The Ultimate Cyber Conversation with the CyberHub Engage Podcast

Keeping an organization secure is every employee’s job. Instead of the obligatory employee training, Director of Security & IT for Pensar Development Kayne McGladrey recommends continuous engagement with the end-user community. “Provide opportunities and instrumentation to demonstrate policy violations rather than lecture at people.” Examples include leaving a USB data stick in a break room or using phishing tools to falsify emails from known employees that seem suspicious. “This helps educate and creates healthy suspicion,” said McGladrey.

“Human resources, in a lot of organizations, has become a regulatory control function and inhibits hiring because of its focus on certifications,” McGladrey says. This is partly why it’s difficult for blue teamers to jump to the red team, a process that “looks to be an insurmountable and very difficult series of certifications,” he points out.

In the realm of cybersecurity, early-career professionals often prioritize the development and demonstration of technical prowess. However, as someone with nearly three decades of experience in cybersecurity leadership roles, I firmly assert that interpersonal skills wield a profound influence over one’s career trajectory. Unlike certifications and degrees, which may lose relevance over time, interpersonal skills persist and can be cultivated through deliberate practice. This article sheds light on these often-overlooked attributes, providing a holistic perspective on what it takes to excel in cybersecurity beyond technical acumen.

While data privacy is becoming more regulated every year, it is still a matter that, today, largely comes down to trust, said Kayne McGladrey, a cybersecurity strategist at Ascent Solutions. As the backlash in the wake of the Cambridge Analytica scandal shows, what people expect from the companies they do business with is just as important as the laws that govern the use of their data.

“Today’s data privacy is primarily concerned with the processing of personal data based on laws, regulations, and social norms,” McGladrey said. “Often this is represented by a consumer ignoring an incomprehensible privacy policy (that would take nearly 20 minutes to read) before clicking a button to acknowledge their consent to that policy. Their acceptance of the policy allows the organization to handle their data in documented ways, such as using it to show them targeted advertising based on their inferred interests. However, if that organization sold those personal data to another organization to do something unexpected (like using it to suppress protected free speech) without the consumer’s consent, that would be a breach of privacy, either by regulatory control or by a violation of social norms.”

The workforce of tomorrow still will be technically savvy, well-versed in machine learning and data science. Advanced machine learning skills will be important, but Kayne McGladrey (@kaynemcgladrey), Director of Security and Information Technology at Pensar Development, recommended that those looking for future employment also consider learning a programming language.

“The intent here is not to master it,” McGladrey explained, “but rather to gain an understanding and appreciation of how things work from the inside out. Employers are also looking for career stability so that they can invest in their people, so don’t hop from company to company on an annual basis.”