Podcast Episode 179: CISO Eye on the Virus Guy – Assessing COVID’s Cyber Risks

To get a sober assessment, we invited Pensar CISO and IEEE member Kayne McGladrey, CISSP into the studio to talk about the variety of risks that remote working introduces. There are some new risks that companies need to account for: from remote access bottlenecks to prying eyes in insecure home offices to insecure home workstations.

Design Flaws In Cyber Security Reports And Related CISO Sleep Patterns

Like many CISOs, I don’t sleep much; in my case, getting by on five to six hours of sleep a night is hereditary. Although the tracker collected detailed telemetry, the app only provided comparative reports against other people. Despite my experience, the app alarmingly claimed I’d been having terrible problems sleeping for weeks in a row.

Producing highly accurate reports without individual customization is a consistent design flaw of many cyber security solutions available today.

How Secure Is Your Home Wi-Fi?

When it comes to modern technology, everything is a compromise between convenience and security. Everyone wants fast access to the internet, which is why Wi-Fi is everywhere. But how secure is your home Wi-Fi router? What can you do to protect your network? Something you rarely hear these days is that as long as you follow a few common-sense and easily implemented best practices, you probably have very little to worry about.

Market Report: Decreasing Risk Through Enterprise Compliance

Compliance is often viewed as a reaction for organizations. The auditing of compliance becomes the event that is anticipated with resources and preparation aligned to culminate in the audit itself. A famous approach used in product development is that launch is a process, not an event. The spirit of that message is important for security leaders to consider in building a sustainable business case for compliance. Compliance should be viewed as a continuous, organizational process.

Should You Be Worried About Airport Cybersecurity Threats?

Navigating and traveling through an airport can be stressful. Trying to get through security while searching for a boarding pass and assessing whether there’s enough time to jump on that long line for a desperately needed cup of coffee is a universal experience. With all of that juggling going on, the last thing on your mind are the cybersecurity threats that you might encounter at the airport along the way. Luckily, cybersecurity experts have already put into place a variety of technologies to protect us and keep our cyber lives safe while we travel. So take a deep breath and focus on getting to your seat in a timely manner instead.

Beat common types of cyberfraud with security awareness

Fraud isn’t new, but the internet has provided hackers with the capabilities to easily use the threat vector to trick employees into providing access to their enterprises. Cyberfraud attacks, often distributed via phishing or spear-phishing campaigns, consistently plague and sometimes even completely disable enterprises. Despite the growing number of technologies available to detect and prevent such social engineering attacks from being successful, the weakest link remains human error — be it negligence, maliciousness or apathy. Here, Institute of Electrical and Electronics Engineers member Kayne McGladrey describes the types of cyberfraud attacks enterprises will inevitably face, from credential harvesting to typosquatting attacks. He also offers best practices for creating and instituting a cybersecurity awareness program to prevent employees from falling victim to such threats.

Presenting at TAG Cybersecurity – February 2020 Meeting

Featured Presentation: “Best practices for cyber security training programs” by Kayne McGladrey, CISSP Employees dread the meeting invitation that reads ‘Annual mandatory cyber security training in the break room at 1 PM Wednesday’. In this presentation, we’ll discuss best practices for creating a reality-based training program that encourages employee participation and builds organizational muscle memory for responding to active threats.

AI, automation emerge as critical tools for cybersecurity

“The effectiveness of AI solutions this year can be measured via the time-to-discovery metric, which measures how long it takes an organization to detect a breach,” says Kayne McGladrey (@kaynemcgladrey), CISO, Pensar Development. “Reducing time to discovery can be achieved through AI’s tenacity, which doesn’t need holidays, coffee breaks, or sleep, which is unlike Tier 1 security operations center analysts who also get bored reading endless log files and alerts.”

7 Tips for Infosec Pros Considering A Lateral Career Move

“Human resources, in a lot of organizations, has become a regulatory control function and inhibits hiring because of its focus on certifications,” McGladrey says. This is partly why it’s difficult for blue teamers to jump to the red team, a process that “looks to be an insurmountable and very difficult series of certifications,” he points out.

eBook: Educated Endpoints

The proverbial endpoint is everywhere. Consumers have more IoT and mobile devices than ever before. Industrial IoT is becoming ubiquitous and IoT malware is as common as cell phones. While conveniences are making their way into every facet of life, so are malicious software, social engineering attack and all manner of bad actors.