On The Hook Eps 9 w/ Kayne McGladrey – CISO Mansion of Madness

IEEE Senior Member, Kayne McGladrey said that “AI-generated phishing removes all the traditional warning signs that training programs teach people to look for.” Typical training tells people to watch for bad grammar, weird formatting or implausible scenarios. “However, AI can now create emails that are grammatically perfect, properly formatted and believable. It can even personalize attacks using information scraped from social media or data breaches.”

AI can also help improve retention rates by making entry-level cybersecurity jobs “less dull,” says Kayne McGladrey, CISO and CIO of Pensar and a member of the IEEE. “We get people out of school, and they are excited to be on the team. Then, on their first day, they’re handed a checklist: here’s the things you will do and the order in which you will do them.”

At issue is whether the incident led to significant risk to the organization and its shareholders. If so, it’s defined as material and must be reported within four days of this determination being made (not its initial discovery). “Materiality extends beyond quantitative losses, such as direct financial impacts, to include qualitative aspects, like reputational damage and operational disruptions,” he says. McGladrey says the SEC’s materiality guidance underscores the importance of investor protection in relation to cybersecurity events and, if in doubt, the safest path is reporting. “If a disclosure is uncertain, erring on the side of transparency safeguards shareholders,” he tells CSO.

“Make the security guardrails as invisible as possible to your end users and ensure that organizational change management is part of your planning for rollout,” says Kayne McGladrey, security architect, strategy and GRC practice lead at Ascent Solutions LLC. “This increases adoption of new collaboration technologies by ensuring that users are aware that the solution exists and understand that it’s easy to use. End users won’t use a solution specifically because it’s secure; rather, they’ll adopt it if it meets their needs easily and quickly.”

Kayne and Tom talk with Joe Evangelisto from Tango Analytics about the interesting and stressful scenario where his 3PAO lost its accreditation. Of course Kayne tackles yet another beer that elicited a memorable response.