KXL-FM (Portland, OR) Radio Interview

“Right now, there’s a bit of a Wild West mentality out there,” said Kayne McGladrey, field chief information security officer at security software company Hyperproof and a senior member of the Institute of Electrical and Electronics Engineers. “Companies are incentivized for being first to market, not necessarily most secure to market. Because security costs money and because it requires time and resources, naturally that becomes a lower priority.”

Presented at the CIO & CISO Atlanta Summit

New Year, New Standards: Preparing for SEC Cybersecurity Disclosures in 2025 and Beyond

The SEC’s new cybersecurity disclosure requirements have set a new benchmark for transparency and accountability, compelling public companies to enhance their cybersecurity practices and reporting.

In this session, you’ll learn how to align your organizations with these evolving requirements and take proactive steps to stay ahead of regulatory expectations.
In this session, we’ll join Kayne McGladrey, Field CISO at Hyperproof, to discuss:

An overview of the 2024 SEC cybersecurity requirements
Best practices for cybersecurity disclosures
How to prepare for the 2025 disclosure season

of a growing number of regulations, today’s CISOs and their team members are spending a lot more time responding to questions about their security programs. Providing answers — whether to internal compliance teams who need the information to fulfil legal obligations or external business partners who want assurances — is now an expected part of the modern security department’s responsibilities. Yet it’s not the most effective use of worker time. “It’s not only frustrating, but it also sucks up a lot of time,” says Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), a nonprofit professional association, and field CISO at Hyperproof. There are strategies for meeting security’s obligations to provide information without tying up CISOs and their teams too much, he and others say. McGladrey says automation is one such strategy, saying that “evidence of control operations should be automated, and evidence of effectiveness can also be automated.”

Last month at the #ATTBizSummit, Javvad Malik and I talked about increasing diversity in cybersecurity, and I unveiled my secret weapon for tweets. (Spoiler: she’s 11).

“We talk about ‘data breaches’ because of regulatory and statutory definitions that focus on the disclosure of data. An organization’s security strategy should work with the end in mind and focus heavily on denying threat actors access to those data with the highest regulatory, statutory, or contractual risks.” Kayne McGladrey, Field CISO at Hyperproof