Radio interview on KXL-FM (Portland)

“Where cloud analytics shine is in detecting a repeated series of risky actions by an individual user account [that signal] a business email compromise followed by a ransomware attack,” he said. “Cloud analytics allow organizations to detect and prevent these and other attacks not only at scale but also faster than traditional investigative techniques.”

In the latest episode of The Cyber Security Recruiter podcast, I had an in-depth conversation with Thomas Richard about my 25-year journey in cybersecurity. From my unlikely beginnings in theater arts to my current role as the field CISO at Hyperproof, this conversation covers a wide array of subjects. We delve into the importance of implementing effective security controls and critique the industry’s heavy reliance on certifications. Thomas and I agree that while certifications can serve as useful benchmarks, their increasing prominence risks creating an exclusionary environment that could perpetuate a perceived “skills gap.” The episode covers not just technical matters but also broader philosophies and strategies that are essential for building a resilient cybersecurity posture

“Human resources, in a lot of organizations, has become a regulatory control function and inhibits hiring because of its focus on certifications,” McGladrey says. This is partly why it’s difficult for blue teamers to jump to the red team, a process that “looks to be an insurmountable and very difficult series of certifications,” he points out.

At issue is whether the incident led to significant risk to the organization and its shareholders. If so, it’s defined as material and must be reported within four days of this determination being made (not its initial discovery). “Materiality extends beyond quantitative losses, such as direct financial impacts, to include qualitative aspects, like reputational damage and operational disruptions,” he says. McGladrey says the SEC’s materiality guidance underscores the importance of investor protection in relation to cybersecurity events and, if in doubt, the safest path is reporting. “If a disclosure is uncertain, erring on the side of transparency safeguards shareholders,” he tells CSO.

The growing acceptance of Zero Trust as a legitimate security architecture is a significant improvement in the past decade for modern cyber security. Although initially maligned as a marketing buzzword, and still unfortunately misused in product announcements, zero trust now reflects table stakes to support the needs of hybrid and fully remote workforces. Network connections should no longer be implicitly trusted because of a user’s location behind a corporate firewall or the use of a company’s VPN. Rather, each transaction and connection from a user and their associated device should be inspected and validated to confirm that the access is appropriate. The ability of network solutions to provide both real-time telemetry and controls, so that an automated and external policy engine can take enforcement actions is also a recent improvement, as networking equipment vendors historically tried to place their products and subscriptions at the center of cyber security strategies. Today’s effective networking solutions integrate well with other solutions to provide one part of a holistic cyber security strategy.

“We can audit software code, manually or automatically, for privacy defects,” said IEEE Senior Member Kayne McGladrey. “Similarly, we can audit software code for security defects. We cannot currently audit software code for ethical defects or bias, and much of the coming regulation is going to screen the outcomes of AI models for discriminatory outcomes.”