Speaking Topics

Bridging Cybersecurity and Business Risk

Cybersecurity risks are business risks. I frequently explore how organizations can align cybersecurity strategies with business objectives, enabling executives and boards to make informed decisions. Attendees will gain practical insights into how CISOs serve as a critical second line of defense and how compliance certifications can become a competitive advantage in regulated industries.

Navigating the Challenges of Compliance

Compliance isn’t just about meeting requirements; it’s about building trust. I share actionable steps to improve GRC maturity using my GRC Maturity Model and offer strategies to overcome the hurdles of passing audits and managing evidence requests. This session highlights practical ways to de-conflict relationships between cybersecurity and internal audit teams, fostering collaboration and efficiency.

Preparing for the Future of Regulation

The regulatory landscape is evolving, with AI and cybersecurity laws reshaping industries. In this session, I discuss horizon scanning techniques and how to adapt to emerging laws like the SEC’s cybersecurity disclosure rules or the EU AI Act. Attendees will leave with a clear understanding of how to align their strategies with global regulatory changes and litigation trends.

About Kayne

Photo of Kayne McGladrey

I’m Kayne McGladrey, CISSP, the Field CISO for Hyperproof, senior IEEE member, and author of the GRC Maturity Model. With nearly three decades of experience in cybersecurity, I specialize in helping organizations navigate the intersection of governance, risk, and compliance (GRC) to build more secure and resilient businesses.

My work focuses on enabling CISOs, internal audit teams, and executives to align cybersecurity and business goals, communicate effectively with boards, and proactively address evolving global regulations. As a recognized thought leader, I’ve been spoken at events like Gartner IT Security & Risk, RSA, ISACA GRC, and the ISC2 Congress. My presentations are nuanced, accessible, and actionable, offering attendees practical guidance on current cybersecurity challenges and opportunities.

Throughout my career, I’ve advised Fortune 500 and Global 1000 companies, leveraging my ability to bridge the gap between business and technology. I’m passionate about reducing organizational friction, improving GRC maturity, and inspiring underrepresented communities to pursue cybersecurity careers.

Award: Top 10 Thought Leader on Cybersecurity, Issued by Thinkers360
Award: Top 10 Thought Leader on Risk Management, Issued by Thinkers360
Award: Top 50 Thought Leader in North America, Issued by Thinkers360
CISSP Professional Credential

Recent Articles and Media

The Year of Global AI and Cybersecurity Regulations: 7 GRC Predictions for 2025

As 2025 approaches, emerging regulations and laws will affect how CISOs strategize and protect their organizations. With the increasing complexity of global compliance frameworks, understanding these changes is crucial for maintaining security and operational efficiency. Let’s discuss what I expect regarding regulatory shifts and their implications in 2025 and explore what CISOs and CCOs should prepare for in the coming year.

Security leaders top 10 takeaways for 2024

At issue is whether the incident led to significant risk to the organization and its shareholders. If so, it’s defined as material and must be reported within four days of this determination being made (not its initial discovery). “Materiality extends beyond quantitative losses, such as direct financial impacts, to include qualitative aspects, like reputational damage and operational disruptions,” he says. McGladrey says the SEC’s materiality guidance underscores the importance of investor protection in relation to cybersecurity events and, if in doubt, the safest path is reporting. “If a disclosure is uncertain, erring on the side of transparency safeguards shareholders,” he tells CSO.