Kayne – Page 28 – Kayne McGladrey

‘It Comes Back To You’: Evaluating Third-Party Cyber Risk Management

ByKayne February 7, 2018

Expanding on this, national cyber security expert and the Director of Information Security Services at Integral Partners, Kayne McGladrey, told the Cyber Security Hub that, “If you’re breached by a third party, nobody cares that it’s the third party’s fault. It comes back to you.”

He continued: “It’s your fault for not having adequate controls. And the single easiest third-party control is around onboarding and off-boarding third-party accounts.”

Even if you’re rotating passwords, monitoring privileged access, auditing, etc., McGladrey said you must know, empirically, who’s accessing your network.

Blog

Welcoming the robo-nannies

ByKayne January 31, 2018

“Things that were unthinkable 10 years ago are being accepted as commonplace. And that trend will continue.”

Blog

Why everyone should consider a career in cybersecurity

ByKayne January 25, 2018

Cybersecurity roles support the public good, and help individuals, families and companies stay safe online. People working in cybersecurity are part of supportive teams with great colleagues. Teachers and parents were also cited as inspirational figures for getting involved in technology.

Blog

What Are the Implications of Meltdown and Spectre for IoT?

ByKayne January 17, 2018

“Patching is a reactive strategy, and there are a couple of challenges that have led us to the current situation. One of those challenges is that the market has rewarded companies that develop and produce products rapidly, and the market has shown a willingness to accept post-release patching as an acceptable trade-off. As a result, developers and architects are rewarded by their employers for producing code and architecture very quickly with less thought given to cybersecurity.

“The other significant challenge is that the cybersecurity community is generally homogenous. We have a diversity problem when just 11% of women work in cybersecurity. This lack of diversity in backgrounds and life experiences has influenced the analytic methodologies that are used to evaluate potential security issues with products. This lack of diversity of thought has led to the unfortunate set of expectations that breaches are inevitable, and this situation will continue until the cybersecurity industry does a better job of including diverse voices and opinions in the global conversation about security.”

Blog

Include Cybersecurity

ByKayne January 12, 2018

With between 1.8 and 5.5 million cybersecurity jobs that are likely to go unfilled by 2021, the cybersecurity industry needs to encourage people who have not previously considered these jobs to include cybersecurity in their job options. The world does not need another whitepaper about the lack of diversity of race, gender, and orientation in cybersecurity.

Blog

How to Adopt a Human-Centric Approach to Security

ByKayne January 11, 2018

“Organizations should focus on defining a least-privilege security model for each permanent or temporary role a user may inhabit, and then apply those roles to every device, server, and service that an individual may interact with over the course of each day,” says Kayne McGladrey (@kaynemcgladrey), Director of Information Security Services at Integral Partners.

“Organizations need to move past the quaint but antiquated concept of a network perimeter and recognize that the only measurable unit of security is the individual. Individuals include employees, project team members, contractors, third-party service providers, customers, prospects, and guests at a minimum. “

Blog

ISSA International Article of the Year for 2017: Lessons about Cloud Security from 1980s Horror Movies

ByKayne January 8, 2018

Lessons about Cloud Security from 1980s Horror Movies | Kayne McGladrey – ISSA member, Puget Sound Chapter

Blog

Four Critical Cybersecurity Predictions for 2018

ByKayne December 27, 2017

One fact will hold true in 2018, no matter what organizations do: cybercriminals will continue to reinvest their profits into building sustainable but illegal businesses. The underlying economics of cybercrime continue to give massive financial incentives to the attackers. Organizations should retaliate by adopting a “keeping up with the Joneses” mentality so that they’re always slightly more secure than organizations in the same market or vertical.

Blog

Three cybersecurity predictions for 2018, according to Twitter

ByKayne December 18, 2017

On December 12th, I moderated the #securityinsiderchat on Twitter, where more than twenty cybersecurity experts gathered to discuss their predictions for 2018. It’s always a pleasure and a privilege to learn from a diverse gathering of people and to read their ideas over the course of nearly 300 tweets. Plus, it’s an excellent opportunity to post animated cat gifs in the context of work.

Blog

Smartphones and Cybersecurity: How to avoid security issues to Keep your Mobile devices safer

ByKayne December 5, 2017

The team at Smartphone Evolution had a long-form interview with me to discuss mobile device security, multi-factor authentication, and the IoT.

Blog

How An Identity and Access Management Program Saved a Retailer $100k+ In Fraud Annually

ByKayne November 20, 2017

Gartner estimates that 63% of all IAM products will be thrown out in the next two years as the ‘requirements have changed’ since the date of original purchase. The challenge for new and existing IAM programs is to establish and maintain a strong justification for the program’s continued existence. One retail client recognized this potential risk to their IAM program and took a novel approach to clearly illustrating the benefits of an IAM program.

Blog

3 Tips to Reduce Cybersecurity Gaps

ByKayne November 3, 2017

“Organizations should focus first on protecting heartbeat user identities with strong identity governance, multifactor authentication and privileged command escalation roles,” says Kayne McGladrey (@kaynemcgladrey), director of information security services at Integral Partners.“Nonheartbeat users, such as service accounts and shared accounts, require protection levels that include vaulting and automatic password rotation, on a defined schedule.”