You have been temporarily restricted. Please be more thoughtful when adding content for your portfolio. Your portfolio and digital media kit and should be reflective of the professional image you wish to convey. Accounts may be temporarily restricted if we receive reports of spamming or if the system detects excessive entries.
Membership
Publish your original ideas on the Thinkers360 platform!
This feature is available for Pro and Pro-Plus Members Only.
Speaker Bureau functionality whereby individuals can be featured speakers within our Speaker Bureau service and enterprises can find and work with speakers.
This feature is available for Pro, Pro-Plus, Premium and Enterprise Members Only.
Highlight your featured products and services within our company directory for enhanced visibility to active B2B buyers worldwide. This feature is available for Pro, Pro Plus, Premium and Enterprise Members Only.
Contribute to the Thinkers360 Member Blog and have your thought leadership featured on our web site, newsletter and social channels. Reach our opt-in B2B thought leader community and influencer marketplace with over 100M followers on social media combined!
You’ve reached your daily limit for entering quotes. Please only add personally-authored content which is reflective of your digital media kit and thought leadership portfolio.
Thinkers360 Content Library
For full access to the Thinkers360 content library, please join ourContent Planor become a contributor by posting your own personally-authored content into the system viaAdd PublicationorImport Publication.
Dashboard
Unlock your personalized dashboard including metrics for your member blogs and press releases as well as all the features and benefits of our member plans!
Interested in getting your own thought leader profile? Get Started Today.
Kayne McGladrey
Field CISO at Hyperproof
Bellingham, United States
The modern company has an implicit social contract to protect the data entrusted to it. As a cybersecurity professional, my role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors. My consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies.
The ability to fluently speak the languages of both business and technology and effectively communicate complex concepts to non-technical audiences has not only facilitated conversation with company leadership in developing and implementing effective policies to reduce cyber threat, it has made me the go-to person for multiple media outlets and a spokesperson for IEEE’s Public Visibility Initiative.
One of my career priorities is to inspire under-represented communities to pursue careers in cybersecurity. Talent is not limited by geography or background. Because I look beyond the usual circles for talent, trust their abilities, and have an eagerness to help people succeed, I have been able to build effective teams despite the continued challenges of low unemployment in cybersecurity careers.
Available For: Influencing, Speaking Travels From: Bellingham, WA Speaking Topics: Cybersecurity, Compliance, Risk
· Working to increase the diversity of perspectives on enterprise cyber security challenges and opportunities.
· Dynamically responding to and anticipating the needs of the cyber security marketplace through unique and timely content.
· Serving as an “early explainer” to articulate “why” the subject matter is important to current practitioners and the next generation of cyber professionals.
Survey Findings Show Link Between Data Silos and Security Vulnerabilities
Dark Reading
April 13, 2023
A recent survey showed a surprising correlation between those who operate their businesses with risk and compliance data in silos and those who experienced data breaches in the last 24 months.
Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement
CSHub
March 29, 2021
Read this report on:
- Identifying accountability for cloud security across the enterprise
- Conceiving of a cloud security strategy to ensure that the business consults and informs the cyber security operation
- Gaining true visibility of the entire organization from on-prem to the cloud
- Adopting common language along with a newly assumed forward posture to find the edge of business innovation and enable it
Tasks that bog down security teams (and what to do about them)
CSO Online
August 23, 2023
With security now a board-level concern and the focus of a growing number of regulations, today's CISOs and their team members are spending a lot more time responding to questions about their security programs. Providing answers -- whether to internal compliance teams who need the information to fulfil legal obligations or external business partners who want assurances -- is now an expected part of the modern security department's responsibilities. Yet it's not the most effective use of worker time. "It's not only frustrating, but it also sucks up a lot of time," says Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), a nonprofit professional association, and field CISO at Hyperproof. There are strategies for meeting security's obligations to provide information without tying up CISOs and their teams too much, he and others say. McGladrey says automation is one such strategy, saying that "evidence of control operations should be automated, and evidence of effectiveness can also be automated."
The SEC approved new disclosure requirements. Here’s what you need to know.
Security Boulevard
August 01, 2023
Public companies will have to change a lot of their processes to adhere to these new rules. They’ll need to carefully evaluate the information they disclose about cybersecurity incidents, and those that don’t comply will potentially face investor lawsuits, SEC enforcement actions, and potential damage to their reputations. Board members will have to get up-to-speed quickly on their understanding of cybersecurity risk. CISOs will likely lean on platforms like Hyperproof to help educate their boards about their risk postures and how risk is mitigated at their companies. They can also use Hyperproof to inventory their controls when describing how they’re managing threats and risks to better answer questions from the board.
Managing Risk and Compliance Through a Recession
Solutions Review
March 24, 2023
As security professionals, managing risk and compliance efficiently during a recession is essential for our organizations. Here's a structured approach to evaluate control effectiveness and identify potential budgetary efficiencies:
• Gap Analysis: Map existing controls to documented risks, ensuring a consolidated inventory.
• Automate Evidence Collection: Simplify the process of gathering control operation and effectiveness evidence, fostering collaboration.
• Automate Control Testing: Implement automated testing to quickly identify and resolve issues, increasing overall effectiveness.
• Estimate Control Effectiveness: Assess control health to make data-driven decisions for risk reduction strategies.
• Evaluate Outlier Controls: Examine controls for potential budgetary efficiencies, optimizing resource allocation.
• Annual Control Assessment: Revisit the process annually to identify control gaps, inform budget planning, and drive cost savings.
• Leverage for Cyber Insurance: Use control assessments in conversations with insurers, potentially reducing premiums.
Adopting this end-to-end process can lead to a more secure organization, even in a challenging economic climate.
Hack Me If You Can
American Banker
February 21, 2023
A hacker can say that an institution has 90 days to fix a vulnerability before publicly divulging the secret, and for the vulnerable bank or credit union, that might come off as extortion or a threat. However, it is well within the boundaries of normal security research to do that, according to Kayne McGladrey, Field CISO for the security and compliance company Hyperproof.
The Ultimate Guide to Enterprise Risk Management
Hyperproof
December 13, 2022
Enterprise risk management is a nebulous, hard-to-define topic area. It encompasses a large variety of risks and procedures for the enterprise and it differs greatly from traditional risk management. So, what exactly is enterprise risk management? In this article, we’ll establish what it is, present common strategies for enterprise risk management, and emphasize the value of having enterprise-ready software to help simplify the process.
Three Key Predictions for 2023: The Year of Risk
ISACA
December 09, 2022
As we approach 2023, it’s natural to look back on the biggest security events that took place this year and anticipate their effect next year. The previous two years have shown that our world is full of complexity and uncertainty, despite all the advances in data collection, compliance operations automation, and SaaS technology. Risk modelers and analytics experts know we can’t predict or control the world with any degree of certainty, but it’s important to brace ourselves for the upcoming threats and new opportunities the coming year will present. Here are three key risk management predictions we have for 2023 that will shape the risk management industry.
How to Upgrade Your Security Program from ISO 27001:2013 to ISO 27001:2022
Hyperproof
December 08, 2022
Since the initial release of ISO 27001, the threat actor economy has diversified substantially, with both criminal groups and nation states developing and selling offensive cyber products and cyber surveillance solutions. In response, cybersecurity experts have documented and developed best practices and actionable guidance for organizations to effectively manage their cybersecurity risks. ISO 27001:2022 provides a risk-based reference set of information security, cybersecurity, and privacy controls that have been adopted by modern organizations as part of deploying cloud technologies and addressing data protection requirements driven by GDPR.
It's Time to Regard Cybersecurity as Human Safety
Industry Week
November 17, 2022
Cultural change takes time and is a journey, not a destination. Senior leaders, managers, and individual contributors all have a role and responsibility in ensuring that manufacturing companies stay safe from cybersecurity risks. Elevating cyber risks to the same level as safety risks will help companies to comprehensively understand and manage their risks now and in the coming years.
Best practices for cryptocurrency firms and digital currency firms managing money
Security Magazine
October 26, 2022
A Consent Order issued in August 2022 by the New York State Department of Financial Services (“NYDFS”) for a $30 million fine on Robinhood Crypto, LLC (“RHC”) shows that cryptocurrency firms are not immune from regulatory and legal obligations. The Consent Order can be read as a partial roadmap for similar firms in establishing best practices for ongoing successful compliance operations, which help firms to remain compliant and secure concurrently.
Based on the Consent Order, firms in this space should be prepared to demonstrate to NYDFS how their compliance programs meet the standards outlined in DFS regulations, particularly the Virtual Currency Regulation, the Money Transmitter Regulation, the Cybersecurity Regulation, and the Transactions Monitoring Regulation. Firms should also ensure that they have documented policies and procedures required by the Cybersecurity Regulation.
4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap
Dark Reading
October 17, 2022
ic and International Studies (CSIS) published the report "A Human Capital Crisis in Cybersecurity," which noted "there are about 1,000 security people in the US who have the specialized security skills to operate effectively in cyberspace. We need 10,000 to 30,000." Twelve years later, the Cyberspace Solarium Commission 2.0 Workforce Development Agenda for the National Cyber Director observed that "in the United States, there are almost 600,000 open cybersecurity jobs across the private sector and federal, state, and local governments — a remarkable gap considering that the field currently employs just over a million professionals." This is not an encouraging trend.
What Thoma Bravo’s latest acquisition reveals about identity management
Venture Beat
October 14, 2022
Identity management of users and devices is key for CISOs to manage the risks associated with unauthorized access to sensitive data and systems, according to Kayne McGladrey, Field CISO at Hyperproof and Senior IEEE Member. “From a control operations standpoint, the two most important capabilities are the ability to validate a user’s behavior when it deviates from the norm, and the ability to quickly de-provision access when it is no longer needed,’’ McGladrey told VentureBeat.
For example, if a user regularly logs in from Washington State using their Windows-powered computer to access a single program, there’s little reason to prompt them for a second authentication factor, he said. “But when the device changes, perhaps a new Mac computer that’s not configured correctly, or their location suddenly changes to Australia, they should be prompted for multifactor authentication as part of identity validation before being allowed to access those data,” McGladrey said. When a user leaves an organization, their identity access should be rapidly revoked across all platforms and devices. Otherwise, organizations run the risk of a threat actor using the older access and credentials, McGladrey added.
Banks can leverage automation, regulation for cyberattack prevention
Bank Automation News
October 13, 2022
Financial institutions can avoid becoming the next victim of a costly cyberattack by leveraging automation and existing legislation. Automation can help to mitigate risk when handling personal client information by storing records efficiently and securely, Kayne McGladrey, field chief information security officer at Hyperproof, told Bank Automation News. “If you don’t automate, that has a cost, because now people are spending their time doing control testing,” he said. “The organizations that recognize that are going to probably spend a lot less time on compliance and have a happier team, because they’re not doing routine stuff that they should have automated.”
GRC Platforms: 5 Features You Need
Hyperproof
September 29, 2022
"Choosing the right GRC platform is hard, but knowing what’s most important for you and your organization is key to choosing the right one. Ultimately, what matters most is that you find a platform with all the features listed above that will enable your team to maintain compliance without the headache of manual processes or inflexible legacy solutions."
Exploring the Advantages of Deploying DPUs in the Data Center
CIO Magazine
June 24, 2022
“Moving network and security functions to a DPU allows server CPUs to be more efficient at running core applications and operating systems without sacrificing security controls,” said Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions LLC. “DPUs should also expedite the application of Zero Trust principles by allowing finer-grained micro-segmentation of applications and networks so that there is limited or no unearned trust.”
Secure Collaboration: Adopt an approach that balances people and technology
CIO
March 21, 2022
“Make the security guardrails as invisible as possible to your end users and ensure that organizational change management is part of your planning for rollout,” says Kayne McGladrey, security architect, strategy and GRC practice lead at Ascent Solutions LLC. “This increases adoption of new collaboration technologies by ensuring that users are aware that the solution exists and understand that it’s easy to use. End users won’t use a solution specifically because it’s secure; rather, they’ll adopt it if it meets their needs easily and quickly.”
3 Phases to Simplify Cyber Risk Management
Ascent
March 07, 2022
Cybersecurity risk management exists to help businesses make informed decisions when allocating their limited resources. Although there are several ways of measuring risks and several more risk frameworks, there is no “right” way to conduct risk management other than consistency. Provided that a business documents, discusses, and acts on risk data, the supporting technologies and formulas are not particularly relevant to business leaders or board members.
Top 4 IoT data privacy issues developers must address
Internet of Things Agenda
February 23, 2022
"IoT device monetization strategies have nonobvious supply chain privacy risks. IoT device manufacturers may choose to incorporate one or more advertising or marketing APIs to generate incidental revenue that is unrelated to the primary subscription costs of the IoT device and service."
Top Three Use Cases for AI in Cybersecurity
DataCenter Knowledge
February 03, 2022
“The big things we’re seeing effectively in cybersecurity right now around AI is security incident and event management,” said Ascent Solutions’ Kayne McGladrey.
The reason is that it involves large pattern analysis, McGladrey told Data Center Knowledge, and AI is very good at doing large pattern analysis.
“It does that at a scale and speed that human defenders cannot match,” he said.
65 predictions about edtech, equity, and learning in 2022
eSchoolNews
January 03, 2022
Over the past year and a half, school administrators, teachers, and IT support staff and students themselves have been working in a complex threat environment. The pandemic and major increase in cyberattacks has resulted in closures for both in-person and online schools. While this will only continue into 2022, it will be importance for security and IT professionals that support schools to align their policies, procedures, and technical controls to a cybersecurity framework that fits the needs of their organization, such as the recently announced K-12 resources announced jointly by the FBI and CISA. Using a formal framework can help schools effectively identify and mitigate gaps in school security postures without substantial budget increases. Schools should also consider a quarterly exercise to re-audit their password stores, as the number of compromised passwords will only continue to increase in the year ahead. A password that was secure three months ago may have appeared in a data breach (especially since students and adults tend to use the same passwords for multiple accounts) and may no longer be a secure option. Although it’s hard to predict what’s to come for educational institutions moving forward and future of remote and hybrid learning is going to be uncertain, education professionals should expect to see threat actors continue to target schools that have not taken a proactive approach to cybersecurity and deployed the appropriate defenses.
Security in 2022 – Ransomware, APT groups and crypto exchanges pose key challenges
Security Magazine
December 09, 2021
Adopting zero trust strategies are a potential solution to mitigate the challenges of ransomware, bulk intelligence data collection, and technical threats to cryptocurrency. As zero trust is predicated on a continuous authentication of user and device identities based on prior known-good behaviors, unusual events from previously unknown devices will be far less frequent and the telemetry far more obvious for investigation by blue teams.
Reduce the risk of cyber attacks with frameworks, assessments
SearchSecurity
November 15, 2021
Large-scale cyber attacks will continue to pose a substantial risk to companies, individuals and economies in 2022. Several factors contribute to this trend, and unfortunately, policies and technical responses have yet to reduce the frequency and impact of cyber attacks.
Key Security Challenges for Smart Offices and Their Solutions
CMSWire
November 01, 2021
"The future of work is not what we were collectively promised in the days before the pandemic. Despite being nearly two years into the global pandemic, organizations are still in the process of redefining how their offices should be used now and in the future, which has lead to a surge in the adoption of smart, digital technologies."
Protecting schools in hybrid and remote learning environments
Security Magazine
October 14, 2021
There are three best practices that security professionals supporting schools can follow to help make the school year uneventful in their district: defending user identities, patching endpoints, and running quarterly tabletop exercises.
Three US state laws are providing safe harbor against breaches
CSHub
September 08, 2021
The affirmative defenses combined with making strategic decisions based on published facts is a compelling reason for organizations to select and plan to adopt a framework before the start of the next budgetary year.
A back-to-school plan for reaching the next generation of cybersecurity professionals
Security Magazine
August 30, 2021
To further diversify, our field needs better to present the career options and benefits to young people. Most new people in cybersecurity quickly learn that this is a collaborative, team-oriented job. Not everyone needs to write code; there are project managers, analysts, trainers, consultants, and marketing professionals. Our jobs pay a middle-class salary and are generally recession-proof.
What’s new in cybersecurity for physical security systems?
Source Security
June 01, 2023
The article explores the growing cyber resilience in the physical security industry, highlighting increased customer demands for compliance testing, the burgeoning use of cyber-safe cloud services, and the global adoption of the zero trust framework. It underscores the role of robust cybersecurity controls and the impact of IoT technologies in transforming physical security systems' connectivity and security posture.
Expert Panel Roundtable: What's new in cybersecurity for physical security systems?
Security Informed
June 01, 2023
Discover how manufacturers in the physical security industry are embracing enhanced cybersecurity measures and implementing them at scale. From streamlining maintenance and updates to integrating cloud solutions, these efforts aim to protect against evolving threats and human error. The article highlights the importance of compliance, secure communication, and training employees on best practices. Explore insights on zero trust principles, secure APIs, and evolving certifications, all contributing to the continuous improvement of cybersecurity in physical security systems.
Cyber Threat Prevention for PSOs: Credential Stuffing (Part 1 of 8)
PSVillage
May 17, 2017
Credential Stuffing, unfortunately, is not a new attack rather an existing attack that the bad guys have found a way to operate at economies of scale. Credential stuffing is a type of automated...
Cyber Threat Prevention for PSOs: Provisioning and De-provisioning (Part 2 of 8)
PSVillage
May 17, 2017
In this second episode of our 8 part series, Kayne McGladrey will be discussing Provisioning and De-Provisioning. In general, provisioning means "providing" or making a resource available. De-...
Cyber Threat Prevention for PSOs: Identity and Access Management (Part 3 of 8)
PSVillage
May 17, 2017
In this third episode of our 8 part series, Kayne McGladrey will walk you through three primary Identity and Access Management (IAM) systems available for your end users to have access to your...
Cyber Threat Prevention for PSOs: Privileged Access Management (Part 4 of 8)
PSVillage
May 17, 2017
In this fourth episode of our 8 part series, Kayne McGladrey will cover Identity Access Management system and a specific resource when it comes to where your client files are stored, or your...
Cyber Threat Prevention for PSOs: User and Entity Behavior Analysis (Part 5 of 8)
PSVillage
May 17, 2017
When a hacker has intercepted your credentials and login information and attempts to use that information, an effective User and Entity Behavior Analysis (UEBA) solution can be what saves you from...
Cyber Threat Prevention for PSOs: Multi-Factor Authentication (Part 6 of 8)
PSVillage
May 17, 2017
In this sixth episode of our 8 part series, Kayne McGladrey reviews Multi-Factor Authentication (MFA). MFA can be used in many instances to ensure the identity of a person trying to access or...
Cyber Threat Prevention for PSOs: Attestation Reporting (Part 7 of 8)
PSVillage
May 17, 2017
Kayne McGladrey discusses Attestation Reporting in the seventh video in this series. The goal of Attestation Reporting is to ensure that a user should have the access that has been requested and...
Cyber Threat Prevention for PSOs: Certification Campaigns (Part 8 of 8)
PSVillage
May 17, 2017
In this last video in the series of 8, We will see how the process of certification in consulting works. IGA, a governance administration tool, will produce certification reports and should work...
The proverbial endpoint is everywhere. Consumers have more IoT and mobile devices than ever before. Industrial IoT is becoming ubiquitous and IoT malware is as common as cell phones. While conveniences are making their way into every facet of life, so are malicious software, social engineering attack and all manner of bad actors.
Include Cybersecurity
Include Cybersecurity
January 05, 2018
Include Cybersecurity is a non-profit organization dedicated to changing the face of cybersecurity professionals. As a co-founder alongside Carmen Marsh, I am responsible for helping to find volunteers and speakers, moderating panel discussions, social media outreach, fundraising, and establishing connections with the many underrepresented communities in cybersecurity.
Senior member is the highest grade for which IEEE members can apply. IEEE members can self-nominate, or be nominated, for Senior Member grade.
To be eligible for application or nomination, candidates must:
* Be engineers, scientists, educators, technical executives, or originators in IEEE-designated fields
* Have experience reflecting professional maturity
* Have been in professional practice for at least ten years (with some credit for certain degrees)
* Show significant performance over a period of at least five of their years in professional practice
Top 50 IoT Influencers to follow in 2023
Engatica
November 08, 2022
Can IoT reach a level where businesses can build scalable solutions for the future? Will it help us have a better 2030? Well, the experts should know. And they should have a better idea of it.
Cloud Thought Leader of the Day ️
WhizLabs
July 09, 2021
Having 28+ years of experience in the field, Kayne McGladrey's role is to advise companies on how to uphold that social contract by managing risks and deterring and denying threat actors.
His consultative approach is the result of decades of experience working with Fortune 500 and Global 1000 companies. One of his career priorities is to inspire underrepresented communities to pursue careers in cybersecurity.
His simplification of complex concepts to non-tech audiences has given him more reach on his social platforms. His blogs are a must-read for both tech and non-tech people who are interested in cybersecurity.
Check out his blogs here: https://lnkd.in/efHU2Mp
Currently, he is working as Security Architect / Strategy and GRC Practice Lead at Ascent Solutions LLC, a premier productivity, security, and innovation consulting firm.
We thank Kayne for his exceptional contribution to the cloud discipline.
150+ Top Global Cloud Thought Leaders and Next Generation Leaders of 2021
WhizLabs
April 19, 2021
Having 28+ years of experience in the field, Kayne’s expert approach on how to uphold that social contract by managing risks and deterring and denying threat actors is appreciated by many companies. One of his priorities is to inspire under-represented communities to pursue careers in cybersecurity. His simplification of complex concepts to non-tech audiences has given him more reach on his social platform. His blogs are must read for both technical and non-technical people who are interested in cybersecurity.
Top Cyber Pro Awards for 2020
Top Cyber Pro
December 01, 2020
Kayne McGladrey is a senior member of the IEEE and the cybersecurity strategist for Ascent Solutions. He has over two decades of experience in cybersecurity and has served as a CISO and advisory board member, and focuses on the policy, social, and economic effects of cybersecurity lapses to individuals, communities, and the nation.
What is End-To-End Encryption? 7 Questions Answered
IEEE Transmitter
August 17, 2023
“End-to-end encryption is generally agreed upon as being a useful technology for protecting the data of businesses and consumers,” said IEEE Senior Member Kayne McGladrey. “Online shopping, for example, would not be as popular or feasible if a consumer’s payment information could easily be intercepted. Similarly, private video calls over the internet by senior executives or government officials would be far too risky if anyone could watch.”
Telehealth is Booming: Here’s What You Need to Know
IEEE Transmitter
October 26, 2020
Telehealth, often referred to as virtual doctor appointments, has been utilized in remote regions that do not have local medical resources for several decades. But when COVID-19 began impacting many countries across the globe, telehealth became the go-to method for checking in with your doctor about possible COVID-19 symptoms or other healthcare check-ups.
How to Keep Your Video Conferences Secure From Intruders
IEEE Transmitter
April 16, 2020
As the world adjusts to a “new normal” of remote education and work, video conferencing services have surged in demand as people take to these platforms to connect digitally. Yet, these platforms are susceptible to a variety of intrusions that could lead to the theft of private and company data or inappropriately distracting calls and meetings that leave participants feeling they have no control.
To protect your students, employees, families and yourself from these types of cyber disruptions, we asked IEEE Member Kayne McGladrey for cybersecurity tips for safe video conferencing.
Decreasing Risk Through Enterprise Compliance
CSHub
March 02, 2020
Compliance is often viewed as a reaction for organizations. The auditing of compliance becomes the event that is anticipated with resources and preparation aligned to culminate in the audit itself. A famous approach used in product development is that launch is a process, not an event. The spirit of that message is important for security leaders to consider in building a sustainable business case for compliance. Compliance should be viewed as a continuous, organizational process.
Should You Be Worried About Airport Cybersecurity Threats?
IEEE Transmitter
February 13, 2020
Navigating and traveling through an airport can be stressful. Trying to get through security while searching for a boarding pass and assessing whether there’s enough time to jump on that long line for a desperately needed cup of coffee is a universal experience.
With all of that juggling going on, the last thing on your mind are the cybersecurity threats that you might encounter at the airport along the way. Luckily, cybersecurity experts have already put into place a variety of technologies to protect us and keep our cyber lives safe while we travel. So take a deep breath and focus on getting to your seat in a timely manner instead.
Passwords, Multi-Factor Authentication and Cybersecurity
IEEE Transmitter
April 16, 2018
Device location and user behavior can shed a lot more light on a login attempt, yet not all MFA solutions currently incorporate them, says McGladrey. If organizations switched to better access management systems, the cost to successfully infiltrate accounts would rise exponentially, barring “all but the best-funded nation-state actors and APTs.”
Why AI Could be Cybersecurity’s Next Big Thing
IEEE Transmitter
February 16, 2018
For many organizations, analysts in security operations centers spend their days sifting through hoards of log files for suspicious activity. The repetitive nature of this work makes AI an ideal replacement, says Kayne McGladrey, IEEE Member, Director of Information Security Services at Integral Partners (US): “Artificial intelligence has been shown to be good at pattern recognition and correlation over a vast number of data points, and can make connections faster than human analysts would.”
Smart Office Controls
IEEE Transmitter
April 20, 2017
Forget light switches and thermostat buttons in the office. IoT sensors can control when lights go on and off, as well as heating and cooling in the office. Lights can go on and off based on your location.
IOT and Big Data: A Day in a Connected Life
IEEE Transmitter
April 05, 2017
How could your data be used?
“Office workers often find that all the meeting rooms are booked, which can mean consulting teams that arrive to meet with a client must search for an unoccupied meeting room in which to squat. Regardless of reservation status, IoT sensors can impassively detect if meeting rooms are unoccupied and offer them on a first-come, first-served basis.”
What are the security and privacy concerns with this device?
“Insecure IoT heating, ventilation and air conditioning systems are a threat to buildings and cities. For example, in the summer, a hard-coded administrative password in an IoT thermostat deployed in smart buildings in New York City could be compromised by an adversary who forces the thermostats to continuously run cooling systems. The spike in electrical usage could cause a very costly, life-threatening blackout.”
Understanding Cybersecurity Breaches at Consulting Firms
IEEE Transmitter
March 30, 2017
Cybersecurity threats are affecting consulting and professional service firms causing substantial losses. Kayne McGladrey (@kaynemcgladrey), an IEEE Member and professional services director, weighed in on how consulting firms can mitigate threats, keep client data safe and learn from current breaches.
2023 IT Compliance and Risk Benchmark Report Findings: The Top 5 Game-Changers
Hyperproof
February 23, 2023
Hyperproof conducts an annual survey to uncover the top challenges IT compliance professionals face and what hot topics they’re focused on in the coming year. We’ve asked over 1,000 survey respondents about their pain points, IT risk and compliance budgets, staffing, risk management best practices, and much more to provide an in-depth view of the market’s current state and what to prepare for this year.
We’ll cover:
The top five findings from the survey
How your peers are planning to handle compliance, audit management, and risk management in the midst of a volatile economy
What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations
Leading practices for ensuring security, compliance, and risk management today
Closing Keynote - The Most Common Visibility and Compliance Lapses in Your Cloud Vendors’ Environments.
SC Magazine
May 17, 2022
Whenever a key business function is hosted by a cloud-based vendor, your organization cedes a certain amount of control to the service provider. And that sometimes means that your security team lacks visibility into how this third party handles sensitive data and to what degree it successfully meets regulatory compliance standards around privacy and data security. This session will identify some of the most common gaps in visibility and compliance to develop between companies and their SaaS, PaaS and IaaS providers, and explain the root causes behind these lapses so that your own company hopefully can avoid some of these pitfalls.
Opening keynote speech at the Seattle Electrical Conference
Seattle Electrical Conference
December 22, 2020
Our key note speaker Kayne McGladrey today will discuss Cybersecurity. Keeping our websites and our networks secure is one of our biggest challenges in our digital age.
Keynote speech at CIA Conference 2020
CIA Conference
October 26, 2020
Prepare and adapt yourself to evolving threat landscape by listening to our next keynote speaker Mr. Kayne McGladrey, will speak on "Deter, Deny and Defend Against Cyber Attacks."
24th Annual Colloquium for Information Systems Security Education - November 4th, 2020
Colloquium for Information Systems Security Education
September 28, 2020
On November 4th at 8:15 AM Pacific, Kayne McGladrey, CISSP, will give the keynote speech at the Colloquium for Information Systems Security Education and discuss the social and economic impacts of cyber security during a pandemic. Registration is free.
Tags: COVID19, Cybersecurity, Diversity and Inclusion
TAG Cybersecurity - February 2020 Meeting
TAG NW
February 03, 2020
Featured Presentation:
"Best practices for cyber security training programs" by Kayne McGladrey, CISSP
Employees dread the meeting invitation that reads 'Annual mandatory cyber security training in the break room at 1 PM Wednesday'. In this presentation, we'll discuss best practices for creating a reality-based training program that encourages employee participation and builds organizational muscle memory for responding to active threats.
Deter, Deny, and Defend Against the Three Most Common Cyber Attacks
TagNW
November 08, 2019
Cyber attacks are bad and getting worse, and you’d like to turn things around before it’s too late. In this session, you’ll learn how the three most common attacks target people, how to deter and deny threat actors attacking your applications, and how to defend yourself and your community.
Cybersecurity Career Accelerator EXPO
Include Cybersecurity
December 01, 2018
The Cybersecurity Career Accelerator Expo 2018 program is an opportunity for anyone interested in cybersecurity to come receive – and share – useful and relevant information critical to launching – or advancing – a career in cybersecurity. This day-long symposium will be divided into two tracks with sessions designed to benefit novice, entry-level and advanced cybersecurity professionals. The content will be presented in a combination of lectures, workshops and expert panel formats.
Cybersecurity Career Accelerator Expo 2018 is part of the “Include Cybersecurity” initiative focusing on cybersecurity workforce development in the Sacramento Valley. Our mission is to spark interest within traditionally underrepresented groups in exploring an exciting and rewarding career in cybersecurity.
Include Cybersecurity Event 2018
Include Cybersecurity
September 06, 2018
Our panel discussion on September 6th, 2018 presents an opportunity for anyone interested in cybersecurity to learn firsthand from the experts what it takes to succeed. A significant portion of this event will be questions from the audience.
The panelists and speakers are passionate cybersecurity defenders. They are experts in the field and bring first-hand knowledge of what it’s like working as part of a cybersecurity team and how to take the first steps to join this growing community.
Include Cybersecurity 2018
Conferize
September 06, 2018
Every day your news feed has a story about cybersecurity. About a friend that has to replace their credit card due to a breach. A couple that’s trying to repair their credit report due to identity theft. A business laying off staff because of losses from a phishing email.
You are not powerless. All communities are affected by cybercrime, but not all groups of people are working together to fight back against cybercriminals. Our goal is to educate and empower job seekers of all stripes to take the plunge into the cybersecurity world. We want to dispel common myths about what it takes to succeed in a cybersecurity job so that the cybersecurity industry represents the diversity of our nation.
Cybersecurity for Outside Counsel
Clear Law Institute
October 05, 2017
A 2016 American Bar Association survey showed that more than 25% of law firms had at least one data security breach in that year. In the spring of 2017, the Association of Corporate Counsel (“ACC”) released their Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information (“Model ”). The Model provides best practices for data security that outside counsel should use to safeguard their company’s confidential information.
This webinar will show how outside counsel can best implement the ACC’s recommendations to avoid a potentially catastrophic data security breach. Instead of focusing on the easy and self-evident solutions to sections 3, 4, 7, and 8 of the Model, this presentation will focus on the areas where external counsel is most likely to encounter difficulties.
CYBER SECURITY FOR SMALL BUSINESSES AND CONSULTANTS
IEEE
August 08, 2017
Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey, speaker, author and Director of Information Security Services for Integral Partners (http://www.ipllc.co) for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses.
Kayne will discuss:
- Why you should manage risks based on user identity instead of chasing the latest threats
- How individual consultants can protect themselves
- A vendor-neutral reference architecture for cyber security at small businesses
We will have time for Q&A at the end of the presentation.
Cybersecurity for consultants and small businesses
IEEE-USA
March 30, 2017
Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey , speaker, author, and IEEE Member for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses. Kayne will discuss:
- Why you should manage risks based on user identity instead of chasing the latest threats
- How individual consultants can protect themselves
- A vendor-neutral reference architecture for cyber security at small businesses
We will have time for Q&A at the end of the presentation.
Emerging cyber threats in 2023 from AI to quantum to data poisoning
CSO Online
September 08, 2023
Kayne McGladrey, field CISO at Hyperproof, has seen the evidence. He worked with one organization whose executives received a contract for review and signature. "Nearly everything looked right," McGladrey says. The only noticeable mistake was a minor error in the company's name, which the chief counsel caught. But Gen AI isn't just boosting the hackers' speed and sophistication, it's also expanding their reach, McGladrey says. Hackers can now use gen AI to create phishing campaigns with believable text in nearly any language, including those that have seen fewer attack attempts to date because the language is hard to learn or rarely spoken by non-native speakers.
Universities Tap Student Talent to Support Security Operations
EdTech Magazine
August 25, 2023
“Not all high schools are promoting cybersecurity as a career option, and working in the SOC can have the knock-on effect of bringing people in who were unaware of the field before,” says Kayne McGladrey, a senior member at IEEE. Even if they don’t go on to take cyber jobs, “working in the SOC gives them exposure to some of the language and risks common in cybersecurity,” he says. “Then, if they’re working as developers, it’ll influence the direction by which they create things. They’ll at least have security in mind.”
Expert: Generative AI won’t harm cybersecurity workforce
SC Media
August 23, 2023
TechRepublic reports that generative artificial intelligence has been touted by Hyperproof Field Chief Information Security Officer Kayne McGladrey to not hamper employment opportunities in cybersecurity.
Continuous cyberattack innovation and supply chain diversity among threat actors would ensure that humans will not be displaced by generative AI, said McGladrey in an interview at the Black Hat security conference.
"We're going to need to continuously adapt the tools that we have with the people we have in order to face the threats and risks that businesses and society continue to face," said McGladrey.
The Cyber Ranch Podcast
The Cyber Ranch Podcast
August 16, 2023
Did you miss Black Hat this year? Well you won't miss the great conversations that were had, as Allan captured so many good ones for this special Black Hat retrospective episode.
Criminals Are Flocking to a Malicious Generative AI Tool
GovInfoSecurity
July 27, 2023
Kayne McGladrey, field CISO at Hyperproof, told ISMG that while there are jailbreaks to work around limitations in commercially available AI systems, they're inconvenient for threat actors to run at scale. "Jailbreaks introduce friction into software developer workflows, forcing users to periodically adapt their prompts based on changes introduced by the AI toolmaker. One of the potential benefits of using an AI intentionally developed for malicious activities is that jailbreaks are not necessary," McGladrey said.
How Will the New National Cybersecurity Strategy Be Implemented?
Information Week
July 21, 2023
Kayne McGladrey, field CISO at Hyperproof, hopes that a future version of the plan will get more granular. “Industry-specific guidance is missing, as hospitals, banks, and SaaS startups all have different cybersecurity needs and available resources,” he says.
How the Social Media Platform Discord is Helping Parents Keep Kids Safe
Parents Magazine
July 19, 2023
"Discord initially was used as a way for gamers to hold real-time voice and text chats in games that either didn't support real-time communications or where the in-game system wasn't robust," says Kayne McGladrey, a senior member of IEEE, a professional organization for technology and engineering. But the platform gained popularity, particularly during the COVID-19 shutdown. "During the pandemic, Discord emerged as a free alternative to Zoom for gamers, friends, cryptocurrency enthusiasts, and other communities to host remote events," McGladrey says.
There’s a handy new label to tell you if your gadget is easy to hack or not
Vox
July 19, 2023
On Tuesday, the White House announced that we’ll soon get those IoT labels: The US Cyber Trust Mark, which looks like a shield with a microchip on it, will be on products that have cybersecurity protections. Kayne McGladrey, field CISO for Hyperproof, expressed reservations about the mark. His concern is that Cyber Trust Marked devices could be sold at a premium to account for the increased cost of cybersecurity measures, which could lead to most consumers simply choosing whatever’s cheaper, rendering the program ineffective. He also noted that it won’t address all the devices that pre-date the Cyber Trust Mark and are already in people’s homes. “For example, LED light bulbs have lifespans of tens of thousands of hours, which means that insecure light bulbs will be a feature of the IoT landscape for the coming decade or longer,” McGladrey said in an email.
Why and how CISOs should work with lawyers to address regulatory burdens
CSO Online
July 19, 2023
As the regulatory burden increases, organizations and CISOs are having to take ownership of cyber risk, but it needs to be seen through the lens of business risk, according to Kayne McGladrey, field CISO with Hyperproof. Cyber risk is no longer simply a technology risk. "The problem is, organizationally, companies have separated those two and have their business risk register and their cyber risk register, but that’s not the way the world works anymore," says McGladrey.
He believes the Securities and Exchange Commission (SEC), the Federal Trade Commission, FTC and other regulators in the US are trying to promote collaboration among business leaders because cyber risks are functionally business risks. McGladrey thinks most CISOs understand this, but that doesn't necessarily extend to the other leaders in the business. "Can we just please have one risk conversation with people and plan that out appropriately," he says.
How Discord's Parental Controls Can Keep Kids Safe
Lifewire
July 18, 2023
Discord relies heavily on server moderators to enforce community rules, IEEE Senior Member Kayne McGladrey said via email. This moderation is done on a server-by-server basis.
“In practice, this enables smaller private servers to feature far more informal conversations and rules than a public community server – it's possible that kids can see hateful content, such as racism or cyber-bullying, happen on these types of servers where the moderators are less engaged,” McGladrey added.
Data de-identification: Best practices in the new age of regulation
VentureBeat
June 15, 2023
Confidential computing also is an emerging technology meant to protect data in use, said McGladrey of the IEEE.
“Confidential computing can allow the processing of data from multiple parties without sharing the input data with those other parties,” he said. “For example, if an organization wants to perform processing on a large set of healthcare data collected from multiple third-party organizations, properly configured confidential computing potentially permits those third parties to provide their data for processing in aggregate. In this scenario, not even the cloud provider can see the cleartext data provided by the third parties, or the results.”
The risks of 5G security
TechRepublic
January 25, 2023
Kayne McGladrey, field CISO at HyperProof.io, explained the dangers of such an approach. “Low-cost, high-speed and generally unmonitored networking devices provide threat actors a reliable and robust infrastructure for launching attacks or running command and control infrastructure that will take longer to detect and evict,” he said. McGladrey also pointed out that as organizations deploy 5G as a replacement for Wi-Fi, they may not correctly configure or manage the optional but recommended security controls. “While telecommunications providers will have adequate budget and staffing to ensure the security of their networks, private 5G networks may not and thus become an ideal target for a threat actor,” he said.
Three Keys to Protecting the Corporate Network in the Era of Hybrid Work
CIO
January 19, 2023
“Organizations should invest in a combination of asset management, endpoint detection, data loss prevention, cloud-based managed detection and response, and patch or vulnerability management,” says Kayne McGladrey (@kaynemcgladrey), Field CISO at Hyperproof and Senior IEEE Member. “Of those, asset management is the starting point, as an organization should have visibility into the devices accessing corporate data and be able to select and apply appropriate controls to those devices. Those controls then may include endpoint protection or data loss protection, for example, if exfiltration of sensitive corporate data may result in compliance violations.”
How to design a cyber-secure organizational structure
Workflow
January 17, 2023
Kayne McGladrey, who consults with individual clients for the security firm Hyperproof, recommends reviewing corporate governance procedures to ensure that a committee can have real clout. “If it doesn’t have the authority to make independent decisions, you can have a lot of smart people who make recommendations that go nowhere,” he says.
GitHub disables NoName accounts. Russia dismisses reports of cyberespionage attempts against US National Laboratories. The Royal Mail cyber incident is now identified as ransomware attack. An update on the NOTAM issues that interfered with civil aviation. A Citrix vulnerability is exploited by ransomware group. CISA publishes its annual report. Bryan Vorndran of the FBI Cyber Division calibrates expectations with regard to the IC3. Our guest is Kayne McGladrey with insights on 2023 from the IEEE. And Positive Hack Days and the growing isolation of Russia's cyber sector.
The four pillars of cloud security
CSHub
December 13, 2022
“We talk about ‘data breaches’ because of regulatory and statutory definitions that focus on the disclosure of data. An organization’s security strategy should work with the end in mind and focus heavily on denying threat actors access to those data with the highest regulatory, statutory, or contractual risks.” Kayne McGladrey, Field CISO at Hyperproof
Top cybersecurity threats for 2023
Tech Republic
November 22, 2022
“Out of all the CISO’s and security leaders I’ve spoken with over the last three months, the main theme of 2023 is going to be ‘the year of risk,’ and a lot of that risk we’re talking about at this level is regulatory,” said Kayne McGladrey, Field CISO at Hyperproof.
Are we building cyber vulnerability into EV charging infrastructure?
GCN
November 22, 2022
“Right now, there's a bit of a Wild West mentality out there,” said Kayne McGladrey, field chief information security officer at security software company Hyperproof and a senior member of the Institute of Electrical and Electronics Engineers. “Companies are incentivized for being first to market, not necessarily most secure to market. Because security costs money and because it requires time and resources, naturally that becomes a lower priority.”
Using Technology To Address Loss Prevention During The Holidays
Security Informed
November 16, 2022
Although retail shrink may happen through administrative errors and employee fraud, many retailers may choose this year to focus primarily on customer theft, which includes organized retail crime (ORC) and shoplifting. Numerous solutions providers are touting AI-based solutions that often leverage the existing surveillance cameras in stores and add facial recognition. Facial recognition technology, however, has legitimate privacy concerns and issues with accuracy. A more robust and secure solution for retailers is to deploy RFID tags on merchandise. These are superior to traditional electronic article surveillance (EAS) systems, as they can record specific details about inventory and the movements of those goods throughout a retail environment. The use of RFID tags when combined with EAS allows retailers to reduce retail shrink without unintended consequences.
What Are The New Developments In Networking And Connectivity For Security?
Security Informed
November 11, 2022
The growing acceptance of Zero Trust as a legitimate security architecture is a significant improvement in the past decade for modern cyber security. Although initially maligned as a marketing buzzword, and still unfortunately misused in product announcements, zero trust now reflects table stakes to support the needs of hybrid and fully remote workforces. Network connections should no longer be implicitly trusted because of a user’s location behind a corporate firewall or the use of a company’s VPN. Rather, each transaction and connection from a user and their associated device should be inspected and validated to confirm that the access is appropriate. The ability of network solutions to provide both real-time telemetry and controls, so that an automated and external policy engine can take enforcement actions is also a recent improvement, as networking equipment vendors historically tried to place their products and subscriptions at the center of cyber security strategies. Today’s effective networking solutions integrate well with other solutions to provide one part of a holistic cyber security strategy.
Plugging the gaps: Can the metaverse be a safer place than today’s internet?
Financial Express
November 08, 2022
“We already have security challenges that we haven’t been able to adequately address,” said Kayne McGladrey, IEEE Senior Member and Field CISO at Hyperproof. “The metaverse is likely to inherit these challenges. For example, phishing and theft of credentials have carried over to the metaverse. We’ve seen NFT and cryptocurrency scams, too, in the metaverse.”
How to prevent security practitioner burnout
CSO Online
October 18, 2022
Stress and burnout are endemic in our industry, and companies need to evaluate that as they're considering how to retain cybersecurity experts. We're already facing a hiring shortage of new folks.
Noberus Amps Its Tactics: How IT Leaders Can Keep Up with Evolving Ransomware
Information Week
September 30, 2022
The updates to Noberus are concerning but expected. “This is the new normal. Criminal groups will continue to reinvest part of their profits in research and development to drive the innovation cycle of development and distribution of their unwanted products,” says Kayne McGladrey, field CISO at Hyperproof.
Cybersecurity Breaches Are in the News: How Internal Assessments Can Help You Avoid One
ISACA
March 22, 2023
Emerging from a global pandemic, businesses must re-evaluate their processes and procedures to adapt to the new normal. This includes the Risk Management processes. It is more than an ever for businesses to implement processes that will safeguard the company’s assets which includes information. An asset is something of value and in today’s society information is very valuable and must be protected. How does an organization ensure the confidentiality, integrity, and availability of its information assets and the systems that support them? The digital transformation continues, and new technologies continue to emerge. This virtual summit will cover topics that will cover tools and techniques necessary to identify, assess and respond to risk associated with emerging technology and the company’s assets.
Panel Discussion: Navigating the Maze of New Cyber & Privacy Regulations – Keys to Avoiding Regulatory Action
Compliance Week
February 15, 2023
* Deep dive look into interpreting the different emerging US data privacy state laws and the consequences of non-compliance
* Learn about the requirements of the SEC cybersecurity rules and the ramifications for public companies
* Discuss the security programs that need to be implemented to comply with local and international regulations and rules.
ISACA Virtual Summit 2022: Pursuing Digital Trust
ISACA
December 07, 2022
The digital space is the primary method of retaining data and transacting in today’s business landscape. But with the increase in cyberattacks, scams and security breaches, a secure digital world is more important than ever. Cybersecurity, risk, data privacy, governance and assurance are essential processes in the modern business landscape and are critical to helping enterprises become digitally trustworthy, enhance their reputations and increase their brand loyalty with consumers.
Streamlining GRC Controls to Optimize Cybersecurity
IT GRC Forum
November 17, 2022
On this webinar, we will discuss how to streamline GRC controls and optimize cybersecurity risk management processes, to enable leaders to determine what investments best reduce risk with the best return on investment (ROI). Attendees will learn how to:
* Simplify GRC and security operations by reducing the number of controls your organization has to deal with, therefore reducing its workload to test and audit the controls
* Develop a set of controls baselined to the internal and external requirements that your organization needs to meet
* Enable both security process automation and enterprise risk decision-making
* Shrink your organizations cybersecurity attack surface
Finding a long-term solution to curb Cybercrimes in the digital sphere: A Global Perspective
WebForum
November 08, 2022
This was the 7th series of WebForum which was in line with this year’s International CyberSecurity Awareness Month theme "See you in cyber - #becybersmart” held on 28th October 2022.
Curbing Cybercrimes in the digital sphere. #becybersmart - DCA Digital WebForum
DotConnectAfrica
October 25, 2022
The findings of the webforum will inform African countries, businesses, and the global community of the key issues that need to be addressed in order to curb cyber crimes from ethical hacking, implications of data sovereignty and cloud, implications of metaverse and Web 3.0, and data privacy in the cloud. It will also demonstrate the global community’s commitment to the shared objective of protecting citizens, businesses, and organizations in the digital era. This will be imperative to prevent more damaging cyber-attacks, which could have devastating impacts.
SECtember 2022: Transforming Security Along with the Business
SECtember
September 28, 2022
As we all know, decisions that get made to transform the business are not always the best decisions for security. Especially with the accelerated digital transformation of the last few years, now is the time to reassess whether security teams have been properly tracking and addressing all cloud and digital assets that their organizations have taken on. This panel of experts will discuss the challenges of tracking cloud assets, if their risk is being properly measured, and ultimately whether security teams are properly supporting business transformation decisions.
The Future of Health Tracking Apps
CIO Tech Talk
September 01, 2022
Join us live on Twitter Spaces as we discuss:
* how safe patient medical information is with tech firms?
* the challenges health tracking apps present for users?
* how can users protect their data while still using health tracking apps
* red flags users should look out for when choosing or using health tracking apps
* What can tech firms do with data from health tracking apps
Cloud Adoption Outpaces Security
Sub-Four Capital
May 24, 2022
Cloud adoption has been rapidly rising for years and exploded as a result of the COVID-19 pandemic. With a remote workforce, companies needed the accessibility, flexibility, and scalability offered by cloud-based solutions. However, while many companies are moving rapidly to the cloud, security is lagging behind. Cloud infrastructure is very different from an on-premise data center, and these differences introduce unique security challenges. Many companies are still working to understand these differences, leaving their cloud deployments at risk. For many companies, the security of their public cloud infrastructure is a significant concern.
Preparing and Issues to Consider in an Incident Response Plan (IRP)
Sub-Four Capital
May 24, 2022
When it comes to data breaches, they say not if but when. Preparing your business to quickly and competently respond to a data incident starts with the creation of an Incident Response Plan. Understanding the topics covered in an IRP and then making choices that are best for your business helps ensure that the IRP will work in your time of crisis response.
Cyber Threats, Cyber Vulnerabilities: Assessing Your Attack Surface
Dark Reading
November 17, 2021
Today’s cybersecurity environment features a wide range of available threat intelligence, ranging from simple vulnerability alerts to commercial services that monitor threat actor behavior. But how can you use that data to assess the security posture of your own organization? How can you harness threat intel to measure cyber risk? In this panel, threat intelligence experts offer advice and recommendations on how threat intelligence can be used as a means to measure your attack surface.
Returning to the Office: Security Threats and Proactive Solutions
Ascent Solutions
May 13, 2021
A year after the pandemic began, employers are now considering how to welcome their employees back to the office. Join Ascent cybersecurity leaders, Derek Swenningsen and Kayne McGladrey for a discussion on the challenges and threats that are emerging in the modern workplace.
While there are obvious threats, such as threat actors sending phishing lures with fake return to work information, there are less obvious threats, such as IT assets that have not connected to your corporate LAN in a year.
Our experts will take audience questions and discuss the proactive cybersecurity steps that businesses and organizations can take to prepare for employees returning to offices in a hybrid working environment.
How Hackers Used and Abused the Pandemic to Profit
Infosecurity Magazine
March 24, 2021
In this session, a panel of experts will reflect on the various ways in which hackers have targeted the pandemic over the past 12 months, lifting a lid on the methods employed and outlining how businesses and users can best protect themselves from ongoing COVID-related attacks, scams and fraudulent activity.
CISO Perspectives: Zero Trust-As-A-Service
CSHub
November 05, 2020
Join Pulse Secure’s Global Chief Security Architect and Ascent Solutions cybersecurity strategist Kayne McGladrey, CISSP in this webcast to learn about:
- The shift in security challenges, current security concerns, and potential challenges in the future
- Main components of Zero Trust-as-a-Service
- How Zero Trust-as-a-Service solves security challenges in a hybrid IT environment
- Zero Trust-as-a-Service implementation and deployment considerations
- How Zero Trust security practices can help you prepare and build a business continuity plan that withstands the unexpected and future security concerns
This webinar will take place on:
November 05, 2020
11:00 AM - 12:00 PM EST
#IDGTechtalk : A 2019 Recap and 2020 Predictions
IDG Communications, Inc.
December 19, 2019
We will be discussing 2019 trends and looking ahead to a new decade of amazing tech advancements at the final #IDGTechTalk of the year. Join us on Twitter by following #IDGTechTalk at 9 AM Pacific on December 19th, 2019.
Panel Discussion: Who is responsible for Cyber Security in the enterprise?
Cyber Security Hub
November 13, 2019
Cyber Security is still primarily seen as an ‘IT issue’ and this often means that security often gets “bolted on” rather than embedded in a company’s ecosystem. In this panel discussion, discover why everyone within the business is responsible for Cyber Security and how to educate the enterprise on safeguarding customer data.
Key takeaways
- Improve security by creating a culture of healthy suspicion
- Encourage the executive board to communicate policies
- Ensure best practice is maintained throughout your business
Interview with Kayne McGladrey - The Other Side of the Firewall
Ask a CISSP
September 14, 2023
In this very entertaining episode of The Other Side of the Firewall podcast, we'll learn Kayne's amazing cybersecurity "origin story" and discuss the need for more diversity of culture and thought within cybersecurity. We'll also go into upcoming Federal and State policy and how he and his team have developed the tools necessary to keep up with the future of Governance, Risk, and Compliance. Don't miss out!
On The Hook Eps 9 w/ Kayne McGladrey - CISO Mansion of Madness
On The Hook
August 10, 2023
Ever wonder why hackers wear hoodies? Or why should you be concerned if your government job has a good view? Or what the most money-sucking board game is? ell this is the episode for you! We met Kayne’s cat, talked about old computers, ethics issues in AI, funny stories from Kanye's first job, comical failings of physical security from Kayne’s audit days, and of course board games again!
The Truth Behind Automating Compliance Controls
EM360
February 09, 2023
In this episode of the EM360 Podcast, Analyst Richard Stiennon speaks to Kayne McGladrey, Field CISO at Hyperproof to explore: Automating compliance controls vs SOAR automation, Helping CISOs, and if one master set of controls cover multiple frameworks
What Businesses other than Banks Need to Know about Gramm-Leach-Bliley [Podcast]
Compliance and Ethics
January 17, 2023
The Gramm-Leach-Bliley Act (GLBA) is typically referred to in the context of financial institutions. It requires offerers of consumer financial products to explain how they share information and protect sensitive data. It’s not, however, only banks that fall under GLBA’s umbrella. New rules will affect retailers offering credit terms to their customers, higher education institutions that administer federal student aid and others a well, explains Kayne McGladrey, Field CISO for Hyperproof.
Cyberattacks and How to Defend Against Them with Kayne McGladrey
The Cameron Journal Podcast
June 13, 2022
"In this episode, we're talking with Kayne McGladrey about cybersecurity, cyberterrorism and how to defend against these attacks at the personal, corporate, and national levels. I've been working on research for my next book and I knew that I had to talk to him to see what we could do to defend against this new and pernicious form of war. "
Telehealth: Emerging Security, Privacy Issues
Healthcare InfoSecurity
July 09, 2021
"While the use of telehealth has surged during the COVID-19 pandemic, the data security and privacy concerns for both patients and healthcare providers have also increased, says cybersecurity strategist Kayne McGladrey"
Episode 6: Securing the fast-moving digital world
CIO
March 03, 2021
You have a remarkable economic incentive for threat actors to do their job. Unlike a fire, threat actors innovate. There's not some new way we're going to have a fire. I guarantee you by the end of the week, we're going to have a dozen new ways for threat actors to do their jobs.
Making cybersecurity more effective in the age of cloud and COVID-19
Deloitte
December 10, 2020
Cybersecurity has always been a critical task that must be handled effectively. However, cloud—and more recently—COVID 19—have exacerbated cybersecurity issues and changed the security landscape. In this episode of the podcast, Mike Kavis and guest, Ascent Solutions’ Kayne McGladrey, discuss cybersecurity in the context of cloud, and vis-à-vis the changes wrought by the pandemic. Kayne’s take is that the transition to cloud and the pandemic have exposed and magnified issues that have always been a problem, and that companies should not skimp on cybersecurity, in favor of spending on other “more pressing” projects. The key to success is to focus on data, automation, and risk assessment.
Episode 179: CISO Eye on the Virus Guy – Assessing COVID’s Cyber Risks
The Security Ledger
March 26, 2020
To get a sober assessment, we invited Pensar CISO and IEEE member Kayne McGladrey, CISSP into the studio to talk about the variety of risks that remote working introduces. There are some new risks that companies need to account for: from remote access bottlenecks to prying eyes in insecure home offices to insecure home workstations.
Don't Forget the Cybersecurity!" on The Wave of Change with Tony Flath
The Wave of Change
January 10, 2020
Episode 005 - "Don't Forget the Cybersecurity!" A great chat with IEEE member, spokesperson and cybersecurity ninja, Kayne McGladrey @kaynemcgladrey all about the cybersecurity landscape and emerging technologies. He covers the ways cybersecurity is emerging too to address many cyber concerns providing better threat protection. We also discuss AI, Analytics, and Automation and the role they play in the cybersecurity landscape, and insights on the weird and wild world of Social Media and Cyber Awareness.
The Future is Now: Podcast
Aurora IT
February 27, 2018
The team at Aurora IT interviewed me for a feature-length podcast on cybersecurity. Listen to hear about third-party attacker tactics, managing cyber risk, multi-factor authentication, and why a lack of diversity is a threat to public safety.
Episode 20 - Interview with Kayne McGladrey on Multi-Factor Authentication
Insider Threat Podcast
October 02, 2017
We made it to 20 episodes! I know some people don't like it when you talk about milestones like this, but I'm doubly excited for this one because I finally get to publish my interview with Kayne McGladrey from Integral Partners. I know many of your have been scrambling to finish up the quarter or fiscal year, depending on your industry, so hopefully this will give you an opportunity to sit back, relax, and listen to the excellent information that Kayne provided.
Zero trust from edge to cloud: not one-and-done
CIO Magazine
August 30, 2023
“The only meaningful consideration of zero trust adoption is when the board and CEO are willing to trust and partner with the CISO to effectively mitigate business risks. A recent Gartner study found that a CISO who can effectively tie business outcomes to a material reduction in business risk through practical implementation of zero trust controls will make security an asset for their organization that enables them to compete more effectively.” — Kayne McGladrey, field CISO, Hyperproof
Cloud, 5G to be Decisive Technology Trends in 2023: Study
Geospatial World
November 02, 2022
While homomorphic encryption can require lots of computing power, it has a few big upsides. For one thing, according to Kayne McGladrey, IEEE Senior Member, it allows companies in highly regulated industries, such as finance or healthcare, to store data on a public cloud. “As the data remains encrypted in all phases, even a data breach of a third party will not provide a threat actor with access to encrypted data,” McGladrey said.
Cybersecurity hiring remains red-hot—the industry to surpass $400 billion market size by 2027
Fortune
July 22, 2022
“As a result, those companies with solutions and products in the cybersecurity industry are heavily reinvesting their profits into research and development of artificial intelligence-based solutions intended to automatically detect and remediate actions from these increasingly well-funded adversaries,” McGladrey tells Fortune. “This cycle will continue so long as it remains profitable for cybercrime actors, barring remarkable changes in how companies prioritize and address their cyber risks.”
When More is Not Necessarily Better: The Impacts of Multiple Security Tools
CIO
November 04, 2021
“Organizational collaboration is difficult when different data protection tools perform similar functions, as it may be unclear how to allow a collaborator to access or modify data. Something as simple as data classification and labeling becomes overly complex and a nuisance to end users if they need to set a label in multiple locations, particularly when the labels are not consistent across tools.” — Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions
Sinclair TV Stations Targeted in Weekend Ransomware Attack
GovInfoSecurity
October 18, 2021
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, says once the incident is resolved, Sinclair "should do an internal hot-wash" to identify lessons learned - allowing them to strengthen technical defenses and update/validate their incident response plan.
New Legislation Eyes Both Ransom, Incident Reporting
GovInfoSecurity
September 30, 2021
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, tells ISMG, "These [various legislative efforts] all stem from the issue that there is no single source of truth on the volume or scope of cyberattacks, which has led to the perception that it is difficult to apply commensurate public and private policy responses."
Experts Weigh In on Data-First Modernization
CIO
September 30, 2021
“This will vary by industry and size of business,” notes Kayne McGladrey, cybersecurity strategist at Ascent Solutions. “A social media company losing control of their content for an hour has a very different risk profile than a manufacturing company being unable to manufacture products.”
Remote Work and Cybersecurity: 3 Experts Describe the Tech They Wish Everyone Could Use
IEEE Transmitter
September 27, 2021
“As part of the great resignation of 2021, we’ve seen an increasingly fragmented view of intellectual property on the part of departing employees. Businesses can reduce the substantial risk associated with data exfiltration of trade secrets, regulated data and other sensitive data by deploying and monitoring DLP across the enterprise, including remote endpoints.” — IEEE Senior Member Kayne McGladrey
FTC Warns: SMS Phishing Scam Impersonates State Agencies
Bank InfoSecurity
August 09, 2021
Kayne McGladrey, an advisory board member for the Technology Alliance Group NW, warns that these scams can be effective when highly targeted. He says the schemes work when supporting larger campaigns underway prior to any SMS outreach.
Is my medical device vulnerable to cyber threats?
IEEE Transmitter
August 06, 2021
It is a matter of whether the threat actor has sufficient resources (both staffing and financial resources) and the motivation. The real question is about the likelihood of a threat: an always-on internet-connected medical device will have a very different threat profile than a medical device that requires direct physical access.
Machine learning is demonstrating its mettle across industries
CIO
July 14, 2021
“The modern business has far more potential cybersecurity events to investigate than can be reasonably reviewed by people, and machine learning has the benefit of quickly focusing people’s attention on the signal, not the noise, so that organizations can rapidly respond to potential incidents before threat actors can establish persistence in an environment.” — Kayne McGladrey (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions
The SMB Mission: Data Security Without Compromising User Productivity
CSO Online
June 29, 2021
“Tying data security to user identities is the easiest, lowest-effort way to modernize security for small to medium businesses,” says Kayne McGladrey (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions (@meetascent). “Establishing data security based on user identity means that data remains secure regardless of storage location or medium.”
What is 5G and What Does it Mean for Cybersecurity?
APN News
March 10, 2021
“For older, cheap, IP-based security cameras and digital video recorders (DVRs), the easiest way to secure them is to recycle them responsibly as there often are no security updates available.”
The Resilience of Humanity
IEEE Transmitter
February 23, 2021
“Multi-factor authentication and passwordless technologies help to protect our digital identities and account credentials from theft or impersonation. This matters just as much to an individual using a hardware key to access their online bank as it does for a corporate employee using facial recognition to access a privileged administrative account.”
– Kayne McGladrey, IEEE Senior Member
How Instacart Created Strong Relationships with Engineering to Build a More Compliant Product
ISACA
August 21, 2023
In a world where compliance and engineering teams must work together to build compliant products, competing goals and philosophies can make collaboration frustrating for both sides. Join representatives from Instacart as they share their story on how they worked with engineering to build a compliant product, best practices for collaborating across teams to build scalable, compliant solutions and how to foster a culture of security and compliance across your organization.
After completing this session, participants will be able to:
• Build more credibility with engineering teams.
• Incorporate features that enable compliance into products.
• Work with your engineering team—not against them—to build high-quality, compliant products.
• Make long-term continuous compliance a reality with automation tools.
Cyber security for Bellingham families and neighborhoods
Eventbrite
October 13, 2019
Americans are buying and installing smart speakers, virtual assistants, smart electrical plugs, smart garage door openers, smart light bulbs and connected children's toys at an unprecedented rate. We know to lock the physical doors to our homes, but fewer people appreciate how smart devices can act like unlocked doors for cyber criminals into our homes, our social networks, and our bank accounts.
The lack of communications and understanding between professionals who work in cyber security and their neighbors who don't is one of the reasons cyber crime has grown for fifteen years. There are simple things we can each do to protect our families against the risks to our privacy and security.
In this session, you'll learn:
- how cyber criminals hack into smart devices, bank accounts, and cloud services
- two easy ways you can protect your family's accounts
This session includes a live hacking demo, so please bring your mobile phone (Android or Apple) if you’d like to participate. This is not a sponsored event and there is no cost. Any solutions recommended will be free, and there will be time for questions at the end of the presentation.
What piece of advice would you give companies approaching an audit?
NextDLP
September 08, 2023
Video interview with Kayne McGladrey, field CISO of Hyperproof and Chris Denbigh-White, CSO of NextDLP, about the value of automating routine evidence collection and testing as part of ongoing compliance operations.
Drafting Compliance: FedRAMP Moderate Identification and Authentication
Hyperproof
July 13, 2023
Kayne and Tom talk about the domain under FedRAMP moderate, providing both an overview of the domain as well as specific examples of controls, and real-world scenarios for the use of those controls. They also come close to agreeing about “Color Cloud Pink”, a Berliner Weisse with “Pink Guava, Dragon Fruit, and Passion Fruit” by Equilibrium Brewery of Middletown, New York.
Has 2023 been the year of risk? Updates on our 8 predictions
Hyperproof
July 12, 2023
It’s been about six months since we released our top eight predictions for 2023, which covered everything from org chart changes and crypto regulation to the new FTC Safeguards Rule. Were our predictions accurate? Let’s find out.
How to do Contingency Planning for FedRAMP
Hyperproof
June 29, 2023
Kayne and Tom talk about the Contingency Planning domain under FedRAMP moderate, comparing it against the best practice of Business Continuity Planning, and providing specific guidance for key elements of a successful contingency plan. They also find what amounts to near common ground on this episodes beer tasting, Laughing Lab Scottish Ale.
What is the Maintenance Domain Under FedRAMP? | Drafting Compliance Ep. 11
Hyperproof
June 15, 2023
Kayne and Tom talk about the Maintenance domain under FedRAMP moderate, including how it is related to the Configuration Management domain. They also nearly agree on Rogue’s Hazelnut Brown Nectar, although Kayne still likens it to old hotel coffee while Tom will drink a free one.
How to do Configuration Management in FedRAMP | Drafting Compliance Ep. 8
Hyperproof
May 05, 2023
Kayne and Tom talk about the major pillars of Configuration Management under FedRAMP Moderate. While digging into inventory management, baseline configurations, configuration drift, and risk, they tackle Bell’s Two Hearted American IPA.
Top Cybersecurity News for May, 2023: Kayne's 5 Under 5
Hyperproof
May 04, 2023
Join Hyperproof's Field CISO, Kayne McGladrey, as he talks about the top five cybersecurity news stories to know for May, 2023 in under five minutes.
- ChatGPT/AI regulations
- Zero Trust Maturity Model 2.0
- New CMMC-like FAR rule
- Long-term costs for cybersecurity insurers
- Oldsmar city hack investigation
The FedRAMP Incident Response Control Family
Hyperproof
March 24, 2023
In this episode, Kayne and Tom talk about the nuances of the Incident Response family of FedRAMP controls, some of the required documentation, testing, and beer. This episode’s beer is Woods Boss Brewing Company’s Pulaski Pecan Brown Ale.
Drafting Compliance Episode 18: 3PAO Accreditation Loss with CISO Joe Evangelisto
Hyperproof
September 21, 2023
Kayne and Tom talk with Joe Evangelisto from Tango Analytics about the interesting and stressful scenario where his 3PAO lost its accreditation. Of course, Kayne tackles yet another beer that elicited a memorable response.
Episode 17: Personnel Security
Hyperproof
September 07, 2023
Kayne and Tom talk about personnel security, background checks, what FedRAMP requires for onboarding and terminating employees as well as a host of tips and tricks for meeting this control family. Of course, they try a new beer and maybe, just maybe, agree on the score.
Top Cybersecurity News for September, 2023: Kayne's 5 Under 5
Hyperproof
September 06, 2023
Join Hyperproof's Field CISO, Kayne McGladrey, as he talks about the top five cybersecurity news stories to know for September, 2023 in under five minutes.
New SEC rules
D&O insurance and SEC rules
CISO succession planning
Board's AI responsibility
SEC vs. Covington & Burling
Why end-to-end encryption matters
Help Net Security
September 05, 2023
In this Help Net Security video, Kayne McGladrey, IEEE Senior Member and Field CISO at Hyperproof, discusses end-to-end encryption (E2EE). E2EE ensures that only two parties – a sender and a receiver – can access data, and helps to protect consumers and businesses from prying eyes and attackers.
FedRAMP costs with Jacob Berry
Hyperproof
August 17, 2023
Kayne, Tom, and special guest Jacob Berry (Field CISO at Clumio) talk about the challenges in pursuing FedRAMP. Costs, hidden challenges and go-to market are rounded out with two drinkable, but not memorable, non-alchoholic beers. Listen for the knowledge, stay for the beer ratings. Kayne and Tom share Athletic Brewing Co’s Cerveza Athletica, while our guest enjoys Athletic Brewing Co’s Lite beer.
https://www.youtube.com/watch?v=kR08yaemn9Y&feature=youtu.be
Hyperproof
August 04, 2023
Join Hyperproof's Field CISO, Kayne McGladrey, as he talks about the top five cybersecurity news stories to know for August, 2023 in under five minutes.
- Less CISOs reporting to CEOs
- D&O insurance pricing trends
- CISOs absent from F100
- Cybersecurity in the boardroom
- National Cybersecurity Roadmap
FedRAMP Authorization with Mark Houpt
Hyperproof
July 27, 2023
Kayne, Tom, and special guest CISO Mark Houpt talk about a GSA rules change that affected Mark’s prior FedRAMP certification, the consequences, and his ultimate solutions and lessons learned from the experience. Kayne and Tom embrace a different brewed drink in this episode, iced tea, instead of beer, a favorite of Mark.
How to do a FedRAMP Security Assessment and Authorization | Drafting Compliance Ep. 10
Hyperproof.io
June 01, 2023
Kayne and Tom talk about the requirements of continuous compliance under the Security Assessment and Authorization family of controls, including key considerations for continuous monitoring and reauthorization. During the episode, they explore yet another fruit-forward beer, Deschutes’ Farmstand Fresh Mango IPA.
Hey there, I'm Kayne, and Tom's here with me again for another episode of Drafting Compliance. This time, we dive into the challenges we've recently faced with two of our vendors in our software supply chain not achieving FedRAMP Moderate in 2023, and how we plan to navigate the situation moving forward.
As we try to find our way through this predicament, we spice things up by sampling a brand new beverage. We try out the New Belgium Voodoo Ranger Juice Force IPA, and it's quite the experience!
If you're curious to hear about our impressions of the beer, how it compared to our expectations, and how we plan to tackle the unexpected obstacle on our FedRAMP journey, then this episode is for you.
What keeps field CISO, Kayne McGladrey, up at night?
Scott Schober
April 06, 2023
In this YouTube video, Scott Schober interviews Kayne McGladrey, Field CISO for Hyperproof about cybersecurity and the challenges faced by CISOs. Kayne discusses the importance of aligning cybersecurity risk with business risk and the need for CISOs to be more involved with board-level decision making. He also talks about his work at Hyperproof to automate compliance and security operations, making it easier for teams to focus on creative problem solving and strategy.
Drafting Compliance: Episode 6 - Security Training under FedRAMP
Hyperproof
April 06, 2023
In this episode of "Drafting Compliance," Kayne and Tom discuss the importance of security awareness training as part of their journey to achieving FedRAMP compliance. They highlight key aspects of the training, including the need for regular updates and monitoring, the inclusion of privacy training and Advanced Persistent Threat (APT) literacy, and the different levels of training based on roles within the organization.
The Access Control Family of Controls for FedRAMP
Hyperproof
March 09, 2023
Kayne and Tom discuss FedRAMP's access control family, language that must be in the access control policy, wireless access control for SaaS companies, and how to prevent creating a paper tiger. Includes beer tasting notes for Epic Brewery's Hopulent.
How to do a FedRAMP Gap Analysis
Hyperproof.io
February 23, 2023
Kayne and Tom dive into where to begin in your FedRAMP gap analysis. They discuss the efficiencies that Hyperproof found in order to save time, and suggest other approaches. Includes beer tasting notes for Oliphant's Super Squishy.
Drafting Compliance S1, E2: The FedRAMP Authorization Boundary
Hyperproof.io
February 09, 2023
Hosts Kayne and Tom talk about how to create the Authorization Boundary, a cornerstone of the System Security Plan (SSP) as part of FedRAMP certification. Includes beer tasting notes for Black Butte Porter.
Hyperproof - Scale your security & compliance - SOC 2, ISO, NIST + more
Product Hunt
October 19, 2022
Hyperproof helps teams achieve compliance at scale. Adhere to any framework, monitor security controls in real-time, automate evidence collection with 60+ integrations, and be ready for any audit.
Securing the metaverse
IEEE Transmitter
July 20, 2022
“We already have security challenges that we haven’t been able to adequately address,” said Kayne McGladrey, IEEE Senior Member. “The metaverse is likely to inherit these challenges – for example, phishing and theft of credentials has, unsurprisingly, carried over to the metaverse. We’ve seen NFT and cryptocurrency scams, too, in the metaverse.”
Opening keynote speech at the Seattle Electrical Conference
Seattle Electrical Conference
December 22, 2020
"The reason you’re here: we’re engineers, executives, and visionaries. We have a choice about the future we build. We’re responsible for the consequences of 100b or 1 trillion IoT devices online in the future."
Who is responsible for Cyber Security in the enterprise?
Cyber Security Hub
December 16, 2019
Cyber Security is still primarily seen as an ‘IT issue’ and this often means that security often gets “bolted on” rather than embedded in a company’s ecosystem. In this panel discussion, discover why everyone within the business is responsible for Cyber Security and how to educate the enterprise on safeguarding customer data.
Migrating NIS to a Modern UNIX Environment
Centrify
April 11, 2019
Cindy Ritchie and Kayne McGladrey from Centrify Professional Services discuss the regulatory challenges associated with NIS in a modern UNIX environment, and then discuss migrating away from legacy NIS to a secure, centralized Active Directory environment. This video also provides project guidance for our best practices in assisting customers with NIS migrations for over nine years.
Interview on diversity and security
AT&TT
October 26, 2018
Last month at the #ATTBizSummit, Javvad Malik and I talked about increasing diversity in cybersecurity, and I unveiled my secret weapon for tweets. (Spoiler: she's 11).
Cybersecurity Briefing for Senior Executives With Kayne McGladrey
AskTheCEO
August 16, 2018
Kayne McGladrey is an Award-winning Business Driver, Account Hunter and Servant Leader who's led a very successful career in professional services and high-tech environments.
Previously, he held leadership positions in professional services management, systems engineering, solutions delivery, program implementation and large-scale budgeting with Centrify Corporation, AT&T Wireless and other high-tech firms in the US and Canada. He built and led multi-functional teams through practice startup, sales support, and IT operations.
Cyber Privacy, Ethics, and Abuse CISS 417 at WWU
Western Washington University
February 17, 2021
On February 17th, 2021 Kayne McGladrey, CISSP will be leading a tabletop exercise for the students of CISS 471 at Western Washington University. The tabletop exercise explores the ethical decisions associated with a ransomware attack at a fictional international organization.
Working with ChatGPT: The Dos and Don’ts for Your Organization’s Security
BrightTalk
June 15, 2023
As generative AI tools like ChatGPT continue to evolve and impact various industries, compliance experts are left wondering about the potential security implications for their businesses. Join us for this enlightening webinar as we discuss the dos and don'ts of working with ChatGPT and similar technologies to equip compliance experts with the knowledge to navigate the security challenges presented by generative AI. We’ll also explore how you can ensure the safe and secure implementation of AI technologies within your organization and what security threats to anticipate.
Join speakers Kayne McGladrey, Field CISO at Hyperproof, and Dr. Rebecca Wynn, Global Chief Security Strategist & CISO at Click Solutions group, as they discuss:
- Valid use cases for using generative AI tools like ChatGPT in your business practices
- How to teach your organization to responsibly use AI tools how they can negatively impact enterprise risk and liability
- Security policy considerations that organizations should examine before incorporating ChatGPT or similar AI technologies
Insights into enterprise risk management frameworks that can help manage this new risk
Level Up Your Security: How to Build Compliance and Risk Mgmt Programs to Scale
ISC(2)
April 11, 2023
Maintaining cybersecurity compliance and building reliable risk management practices isn’t a simple to-do item you check off anymore. The livelihood (and ultimately the growth) of your business depends on resilient security and compliance programs. Add in changing regulatory requirements, and the challenge becomes exponentially more complex.
Join Hyperproof and (ISC)2 on April 11, 2023 at 1:00 p.m. Eastern/10:00 a.m. Pacific to hear more about:
• The value of connecting compliance and risk
• Optimizing stakeholder visibility and communication
• Using GRC tools to scale your business
• Long-term impacts of streamlining compliance, security, and risk management workflows
Communicating Risk With Your Leadership Team
FutureCon
March 22, 2023
In response to the ever-changing risk environment, company leadership is asking more and more questions about how to best manage risk. But being able to answer those questions means having a system and process in place to accurately document, manage, mitigate, and report on those risks.
Luckily, some frameworks and processes already exist to help guide you through that process. Kayne McGladrey, Field CISO, will walk you through the current state of risk and how to effectively and accurately communicate risk to your leadership team.
Scale Your Security Questionnaire Response and Audit Preparedness Processes
BrightTalk
October 26, 2022
What do answering security questionnaires and preparing for IT compliance assessments (i.e. SOC 2 Type 2 assessment) have in common?
It turns out, a whole lot. Responding to security questionnaires and Document Request Lists for audits are things you absolutely have to do to land customers. Both processes are data intensive, repetitive and require getting accurate answers from domain subject experts across your company. Further, both processes tend to grow in volume and become exponentially more painful to manage as your company expands its footprint.
What if you can respond to a question from a security questionnaire or a request from an auditor in minutes instead of hours or days? What if you didn’t have to bother domain subject matter experts or search through corporate file systems for answers anymore? What if you knew the status of each item at all times?
On this webinar, join Loopio and Hyperproof to see how you can scale the security questionnaire response process and your audit preparation process as your company grows – without having to hire more staff.
Kayne McGladrey, Field CISO - Hyperproof and John Forsyth, Director, Data & Infrastructure in Engineering - Loopio
Scale Your Security Questionnaire Response and Audit Preparedness Processes
Hyperproof
October 05, 2022
What do answering security questionnaires and preparing for IT compliance assessments (i.e. SOC 2 Type 2 assessment) have in common?
It turns out, a whole lot. Responding to security questionnaires and Document Request Lists for audits are things you absolutely have to do to land customers. Both processes are data intensive, repetitive and require getting accurate answers from domain subject experts across your company. Further, both processes tend to grow in volume and become exponentially more painful to manage as your company expands its footprint.
What if you can respond to a question from a security questionnaire or a request from an auditor in minutes instead of hours or days? What if you didn’t have to bother domain subject matter experts or search through corporate file systems for answers anymore? What if you knew the status of each item at all times?
On this webinar, join Loopio, Hyperproof, and our special guest to see how you can scale the security questionnaire response process and your audit preparation process as your company grows – without having to hire more staff.
The CISO Experience
The CISO Experience
July 26, 2022
Save the date for a very special “The CISO Experience” hosted by myself with our star guest Kayne McGladrey taking a Macro Economic view of the industry.
Very honoured to have Kayne as a speaker where we will be discussing a variety of topics including:
- Industry hiring practises
- Gatekeeping
- Burnout
Followed by a LIVE Q and A for the audience to participate
Tags: Cybersecurity, Diversity and Inclusion, Security
6 Steps to Prepare Your Company for CMMC 2.0
Ascent
June 22, 2022
Join us this Wednesday for an actionable six-step roadmap, prioritized under CMMC 2.0 and aligned to Zero Trust tenets, to improve your cyber program and reduce cyber risks to your business. #cybersecurity
Watch: Supply Chain Congestion: A Golden Opportunity for Hackers
Supply Chain Brain
November 19, 2021
Global supply chains have been under intense strain in recent months, a situation that has been made even worse by the growth of cyber attacks, especially in the form of ransomware. The transportation sector, which has been largely deregulated, needs to adopt recommendations by industry and government organizations for implementing measures that they might have overlooked in years. The price of failing to do so can be high, with ransomware attacks threatening to shut down critical logistics operations for days or even longer.
Webinar: Zero Trust-As-A-Service
CSHub
November 05, 2020
Gain perspective on: The shift in security challenges, current security concerns, and future challenges; Main components of Zero Trust-as-a-Service; Zero Trust-as-a-Service implementation and deployment best practice; How Zero Trust-as-a-Service solving security challenges in a hybrid IT environment.
This is a pre-recorded webinar.
CISO Perspectives: Zero Trust-As-A-Service
Cybersecurity Hub
October 26, 2020
The rapid shift to work-from-home has accelerated the adoption of Zero Trust frameworks. Zero Trust-as-a-Service will be a necessary component of security strategies for 2021 and beyond.
Join Pulse Secure's Global Chief Security Architect, Mike Riemer and industry veteran Kayne McGladrey in this webinar to learn about:
- The shift in security challenges, current security concerns, and potential challenges in the future
- Main components of Zero Trust-as-a-Service
- How Zero Trust-as-a-Service solves security challenges in a hybrid IT environment
- Zero Trust-as-a-Service implementation and deployment considerations
- How Zero Trust security practices can help you prepare and build a business continuity plan that withstands the unexpected and future security concerns
Futureproofing Now (Season #2, Ep. 11) - Cybersecurity & Cybertrust - Predictions & Implications
Futureproofing
July 14, 2020
“Bob Gourley emphasized that despite the dark topic of cyberthreats, we all leave with optimism. Carol Tang addressed the importance of continuous learning as part of a business leader’s proactive approach to mitigating risk and providing safety for customers. Kayne McGladrey emphasized the dual responsibility of today’s corporate decision makers with regard to cybersecurity: understand the complexity but act with transparency and specificity. It’s important to integrate cybersecurity awareness into the fabric of the organization, not sequester cybertrust solely within the domain of technology.”
Kayne's Top Five in Five for April 2023
Hyperproof
April 05, 2023
April has brought a range of important cybersecurity developments to my attention. Here are the key takeaways:
• ChatGPT Risk Solutions: Addressing confidentiality, intellectual property, and compliance risks with practical recommendations.
• CISO Preparedness: Discussing generative AI risks and governance with senior executives, while considering supply chain disclosures.
• National Cybersecurity Strategy: Exploring breach responsibility, potential market regulation, and guidance from the NIST Secure Software Development Framework.
• Board Expertise Trends: Analyzing cybersecurity representation on Fortune 500 boards and the impact of SEC proposed rule changes.
• Credit Rating Implications: Evaluating the effect of cyber risk on companies' and municipalities' credit ratings.
CISO Strategies & Tactics For Incident Repsonse
CSHub
August 31, 2020
“Your incident response plan will be examined during discovery, period, point blank. Keep that in mind. It’s your policy and your plan that are going to be examined by our discovery, and make sure that you can actually do what that policy says and make sure you can do what the procedures say.”
Kayne McGladrey, Cybersecurity Strategist at Ascent Solutions
Enterprise Cyber Security Trends and Predictions 2020
Cyber Security Hub
November 27, 2019
“Effective defense in depth is not just shiny overlapping technical controls,” said Director of IT and Security Kayne McGladrey. “Rather, it’s the combination of culture, documented and tested processes, policies, and technical controls. For example, an organization with a policy of least privilege, a process for approving account privileges, and a process for auditing and harvesting unused privileges does not need multiple technical controls to implement the desired outcome.” It’s best to start with policy and then enact that in culture, where feasible.
Market Report: Cutting-Edge Defense Tactics For Network Endpoints
Cyber Security Hub
September 23, 2019
Data has historically been contained to the computing devices that accessed it within the enterprise campus perimeter. The traditional network endpoint was isolated to desktop PCs, laptop computers and most server components that attached to the organization’s network. In recent years, a dramatic increase in mobile devices has broadened the endpoint definition. Mobile devices require access to a company’s data anytime and from anywhere. With the addition of always-connected, sensor-powered Internet of Things (IoT) devices, the range of endpoints can now include everything from IP cameras to smart vending machines to biomedical devices.
The original definition still holds true to this day; however, the presence of more sophisticated devices requesting an IP address from the network, and often without a user interface, also suggests that the approach to endpoint defense must change. Bi-directional communications means the endpoint can be an entry point into a network or application. What does the device need to communicate with? Does it require internet connectivity? Does a device with an embedded OS provide some form of protection?
The Phishing Phenomenon: How To Keep Your Head Above Water
CSHub
January 30, 2019
Phishing is the lowest cost way for a threat actor to gain access to an organization’s network and assets, according to Kayne McGladrey, an IEEE member and director of Security and IT at Pensar Development. “While it might be fashionable to worry about the latest zero-day, or shadowy nation-state threat actors developing crippling remote exploits, the fact is that it’s cheaper to ask users for their passwords.”
The fact that nearly a billion people had their personal information exposed in November 2018 “has further helped threat actors to develop more compelling and targeted phishing content,’’ McGladrey adds.
Charting a new course: AT&T Cybersecurity report volume 8
AT&T
October 31, 2018
“Organizations that don’t have cybersecurity as a core business differentiator, or as a core business function, are often struggling to adapt modern cybersecurity practices,” says Kayne McGladrey, Director of Security and IT at Pensar Development.
AT&T Cybersecurity Insights, Vol. 7
AT&T
April 16, 2018
Migration is a transformative process, which means it needs the full backing of the C-suite. Kayne McGladrey, Director of Information Security Services for Integral Partners, LLC, says it is vital to offer “an effective presentation to the board about the benefits and challenges associated with
the migration, and it has to have a narrative. You have to find stories of success and failure inside
of your industry in order to present the full picture to the board.”
“There are many lessons that the enterprise will learn through piloting—whether it’s identified
security risks, user communication risks, or education risks—all of which provide future guidance,” says Kayne McGladrey, Director of Information Security Services for Integral Partners LLC. “By the time you get to the harder transition elements, including full infrastructure rollout, you’ve already sorted through the main issues, thanks to your pilot-based learning journey.”
A review of the events of 2022 shows that 2023 will not be the year of dire new cyber attacks waged by hoodie-wearing cyber criminals or office-bound nation state APTs. Instead, 2023 will be the year where multiple regulatory bodies express their mounting frustration with public and private companies' collective inability to reduce the volume and impact of prior cyber attacks. In short, 2023 will be the year of risk.
An unprecedented six regulatory entities all have announced separate plans to enact additional rules in 2023 to instruct companies on how to manage their risks. These are the Department of Defense (DOD), the Federal Reserve, the Federal Trade Commission (FTC), the New York Department of Financial Services (NYDFS), the Office of the Comptroller of the Currency (OCC, part of Treasury), and the Securities and Exchange Commission (SEC). These entities wouldn’t be telling companies how to manage their risks if they believed that there was adequate risk management being conducted today. Instead, the pending regulatory changes are intended to cover perceived systemic shortcomings associated with cyber risk management.
Ransomware threat actors will continue to find new and innovative ways of generating revenue for their criminal operations throughout 2022. If organizations deploy adequate governance and technical controls in 2022 alongside an effective multinational policy response, we can anticipate a gradual ransomware slowdown in the fourth quarter as those threat actors not in prison re-skill as part of a workforce transition to other profitable criminal enterprises. Those countries giving license to ransomware threat actors inside their borders have a unique opportunity to provide a path to legitimate careers for those criminals who choose to voluntarily leave the market, and while this should not necessarily relieve them of any legal actions pending, it may be a useful incentive when considering sentencing.
Venture capitalists will accelerate feature development via mergers and acquisitions. In recent years, VCs have funded point solution vendors for technologies like SOAR and UEBA. These are features, not stand-alone technologies, and it’s often cheaper for market leaders to buy rather than build new features. CISOs should be aware of this market reality, as buying early-stage cybersecurity from a startup carries the risk of unintentionally having a business relationship with a much larger vendor within two years, and consequently needing to either buy the larger technology solution or rip and replace after the acquisition closes.
Cloud computing will continue to grow despite the frequency of breaches due to a lack of administrative controls and unintentional configuration errors. When an administrator had access to an on-premises server, they could only administer that server; a “cloud administrator” can administer all the assets in a given cloud instance, including backing up and exfiltrating entire servers. This is like the unintentional configuration errors that have plagued so many Amazon S3 buckets in 2019, where organizations have stored PII in S3 in a default configuration, and then those data have been accessed by security researchers.
The Internet of Things is a dumpster fire and upcoming regulatory controls aren’t going to put it out. Putting a sticker on a box with a username and random password and providing an updated privacy policy that consumers ignore isn’t adequate, although it is compliant. Manufacturers need to invest in user behavior analysis, require multi factor authentication, and to force patching of IoT devices. Otherwise, threat actors will continue to violate the privacy of people’s homes and nation states will built botnets as part of battlespace preparations.
Media source for expertise on AI, Cybersecurity, IoT
Location: Virtual Date Available:
September 07th, 2019 Fees: 0
Submission Date:
September 07th, 2019 Service Type: Service Offered
As a CISSP I have an ethical responsibility to help educate the public about cybersecurity issues, and have been featured in Reader's Digest, USA Today, Fast Company, the Philadelphia Inquirer, Dark Reading, Cyber Security Hub, CIO.com, Robotics Business Review, The Institute, and more. Please contact me via email if you need a source for a story, an alternate perspective, or a longer-form piece. It'd be favorite if I had at least a day to reply.
Join Thinkers360 for free! Are you a Reader/Writer, Thought Leader/Influencer (looking to increase your earnings), or an Enterprise User (looking to work with experts)?
Cyber Security Hub Advisory Board
Survey Findings Show Link Between Data Silos and Security Vulnerabilities
Setting The Four Cornerstones Of Cloud Security: Accountability, Strategy, Visibility & Enablement
Tasks that bog down security teams (and what to do about them)
The SEC approved new disclosure requirements. Here’s what you need to know.
Managing Risk and Compliance Through a Recession
Hack Me If You Can
The Ultimate Guide to Enterprise Risk Management
Three Key Predictions for 2023: The Year of Risk
How to Upgrade Your Security Program from ISO 27001:2013 to ISO 27001:2022
It's Time to Regard Cybersecurity as Human Safety
Best practices for cryptocurrency firms and digital currency firms managing money
4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap
What Thoma Bravo’s latest acquisition reveals about identity management
Banks can leverage automation, regulation for cyberattack prevention
GRC Platforms: 5 Features You Need
Exploring the Advantages of Deploying DPUs in the Data Center
Secure Collaboration: Adopt an approach that balances people and technology
3 Phases to Simplify Cyber Risk Management
Top 4 IoT data privacy issues developers must address
Top Three Use Cases for AI in Cybersecurity
Security in 2022 – Ransomware, APT groups and crypto exchanges pose key challenges
Reduce the risk of cyber attacks with frameworks, assessments
Key Security Challenges for Smart Offices and Their Solutions
Protecting schools in hybrid and remote learning environments
Three US state laws are providing safe harbor against breaches
A back-to-school plan for reaching the next generation of cybersecurity professionals
What’s new in cybersecurity for physical security systems?
Expert Panel Roundtable: What's new in cybersecurity for physical security systems?
Educated Endpoints
Senior IEEE Member
Top 50 IoT Influencers to follow in 2023
Cloud Thought Leader of the Day ️
150+ Top Global Cloud Thought Leaders and Next Generation Leaders of 2021
Top Cyber Pro Awards for 2020
Top 50 Global Thought Leaders and Influencers on Internet of Things
100 B2B Thought Leaders and Influencers to Follow in 2020
ISSA Article of the Year 2017
What is End-To-End Encryption? 7 Questions Answered
Telehealth is Booming: Here’s What You Need to Know
How to Keep Your Video Conferences Secure From Intruders
Decreasing Risk Through Enterprise Compliance
Should You Be Worried About Airport Cybersecurity Threats?
2023 IT Compliance and Risk Benchmark Report Findings: The Top 5 Game-Changers
Closing Keynote - The Most Common Visibility and Compliance Lapses in Your Cloud Vendors’ Environments.
Opening keynote speech at the Seattle Electrical Conference
Keynote speech at CIA Conference 2020
24th Annual Colloquium for Information Systems Security Education - November 4th, 2020
TAG Cybersecurity - February 2020 Meeting
Deter, Deny, and Defend Against the Three Most Common Cyber Attacks
Cybersecurity Career Accelerator EXPO
Include Cybersecurity Event 2018
Cybersecurity workshop and job opportunities for veterans
What's a Red Flag When Applying for a Cybersecurity Job?
Emerging cyber threats in 2023 from AI to quantum to data poisoning
Universities Tap Student Talent to Support Security Operations
Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers
Expert: Generative AI won’t harm cybersecurity workforce
The Cyber Ranch Podcast
Criminals Are Flocking to a Malicious Generative AI Tool
How Will the New National Cybersecurity Strategy Be Implemented?
How the Social Media Platform Discord is Helping Parents Keep Kids Safe
There’s a handy new label to tell you if your gadget is easy to hack or not
Why and how CISOs should work with lawyers to address regulatory burdens
How Discord's Parental Controls Can Keep Kids Safe
Data de-identification: Best practices in the new age of regulation
The risks of 5G security
Three Keys to Protecting the Corporate Network in the Era of Hybrid Work
How to design a cyber-secure organizational structure
Cyberwire Daily
The four pillars of cloud security
Top cybersecurity threats for 2023
Are we building cyber vulnerability into EV charging infrastructure?
Using Technology To Address Loss Prevention During The Holidays
What Are The New Developments In Networking And Connectivity For Security?
Plugging the gaps: Can the metaverse be a safer place than today’s internet?
How to prevent security practitioner burnout
Noberus Amps Its Tactics: How IT Leaders Can Keep Up with Evolving Ransomware
Cybersecurity Breaches Are in the News: How Internal Assessments Can Help You Avoid One
Panel Discussion: Navigating the Maze of New Cyber & Privacy Regulations – Keys to Avoiding Regulatory Action
ISACA Virtual Summit 2022: Pursuing Digital Trust
Streamlining GRC Controls to Optimize Cybersecurity
Curbing Cybercrimes in the digital sphere. #becybersmart - DCA Digital WebForum
SECtember 2022: Transforming Security Along with the Business
The Future of Health Tracking Apps
Cloud Adoption Outpaces Security
Preparing and Issues to Consider in an Incident Response Plan (IRP)
Cyber Threats, Cyber Vulnerabilities: Assessing Your Attack Surface
Returning to the Office: Security Threats and Proactive Solutions
How Hackers Used and Abused the Pandemic to Profit
CISO Perspectives: Zero Trust-As-A-Service
#IDGTechtalk : A 2019 Recap and 2020 Predictions
Panel Discussion: Who is responsible for Cyber Security in the enterprise?
TagNW Closing Panel and Comments
Diversity of Mindset: Why It’s Not Just About Gender, Race, or Age
Future of the Security Operations Center
2023: The Year of Risk
The Truth Behind Automating Compliance Controls
What Businesses other than Banks Need to Know about Gramm-Leach-Bliley [Podcast]
Cyberattacks and How to Defend Against Them with Kayne McGladrey
Telehealth: Emerging Security, Privacy Issues
Episode 85 - Kayne McGladrey, Cybersecurity Strategist - Ascent Solutions
Episode 6: Securing the fast-moving digital world
Making cybersecurity more effective in the age of cloud and COVID-19
Episode 179: CISO Eye on the Virus Guy – Assessing COVID’s Cyber Risks
Don't Forget the Cybersecurity!" on The Wave of Change with Tony Flath
Zero trust from edge to cloud: not one-and-done
Cloud, 5G to be Decisive Technology Trends in 2023: Study
Cybersecurity hiring remains red-hot—the industry to surpass $400 billion market size by 2027
When More is Not Necessarily Better: The Impacts of Multiple Security Tools
Sinclair TV Stations Targeted in Weekend Ransomware Attack
New Legislation Eyes Both Ransom, Incident Reporting
Experts Weigh In on Data-First Modernization
Remote Work and Cybersecurity: 3 Experts Describe the Tech They Wish Everyone Could Use
FTC Warns: SMS Phishing Scam Impersonates State Agencies
Is my medical device vulnerable to cyber threats?
Machine learning is demonstrating its mettle across industries
The SMB Mission: Data Security Without Compromising User Productivity
What is 5G and What Does it Mean for Cybersecurity?
The Resilience of Humanity
How Instacart Created Strong Relationships with Engineering to Build a More Compliant Product
Cyber security for Bellingham families and neighborhoods
IoT & Ethical Obligations of Engineers
What piece of advice would you give companies approaching an audit?
Why end-to-end encryption matters
FedRAMP Authorization with Mark Houpt
Hyperproof - Scale your security & compliance - SOC 2, ISO, NIST + more
Who is responsible for Cyber Security in the enterprise?
Cyber Privacy, Ethics, and Abuse CISS 417 at WWU
Working with ChatGPT: The Dos and Don’ts for Your Organization’s Security
Level Up Your Security: How to Build Compliance and Risk Mgmt Programs to Scale
Communicating Risk With Your Leadership Team
Scale Your Security Questionnaire Response and Audit Preparedness Processes
Scale Your Security Questionnaire Response and Audit Preparedness Processes
The CISO Experience
6 Steps to Prepare Your Company for CMMC 2.0
Watch: Supply Chain Congestion: A Golden Opportunity for Hackers
Webinar: Zero Trust-As-A-Service
CISO Perspectives: Zero Trust-As-A-Service
Kayne's Top Five in Five for April 2023
CISO Strategies & Tactics For Incident Repsonse
Enterprise Cyber Security Trends and Predictions 2020
Market Report: Cutting-Edge Defense Tactics For Network Endpoints
Drafting Compliance Episode 18: 3PAO Accreditation Loss with CISO Joe Evangelisto
