On The Hook Eps 9 w/ Kayne McGladrey – CISO Mansion of Madness

“Employees across industries are finding new and innovative ways to perform their tasks at work faster,” says Kayne McGladrey, IEEE senior member and field CISO at Hyperproof. “However, this can lead to the sharing of confidential or regulated information unintentionally. For instance, if a physician sends personal health information to an AI tool to assist in drafting an insurance letter, they may be in violation of HIPAA regulations.” The problem is that many public AI platforms are continually trained based on their interactions with users. This means that if a user uploads company secrets to the AI, the AI will then know those secrets — and will spill them to the next person who asks about them. It’s not just public AIs that have this problem. An internal large language model that ingested sensitive company data might then provide that data to employees who shouldn’t be allowed to see it.

The growing acceptance of Zero Trust as a legitimate security architecture is a significant improvement in the past decade for modern cyber security. Although initially maligned as a marketing buzzword, and still unfortunately misused in product announcements, zero trust now reflects table stakes to support the needs of hybrid and fully remote workforces. Network connections should no longer be implicitly trusted because of a user’s location behind a corporate firewall or the use of a company’s VPN. Rather, each transaction and connection from a user and their associated device should be inspected and validated to confirm that the access is appropriate. The ability of network solutions to provide both real-time telemetry and controls, so that an automated and external policy engine can take enforcement actions is also a recent improvement, as networking equipment vendors historically tried to place their products and subscriptions at the center of cyber security strategies. Today’s effective networking solutions integrate well with other solutions to provide one part of a holistic cyber security strategy.

“The absolute best thing is getting up every day and knowing that you’re making a difference, and knowing that your actions are going to help people.”

Large-scale cyber attacks will continue to pose a substantial risk to companies, individuals and economies in 2022. Several factors contribute to this trend, and unfortunately, policies and technical responses have yet to reduce the frequency and impact of cyber attacks.

“There’s the cybersecurity threat and then there’s the real threat,” explains Kayne McGladrey, field chief information security officer (CISO) of compliance company Hyperproof, and senior member of the Institute of Electrical and Electronics Engineers (IEEE). “A cybersecurity threat is disruption, like when we saw the Russians invade Ukraine as part of their illegal war, they took down Viasat and not by attacking the satellites themselves, instead, they attacked the firmware of satellite modems on the ground.”

Are you a founder, CEO, leader, or salesperson in the cybersecurity industry? Are you looking to grow your sales and revenue faster? In this episode of the Cybersecurity Startup Revenue Podcast, we dive into one way to avoid having your deals stalled out.

👉 What risks can derail your software development and revenue growth?

👉 How can you optimize the role of a field CISO in your organization?

👉 Why is building trust and managing risk essential for successful sales cycles?

Our guest, Kayne McGladrey, a Field CISO at Hyperproof.io, brings his expertise and unique perspective as a CISO to discuss these critical topics and more. He shares his insights on the challenges faced by cybersecurity startups and how organizations can effectively communicate and address risk.

Don’t miss out on this valuable conversation that can help you navigate the cybersecurity landscape and accelerate your company’s growth. Tune in now to gain actionable strategies and hear from industry experts.