In the latest episode of The Cyber Security Recruiter podcast, I had an in-depth conversation with Thomas Richard about my 25-year journey in cybersecurity. From my unlikely beginnings in theater arts to my current role as the field CISO at Hyperproof, this conversation covers a wide array of subjects. We delve into the importance of implementing effective security controls and critique the industry's heavy reliance on certifications. Thomas and I agree that while certifications can serve as useful benchmarks, their increasing prominence risks creating an exclusionary environment that could perpetuate a perceived "skills gap." The episode covers not just technical matters but also broader philosophies and strategies that are essential for building a resilient cybersecurity posture

CIOs should collaborate closely with CISOs to evaluate which zero trust controls will offer the most significant mitigation of agreed-upon business risks. Once specific controls are implemented, they can be centralized and reused across the various compliance standards like SOC 2 Type 2, ISO 27001, and PCI, delivering greater flexibility. “The key lies in the deliberate selection of zero trust controls aimed at reducing specific business risks while potentially streamlining existing compliance efforts,” explains Kayne McGladrey (@kaynemcgladrey), field CISO at Hyperproof and senior IEEE member.

“We can audit software code, manually or automatically, for privacy defects,” said IEEE Senior Member Kayne McGladrey. “Similarly, we can audit software code for security defects. We cannot currently audit software code for ethical defects or bias, and much of the coming regulation is going to screen the outcomes of AI models for discriminatory outcomes.”

As CISOs make plans to secure operating budgets for the new financial year, they face the age-old challenge of convincing stakeholders, who often see cybersecurity and privacy as a cost center, to invest in this area. It's time to change the narrative. Discover how to drive more productive conversations about cybersecurity as a strategic growth enabler. Take home actionable ideas for proactively managing controls and risks, increasing efficiency and reducing costs.

Learning Objectives:

Apply techniques and strategies needed to shift the perception of cybersecurity and privacy from cost centers to strategic growth enablers within the organization.

Employ methods for applying proactive control management and risk mitigation methods to enhance an organization's cybersecurity posture and minimize potential threats.

Identify opportunities for efficiency gains and cost reductions in cybersecurity initiatives, in order to make impactful budgetary decisions for the coming year.

By asking the right questions and implementing appropriate controls according to a defined standard, state and local agencies can go a long way toward improving security. “If you're compliant with PCI, it really does reduce the likelihood of data breaches and the reputational damage associated with that,” says Kayne McGladrey, IEEE Senior Member and field CISO at compliance management platform Hyperproof.

“There's the cybersecurity threat and then there's the real threat,” explains Kayne McGladrey, field chief information security officer (CISO) of compliance company Hyperproof, and senior member of the Institute of Electrical and Electronics Engineers (IEEE). “A cybersecurity threat is disruption, like when we saw the Russians invade Ukraine as part of their illegal war, they took down Viasat and not by attacking the satellites themselves, instead, they attacked the firmware of satellite modems on the ground."

This article covers high-level information that cloud service providers (CSPs) need to know to prepare for their transition to FedRAMP Rev. 5, as documented in the "FedRAMP Baselines Rev. 5 Transition Guide."

Kayne and Tom talk with Matt Fryer about the cost structures and strategies associated with a Cloud Service Provider (CSP) FedRAMP project. Matt brings a well established perspective and helps understand the challenges of the increased controls focus apparent with FedRAMP. Plus, they try Modelo Especial, a Mexican lager.

Are you a founder, CEO, leader, or salesperson in the cybersecurity industry? Are you looking to grow your sales and revenue faster? In this episode of the Cybersecurity Startup Revenue Podcast, we dive into one way to avoid having your deals stalled out.

👉 What risks can derail your software development and revenue growth?

👉 How can you optimize the role of a field CISO in your organization?

👉 Why is building trust and managing risk essential for successful sales cycles?

Our guest, Kayne McGladrey, a Field CISO at Hyperproof.io, brings his expertise and unique perspective as a CISO to discuss these critical topics and more. He shares his insights on the challenges faced by cybersecurity startups and how organizations can effectively communicate and address risk.

Don't miss out on this valuable conversation that can help you navigate the cybersecurity landscape and accelerate your company's growth. Tune in now to gain actionable strategies and hear from industry experts.

When CISOs work with go-to-market teams, cybersecurity transforms from a mere cost center into a valuable business function. This change is crucial in B2B interactions where robust cybersecurity controls offer a competitive advantage. A centralized inventory of cybersecurity controls, grounded in current and past contracts, helps businesses gauge the financial impact of these partnerships. This inventory also identifies unnecessary or redundant controls, offering an opportunity for cost reduction and operational streamlining. By updating this centralized list after the termination of contracts, the business can further optimize both its security posture and operational costs. This integrated strategy empowers the business to make well-informed, data-driven decisions that enhance profitability while maintaining robust security controls.

Kayne and Tom talk about the FedRAMP Rev4 to Rev5 transition. Learn about key control changes, the shell game that is Rev5 and obviously, the unique flavor profile of a new beer.

Another newer issue is that “the transition from a fully remote to a partially on-site work environment creates substantive cybersecurity concerns based on the ongoing mental health crisis,’’ said IEEE senior member Kayne McGladrey. As some businesses attempt to mandate a return to the office, they should be aware of the mental health challenges employees are facing, he said. “Research shows a significant decline in workers’ mental well-being, resulting in stress and anxiety. These mental states can negatively affect decision-making and lead to cybersecurity lapses.”

Understanding the risk to your business requires human intuition. But that doesn't mean there aren't a lot of things along the path to understanding risk that can't be improved with automation. At Black Hat, David Spark spoke to Kayne McGladrey, field CISO, Hyperproof, about how having a security-focused company culture can help CISOs link their known risks to their controls in order to put their budget where it will have the most impact. This can allow organizations to operate within the reality that business risk and cyber risk are not separate things. With changing state regulations and rapidly advancing technology, staying on top of your risk in a simple and understandable way is more imperative than ever.

IEEE Senior Member Kayne McGladrey said that “These threats are not merely theoretical, although at the moment, they are still relatively limited in their application. It is reasonable to expect that threat actors will continue to find innovative new uses of generative AI, extending beyond business email compromise, deepfakes and the generation of attack code.”