Interview on diversity and security

In the cybersecurity realm, AI promises to automate tasks burdening human analysts, as noted by IEEE Senior Member Kayne McGladrey.

Over the past year and a half, school administrators, teachers, and IT support staff and students themselves have been working in a complex threat environment. The pandemic and major increase in cyberattacks has resulted in closures for both in-person and online schools. While this will only continue into 2022, it will be importance for security and IT professionals that support schools to align their policies, procedures, and technical controls to a cybersecurity framework that fits the needs of their organization, such as the recently announced K-12 resources announced jointly by the FBI and CISA. Using a formal framework can help schools effectively identify and mitigate gaps in school security postures without substantial budget increases. Schools should also consider a quarterly exercise to re-audit their password stores, as the number of compromised passwords will only continue to increase in the year ahead. A password that was secure three months ago may have appeared in a data breach (especially since students and adults tend to use the same passwords for multiple accounts) and may no longer be a secure option. Although it’s hard to predict what’s to come for educational institutions moving forward and future of remote and hybrid learning is going to be uncertain, education professionals should expect to see threat actors continue to target schools that have not taken a proactive approach to cybersecurity and deployed the appropriate defenses.

Kayne McGladrey, field CISO at Hyperproof, has seen the evidence. He worked with one organization whose executives received a contract for review and signature. “Nearly everything looked right,” McGladrey says. The only noticeable mistake was a minor error in the company’s name, which the chief counsel caught. But Gen AI isn’t just boosting the hackers’ speed and sophistication, it’s also expanding their reach, McGladrey says. Hackers can now use gen AI to create phishing campaigns with believable text in nearly any language, including those that have seen fewer attack attempts to date because the language is hard to learn or rarely spoken by non-native speakers.

Kayne and Tom talk with Matt Fryer about the cost structures and strategies associated with a Cloud Service Provider (CSP) FedRAMP project. Matt brings a well established perspective and helps understand the challenges of the increased controls focus apparent with FedRAMP. Plus, they try Modelo Especial, a Mexican lager.

As 2025 approaches, emerging regulations and laws will affect how CISOs strategize and protect their organizations. With the increasing complexity of global compliance frameworks, understanding these changes is crucial for maintaining security and operational efficiency. Let’s discuss what I expect regarding regulatory shifts and their implications in 2025 and explore what CISOs and CCOs should prepare for in the coming year.

In response to the ever-changing risk environment, company leadership is asking more and more questions about how to best manage risk. But being able to answer those questions means having a system and process in place to accurately document, manage, mitigate, and report on those risks.

Luckily, some frameworks and processes already exist to help guide you through that process. Kayne McGladrey, Field CISO, will walk you through the current state of risk and how to effectively and accurately communicate risk to your leadership team.

In this presentation, you’ll learn:

● What the 2023 risk landscape looks like

● How risk managers are planning on updating their risk workflows to adapt

● How to communicate risk to leadership

December 6th at 10:45 AM in Atlanta, GA