News

We move past the buzzwords to discuss the gritty reality of ripping out legacy "flat" networks and replacing them with Zero Trust architectures that actually improve performance while reducing liability. Kayne breaks down why the private sector continues to struggle with risk and how the rise of Agentic AI is changing the identity landscape in 2026.

In this episode of MY GRC POV, Monica sits down with Kayne McGladrey to challenge a common leadership trap. Teams talk cyber. Executives hear noise. Budgets stall. Decisions slow. Kayne breaks down how to translate security and compliance risk into business outcomes leaders act on. Revenue impact. Cost exposure. Operational uptime. Customer trust.

Integrating AI into production environments expands the scope of SOC 2 to cover models, training data, and automated decision-making systems. This shift affects every Trust Services Criterion. It also expands “evidentiary requirements,” requiring auditable records for production execution in addition to the AI decisions and automation workflows that triggered those executions.

In this episode of Root to CISO Byte Size, Kayne McGladrey shares practical insights on how cybersecurity professionals can align technical skills with business priorities to strengthen their impact. From conducting meaningful skills gap analyses to communicating security in revenue-focused terms, Kayne explains how CISOs can protect budget, support growth, and position security as a strategic enabler. He also offers grounded advice for early-career professionals on building the right skills, engaging with the community, and making informed career decisions in today’s evolving market.

“If this was easy, Microsoft would have written this,” says IEEE’s McGladrey. “But there aren’t a lot of options out there. I think that’s the real thing we’re working against here.”

#1 Kayne McGladrey, CISSP

"As organizations push return-to-office (RTO) mandates and chase efficiency, many security teams are quietly accumulating debt they don’t know how to unwind.In this episode, we are joined by Lea Cure Thorpe and Kayne McGladrey to unpack the less-discussed consequences of recent security decisions: RTO exposure, endpoint blind spots, tooling overload, analyst burnout, and the slow erosion of junior talent (thanks AI)."

One problem is that agentic AI reads all the text that it encounters and retains the data it absorbs, McGladrey adds. Embedded text, contained in website code but not visible to the human user, can trick agents into purchasing unwanted products while clones of legitimate retail websites can extract customer payment credentials.

Here’s the Thinkers360 annual leaderboard for our top 100 B2B thought leaders, analysts and influencers you should work with in 2026 (North America). Congratulations to all who participated!

In this conversation, Matthew Webster and Kayne McGladrey delve into the complexities of cybersecurity governance, focusing on the role of CISOs in al...

We know there are problems in our security systems, but we can't and shouldn't fix everything. What do we fix? Who decides? How do we explain what's reasonable to people who do decide? Kayne McGladrey, CISO in Residence at Hyperproof, joins us to explore risk, communication, and a surprising role for insurance.

“The technology is too immature to actually use its scale successfully and securely right now,” tech expert says.

Cloudflare was behind the latest in a series of outages this year. The big question now is: Why does this keep happening and how do we stop it?

Summary: Recent research from the IEEE Computer Society notes that phishing training doesn’t work. The rise of generative AI is making it harder for Research finds that phishing training doesn’t work. What does?

Today's cybersecurity landscape has reached a critical inflection point. Cyber Risk programs that focus on isolated technical flaws do not adequately protect businesses against today’s complex threats. Treating cyber threats as business risks—measured by impact on revenue, regulatory exposure, and operational continuity—creates a decision framework that executives can act on. This shift moves security from a compliance checkbox to a strategic lever that influences budget allocation and risk appetite. Technical flaws such as an unpatched server or missing multi‑factor authentication are temporary conditions, not risks. They become risks only when they can cause measurable business harm, like delayed payments, fines, or brand damage.

Zero trust is often marketed as a product, but effective implementation means rethinking your security approach from the ground up.

Digital twins can lead to intellectual property theft and other business risks, according to one CISO.

The digital transformation of utilities is necessary and inevitable but also innately vulnerable to bad actors. Its time to discuss prioritizing cybersecurity.

Qantas. Hawaiian. WestJet. Air France-KLM. Aeroflot. Each of these airlines has fallen victim to cyberattacks this summer.

We’ve grown used to our apps asking for permission: to access your location, to view your contacts or to use your microphone. Agentic artificial intelligence flips the script. These systems don’t just ask, they act, blurring the line between assistant and autonomous operator.