Radio interview on KRLD-AM

“To protect their personal data, consumers can take several practical steps to remove their information from data broker websites and opt-out of marketing. First, they should identify where their data is held by searching major data broker sites, public records, and credit reports. Once identified, consumers can use the “Opt Out” or “Remove My Data” links provided on these websites to submit removal requests, ensuring they confirm their identity and track the progress.

Additionally, they should familiarize themselves with regulations like the California Consumer Privacy Act (CCPA), which allows them to request the deletion of their personal data and opt-out of its sale. Consumers can also use online tools and services designed to automate the opt-out process from marketing lists and data brokers.

“Effective defense in depth is not just shiny overlapping technical controls,” said Director of IT and Security Kayne McGladrey. “Rather, it’s the combination of culture, documented and tested processes, policies, and technical controls. For example, an organization with a policy of least privilege, a process for approving account privileges, and a process for auditing and harvesting unused privileges does not need multiple technical controls to implement the desired outcome.” It’s best to start with policy and then enact that in culture, where feasible.

The privacy risks associated with agentic AI are orders of magnitude greater than those we encounter today.

“Agentic AI requires comprehensive data integration that’s fundamentally different from today’s siloed approach, meaning the risk multiplies instead of simply adding up,” IEEE Senior Member Kayne McGladrey said.

The team at Aurora IT interviewed me for a feature-length podcast on cybersecurity. Listen to hear about third-party attacker tactics, managing cyber risk, multi-factor authentication, and why a lack of diversity is a threat to public safety.

This article covers high-level information that cloud service providers (CSPs) need to know to prepare for their transition to FedRAMP Rev. 5, as documented in the “FedRAMP Baselines Rev. 5 Transition Guide.”

Kayne McGladrey (@kaynemcgladrey), security architect/strategy and GRC practice lead at Ascent Solutions, recommends following the Cybersecurity Maturity Model Certification 2.0, which was developed by the U.S. Department of Defense. It offers a framework that incorporates “Zero Trust tenets that will help companies maintain regulatory compliance and ensure that data are adequately protected against evolving threats from nation states and advanced persistent threats,” he says.