An Interview with Kayne McGladrey, CISSP

Bio:

Kayne McGladrey, CISSP is the cybersecurity strategist for Ascent Solutions and a senior member of the IEEE. He has over two decades of experience in cybersecurity and has served as CISO at a defense industrial base firm, worldwide professional services director, and advisory board member. His advisory policy and strategy work focus on mitigating the regulatory, statutory, and economic risks of cybersecurity lapses.

Kayne has recently featured in Onalytica’s Who is Who in Cybersecurity report.

How did you get to become an expert in your key topics?

My first professional job was working as a programmer and systems administrator contracting with several government agencies. My view on information security at that time was informed by the startling lack of controls applied to people’s personal, medical, and financial information, and how the risk of abuse of those data could affect individuals and communities. I’ve had the opportunity since to work on cybersecurity technology and policy programs with small businesses, government agencies, the Fortune 500, and Global 1000 companies across three continents.

Throughout that time, I’ve had the privilege of serving disabled veterans, minorities, and the LGBTQ community as a mentor, consultant, CISO, and public speaker. My current role requires I have a comprehensive knowledge of regulatory and statutory challenges aligned to current cybersecurity threats so that I can provide Clients with actionable strategies to manage their unique cyber risks.

What sub-topics are you most passionate about?

Cybersecurity Maturity Model Certification (CMMC), Diversity, GRC (Governance, Risk, and Compliance), Internet of Things.

Who influences you within these topics?

Patrick Gray of Risky Business, Johannes B. Ullrich of SANS, Ben Yelin of Caveat.

What challenges are brands facing in this space?

Keeping up. Cybersecurity is a continuously evolving space as criminal threat actors have reinvested their profits across technical innovations while developing a robust supply chain. Nation states have similarly recognized the strategic advantages of offensive cyber operations and have taken a far more permissive view on hiring those with a criminal background than Western nations. Businesses have been comparably slower to adapt and effectively mitigate the risks of cyberattacks, often preferring to transfer those risks to cyber insurance. The resulting increase in cyber insurance premiums and carve-outs for ransomware are driving change. Accelerating regulatory and statutory disclosure timeframes backed with stiff penalties or fines pose an additional challenge to those organizations that are breached.

The cybersecurity industry also faces a diversity challenge in attracting and retaining people from all walks of life. Although there are millions of unfilled cybersecurity jobs, less than 24% of cybersecurity professionals worldwide identify as female, and less than 10% are members of the LGBTQ community. The challenge of our industry is to provide an inclusive and collaborative atmosphere that effectively increases cybersecurity maturity across industries while raising overall wealth in under-represented communities. Despite gatekeeping by risk-averse HR departments, entry-level cybersecurity jobs are middle-class jobs that require only a two-year degree at most.

What do you think the future holds in this space?

Increased regulation and mandates for how companies must implement and test cybersecurity controls. Cybersecurity best practices that mitigate risks are well documented and well understood, such as the Center for Internet Security’s Critical Security Controls, the NIST Cyber Security Framework (CSF), and the Cyber Security Maturity Model Certification (CMMC). Businesses that have not invested or have under-invested in one of these frameworks will eventually be compelled to adopt a cybersecurity framework through regulation or laws. Raising the cybersecurity maturity across the board for all companies will serve to protect the personal data of all individuals and communities.

If a brand wanted to work with you, which activities would you be most interested in collaborating on?

Webinars, panel discussions, speaking opportunities, written articles.

What are your passions outside of work?

Mentoring, charitable board work.


Posted

in

by