Author: Kayne

“Employees across industries are finding new and innovative ways to perform their tasks at work faster,” says Kayne McGladrey, IEEE senior member and field CISO at Hyperproof. “However, this can lead to the sharing of confidential or regulated information unintentionally. For instance, if a physician sends personal health information to an AI tool to assist in drafting an insurance letter, they may be in violation of HIPAA regulations.” The problem is that many public AI platforms are continually trained based on their interactions with users. This means that if a user uploads company secrets to the AI, the AI will then know those secrets — and will spill them to the next person who asks about them. It’s not just public AIs that have this problem. An internal large language model that ingested sensitive company data might then provide that data to employees who shouldn’t be allowed to see it.

In the latest episode of The Cyber Security Recruiter podcast, I had an in-depth conversation with Thomas Richard about my 25-year journey in cybersecurity. From my unlikely beginnings in theater arts to my current role as the field CISO at Hyperproof, this conversation covers a wide array of subjects. We delve into the importance of implementing effective security controls and critique the industry’s heavy reliance on certifications. Thomas and I agree that while certifications can serve as useful benchmarks, their increasing prominence risks creating an exclusionary environment that could perpetuate a perceived “skills gap.” The episode covers not just technical matters but also broader philosophies and strategies that are essential for building a resilient cybersecurity posture

CIOs should collaborate closely with CISOs to evaluate which zero trust controls will offer the most significant mitigation of agreed-upon business risks. Once specific controls are implemented, they can be centralized and reused across the various compliance standards like SOC 2 Type 2, ISO 27001, and PCI, delivering greater flexibility. “The key lies in the deliberate selection of zero trust controls aimed at reducing specific business risks while potentially streamlining existing compliance efforts,” explains Kayne McGladrey (@kaynemcgladrey), field CISO at Hyperproof and senior IEEE member.

“We can audit software code, manually or automatically, for privacy defects,” said IEEE Senior Member Kayne McGladrey. “Similarly, we can audit software code for security defects. We cannot currently audit software code for ethical defects or bias, and much of the coming regulation is going to screen the outcomes of AI models for discriminatory outcomes.”

As CISOs make plans to secure operating budgets for the new financial year, they face the age-old challenge of convincing stakeholders, who often see cybersecurity and privacy as a cost center, to invest in this area. It’s time to change the narrative. Discover how to drive more productive conversations about cybersecurity as a strategic growth enabler. Take home actionable ideas for proactively managing controls and risks, increasing efficiency and reducing costs.

Learning Objectives:

Apply techniques and strategies needed to shift the perception of cybersecurity and privacy from cost centers to strategic growth enablers within the organization.

Employ methods for applying proactive control management and risk mitigation methods to enhance an organization’s cybersecurity posture and minimize potential threats.

Identify opportunities for efficiency gains and cost reductions in cybersecurity initiatives, in order to make impactful budgetary decisions for the coming year.

By asking the right questions and implementing appropriate controls according to a defined standard, state and local agencies can go a long way toward improving security. “If you’re compliant with PCI, it really does reduce the likelihood of data breaches and the reputational damage associated with that,” says Kayne McGladrey, IEEE Senior Member and field CISO at compliance management platform Hyperproof.

“There’s the cybersecurity threat and then there’s the real threat,” explains Kayne McGladrey, field chief information security officer (CISO) of compliance company Hyperproof, and senior member of the Institute of Electrical and Electronics Engineers (IEEE). “A cybersecurity threat is disruption, like when we saw the Russians invade Ukraine as part of their illegal war, they took down Viasat and not by attacking the satellites themselves, instead, they attacked the firmware of satellite modems on the ground.”

This article covers high-level information that cloud service providers (CSPs) need to know to prepare for their transition to FedRAMP Rev. 5, as documented in the “FedRAMP Baselines Rev. 5 Transition Guide.”

Kayne and Tom talk with Matt Fryer about the cost structures and strategies associated with a Cloud Service Provider (CSP) FedRAMP project. Matt brings a well established perspective and helps understand the challenges of the increased controls focus apparent with FedRAMP. Plus, they try Modelo Especial, a Mexican lager.

Are you a founder, CEO, leader, or salesperson in the cybersecurity industry? Are you looking to grow your sales and revenue faster? In this episode of the Cybersecurity Startup Revenue Podcast, we dive into one way to avoid having your deals stalled out.

👉 What risks can derail your software development and revenue growth?

👉 How can you optimize the role of a field CISO in your organization?

👉 Why is building trust and managing risk essential for successful sales cycles?

Our guest, Kayne McGladrey, a Field CISO at Hyperproof.io, brings his expertise and unique perspective as a CISO to discuss these critical topics and more. He shares his insights on the challenges faced by cybersecurity startups and how organizations can effectively communicate and address risk.

Don’t miss out on this valuable conversation that can help you navigate the cybersecurity landscape and accelerate your company’s growth. Tune in now to gain actionable strategies and hear from industry experts.

When CISOs work with go-to-market teams, cybersecurity transforms from a mere cost center into a valuable business function. This change is crucial in B2B interactions where robust cybersecurity controls offer a competitive advantage. A centralized inventory of cybersecurity controls, grounded in current and past contracts, helps businesses gauge the financial impact of these partnerships. This inventory also identifies unnecessary or redundant controls, offering an opportunity for cost reduction and operational streamlining. By updating this centralized list after the termination of contracts, the business can further optimize both its security posture and operational costs. This integrated strategy empowers the business to make well-informed, data-driven decisions that enhance profitability while maintaining robust security controls.

Kayne and Tom talk about the FedRAMP Rev4 to Rev5 transition. Learn about key control changes, the shell game that is Rev5 and obviously, the unique flavor profile of a new beer.