Blog

Your blog category

Blog
Securing IoT: Whose responsibility is it?
ByKayne February 26, 2019
Enterprises and consumers alike are rewarding vendors that produce low-cost, insecure devices, such as $20 IP-based security cameras. It’d be easier for everyone if those consumers instead sent $20 to threat actors who will inevitably compromise those devices, as this would only be a $20 problem.
However, when threat actors conscript thousands of insecure IP-based security cameras into a botnet that can knock major brands off the internet — such as what happened with the Mirai botnet attacks in the fall of 2016, it potentially becomes a multimillion-dollar problem that affects major markets and international relations.
Read More Securing IoT: Whose responsibility is it?
Blog
How AI cybersecurity thwarts attacks — and how hackers fight back
ByKayne February 19, 2019
“If the end user logs on from Seattle, where their mobile phone and laptop is, a connection from New York would be unusual,” McGladrey explained. “It is also possible to note the typing style and speed of a user and use that biometric signature to determine if the user is legitimate. These data [points] make it more difficult for a threat actor to operate silently in the environment.”
Read More How AI cybersecurity thwarts attacks — and how hackers fight back
Blog
The Phishing Phenomenon: How To Keep Your Head Above Water
ByKayne January 30, 2019
Phishing is the lowest cost way for a threat actor to gain access to an organization’s network and assets, according to Kayne McGladrey, an IEEE member and director of Security and IT at Pensar Development. “While it might be fashionable to worry about the latest zero-day, or shadowy nation-state threat actors developing crippling remote exploits, the fact is that it’s cheaper to ask users for their passwords.”
The fact that nearly a billion people had their personal information exposed in November 2018 “has further helped threat actors to develop more compelling and targeted phishing content,’’ McGladrey adds.
Read More The Phishing Phenomenon: How To Keep Your Head Above Water
Blog
6 Tips for Conducting a Digital Literacy Assessment
ByKayne January 29, 2019
An assessment of digital literacy isn’t a one-time event in an organization, according to McGladrey. “This is a continuous cycle for businesses to assess how employees use the tools provided, how they process information, how they’re creating content, and their critical thinking skills,” McGladrey said. And don’t make this a class that’s going to drag people down and eat most of their day, he added. “This continuous assessment process should be buttressed by brief just-in-time learning opportunities. No one wants to sit down for a four-hour digital literacy class for things they do know if they can instead get a five-minute tutorial on a new topic or technique they can apply to their current work.”
Read More 6 Tips for Conducting a Digital Literacy Assessment
Blog
How can a security automation tool help mitigate unknown threats?
ByKayne January 25, 2019
A security automation tool allows people to focus on the more interesting threats — those alerts that have passed a threshold that the automation algorithms can’t sufficiently remediate, or where closing the threat might alert the adversary to a forensic investigation. This is the type of work that security teams enjoy — actively hunting for adversaries and ethically engaging before cleaning up the damages and closing any observed vulnerabilities that were exploited.
Read More How can a security automation tool help mitigate unknown threats?
Blog
How do AI algorithms automate IoT threat detection?
ByKayne January 9, 2019
Note that this supposes a certain degree of human interaction with the AI to make judgment calls about whether an unusual behavior is appropriate. My home AI doesn’t have the authority to tell me that my lights shouldn’t talk to my speakers. Instead, it needs my approval, given a default deny policy. This is a good thing, as I’m a compensating control against black swan events or an IoT threat actor training my AI on bad data.
Read More How do AI algorithms automate IoT threat detection?
Blog
Navigating the Rocky Road of Data-Driven Insights
ByKayne January 9, 2019
It’s no longer enough to have a Security Information and Even Management (SIEM) system or layer in commercial threat data, deploy a deception system, or prioritize assets–there’s simply no one-size-fits-all security solution. “This is still more art than science,” says Kayne McGladrey (@kaynemcgladrey), a director of security and information technology. “An effective solution needs to incorporate elements of all of those products or solutions to create meaningful and actionable intelligence.”
Read More Navigating the Rocky Road of Data-Driven Insights
Blog
Beware the holiday ‘smart toys’ that spy on your kids
ByKayne December 4, 2018
Smart toys seemingly come to life utilizing “Internet of Things” [IoT] technology that has wirelessly connected coffeemakers, thermostats, and yes, toilets. But smart toys have proven to be particularly vulnerable to cyber attacks. Manufacturers try to keep toy prices low and lack an incentive to add reasonable security mechanisms, said Kayne McGladrey, member of the Institute of Electrical and Electronics Engineers, the world’s largest technical professional organization
Read More Beware the holiday ‘smart toys’ that spy on your kids
Blog
How to Make Data More Accessible at All Levels With Access Controls and Strong Governance
ByKayne December 3, 2018
What’s needed is “an effective provisioning and de-provisioning system that defines rules for what users can do with data and provides quick auditing of who granted access to the data. There needs to be training around the approval process for granting and revoking access to data; otherwise, organizations risk compliance fatigue and start rubber-stamping all the access requests.”
Read More How to Make Data More Accessible at All Levels With Access Controls and Strong Governance
Blog
Cybersecurity presentation to veterans in Seattle
ByKayne November 5, 2018
I’ll be giving a live whiteboarding session in Seattle about hiring veterans and cybersecurity on Nov 5th at 11 AM at Worksource Rainier.
Read More Cybersecurity presentation to veterans in Seattle
Blog
Member Spotlight: Kayne McGladrey, Director Of Security And IT, Pensar Development
ByKayne November 5, 2018
Until we change how we talk and think about cybersecurity, I fear it’s like the Alcoholics Anonymous definition of insanity: doing the same thing and expecting a different result.
Read More Member Spotlight: Kayne McGladrey, Director Of Security And IT, Pensar Development
Blog
Charting a new course: AT&T Cybersecurity report volume 8
ByKayne October 31, 2018
“Organizations that don’t have cybersecurity as a core business differentiator, or as a core business function, are often struggling to adapt modern cybersecurity practices,” says Kayne McGladrey, Director of Security and IT at Pensar Development.
Read More Charting a new course: AT&T Cybersecurity report volume 8