InfoSec Pros: Carmen Marsh and Confidence Staveley

The focus has been on knowing where the crown jewels sit and protecting that space. CSHub Executive Board Member and IEEE Public Visibility Initiative spokesperson Kayne McGladrey notes, “if you don’t know where your data live, you can’t apply any effective policies around access controls or do any meaningful incident response or do any meaningful security awareness.”

To get a sober assessment, we invited Pensar CISO and IEEE member Kayne McGladrey, CISSP into the studio to talk about the variety of risks that remote working introduces. There are some new risks that companies need to account for: from remote access bottlenecks to prying eyes in insecure home offices to insecure home workstations.

“Have a KPI about value that came out of your threat intelligence feed. Did it actually cause you to do something differently? Were your analysts able to act on this, or was it just another thing that they had to go look at? Because when you think of time as being our chief enemy, if it’s sucking time and not producing value, why do you keep it? It’s a data feed, ultimately. At the end of the day, you have to contextualize it in terms of your organization. Threat actors tend to vary in terms of behavior in their TTPs. And consequently, you need to really tailor your threat intelligence. And if you’re not getting that tailored information, drop it.”

“Compliance with regulatory standards and industry-specific guidelines for product security is an indispensable part of cybersecurity. In an age where malicious AI poses a significant threat, how do organizations ensure their product security strategies are not just effective, but also fully compliant? As a part of this series, I had the pleasure of interviewing Kayne McGladrey.”

“Out of all the CISO’s and security leaders I’ve spoken with over the last three months, the main theme of 2023 is going to be ‘the year of risk,’ and a lot of that risk we’re talking about at this level is regulatory,” said Kayne McGladrey, Field CISO at Hyperproof.

Communications are critical for an organization when an incident occurs. Leadership must effectively share information with the workforce. For some organizations, this requires enacting the critical communications plan that has been drilled. For others, an incident is a disruption to the normal course of business, which is where business continuity planning demonstrates its value to the organization.