Similar Posts
InfoSec Pros On the Road: Brenda Bernal, VP, Product Security and Compliance at Digicert
ByKayne
In this episode of InfoSec Pros On the Road at RSA 2024, I had the pleasure of interviewing Brenda Bernal, VP of Product Security and Compliance at Digicert. It was a great opportunity to finally meet Brenda in person after numerous Zoom calls. We discussed various topics, starting with the advancements in AI governance and the key risks organizations should focus on, including data privacy, security, and third-party risk management.
Brenda shared her insights on integrating AI into existing control frameworks and the importance of sustainability and adaptability in AI governance. She emphasized the need for transparency in AI implementations and how it parallels the evolution of ESG reporting.
We also explored the benefits of automation in GRC processes, drawing from Brenda’s experience as an external auditor and her current work with platforms like Hyperproof. The discussion highlighted the significant time savings and improved risk management that automation brings to compliance efforts.
IEEE Cybersecurity Expert Discusses New Scams and Ways to Thwart Them
ByKayne
Another way to thwart cyberattacks is to increase the number of cybersecurity experts, McGladrey says. According to the 2017 cybercrime report from the Herjavec Group, cybersecurity firms estimate such crimes are going to cost about $6 trillion annually by 2021. Companies are experiencing shortages in qualified applicants for cybersecurity jobs. The U.S. Department of Commerce estimates there are now about 350,000 unfilled positions, and that number is only going to increase. McGladrey says.
What Are the Implications of Meltdown and Spectre for IoT?
ByKayne
“Patching is a reactive strategy, and there are a couple of challenges that have led us to the current situation. One of those challenges is that the market has rewarded companies that develop and produce products rapidly, and the market has shown a willingness to accept post-release patching as an acceptable trade-off. As a result, developers and architects are rewarded by their employers for producing code and architecture very quickly with less thought given to cybersecurity.
“The other significant challenge is that the cybersecurity community is generally homogenous. We have a diversity problem when just 11% of women work in cybersecurity. This lack of diversity in backgrounds and life experiences has influenced the analytic methodologies that are used to evaluate potential security issues with products. This lack of diversity of thought has led to the unfortunate set of expectations that breaches are inevitable, and this situation will continue until the cybersecurity industry does a better job of including diverse voices and opinions in the global conversation about security.”
Live from HyperConnect 2023 | Drafting Compliance Ep. 21
ByKayne
Recorded live in Austin, Texas, Kayne and Tom discuss supply chain risk under FedRAMP. They also try a local beer, live on stage, from HyperConnect 2023.
Podcast: The Truth Behind Automating Compliance Controls
ByKayne
In this episode of the EM360 Podcast, Analyst Richard Stiennon speaks to Kayne McGladrey, Field CISO at Hyperproof to explore: Automating compliance controls vs SOAR automation, Helping CISOs, and if one master set of controls cover multiple frameworks
Ask questions about Internet-connected toys
ByKayne
Experts say that smart toys are particularly vulnerable to cyber attacks. Kayne McGladrey, a member of the Institute of Electrical and Electronics Engineers, said their desire to keep toy prices low means manufacturers have little incentive to add reasonable security mechanisms.