Cybersecurity presentation to veterans in Seattle

Video interview with Kayne McGladrey, field CISO of Hyperproof and Chris Denbigh-White, CSO of NextDLP, about the value of automating routine evidence collection and testing as part of ongoing compliance operations.

[01:23] What are the most pressing Cyber threats to businesses?

[03:30] Why is diversity, and hiring more women, so important for Cybersecurity?

[07:54] Why do cybercriminals go after our data?

[24:11] With cybercriminals spoofing GPS signals, how concerned should we be about them redirecting self-driving cars?

[25:21] What’s next in Cybersecurity and Cybercrime?

Note that this supposes a certain degree of human interaction with the AI to make judgment calls about whether an unusual behavior is appropriate. My home AI doesn’t have the authority to tell me that my lights shouldn’t talk to my speakers. Instead, it needs my approval, given a default deny policy. This is a good thing, as I’m a compensating control against black swan events or an IoT threat actor training my AI on bad data.

“Employees across industries are finding new and innovative ways to perform their tasks at work faster,” says Kayne McGladrey, IEEE senior member and field CISO at Hyperproof. “However, this can lead to the sharing of confidential or regulated information unintentionally. For instance, if a physician sends personal health information to an AI tool to assist in drafting an insurance letter, they may be in violation of HIPAA regulations.” The problem is that many public AI platforms are continually trained based on their interactions with users. This means that if a user uploads company secrets to the AI, the AI will then know those secrets — and will spill them to the next person who asks about them. It’s not just public AIs that have this problem. An internal large language model that ingested sensitive company data might then provide that data to employees who shouldn’t be allowed to see it.

In this YouTube video, Scott Schober interviews Kayne McGladrey, Field CISO for Hyperproof about cybersecurity and the challenges faced by CISOs. Kayne discusses the importance of aligning cybersecurity risk with business risk and the need for CISOs to be more involved with board-level decision making. He also talks about his work at Hyperproof to automate compliance and security operations, making it easier for teams to focus on creative problem solving and strategy.

Cybersecurity risk management exists to help businesses make informed decisions when allocating their limited resources. Although there are several ways of measuring risks and several more risk frameworks, there is no “right” way to conduct risk management other than consistency. Provided that a business documents, discusses, and acts on risk data, the supporting technologies and formulas are not particularly relevant to business leaders or board members.