How Instacart Created Strong Relationships with Engineering to Build a More Compliant Product

In the latest episode of The Cyber Security Recruiter podcast, I had an in-depth conversation with Thomas Richard about my 25-year journey in cybersecurity. From my unlikely beginnings in theater arts to my current role as the field CISO at Hyperproof, this conversation covers a wide array of subjects. We delve into the importance of implementing effective security controls and critique the industry’s heavy reliance on certifications. Thomas and I agree that while certifications can serve as useful benchmarks, their increasing prominence risks creating an exclusionary environment that could perpetuate a perceived “skills gap.” The episode covers not just technical matters but also broader philosophies and strategies that are essential for building a resilient cybersecurity posture

Sharing information about threats can help boost overall cybersecurity by alerting others to those risks, as well as providing successful ways to counteract them, said Kayne McGladrey, national cybersecurity expert, director of security and information technology for Pensar Development, and member of the Institute of Electrical and Electronics Engineers.

“They could actually see a reduction in those threats that are commodity threats — threats that are crimes of opportunity [vs. targeted attacks],” he said.

Another issue associated with connected vehicles is around the data they collect and transmit. ”We have seen nation states that want to conduct surveillance, whether on their own domestic population or on foreign populations, use telemetry from hotels, airports, and rental car carriers to determine where individuals are moving,” notes McGladrey. “If it is possible for a dedicated adversary to subvert that communications channel—either directly with a vehicle or by gaining a foothold inside of some telemetry aggregator service, probably the manufacturer—all of a sudden they can know where people are going within in a few feet. If you can associate a user’s identity with their vehicle or location, you have a high degree of fidelity to conduct attacks.”

Kayne and Tom are joined by special guest Michael Chaoui, the Founder of Atlas One Security. Michael pulls the covers back on some of the challenges of companies going through the ATO process. We also discuss recent legislation and draft memos intended to modernize the FedRAMP process, all while enjoying one of Michael’s favorite stout beers.

“Realistically, the use of AI in cybersecurity will help to reduce the punishing cognitive load on tier one analysts in the security operation center,” said IEEE Senior Member Kayne McGladrey. “Rather than having to comb through a needlestack looking for a needle, AI promises to automate much of the correlation across vast amounts of data that humans struggle with.”

“These threats are not merely theoretical, although, at the moment, they are still relatively limited in their application,” McGladrey said. “It is reasonable to expect that threat actors will continue to find innovative new uses of generative AI, extending beyond business email compromise, deepfakes, and the generation of attack code.”