Similar Posts

4 Cybersecurity Best Practices for Electrical Engineers

ByKayne

Much of the media focus has been on the financial damage from supply chain breaches, the nation-state actors behind the breaches, and the ill-defined “supply chain” itself. But surprisingly, despite the overheated media coverage, most electrical engineering (EE) firms are not the targets of a bear, kitten, or panda, which are frequently cited as advanced persistent threat groups behind the attacks. Most EE firms are targeted by threat actors of opportunity because they have two necessary ingredients: people and computers. This article lays out four best practices for individual EEs to help protect their firms.

Critical Infrastructure Requires Modernization

ByKayne

“The monetization and weaponization of digital threats was comparably new when the critical infrastructure components that manage our modern world were being designed for reliability a decade or two ago,” said IEEE Senior Member Kayne McGladrey. McGladrey says that it’s time consuming to patch security flaws in many of these older components, some of which were designed to run uninterrupted for decades.

What Are the Implications of Meltdown and Spectre for IoT?

ByKayne

“Patching is a reactive strategy, and there are a couple of challenges that have led us to the current situation. One of those challenges is that the market has rewarded companies that develop and produce products rapidly, and the market has shown a willingness to accept post-release patching as an acceptable trade-off. As a result, developers and architects are rewarded by their employers for producing code and architecture very quickly with less thought given to cybersecurity.

“The other significant challenge is that the cybersecurity community is generally homogenous. We have a diversity problem when just 11% of women work in cybersecurity. This lack of diversity in backgrounds and life experiences has influenced the analytic methodologies that are used to evaluate potential security issues with products. This lack of diversity of thought has led to the unfortunate set of expectations that breaches are inevitable, and this situation will continue until the cybersecurity industry does a better job of including diverse voices and opinions in the global conversation about security.”

System and Communications Protection | Drafting Compliance Ep. 23

ByKayne

Kayne and Tom talk about the System and Communications Protection family of FedRAMP Rev5 controls. Learn about the “catch all” approach to this control family and some challenges faced to implementation. Tom and Kayne try a stout for the first time on the show, and Kayne seems to group it with all the other beers. As always, the faces he makes are impressive.

How to Operationalize Your Risk Assessments at Data Connectors Dallas

ByKayne

Thursday, May 16, 2024

Risk assessments have moved beyond a check-the-box approach, especially with the SEC’s new disclosure requirements. Join us for our session, How to Operationalize Your Risk Assessment Process, to get practical guidance on navigating the complexities of risk assessments to drive tangible business outcomes. Kayne McGladrey, Field CISO at Hyperproof, will navigate through the essential steps required to operationalize risk assessments effectively within diverse organizational structures. From conceptualization to execution, participants will gain actionable insights into crafting and implementing tailored risk assessment strategies tailored to their unique organizational contexts.