Similar Posts
Q&A: Security Thought Leaders Discuss Certs, SMEs & Hiring Process
ByKayneOne way to combat that involves grassroots efforts to boost the ranks. But do security teams search for qualified, seasoned experts, and do they look for specialization or the proverbial “generalist” who can cover many corners of the cyber space? It is an ongoing debate in the industry, and today, we’ve brought together two security thought leaders to provide their take. We sat down with Kayne McGladrey, Co-Founder and Spokesperson, Include Security, and Rebecca Wynn, Head of Information Security and Data Protection Officer (DPO), Senior Director, Matrix Medical Network.
Sinclair TV Stations Targeted in Weekend Ransomware Attack
ByKayneKayne McGladrey, an advisory board member for the Technology Alliance Group NW and cybersecurity strategist for the firm Ascent Solutions, says once the incident is resolved, Sinclair “should do an internal hot-wash” to identify lessons learned – allowing them to strengthen technical defenses and update/validate their incident response plan.
Universities Tap Student Talent to Support Security Operations
ByKayne“Not all high schools are promoting cybersecurity as a career option, and working in the SOC can have the knock-on effect of bringing people in who were unaware of the field before,” says Kayne McGladrey, a senior member at IEEE. Even if they don’t go on to take cyber jobs, “working in the SOC gives them exposure to some of the language and risks common in cybersecurity,” he says. “Then, if they’re working as developers, it’ll influence the direction by which they create things. They’ll at least have security in mind.”
What are the pros and cons of shadow IT?
ByKayneAs workers develop and deploy technology without any reviews or security assessments, they often increase the organization’s exposure to various risks, said Kayne McGladrey, a senior member of the IEEE and field CISO at Hyperproof, a compliance management software company, based in Seattle.
Employees should be aware that the IT department conducts thorough research to ensure the organization’s technology is safe and compliant with company policies. The technology itself could be vulnerable to cyberattacks, as unauthorized tech rarely goes through the same level of scrutiny that technology selected and onboarded by IT does, he said.
The practice of shadow IT could open the organization to critical weaknesses. Hackers are known to look for such vulnerabilities, further upping the cybersecurity risk, McGladrey said. IT teams might face challenges in managing unfamiliar technologies not approved by the organization. As the unauthorized technology falls outside of IT’s knowledge and control, the IT team might have less visibility into and a diminished ability to monitor its use, he said.
Market Report: Decreasing Risk Through Enterprise Compliance
ByKayneCompliance is often viewed as a reaction for organizations. The auditing of compliance becomes the event that is anticipated with resources and preparation aligned to culminate in the audit itself. A famous approach used in product development is that launch is a process, not an event. The spirit of that message is important for security leaders to consider in building a sustainable business case for compliance. Compliance should be viewed as a continuous, organizational process.
Presenting at TAG Cybersecurity – February 2020 Meeting
ByKayneFeatured Presentation: “Best practices for cyber security training programs” by Kayne McGladrey, CISSP Employees dread the meeting invitation that reads ‘Annual mandatory cyber security training in the break room at 1 PM Wednesday’. In this presentation, we’ll discuss best practices for creating a reality-based training program that encourages employee participation and builds organizational muscle memory for responding to active threats.