What’s needed is “an effective provisioning and de-provisioning system that defines rules for what users can do with data and provides quick auditing of who granted access to the data. There needs to be training around the approval process for granting and revoking access to data; otherwise, organizations risk compliance fatigue and start rubber-stamping all the access requests.”
I’ll be giving a live whiteboarding session in Seattle about hiring veterans and cybersecurity on Nov 5th at 11 AM at Worksource Rainier.
Until we change how we talk and think about cybersecurity, I fear it’s like the Alcoholics Anonymous definition of insanity: doing the same thing and expecting a different result.
“Organizations that don’t have cybersecurity as a core business differentiator, or as a core business function, are often struggling to adapt modern cybersecurity practices,” says Kayne McGladrey, Director of Security and IT at Pensar Development.
Last month at the #ATTBizSummit, Javvad Malik and I talked about increasing diversity in cybersecurity, and I unveiled my secret weapon for tweets. (Spoiler: she’s 11).
One way to combat that involves grassroots efforts to boost the ranks. But do security teams search for qualified, seasoned experts, and do they look for specialization or the proverbial “generalist” who can cover many corners of the cyber space? It is an ongoing debate in the industry, and today, we’ve brought together two security thought leaders to provide their take. We sat down with Kayne McGladrey, Co-Founder and Spokesperson, Include Security, and Rebecca Wynn, Head of Information Security and Data Protection Officer (DPO), Senior Director, Matrix Medical Network.
Besides working nights, I learned in my fifteen-minute conversation that Rosa volunteers at an elementary school. She’d met no one who worked in cyber security, and the kids she worked with hadn’t considered it as a career option. They wanted to be rappers, they wanted to be marine biologists; they didn’t know there was a high-paying position called “security operations center analyst.”
Online threats are only getting more and more sophisticated as technology continues to advance. Kayne McGladrey, Director of Security and Information Technology at Pensar Development, says organizations will need to study the tools, techniques, and procedures (TTPs) of each cyber-attacker in order to build a defensive strategy to contain them.
As the clock ticks towards a massive and preventable cyberattack on IIoT devices, manufacturers and companies deploying them must address three challenges.
“Hybrid cloud solutions can help organizations deploy cybersecurity solutions faster, without deploying additional infrastructure or spending staff hours on software and platform updates,” said Kayne McGladrey (@kaynemcgladrey), director of security and IT at Pensar Development. “This will help organizations to deploy innovative solutions rapidly such as deception technologies, which can reduce the ‘dwell time’ associated with breaches.”
Another way to thwart cyberattacks is to increase the number of cybersecurity experts, McGladrey says. According to the 2017 cybercrime report from the Herjavec Group, cybersecurity firms estimate such crimes are going to cost about $6 trillion annually by 2021. Companies are experiencing shortages in qualified applicants for cybersecurity jobs. The U.S. Department of Commerce estimates there are now about 350,000 unfilled positions, and that number is only going to increase. McGladrey says.
“This (factors into) the broader economic outlook,” McGladrey told the Cyber Security Hub. “If the economy is thriving and people are considering asking for a raise, they may pursue a new certification. If they do not receive the raise, they may mentally justify the time spent by putting the certification on their resume and searching for new openings.”