• An Analysis of Section 1C Disclosures in Q1 of 2024

    Late in 2023, the Securities and Exchange Commission (SEC) in the United States published Regulation S-K Item 106, which requires public companies to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats. Historically, companies were not required to disclose these processes to investors or market regulators, and there were no established…

  • SEC Cyber Risk Disclosures: What Companies Need to Know

    In this video interview with Information Security Media Group at the Cybersecurity Implications of AI Summit, McGladrey also discussed:Why companies should use tools and software to collect and automatically gather evidence of compliance;The consequences of false cyber risk disclosures;The impact that SEC requirements have on private companies and supply chains.

  • Twelve Essential Soft Skills for Early-Career Cybersecurity Professionals

    In the realm of cybersecurity, early-career professionals often prioritize the development and demonstration of technical prowess. However, as someone with nearly three decades of experience in cybersecurity leadership roles, I firmly assert that interpersonal skills wield a profound influence over one’s career trajectory. Unlike certifications and degrees, which may lose relevance over time, interpersonal skills…

  • AI system poisoning is a growing threat — is your security regime ready?

    Although motivations like that mean any organization using AI could be a victim, Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), a nonprofit professional association, and field CISO at Hyperproof, says he expects hackers will be more likely to target the tech companies making and training AI systems.But CISOs…

  • Kayne McGladrey – Hyperproof | CISO on the Street | Season 3

    Chris Denbigh-White speaks with Kayne McGladrey, Field CISO of Hyperproof.

  • How to Operationalize Your Risk Assessments at Data Connectors Dallas

    Thursday, May 16, 2024Risk assessments have moved beyond a check-the-box approach, especially with the SEC’s new disclosure requirements. Join us for our session, How to Operationalize Your Risk Assessment Process, to get practical guidance on navigating the complexities of risk assessments to drive tangible business outcomes. Kayne McGladrey, Field CISO at Hyperproof, will navigate through…

  • AI models inch closer to hacking on their own

    The big picture: AI model operators don’t have a good way of reigning in these malicious use cases, Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), told Axios. Allowing LLMs to digest and train on CVE data can help defenders synthesize the wave of threat alerts coming their way…

  • The Jobs of Tomorrow: Insights on AI and the Future of Work

    Kayne McGladrey, IEEE Senior Member, noted that the use of generative AI models in business hinges on their ability to provide accurate information. He cited as examples studies of AI models’ abilities to extract information from documents used for financial sector regulation that are frequently relied on to make investment decisions. “Right now, the best…

  • What are the biggest ethical considerations of security technology?

    Algorithmic bias is one of the primary risks associated with emerging physical surveillance technologies. While the risks of facial recognition software are well known and documented, efforts are being taken to adapt computer vision to new and novel use cases. For example, one of the more deeply flawed failures was an attempt to detect aggressive…

  • Boards need to brush up on cybersecurity governance, survey finds

    CISOs now face substantial personal risks, as seen in cases like Uber and SolarWinds where the SEC has taken legal action against the security chiefs. The primary risk is both personal and professional liability for the CISO, according to Kayne McGladrey, field CISO at Hyperproof. The problem, however, is that boards unaware of the business…

  • Podcast: Art of Cyber Defense: Insights from a Theatrical Minded CISO with Kayne McGladrey

    Prepare to laugh until your stomach hurts with our most hilarious episode yet, featuring the one and only theater kid turned cybersecurity guru, Kayne McGladrey, Field CISO at Hyperproof. Join us for a rollercoaster of emotions as we dive into the absurdity of security info in 10K filings, engage in heated debates over the polarizing…

  • Cybersecurity in Financial Disclosures: 11 Topics Your Section 1C of 10-K Filings Should Address

    Despite this guidance mandating only four disclosures (identifying and managing risks, disclosing material breaches, board oversight, and management’s role), over 40% of the 2,100+ 10-K filings I’ve reviewed between January 1 and March 11, 2024 disclosed eleven distinct topics.Companies are disclosing more information than required in their 10-K filings for various reasons. One is that…

  • FedRAMP Project Update | Drafting Compliance Ep. 30

    Tom provides an update on the status of the Hyperproof FedRAMP project. Along the way, Kayne uncovers some of the challenges associated with the project and suggests solutions for others going through the same process. And straight out of left field, Kayne actually likes a beer more than Tom. Come find out what caused this…

  • What are the pros and cons of shadow IT?

    As workers develop and deploy technology without any reviews or security assessments, they often increase the organization’s exposure to various risks, said Kayne McGladrey, a senior member of the IEEE and field CISO at Hyperproof, a compliance management software company, based in Seattle.Employees should be aware that the IT department conducts thorough research to ensure…

  • The Evolving Landscape of Cybersecurity for Medium-Sized Businesses

    In recent years, we’ve seen a significant shift in the threats targeting businesses. “Everybody focused on the human harms, people couldn’t check into their hotel rooms; people couldn’t use an ATM… the nature of the technical exploits is not what we focus on in terms of harm… that’s not what we focus on in terms…