4 Stakeholders Critical to Addressing the Cybersecurity Workforce Gap

In 2010, the Center for Strategic and International Studies (CSIS) published the report “A Human Capital Crisis in Cybersecurity,” which noted “there are about 1,000 security people in the US who have the specialized security skills to operate effectively in cyberspace. We need 10,000 to 30,000.” Twelve years later, the Cyberspace Solarium Commission 2.0 Workforce Development Agenda for the National Cyber Director observed that “in the United States, there are almost 600,000 open cybersecurity jobs across the private sector and federal, state, and local governments — a remarkable gap considering that the field currently employs just over a million professionals.” This is not an encouraging trend.

What Thoma Bravo’s latest acquisition reveals about identity management

Identity management of users and devices is key for CISOs to manage the risks associated with unauthorized access to sensitive data and systems, according to Kayne McGladrey, Field CISO at Hyperproof and IEEE senior member. “From a control operations standpoint, the two most important capabilities are the ability to validate a user’s behavior when it deviates from the norm, and the ability to quickly de-provision access when it is no longer needed,’’ McGladrey told VentureBeat.

For example, if a user regularly logs in from Washington State using their Windows-powered computer to access a single program, there’s little reason to prompt them for a second authentication factor, he said. “But when the device changes, perhaps a new Mac computer that’s not configured correctly, or their location suddenly changes to Australia, they should be prompted for multifactor authentication as part of identity validation before being allowed to access those data,” McGladrey said. When a user leaves an organization, their identity access should be rapidly revoked across all platforms and devices. Otherwise, organizations run the risk of a threat actor using the older access and credentials, McGladrey added.

Banks can leverage automation, regulation for cyberattack prevention

Financial institutions can avoid becoming the next victim of a costly cyberattack by leveraging automation and existing legislation. Automation can help to mitigate risk when handling personal client information by storing records efficiently and securely, Kayne McGladrey, field chief information security officer at Hyperproof, told Bank Automation News. “If you don’t automate, that has a cost, because now people are spending their time doing control testing,” he said. “The organizations that recognize that are going to probably spend a lot less time on compliance and have a happier team, because they’re not doing routine stuff that they should have automated.”

Noberus Amps Its Tactics: How IT Leaders Can Keep Up with Evolving Ransomware

The updates to Noberus are concerning but expected. “This is the new normal. Criminal groups will continue to reinvest part of their profits in research and development to drive the innovation cycle of development and distribution of their unwanted products,” says Kayne McGladrey, field CISO at Hyperproof.

The tools and strategies schools need for ransomware defense

Schools also contend with risk born of constant user shifts in the student population. This puts schools in an unusual and unenviable position, Kayne McGladrey, field CISO at Hyperproof, said via email. “Being able to apply real-time policies based on user and device behavior via zero-trust networking becomes critical in this environment,” McGladrey said. Absent these tools, strategies and adequate staff, schools will remain a frequent target for cybercriminals. They could also, at the very least, give schools the confidence needed to refuse ransom demands.

Is there an expiry date for connected vehicle software support?

Another issue associated with connected vehicles is around the data they collect and transmit. ”We have seen nation states that want to conduct surveillance, whether on their own domestic population or on foreign populations, use telemetry from hotels, airports, and rental car carriers to determine where individuals are moving,” notes McGladrey. “If it is possible for a dedicated adversary to subvert that communications channel—either directly with a vehicle or by gaining a foothold inside of some telemetry aggregator service, probably the manufacturer—all of a sudden they can know where people are going within in a few feet. If you can associate a user’s identity with their vehicle or location, you have a high degree of fidelity to conduct attacks.”

Why a Hybrid Workplace Increases the Need to Modernize Your Data-Protection Strategy

To reduce the risks of an accidental or intentional cybersecurity incident, companies must deploy an effective data loss prevention and associated data retention strategy across endpoints and data storage locations, including cloud services, noted Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions LLC.

“Many data breaches would have been less extensive and severe if organizations had automated data disposition schedules, as threat actors cannot steal what companies are not storing,” he continued. “Data covered by one or more regulatory or statutory requirements should be automatically labeled where possible so that controls (like encryption) follow the data regardless of storage location.”

The CISO Experience

Save the date for a very special “The CISO Experience” hosted by myself with our star guest Kayne McGladrey taking a Macro Economic view of the industry. Kayne McGladrey, CISSP is the cybersecurity strategist for Ascent Solutions and a senior member of the @IEEE. He has over two decades of experience in cybersecurity and has served as a CISO and advisory board member, and focuses on the policy, social, and economic effects of cybersecurity lapses to individuals, companies, and the nation.

Very honoured to have Kayne as a speaker where we will be discussing a variety of topics including:

  • Industry hiring practises

  • Gatekeeping

  • Burnout

  • Followed by a LIVE Q and A for the audience to participate

Cybersecurity hiring remains red-hot—the industry to surpass $400 billion market size by 2027

“As a result, those companies with solutions and products in the cybersecurity industry are heavily reinvesting their profits into research and development of artificial intelligence-based solutions intended to automatically detect and remediate actions from these increasingly well-funded adversaries,” McGladrey tells Fortune. “This cycle will continue so long as it remains profitable for cybercrime actors, barring remarkable changes in how companies prioritize and address their cyber risks.”