Radio Interview – KRLD-AM

ByKayne May 10, 2017

Tune in to KRLD-AM Dalls at 1 PM Eastern for a live interview about the intersection of cyber security, healthcare, and the Internet of Things.

Blog
How to Make Data More Accessible at All Levels With Access Controls and Strong Governance
ByKayne December 3, 2018
What’s needed is “an effective provisioning and de-provisioning system that defines rules for what users can do with data and provides quick auditing of who granted access to the data. There needs to be training around the approval process for granting and revoking access to data; otherwise, organizations risk compliance fatigue and start rubber-stamping all the access requests.”
Read More How to Make Data More Accessible at All Levels With Access Controls and Strong Governance
Blog
Third-Party Risk Management and Risk Concentration in AI: Insights from Black Hat 2025
ByKayne September 19, 2025
When third-party AI vendors experience security breaches or compliance violations, the impact cascades through their supply chain and customers. A single vendor incident can compromise dozens of organizations simultaneously. The interconnected nature of AI supply chains means vulnerabilities propagate through multiple ecosystem layers.
Read More Third-Party Risk Management and Risk Concentration in AI: Insights from Black Hat 2025
Blog
Open Source Mindset Bolsters Hybrid Cloud Strategies
ByKayne November 13, 2020
Linux continues to be a popular deployment choice for new virtual machines on Azure. “Organizations moving legacy on-premises Linux servers to the cloud can quickly gain the benefits of robust disaster recovery and security without needing to change platforms or applications”
Read More Open Source Mindset Bolsters Hybrid Cloud Strategies
Blog
3 Tips To Thwart Insider Attacks: An Essential Guide For Summer Travels
ByKayne June 25, 2018
Dos And Dont’s For Privileged Accounts
Read More 3 Tips To Thwart Insider Attacks: An Essential Guide For Summer Travels
Blog
Hack Me If You Can
ByKayne February 22, 2023
A hacker can say that an institution has 90 days to fix a vulnerability before publicly divulging the secret, and for the vulnerable bank or credit union, that might come off as extortion or a threat. However, it is well within the boundaries of normal security research to do that, according to Kayne McGladrey, Field CISO for the security and compliance company Hyperproof.
“If the company doesn’t respond in a timely manner, that’s where you can get vulnerability disclosures after a reasonable period of time, like 90 or 120 days, or 180 days, depending on which philosophy the researcher subscribes to,” McGladrey said. “That’s all well within the ethical boundaries of a normal security researcher.”
The key difference between an ethical and unethical hacker — between extortion and responsible disclosure — is what the hacker does with the vulnerability.
“I think it’s very possible to say you can prove you can use this vulnerability — maybe it’s to steal a whole bunch of credit card information — without actually doing it,” McGladrey said. “You just show that you can.
Read More Hack Me If You Can
Blog
Interview on Cheddar TV
ByKayne July 19, 2017
Skip to 1:10:00 for my live interview on Cheddar about Generation AI
Read More Interview on Cheddar TV

Similar Posts