The Titans of Trust
Drata

The Titans of Trust

Independent vCISO, Senior member of the IEEE, author of the GRC Maturity Model and the upcoming book "Cyber Risk is a Myth", Kayne is a go-to voice on treating GRC as a core business competency rather than a one-time project. He has a rare gift for making complex risk feel simple and actionable in the boardroom.
The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.
VentureBeat

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Kayne McGladrey, an IEEE Senior Member, described the structural challenge in an exclusive interview with VentureBeat. “The CISO doesn’t have the budget. The CISO doesn’t have the staff. We can observe risks, we can advise on business risks, but we don’t own the business systems affected by those risks,” McGladrey said. When agent governance spans six departmental budgets, no single executive can confirm whether agents get the same access reviews as humans.
Autonomous security agents need complete data. Here’s how to check if yours is ready.
VentureBeat

Autonomous security agents need complete data. Here’s how to check if yours is ready.

Kayne McGladrey, IEEE Senior Member, has confirmed the pattern across multiple published VentureBeat interviews. The structural gap in self-reported coverage is not new. What is new is that autonomous agents will act on it at machine speed without the institutional workarounds human analysts developed over years of experience.
2026 FIFA World Cup Draws Increased Cyber Threat Activity
Security Boulevard

2026 FIFA World Cup Draws Increased Cyber Threat Activity

Kayne McGladrey, a senior member of the IEEE, warned that organizations supporting major events often struggle with visibility across both IT and operational technology environments. He highlighted unmanaged connections between business systems and operational infrastructure as a significant security concern.
2026 FIFA World Cup Faces Surge in Cyber Threats
Dark Reading

2026 FIFA World Cup Faces Surge in Cyber Threats

"Pre-event threat hunting and alert tuning can further help to reduce or remove known misconfigurations early, shrinking the decision space so analysts aren't drowning in noise when the clock starts ticking," he says. "Security leaders know that they can't expect analysts to review every alert, so they're prioritizing only high-confidence behavioral detections tied to big event milestones, like the opening ceremony or a high-profile matchup."
Why Smart People Get Ignored
Wings of Legacy

Why Smart People Get Ignored

"Decisions in organisations don’t move because information exists. They move because the right people understand the consequences of acting, or not acting, in terms that connect to what they’re already responsible for. A risk described in technical language may be completely real and completely ignored, not because the people receiving it don’t care, but because no one has connected it to a problem they’re already losing sleep over. Revenue. Regulatory exposure. A board conversation happening next month. The gap between those two things isn’t a failure of evidence. It’s a failure of translation."
85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.
VentureBeat

85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.

Kayne McGladrey, IEEE senior member, told VentureBeat why that governance gap persists. "Anything that seems to have a cybersecurity flavor is generally put into the cybersecurity risk category, which is a complete fiction. They should be focused on business risks, because if it doesn't affect the business, like a financial loss, then nobody's going to pay attention to it, and they will not budget it appropriately, nor will they adequately put in controls to prevent it," McGladrey told VentureBeat previously.
50 Essential Thought Leaders in Risk Management Globally
Clarity

50 Essential Thought Leaders in Risk Management Globally

The fifty people on this list represent the most important voices in risk management across enterprise risk, governance, compliance, financial risk, operational resilience, and emerging technology risk. They range from pioneering academics whose frameworks now underpin global standards to active practitioners building and rebuilding risk functions inside major organisations right now. As of June 2026, risk management has never been more central to organisational survival.
50 CISOs and Cybersecurity Leaders Making an Impact in 2026
SecureFrame

50 CISOs and Cybersecurity Leaders Making an Impact in 2026

To recognize the individuals rising to meet these challenges, we're spotlighting 50 CISOs and cybersecurity leaders making a meaningful impact. These professionals stand out not only for their career achievements, but for their influence on the broader cybersecurity community.
SOC 2 Controls for Non-Human Identities: CC6, CC7, and CC8
Teleport

SOC 2 Controls for Non-Human Identities: CC6, CC7, and CC8

SOC 2 audits require organizations to demonstrate logical access controls, but most control mappings address only human users, such as engineers SSHing into servers, developers accessing Kubernetes clusters, or administrators approving access requests. But modern infrastructure now runs on non-human identities like CI/CD pipelines, AI agents, microservices, and automated bots. These entities request credentials, access databases, and move data, but they're frequently excluded from the same auditing rigor applied to human access.
Agentic AI is Exposing the Accountability Gap in Cloud Security Governance
infoSec Relations

Agentic AI is Exposing the Accountability Gap in Cloud Security Governance

Kayne McGladrey, senior IEEE member and independent cybersecurity advisor, describes what accountability looks like in practice today. "If and when an agent takes the wrong action, responsibility ends up distributed across the vendor, the security team that deployed it, and the owner of the impacted system, but liability is not clearly assigned. Frameworks like the NIST AI RMF and the EU AI Act focus on governance and oversight processes, not incident-level attribution."
Cybersecurity professionals say high-profile incidents boost execs’ credibility
IT Brew

Cybersecurity professionals say high-profile incidents boost execs’ credibility

Kayne McGladrey, a senior IEEE member, told IT Brew one-on-one conversations can help cyber leaders get a pulse check for how staffers are feeling about them... For leaders who want to foster trust and confidence with staff, McGladrey said transparency is key: “That’s absolutely necessary to build trust with your staff.”
Experts warn travelers about AI-generated vacation rental scams
99.5 WSB Atlanta's News and Talk

Experts warn travelers about AI-generated vacation rental scams

ATLANTA — Travelers planning summer vacations are being warned to watch out for fake rental listings and scam emails pretending to come from booking websites. Cybersecurity expert and IEEE Senior Member Kayne McGladrey said scammers are increasingly using artificial intelligence to make fake listings and messages appear legitimate. “If a luxury rental looks like a magazine cover but it lacks the messy reality of real life, like there are no neighbors for example, it’s probably AI generated,” McGladrey said.
Did AI write the worm that breached GitHub’s own house?
SpiceWorks

Did AI write the worm that breached GitHub’s own house?

Kayne McGladrey, IEEE Senior Member, previously told VentureBeat that organizations are “defaulting to cloning human user profiles for agents, and permission sprawl starts on day one.” The compliance frameworks enterprises rely on were written for humans. Agent identities don’t appear in any control catalog he’s encountered.
Officials sounding the alarm on AI vacation scams
ABC News

Officials sounding the alarm on AI vacation scams

As summer vacation season gets underway, cybersecurity officials are warning of cybercriminals weaponizing generative AI to create look-a-like booking websites and cloned brand messages.
MFA verifies who logged in. It has no idea what they do next.
VentureBeat

MFA verifies who logged in. It has no idea what they do next.

Kayne McGladrey, IEEE Senior Member, framed the organizational failure in business terms. "Anything that seems to have a cybersecurity flavor is generally put into the cybersecurity risk category, which is a complete fiction. They should be focused on business risks, because if it doesn't affect the business, like a financial loss, then nobody's going to pay attention to it, and they will not budget it appropriately, nor will they adequately put in controls to prevent it," McGladrey told VentureBeat. That logic explains why session governance, token lifecycle management, and cross-domain identity correlation fall into a gap between IAM and SecOps. Nobody owns it because nobody has framed it as a business loss.
The identity attack enterprises keep misfiling as fraud
VentureBeat

The identity attack enterprises keep misfiling as fraud

Kayne McGladrey, IEEE Senior Member, told VentureBeat that the ownership gap is structural. “The CISO doesn’t have the budget. The CISO doesn’t have the staff. And even if they had the budget and the staff, they wouldn’t have the project management and the change management departments reporting to them” to execute identity controls across every business function. The CISO can observe and advise on identity risk, but the business systems where identity fraud occurs belong to other leaders.
The $47B identity fraud problem enterprises can’t find in their budgets
VentureBeat

The $47B identity fraud problem enterprises can’t find in their budgets

Kayne McGladrey, IEEE Senior Member, told VentureBeat that the invisibility is structural. “If you can’t say, ‘if we had a deepfake in our accounts payable process, here is the material loss,’ then you’re not going to get budget for technology to solve the problem, because nobody cares about the problem because it doesn’t cost money.”
From Experimentation to Adoption, Implementing AI Security Best Practices
Cyber Risk Alliance

From Experimentation to Adoption, Implementing AI Security Best Practices

As generative and agentic AI systems transition from experimentation to enterprise-scale deployment, executive leaders are redefining how security, governance and innovation intersect. This panel brings together leaders and senior practitioners for a candid discussion on adopting AI security best practices across complex organizations.
The Three Documents Every New CISO Needs (That Nobody Hands You)
TechRound

The Three Documents Every New CISO Needs (That Nobody Hands You)

Before managing risk, a new leader must establish three basic documents and secure agreements with the other business leaders to write down their decisions. These documents help connect technology directly to revenue streams and operational continuity, and make cybersecurity a business function grounded in reality. Sample document templates are included with this article for readers to adapt for their own needs.

Understand the stories that matter.

Every week, I break down the most important updates in cybersecurity and AI law and policy. Human-written, deeply analyzed.

I don’t spam! Read the privacy policy for more info.