KXL-FM (Portland, OR) Radio Interview

The workforce of tomorrow still will be technically savvy, well-versed in machine learning and data science. Advanced machine learning skills will be important, but Kayne McGladrey (@kaynemcgladrey), Director of Security and Information Technology at Pensar Development, recommended that those looking for future employment also consider learning a programming language.

“The intent here is not to master it,” McGladrey explained, “but rather to gain an understanding and appreciation of how things work from the inside out. Employers are also looking for career stability so that they can invest in their people, so don’t hop from company to company on an annual basis.”

While data privacy is becoming more regulated every year, it is still a matter that, today, largely comes down to trust, said Kayne McGladrey, a cybersecurity strategist at Ascent Solutions. As the backlash in the wake of the Cambridge Analytica scandal shows, what people expect from the companies they do business with is just as important as the laws that govern the use of their data.

“Today’s data privacy is primarily concerned with the processing of personal data based on laws, regulations, and social norms,” McGladrey said. “Often this is represented by a consumer ignoring an incomprehensible privacy policy (that would take nearly 20 minutes to read) before clicking a button to acknowledge their consent to that policy. Their acceptance of the policy allows the organization to handle their data in documented ways, such as using it to show them targeted advertising based on their inferred interests. However, if that organization sold those personal data to another organization to do something unexpected (like using it to suppress protected free speech) without the consumer’s consent, that would be a breach of privacy, either by regulatory control or by a violation of social norms.”

Until we change how we talk and think about cybersecurity, I fear it’s like the Alcoholics Anonymous definition of insanity: doing the same thing and expecting a different result.

“For some organizations, regulatory and legal risks associated with storing data will be at the top of the [risk] rankings,” says Kayne McGladrey (@kaynemcgladrey), IEEE member. “For others, the reputational damages associated with a data breach will claim the top spot.”

Because of the noise-to-signal ratio, network security is particularly challenging for colleges and universities, says Kayne McGladrey, CISO and CIO of Pensar Development and member of the technology industry group IEEE.

“Every university has a whole crop of new individuals who come into the organization on an annual or quarterly basis,” McGladrey explains. With such a frequent influx of new arrivals bringing their own devices and computers, it’s essentially impossible for university IT teams to control the sheer number of new endpoints. AI can identify networking traffic, assess what “normal” looks like on a university network and do it at a larger scale that humans can accomplish. Thus, if a “faculty member normally arrives at 8 a.m., does work until 7 p.m. and then maybe logs on to her email at 9 p.m., you wouldn’t expect that individual to be up at 3 a.m. connecting from China. AI can monitor those patterns of normalcy,” he says.

In 2010, the Center for Strategic and International Studies (CSIS) published the report “A Human Capital Crisis in Cybersecurity,” which noted “there are about 1,000 security people in the US who have the specialized security skills to operate effectively in cyberspace. We need 10,000 to 30,000.” Twelve years later, the Cyberspace Solarium Commission 2.0 Workforce Development Agenda for the National Cyber Director observed that “in the United States, there are almost 600,000 open cybersecurity jobs across the private sector and federal, state, and local governments — a remarkable gap considering that the field currently employs just over a million professionals.” This is not an encouraging trend.