Similar Posts
Hack Me If You Can
ByKayneA hacker can say that an institution has 90 days to fix a vulnerability before publicly divulging the secret, and for the vulnerable bank or credit union, that might come off as extortion or a threat. However, it is well within the boundaries of normal security research to do that, according to Kayne McGladrey, Field CISO for the security and compliance company Hyperproof.
“If the company doesn’t respond in a timely manner, that’s where you can get vulnerability disclosures after a reasonable period of time, like 90 or 120 days, or 180 days, depending on which philosophy the researcher subscribes to,” McGladrey said. “That’s all well within the ethical boundaries of a normal security researcher.”
The key difference between an ethical and unethical hacker — between extortion and responsible disclosure — is what the hacker does with the vulnerability.
“I think it’s very possible to say you can prove you can use this vulnerability — maybe it’s to steal a whole bunch of credit card information — without actually doing it,” McGladrey said. “You just show that you can.
AI’s Future in Cybersecurity
ByKayne“We will continue to see artificial intelligence deployed in the security operations center (SOC). Most SOC jobs are checklist-driven, particularly for first- and second-tier analysts who review logs for indicators of compromise (IoCs),”
Boards need to brush up on cybersecurity governance, survey finds
ByKayneCISOs now face substantial personal risks, as seen in cases like Uber and SolarWinds where the SEC has taken legal action against the security chiefs. The primary risk is both personal and professional liability for the CISO, according to Kayne McGladrey, field CISO at Hyperproof. The problem, however, is that boards unaware of the business risks from poor cybersecurity are unlikely to include the CISO in the Directors & Officers insurance policy. “This exposes CISOs to substantial risk,” McGladrey told Cybersecurity Dive.
3 Ways To Prepare Now For Future Endpoint Defense
ByKayne“The explosion of connected devices also requires re-thinking the protection mechanisms to apply to those endpoints,” says Kayne McGladrey, Director of Security and IT, Pensar Development. “Similarly, the widespread adoption of cloud-based services means that there’s no single network to protect.”
Interview with Kayne McGladrey – The Other Side of the Firewall
ByKayneIn this very entertaining episode of The Other Side of the Firewall podcast, we’ll learn Kayne’s amazing cybersecurity “origin story” and discuss the need for more diversity of culture and thought within cybersecurity. We’ll also go into upcoming Federal and State policy and how he and his team have developed the tools necessary to keep up with the future of Governance, Risk, and Compliance. Don’t miss out!
Twelve Essential Soft Skills for Early-Career Cybersecurity Professionals
ByKayneIn the realm of cybersecurity, early-career professionals often prioritize the development and demonstration of technical prowess. However, as someone with nearly three decades of experience in cybersecurity leadership roles, I firmly assert that interpersonal skills wield a profound influence over one’s career trajectory. Unlike certifications and degrees, which may lose relevance over time, interpersonal skills persist and can be cultivated through deliberate practice. This article sheds light on these often-overlooked attributes, providing a holistic perspective on what it takes to excel in cybersecurity beyond technical acumen.