Author: Kayne

The biggest issue with prioritizing software fixes is that there’s often a disconnect between security controls and business risk outcomes, according to Kayne McGladrey, IEEE senior member and field CISO at Hyperproof, a security and risk company. That makes it harder to get executive support, he says. Code maintenance and dependency management aren’t sexy topics. Instead, executive interest tends to focus “on the financial or reputational repercussions of downtime,” McGladrey tells CSO.

“To address this problem, organizations should document and agree upon the business risks associated with both first-party and third-party code. Then they need to determine how much risk they’re willing to accept in areas like reputational damage, financial damage, or legal scrutiny. After there’s executive-level consensus, business owners of critical systems should work to identify and implement controls to reduce those risks,” McGladrey says.

An illuminating panel discussion, ‘Expert Predictions for 2024’, where seasoned experts delve into the future of cybersecurity. This dynamic discussion explores controversial key areas shaping the landscape in the coming year.

• Cyber Budgets Taking a Step Back

• Maturity in Vulnerability Management

• AI Effects on Cybersecurity Job Market

Experts provide valuable predictions and actionable insights to help you navigate the complex cybersecurity terrain of 2024.

Don’t miss the opportunity to stay ahead of the curve in a rapidly evolving digital world.

Keynote Panelists

• Michael Fulton, Vernovis, Chief Information Officer

• Warner Moore, Gamma Force, Founder & vCISO

• Joe Otten, Fifth Third Bank, Sr. Director, Information Security

“Realistically, the use of AI in cybersecurity will help to reduce the punishing cognitive load on tier one analysts in the security operation center,” said IEEE Senior Member Kayne McGladrey. “Rather than having to comb through a needlestack looking for a needle, AI promises to automate much of the correlation across vast amounts of data that humans struggle with.”

In the cybersecurity realm, AI promises to automate tasks burdening human analysts, as noted by IEEE Senior Member Kayne McGladrey.

Kayne McGladrey, (@kaynemcgladrey), senior IEEE member and field CISO at Hyperproof, which provides SaaS-based compliance and security operations solutions, says: “Developing an application modernization strategy requires careful assessment, planning and execution. First, you must understand your business goals and objectives. Only then can you create an aligned business and application roadmap.”

The primary emphasis of the new revision is that a ‘notification event’ now triggers the reporting process, described as any unauthorized acquisition of unencrypted customer information. This is a change from the earlier draft of the Rule, which used the term ‘security event’ to describe unauthorized system access or information misuse. This change may result in some confusion, unfortunately, described below.

Join us for an illuminating panel discussion, ‘Expert Predictions for 2024’, where seasoned experts delve into the future of cybersecurity. This dynamic discussion will explore controversial key areas shaping the landscape in the coming year.

– Microsoft Security Co-pilot Effects

– Cyber Budgets Taking a Step Back

– Impact of War Climate on Cybersecurity

– Maturity in Vulnerability Management

– AI Effects on Cybersecurity Job Market

Our panel of experts will provide valuable predictions and actionable insights to help you navigate the complex cybersecurity terrain of 2024. Don’t miss this opportunity to stay ahead of the curve in a rapidly evolving digital world.

Keynote Panel Moderator

Kayne McGladrey, Hyperproof, Field CISO

Keynote Panelists

Michael Fulton, Vernovis, Chief Information Officer

Warner Moore, Gamma Force, Founder & CEO

Joe Otten, Fifth Third Bank, Sr. Director, Information Security

In this episode, Aaron and Kayne McGladrey discuss:

Strategic alignment of cybersecurity with business risk

Navigating the changing landscape of cybersecurity

Empowering CISOs in the evolving landscape of cybersecurity

The challenges and opportunities of generative AI

Key Takeaways:

The key to a successful cybersecurity strategy lies in reframing it as a business imperative, focusing on aligning security efforts with business risks, engaging with cross-functional teams, proactively obtaining certifications, and leveraging control design expertise, ensuring a competitive advantage and effective risk management beyond mere compliance and technology concerns.In today’s dynamic cybersecurity landscape, CISOs must continually reassess their controls and their alignment with business risks, while also considering the personal liability they bear, making succession planning and strategic adaptability vital for maintaining effective security programs.The role of a CISO is crucial, yet often misunderstood; empowering and respecting CISOs’ authority is essential to effectively manage cyber risks and avoid potential disasters, as generic approaches and AI-driven risk registers fall short of addressing the unique challenges faced by businesses.In a world where cybersecurity threats are inevitable, the key lies in fostering resiliency rather than aiming for an unattainable zero-risk goal; while a lot are excited about the potential of education and automation, the lack of regulatory control over generative AI poses a daunting challenge, risking societal upheaval and economic unrest.

“If we don’t decide to manage the economic impacts of artificial intelligence, potentially a lot of industries could be at least partially automated. And that has the potential for a lot of social arm where people just don’t have jobs. And when you get people who are automated out of a job, what are they going to go do? They’re going to do something that everybody can do fine, but it doesn’t pay well. Like you end up going and driving for a living or doing deliveries for a living. And you end up with a highly educated workforce that is unhappy. That’s like a recipe right there for civil unrest.” — Kayne McGladrey

In this live episode of the Virtual CISO Happy Hour, our cybersecurity experts discuss the critical steps companies must take to navigate the complex landscape of data privacy. They discuss the importance of establishing regular data inventories and minimization efforts to ensure that only business-critical information is retained, thereby reducing the attack surface for threat actors.

The conversation shifts to the pitfalls of treating privacy audits as one-off events rather than ongoing processes. Our experts argue for the automation of data control operations and the continuous evaluation of their effectiveness, which is crucial for maintaining compliance and achieving certifications like ISO or SOC 2.

The episode also tackles the misconception of ‘cyber risk,’ advocating for a broader understanding of business risk and its real-world consequences. The discussion highlights the importance of aligning cybersecurity strategies with business KPIs and KRIs to effectively communicate the value of security measures to executives and boards.

Furthermore, they explore the role of CISOs in control design and effectiveness, emphasizing collaboration with CFOs to leverage their experience with regulatory compliance for more nuanced and effective control strategies. They also touch upon the significant cost savings that can be realized by reevaluating and updating corporate risk registers in response to changes in data storage and access patterns.

This episode is a must-listen for any professional involved in data privacy and cybersecurity, offering practical insights into making informed decisions that align with both security and business objectives.

“Employees across industries are finding new and innovative ways to perform their tasks at work faster,” says Kayne McGladrey, IEEE senior member and field CISO at Hyperproof. “However, this can lead to the sharing of confidential or regulated information unintentionally. For instance, if a physician sends personal health information to an AI tool to assist in drafting an insurance letter, they may be in violation of HIPAA regulations.” The problem is that many public AI platforms are continually trained based on their interactions with users. This means that if a user uploads company secrets to the AI, the AI will then know those secrets — and will spill them to the next person who asks about them. It’s not just public AIs that have this problem. An internal large language model that ingested sensitive company data might then provide that data to employees who shouldn’t be allowed to see it.

In the latest episode of The Cyber Security Recruiter podcast, I had an in-depth conversation with Thomas Richard about my 25-year journey in cybersecurity. From my unlikely beginnings in theater arts to my current role as the field CISO at Hyperproof, this conversation covers a wide array of subjects. We delve into the importance of implementing effective security controls and critique the industry’s heavy reliance on certifications. Thomas and I agree that while certifications can serve as useful benchmarks, their increasing prominence risks creating an exclusionary environment that could perpetuate a perceived “skills gap.” The episode covers not just technical matters but also broader philosophies and strategies that are essential for building a resilient cybersecurity posture