Similar Posts
Radio interview on KXL-FM (Portland)
ByKayne
Live radio interview today at 1 PM Pacific on KXL-FM (Portland) discussing robotics, AI, and why cyber security matters in the classroom.
A 10-point plan to vet SaaS provider security
ByKayne
“The SaaS vendor should be upfront about data sovereignty and optional localization,” McGladrey adds. “While this is particularly important for multinational organizations selecting SaaS solutions, those organizations bound to a single geography would likely want to avoid awkward situations, such as [personal information] for Americans being intentionally processed and stored in a foreign data center.”
Hack Me If You Can
ByKayne
A hacker can say that an institution has 90 days to fix a vulnerability before publicly divulging the secret, and for the vulnerable bank or credit union, that might come off as extortion or a threat. However, it is well within the boundaries of normal security research to do that, according to Kayne McGladrey, Field CISO for the security and compliance company Hyperproof.
“If the company doesn’t respond in a timely manner, that’s where you can get vulnerability disclosures after a reasonable period of time, like 90 or 120 days, or 180 days, depending on which philosophy the researcher subscribes to,” McGladrey said. “That’s all well within the ethical boundaries of a normal security researcher.”
The key difference between an ethical and unethical hacker — between extortion and responsible disclosure — is what the hacker does with the vulnerability.
“I think it’s very possible to say you can prove you can use this vulnerability — maybe it’s to steal a whole bunch of credit card information — without actually doing it,” McGladrey said. “You just show that you can.
The Jobs of Tomorrow: Insights on AI and the Future of Work
ByKayne
Kayne McGladrey, Field CISO at Hyperproof and IEEE Senior Member, noted that the use of generative AI models in business hinges on their ability to provide accurate information. He cited as examples studies of AI models’ abilities to extract information from documents used for financial sector regulation that are frequently relied on to make investment decisions.
“Right now, the best AI models get 80 percent of the questions right,” McGladrey said. “They hallucinate the other 20 percent of the time. That’s not a good sign if you think you are making investment decisions based on artificial intelligence telling you this is a great strategy four out of five times.”
Panel discussion at CES 2024: How Will AI Impact the Jobs of the Future?
ByKayne
Join Tom Coughlin, J.L. Doty, Gloria Washington, Kathleen Kramer and me as we explore the jobs we’ll see created over the next 20 years, industry’s role driving innovation and the skills our future workforce will need.
The Phishing Phenomenon: How To Keep Your Head Above Water
ByKayne
Phishing is the lowest cost way for a threat actor to gain access to an organization’s network and assets, according to Kayne McGladrey, an IEEE member and director of Security and IT at Pensar Development. “While it might be fashionable to worry about the latest zero-day, or shadowy nation-state threat actors developing crippling remote exploits, the fact is that it’s cheaper to ask users for their passwords.”
The fact that nearly a billion people had their personal information exposed in November 2018 “has further helped threat actors to develop more compelling and targeted phishing content,’’ McGladrey adds.