How AI could change threat detection

ByKayne

Early threat detection practices mostly involved identifying “something bad on a device by detecting that it matched a known signature,” explained Kayne McGladrey, a senior member of IEEE, a nonprofit professional association, and field CISO at Hyperproof. This signature-based detection was, and still is, a key part of threat detection, but other rules-based detection practices — where computer activities are analyzed to determine if they follow set rules — have become foundational components of threat detection over the years, too.

AI in Cybersecurity: The Good and the Bad

ByKayne

“[AI] allows a threat actor to scale a lot faster and across multiple channels,” Kayne McGladrey, chief information security officer at compliance management company Hyperproof, told Built In. “And the defensive tools haven’t quite caught up. Unfortunately, none of this stuff is going away. This has now become a fixture of the landscape. It’s part of our new, modern cybersecurity hellscape that we inhabit continuously.”

How Safe and Secure Is GenAI Really?

ByKayne

“After all, AI serves as both a force accelerator, as it will allow those threat actors to operate at large scale without having to increase the size of their workforce. At the same time, the ability of AI to generate convincing-enough speech in another language will serve to open new markets to threat actors who might have previously employed linguists,” says Kayne McGladrey, IEEE Senior Member.

The Loper Bright Decision: How it Impacts Cybersecurity Law

ByKayne

The Loper Bright decision has yielded impactful results: the Supreme Court has overturned forty years of administrative law, leading to potential litigation over the interpretation of ambiguous laws previously decided by federal agencies. This article explores key questions for cybersecurity professionals and leaders as we enter a more contentious period of cybersecurity law. Courts will no longer defer to agency interpretations of ambiguous statutes and will exercise their independent judgment. This shift may lead to more frequent legal challenges, increased scrutiny of regulations, and delays.

The GRC Maturity Model

ByKayne

Companies with mature GRC programs have an advantage over their competitors. However, something has been missing in the GRC world: the ability to truly understand an organization’s GRC maturity and the steps it would take to build the business case for change. That’s where the GRC Maturity Model comes in.

Hyperproof’s GRC Maturity model is a practical roadmap for organizations to improve their GRC maturity business processes to enter new markets and successfully navigate our rapidly changing regulatory and legal space. By providing a vendor-agnostic roadmap for how companies can improve key business operations, we can help even the playing field for everyone in GRC.

This extensive, peer-reviewed model written by Kayne McGladrey includes:

  • An overview and definition of Governance, Risk, and Compliance (GRC)

  • A summary of the four maturity levels defined in the model: Traditional, Initial, Advanced, and Optimal

  • An overview of the most common business practices associated with governance, risk, and compliance

  • A simplified maturity chart listing the attributes associated with each maturity level

  • A list of observable behaviors or characteristics associated with the maturity level to help you assess where your organization falls

  • A set of high-level recommendations for how to move from a lower level to a higher level

Compliance as a Critical Business Enabler (podcast)

ByKayne

Kayne McGladrey, the Field CISO at Hyperproof, is a renowned cybersecurity expert with an extensive background in enhancing security landscapes across various industries. His career is marked by significant contributions in developing robust security frameworks, managing complex risk scenarios, and driving comprehensive compliance initiatives. With a deep commitment to transforming the cybersecurity field, Kayne’s insights and strategies continue to influence how organizations approach security and regulatory compliance, making him a sought-after voice in the industry.

InfoSec Pros: Carmen Marsh and Confidence Staveley

ByKayne

During this Hyperproof live stream series, leaders in information security shed light on crucial topics that shape the modern cybersecurity landscape. This month’s episode features Carmen Marsh, President and CEO at United Cybersecurity Alliance, Confidence Staveley, Founder & Executive Director at CyberSafe Foundation, and our host, Kayne McGladrey, Field CISO at Hyperproof. Guided by Kayne and audience questions, Carmen and Confidence will share insights into their current work and past experiences in the field.

InfoSec Pros On the Road: Brenda Bernal, VP, Product Security and Compliance at Digicert

ByKayne

In this episode of InfoSec Pros On the Road at RSA 2024, I had the pleasure of interviewing Brenda Bernal, VP of Product Security and Compliance at Digicert. It was a great opportunity to finally meet Brenda in person after numerous Zoom calls. We discussed various topics, starting with the advancements in AI governance and the key risks organizations should focus on, including data privacy, security, and third-party risk management.

Brenda shared her insights on integrating AI into existing control frameworks and the importance of sustainability and adaptability in AI governance. She emphasized the need for transparency in AI implementations and how it parallels the evolution of ESG reporting.

We also explored the benefits of automation in GRC processes, drawing from Brenda’s experience as an external auditor and her current work with platforms like Hyperproof. The discussion highlighted the significant time savings and improved risk management that automation brings to compliance efforts.

An Analysis of Section 1C Disclosures in Q1 of 2024

ByKayne

Late in 2023, the Securities and Exchange Commission (SEC) in the United States published Regulation S-K Item 106, which requires public companies to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats. Historically, companies were not required to disclose these processes to investors or market regulators, and there were no established guidelines for what a “good” disclosure would look like. Hyperproof reviewed disclosures from nearly 3,000 companies across over three hundred industries and have identified trends for what goes into a robust, meaningful disclosure.

SEC Cyber Risk Disclosures: What Companies Need to Know

ByKayne

In this video interview with Information Security Media Group at the Cybersecurity Implications of AI Summit, McGladrey also discussed:

  • Why companies should use tools and software to collect and automatically gather evidence of compliance;

  • The consequences of false cyber risk disclosures;

  • The impact that SEC requirements have on private companies and supply chains.

Twelve Essential Soft Skills for Early-Career Cybersecurity Professionals

ByKayne

In the realm of cybersecurity, early-career professionals often prioritize the development and demonstration of technical prowess. However, as someone with nearly three decades of experience in cybersecurity leadership roles, I firmly assert that interpersonal skills wield a profound influence over one’s career trajectory. Unlike certifications and degrees, which may lose relevance over time, interpersonal skills persist and can be cultivated through deliberate practice. This article sheds light on these often-overlooked attributes, providing a holistic perspective on what it takes to excel in cybersecurity beyond technical acumen.