnerships with cybersecurity experts to implement effective controls. For instance, while certain systems like operational technology systems (OT) remain bound to specific locations, many essential business tools, like laptops, often function remotely. The theft of an unencrypted laptop is often the cause of a security breach. In contrast, addressing the theft of an encrypted laptop simply involves filing a police report and replacing the affected device for the user. Additionally, security directors now find themselves working hand in hand with HR departments to enforce compliance measures, such as the heightened background checks and employee risk assessments mandated by FedRAMP and various financial regulations.

See publication

Tags: Cybersecurity, Risk Management, Security

Is basic cyber hygiene enough in the age of AI?
APN News
September 27, 2023
IEEE Senior Member Kayne McGladrey said that “These threats are not merely theoretical, although at the moment, they are still relatively limited in their application. It is reasonable to expect that threat actors will continue to find innovative new uses of generative AI, extending beyond business email compromise, deepfakes and the generation of attack code.”

See publication

Tags: Cybersecurity, Risk Management, Security

What's a Red Flag When Applying for a Cybersecurity Job?
Hyperproof
September 20, 2023
Ever apply for a cybersecurity job and then either in the listing or partway through the interview you realize, "Yikes, this job is not for me."

See publication

Tags: Cybersecurity, Risk Management, Security

Emerging cyber threats in 2023 from AI to quantum to data poisoning
CSO Online
September 08, 2023
Kayne McGladrey, field CISO at Hyperproof, has seen the evidence. He worked with one organization whose executives received a contract for review and signature. "Nearly everything looked right," McGladrey says. The only noticeable mistake was a minor error in the company's name, which the chief counsel caught. But Gen AI isn't just boosting the hackers' speed and sophistication, it's also expanding their reach, McGladrey says. Hackers can now use gen AI to create phishing campaigns with believable text in nearly any language, including those that have seen fewer attack attempts to date because the language is hard to learn or rarely spoken by non-native speakers.

See publication

Tags: Cybersecurity, Risk Management, Security

Universities Tap Student Talent to Support Security Operations
EdTech Magazine
August 25, 2023
“Not all high schools are promoting cybersecurity as a career option, and working in the SOC can have the knock-on effect of bringing people in who were unaware of the field before,” says Kayne McGladrey, a senior member at IEEE. Even if they don’t go on to take cyber jobs, “working in the SOC gives them exposure to some of the language and risks common in cybersecurity,” he says. “Then, if they’re working as developers, it’ll influence the direction by which they create things. They’ll at least have security in mind.”

See publication

Tags: Cybersecurity, Risk Management, Security

Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers
TechRepublic
August 23, 2023
Cybersecurity expert Kayne McGladrey speaks about why AI cannot do what creative people can, and the important role of generative AI in SOCs.

See publication

Tags: Cybersecurity, Risk Management, Security

Expert: Generative AI won’t harm cybersecurity workforce
SC Media
August 23, 2023
TechRepublic reports that generative artificial intelligence has been touted by Hyperproof Field Chief Information Security Officer Kayne McGladrey to not hamper employment opportunities in cybersecurity.

Continuous cyberattack innovation and supply chain diversity among threat actors would ensure that humans will not be displaced by generative AI, said McGladrey in an interview at the Black Hat security conference.

"We're going to need to continuously adapt the tools that we have with the people we have in order to face the threats and risks that businesses and society continue to face," said McGladrey.

See publication

Tags: Cybersecurity, Risk Management, Security

The Cyber Ranch Podcast
The Cyber Ranch Podcast
August 16, 2023
Did you miss Black Hat this year? Well you won't miss the great conversations that were had, as Allan captured so many good ones for this special Black Hat retrospective episode.

See publication

Tags: Cybersecurity, Risk Management, Security

Criminals Are Flocking to a Malicious Generative AI Tool
GovInfoSecurity
July 27, 2023
Kayne McGladrey, field CISO at Hyperproof, told ISMG that while there are jailbreaks to work around limitations in commercially available AI systems, they're inconvenient for threat actors to run at scale. "Jailbreaks introduce friction into software developer workflows, forcing users to periodically adapt their prompts based on changes introduced by the AI toolmaker. One of the potential benefits of using an AI intentionally developed for malicious activities is that jailbreaks are not necessary," McGladrey said.

See publication

Tags: Cybersecurity, Risk Management, Security

How Will the New National Cybersecurity Strategy Be Implemented?
Information Week
July 21, 2023
Kayne McGladrey, field CISO at Hyperproof, hopes that a future version of the plan will get more granular. “Industry-specific guidance is missing, as hospitals, banks, and SaaS startups all have different cybersecurity needs and available resources,” he says.

See publication

Tags: Cybersecurity, Risk Management, Security

How the Social Media Platform Discord is Helping Parents Keep Kids Safe
Parents Magazine
July 19, 2023
"Discord initially was used as a way for gamers to hold real-time voice and text chats in games that either didn't support real-time communications or where the in-game system wasn't robust," says Kayne McGladrey, a senior member of IEEE, a professional organization for technology and engineering. But the platform gained popularity, particularly during the COVID-19 shutdown. "During the pandemic, Discord emerged as a free alternative to Zoom for gamers, friends, cryptocurrency enthusiasts, and other communities to host remote events," McGladrey says.

See publication

Tags: Cybersecurity, Risk Management, Security

There’s a handy new label to tell you if your gadget is easy to hack or not
Vox
July 19, 2023
On Tuesday, the White House announced that we’ll soon get those IoT labels: The US Cyber Trust Mark, which looks like a shield with a microchip on it, will be on products that have cybersecurity protections. Kayne McGladrey, field CISO for Hyperproof, expressed reservations about the mark. His concern is that Cyber Trust Marked devices could be sold at a premium to account for the increased cost of cybersecurity measures, which could lead to most consumers simply choosing whatever’s cheaper, rendering the program ineffective. He also noted that it won’t address all the devices that pre-date the Cyber Trust Mark and are already in people’s homes. “For example, LED light bulbs have lifespans of tens of thousands of hours, which means that insecure light bulbs will be a feature of the IoT landscape for the coming decade or longer,” McGladrey said in an email.

See publication

Tags: Cybersecurity, Risk Management, Security

Why and how CISOs should work with lawyers to address regulatory burdens
CSO Online
July 19, 2023
As the regulatory burden increases, organizations and CISOs are having to take ownership of cyber risk, but it needs to be seen through the lens of business risk, according to Kayne McGladrey, field CISO with Hyperproof. Cyber risk is no longer simply a technology risk. "The problem is, organizationally, companies have separated those two and have their business risk register and their cyber risk register, but that’s not the way the world works anymore," says McGladrey.

He believes the Securities and Exchange Commission (SEC), the Federal Trade Commission, FTC and other regulators in the US are trying to promote collaboration among business leaders because cyber risks are functionally business risks. McGladrey thinks most CISOs understand this, but that doesn't necessarily extend to the other leaders in the business. "Can we just please have one risk conversation with people and plan that out appropriately," he says.

See publication

Tags: Cybersecurity, Risk Management, Security

How Discord's Parental Controls Can Keep Kids Safe
Lifewire
July 18, 2023
Discord relies heavily on server moderators to enforce community rules, IEEE Senior Member Kayne McGladrey said via email. This moderation is done on a server-by-server basis.

“In practice, this enables smaller private servers to feature far more informal conversations and rules than a public community server – it's possible that kids can see hateful content, such as racism or cyber-bullying, happen on these types of servers where the moderators are less engaged,” McGladrey added.

See publication

Tags: Cybersecurity, Risk Management, Security

Data de-identification: Best practices in the new age of regulation
VentureBeat
June 15, 2023
Confidential computing also is an emerging technology meant to protect data in use, said McGladrey of the IEEE.

“Confidential computing can allow the processing of data from multiple parties without sharing the input data with those other parties,” he said. “For example, if an organization wants to perform processing on a large set of healthcare data collected from multiple third-party organizations, properly configured confidential computing potentially permits those third parties to provide their data for processing in aggregate. In this scenario, not even the cloud provider can see the cleartext data provided by the third parties, or the results.”

See publication

Tags: Cybersecurity, Risk Management, Security

The risks of 5G security
TechRepublic
January 25, 2023
Kayne McGladrey, field CISO at HyperProof.io, explained the dangers of such an approach. “Low-cost, high-speed and generally unmonitored networking devices provide threat actors a reliable and robust infrastructure for launching attacks or running command and control infrastructure that will take longer to detect and evict,” he said. McGladrey also pointed out that as organizations deploy 5G as a replacement for Wi-Fi, they may not correctly configure or manage the optional but recommended security controls. “While telecommunications providers will have adequate budget and staffing to ensure the security of their networks, private 5G networks may not and thus become an ideal target for a threat actor,” he said.

See publication

Tags: 5G, Cybersecurity, Security

Three Keys to Protecting the Corporate Network in the Era of Hybrid Work
CIO
January 19, 2023
“Organizations should invest in a combination of asset management, endpoint detection, data loss prevention, cloud-based managed detection and response, and patch or vulnerability management,” says Kayne McGladrey (@kaynemcgladrey), Field CISO at Hyperproof and Senior IEEE Member. “Of those, asset management is the starting point, as an organization should have visibility into the devices accessing corporate data and be able to select and apply appropriate controls to those devices. Those controls then may include endpoint protection or data loss protection, for example, if exfiltration of sensitive corporate data may result in compliance violations.”

See publication

Tags: Cybersecurity, Risk Management, Security

How to design a cyber-secure organizational structure
Workflow
January 17, 2023
Kayne McGladrey, who consults with individual clients for the security firm Hyperproof, recommends reviewing corporate governance procedures to ensure that a committee can have real clout. “If it doesn’t have the authority to make independent decisions, you can have a lot of smart people who make recommendations that go nowhere,” he says.

See publication

Tags: Cybersecurity, Risk Management, Security

Cyberwire Daily
The Cyberwire
January 13, 2023
GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3. Our guest is Kayne McGladrey with insights on 2023 from the IEEE. And Positive Hack Days and the growing isolation of Russia's cyber sector.

See publication

Tags: Cybersecurity, Security

The four pillars of cloud security
CSHub
December 13, 2022
“We talk about ‘data breaches’ because of regulatory and statutory definitions that focus on the disclosure of data. An organization’s security strategy should work with the end in mind and focus heavily on denying threat actors access to those data with the highest regulatory, statutory, or contractual risks.” Kayne McGladrey, Field CISO at Hyperproof

See publication

Tags: Cybersecurity, Risk Management, Security

24 Panels
How Will AI Impact the Jobs of the Future?
CES
January 10, 2024
Explore the jobs we’ll see created over the next 20 years, industry’s role driving innovation and the skills our future workforce will need.

See publication

Tags: Cybersecurity, Risk Management, Security

Expert Predictions for 2024
GPSec
November 27, 2023
An illuminating panel discussion, ‘Expert Predictions for 2024’, where seasoned experts delve into the future of cybersecurity. This dynamic discussion explores controversial key areas shaping the landscape in the coming year.

Cyber Budgets Taking a Step Back

Maturity in Vulnerability Management

AI Effects on Cybersecurity Job Market

Experts provide valuable predictions and actionable insights to help you navigate the complex cybersecurity terrain of 2024.

Don’t miss the opportunity to stay ahead of the curve in a rapidly evolving digital world.

Keynote Panelists

Michael Fulton, Vernovis, Chief Information Officer

Warner Moore, Gamma Force, Founder & vCISO

Joe Otten, Fifth Third Bank, Sr. Director, Information Security

Keynote Panel Moderator

Kayne McGladrey, Hyperproof, Field CISO

See publication

Tags: Cybersecurity, Risk Management

KEYNOTE PRESENTATION: Expert Predictions for 2024 at GPSEC Columbus Tech Summit 2023
Whova
November 14, 2023
Join us for an illuminating panel discussion, ‘Expert Predictions for 2024’, where seasoned experts delve into the future of cybersecurity. This dynamic discussion will explore controversial key areas shaping the landscape in the coming year.
- Microsoft Security Co-pilot Effects
- Cyber Budgets Taking a Step Back
- Impact of War Climate on Cybersecurity
- Maturity in Vulnerability Management
- AI Effects on Cybersecurity Job Market

Our panel of experts will provide valuable predictions and actionable insights to help you navigate the complex cybersecurity terrain of 2024. Don’t miss this opportunity to stay ahead of the curve in a rapidly evolving digital world.

See publication

Tags: Cybersecurity, Risk Management, Security

A 2023 Regulatory Round-Up and How to Prepare for 2024
ISACA
October 30, 2023
This year has brought a number of regulatory changes and updates. From the SEC’s new guidance to updates to the industry go-to standards of NIST CSF, 2023 was yet another year of cyber security and compliance evolution. With every shift in regulatory guidance or requirement, should come a shift in the way organizations are thinking about the way they are protecting their data and the data of their customers. Join our panel of experts as they not only discuss what we’ve seen change in 2023, but also how they suggest security and risk professionals strategically prepare for the year ahead.

See publication

Tags: Cybersecurity, Risk Management, Security

Cybersecurity Breaches Are in the News: How Internal Assessments Can Help You Avoid One
ISACA
March 22, 2023
Emerging from a global pandemic, businesses must re-evaluate their processes and procedures to adapt to the new normal. This includes the Risk Management processes. It is more than an ever for businesses to implement processes that will safeguard the company’s assets which includes information. An asset is something of value and in today’s society information is very valuable and must be protected. How does an organization ensure the confidentiality, integrity, and availability of its information assets and the systems that support them? The digital transformation continues, and new technologies continue to emerge. This virtual summit will cover topics that will cover tools and techniques necessary to identify, assess and respond to risk associated with emerging technology and the company’s assets.

See publication

Tags: Cybersecurity, Risk Management, Security

Panel Discussion: Navigating the Maze of New Cyber & Privacy Regulations – Keys to Avoiding Regulatory Action
Compliance Week
February 15, 2023
* Deep dive look into interpreting the different emerging US data privacy state laws and the consequences of non-compliance
* Learn about the requirements of the SEC cybersecurity rules and the ramifications for public companies
* Discuss the security programs that need to be implemented to comply with local and international regulations and rules.

See publication

Tags: Cybersecurity, Risk Management, Security

ISACA Virtual Summit 2022: Pursuing Digital Trust
ISACA
December 07, 2022
The digital space is the primary method of retaining data and transacting in today’s business landscape. But with the increase in cyberattacks, scams and security breaches, a secure digital world is more important than ever. Cybersecurity, risk, data privacy, governance and assurance are essential processes in the modern business landscape and are critical to helping enterprises become digitally trustworthy, enhance their reputations and increase their brand loyalty with consumers.

See publication

Tags: Cybersecurity, Risk Management, Security

Streamlining GRC Controls to Optimize Cybersecurity
IT GRC Forum
November 17, 2022
On this webinar, we will discuss how to streamline GRC controls and optimize cybersecurity risk management processes, to enable leaders to determine what investments best reduce risk with the best return on investment (ROI). Attendees will learn how to:

* Simplify GRC and security operations by reducing the number of controls your organization has to deal with, therefore reducing its workload to test and audit the controls
* Develop a set of controls baselined to the internal and external requirements that your organization needs to meet
* Enable both security process automation and enterprise risk decision-making
* Shrink your organizations cybersecurity attack surface

See publication

Tags: Cybersecurity, Risk Management, Security

Finding a long-term solution to curb Cybercrimes in the digital sphere: A Global Perspective
WebForum
November 08, 2022
This was the 7th series of WebForum which was in line with this year’s International CyberSecurity Awareness Month theme "See you in cyber - #becybersmart” held on 28th October 2022.

See publication

Tags: Cybersecurity, Risk Management, Security

Curbing Cybercrimes in the digital sphere. #becybersmart - DCA Digital WebForum
DotConnectAfrica
October 25, 2022
The findings of the webforum will inform African countries, businesses, and the global community of the key issues that need to be addressed in order to curb cyber crimes from ethical hacking, implications of data sovereignty and cloud, implications of metaverse and Web 3.0, and data privacy in the cloud. It will also demonstrate the global community’s commitment to the shared objective of protecting citizens, businesses, and organizations in the digital era. This will be imperative to prevent more damaging cyber-attacks, which could have devastating impacts.

See publication

Tags: Cybersecurity, Risk Management, Security

SECtember 2022: Transforming Security Along with the Business
SECtember
September 28, 2022
As we all know, decisions that get made to transform the business are not always the best decisions for security. Especially with the accelerated digital transformation of the last few years, now is the time to reassess whether security teams have been properly tracking and addressing all cloud and digital assets that their organizations have taken on. This panel of experts will discuss the challenges of tracking cloud assets, if their risk is being properly measured, and ultimately whether security teams are properly supporting business transformation decisions.

See publication

Tags: Cybersecurity, Risk Management, Security

The Future of Health Tracking Apps
CIO Tech Talk
September 01, 2022
Join us live on Twitter Spaces as we discuss:
* how safe patient medical information is with tech firms?
* the challenges health tracking apps present for users?
* how can users protect their data while still using health tracking apps
* red flags users should look out for when choosing or using health tracking apps
* What can tech firms do with data from health tracking apps

See publication

Tags: Cybersecurity, Privacy, Security

Cloud Adoption Outpaces Security
Sub-Four Capital
May 24, 2022
Cloud adoption has been rapidly rising for years and exploded as a result of the COVID-19 pandemic. With a remote workforce, companies needed the accessibility, flexibility, and scalability offered by cloud-based solutions. However, while many companies are moving rapidly to the cloud, security is lagging behind. Cloud infrastructure is very different from an on-premise data center, and these differences introduce unique security challenges. Many companies are still working to understand these differences, leaving their cloud deployments at risk. For many companies, the security of their public cloud infrastructure is a significant concern.

See publication

Tags: Cybersecurity

Preparing and Issues to Consider in an Incident Response Plan (IRP)
Sub-Four Capital
May 24, 2022
When it comes to data breaches, they say not if but when. Preparing your business to quickly and competently respond to a data incident starts with the creation of an Incident Response Plan. Understanding the topics covered in an IRP and then making choices that are best for your business helps ensure that the IRP will work in your time of crisis response.

See publication

Tags: Cybersecurity, Risk Management

Cyber Threats, Cyber Vulnerabilities: Assessing Your Attack Surface
Dark Reading
November 17, 2021
Today’s cybersecurity environment features a wide range of available threat intelligence, ranging from simple vulnerability alerts to commercial services that monitor threat actor behavior. But how can you use that data to assess the security posture of your own organization? How can you harness threat intel to measure cyber risk? In this panel, threat intelligence experts offer advice and recommendations on how threat intelligence can be used as a means to measure your attack surface.

See publication

Tags: Cybersecurity

Returning to the Office: Security Threats and Proactive Solutions
Ascent Solutions
May 13, 2021
A year after the pandemic began, employers are now considering how to welcome their employees back to the office. Join Ascent cybersecurity leaders, Derek Swenningsen and Kayne McGladrey for a discussion on the challenges and threats that are emerging in the modern workplace.

While there are obvious threats, such as threat actors sending phishing lures with fake return to work information, there are less obvious threats, such as IT assets that have not connected to your corporate LAN in a year.

Our experts will take audience questions and discuss the proactive cybersecurity steps that businesses and organizations can take to prepare for employees returning to offices in a hybrid working environment.

See publication

Tags: Cybersecurity, COVID19, Security

How Hackers Used and Abused the Pandemic to Profit
Infosecurity Magazine
March 24, 2021
In this session, a panel of experts will reflect on the various ways in which hackers have targeted the pandemic over the past 12 months, lifting a lid on the methods employed and outlining how businesses and users can best protect themselves from ongoing COVID-related attacks, scams and fraudulent activity.

See publication

Tags: COVID19, Cybersecurity

CISO Perspectives: Zero Trust-As-A-Service
CSHub
November 05, 2020
Join Pulse Secure’s Global Chief Security Architect and Ascent Solutions cybersecurity strategist Kayne McGladrey, CISSP in this webcast to learn about:

- The shift in security challenges, current security concerns, and potential challenges in the future
- Main components of Zero Trust-as-a-Service
- How Zero Trust-as-a-Service solves security challenges in a hybrid IT environment
- Zero Trust-as-a-Service implementation and deployment considerations
- How Zero Trust security practices can help you prepare and build a business continuity plan that withstands the unexpected and future security concerns

This webinar will take place on:
November 05, 2020
11:00 AM - 12:00 PM EST

See publication

Tags: Cybersecurity

#IDGTechtalk : A 2019 Recap and 2020 Predictions
IDG Communications, Inc.
December 19, 2019
We will be discussing 2019 trends and looking ahead to a new decade of amazing tech advancements at the final #IDGTechTalk of the year. Join us on Twitter by following #IDGTechTalk at 9 AM Pacific on December 19th, 2019.

See publication

Tags: Cybersecurity, Emerging Technology

Panel Discussion: Who is responsible for Cyber Security in the enterprise?
Cyber Security Hub
November 13, 2019
Cyber Security is still primarily seen as an ‘IT issue’ and this often means that security often gets “bolted on” rather than embedded in a company’s ecosystem. In this panel discussion, discover why everyone within the business is responsible for Cyber Security and how to educate the enterprise on safeguarding customer data.

Key takeaways
- Improve security by creating a culture of healthy suspicion
- Encourage the executive board to communicate policies
- Ensure best practice is maintained throughout your business

See publication

Tags: Cybersecurity, Ecosystems

TagNW Closing Panel and Comments
TagNW
November 08, 2019
Closing comments highlighting key takeaways of the day.

See publication

Tags: Cybersecurity, IoT, Leadership

Diversity of Mindset: Why It’s Not Just About Gender, Race, or Age
AT&T
September 27, 2018
Panel discussion about diversity and inclusion programs for cybersecurity

See publication

Tags: Cybersecurity, Leadership

Future of the Security Operations Center
AT&T
September 26, 2018
Panel discussion on the evolving role of the SOC

See publication

Tags: AI, Cybersecurity

The benefits of hiring veterans
Colorado Small Business Development Center
February 15, 2017
Panel discussion in Colorado Springs, CO on the benefits of hiring veterans for cybersecurity roles

See publication

Tags: Cybersecurity

21 Podcasts
Virtual CISO Happy Hour: The Scary Truth About Data Privacy
AccessPoint
November 07, 2023
In this live episode of the Virtual CISO Happy Hour, our cybersecurity experts discuss the critical steps companies must take to navigate the complex landscape of data privacy. They discuss the importance of establishing regular data inventories and minimization efforts to ensure that only business-critical information is retained, thereby reducing the attack surface for threat actors.
The conversation shifts to the pitfalls of treating privacy audits as one-off events rather than ongoing processes. Our experts argue for the automation of data control operations and the continuous evaluation of their effectiveness, which is crucial for maintaining compliance and achieving certifications like ISO or SOC 2.
The episode also tackles the misconception of 'cyber risk,' advocating for a broader understanding of business risk and its real-world consequences. The discussion highlights the importance of aligning cybersecurity strategies with business KPIs and KRIs to effectively communicate the value of security measures to executives and boards.
Furthermore, they explore the role of CISOs in control design and effectiveness, emphasizing collaboration with CFOs to leverage their experience with regulatory compliance for more nuanced and effective control strategies. They also touch upon the significant cost savings that can be realized by reevaluating and updating corporate risk registers in response to changes in data storage and access patterns.
This episode is a must-listen for any professional involved in data privacy and cybersecurity, offering practical insights into making informed decisions that align with both security and business objectives.

See publication

Tags: Cybersecurity, Risk Management, Security