A security automation tool allows people to focus on the more interesting threats -- those alerts that have passed a threshold that the automation algorithms can't sufficiently remediate, or where closing the threat might alert the adversary to a forensic investigation. This is the type of work that security teams enjoy -- actively hunting for adversaries and ethically engaging before cleaning up the damages and closing any observed vulnerabilities that were exploited.
Note that this supposes a certain degree of human interaction with the AI to make judgment calls about whether an unusual behavior is appropriate. My home AI doesn't have the authority to tell me that my lights shouldn't talk to my speakers. Instead, it needs my approval, given a default deny policy. This is a good thing, as I'm a compensating control against black swan events or an IoT threat actor training my AI on bad data.
It’s no longer enough to have a Security Information and Even Management (SIEM) system or layer in commercial threat data, deploy a deception system, or prioritize assets--there’s simply no one-size-fits-all security solution. “This is still more art than science,” says Kayne McGladrey (@kaynemcgladrey), a director of security and information technology. “An effective solution needs to incorporate elements of all of those products or solutions to create meaningful and actionable intelligence.”
Smart toys seemingly come to life utilizing “Internet of Things” [IoT] technology that has wirelessly connected coffeemakers, thermostats, and yes, toilets. But smart toys have proven to be particularly vulnerable to cyber attacks. Manufacturers try to keep toy prices low and lack an incentive to add reasonable security mechanisms, said Kayne McGladrey, member of the Institute of Electrical and Electronics Engineers, the world’s largest technical professional organization
What’s needed is “an effective provisioning and de-provisioning system that defines rules for what users can do with data and provides quick auditing of who granted access to the data. There needs to be training around the approval process for granting and revoking access to data; otherwise, organizations risk compliance fatigue and start rubber-stamping all the access requests.”
I'll be giving a live whiteboarding session in Seattle about hiring veterans and cybersecurity on Nov 5th at 11 AM at Worksource Rainier.
Until we change how we talk and think about cybersecurity, I fear it’s like the Alcoholics Anonymous definition of insanity: doing the same thing and expecting a different result.
“Organizations that don’t have cybersecurity as a core business differentiator, or as a core business function, are often struggling to adapt modern cybersecurity practices,” says Kayne McGladrey, Director of Security and IT at Pensar Development.
Last month at the #ATTBizSummit, Javvad Malik and I talked about increasing diversity in cybersecurity, and I unveiled my secret weapon for tweets. (Spoiler: she's 11).
One way to combat that involves grassroots efforts to boost the ranks. But do security teams search for qualified, seasoned experts, and do they look for specialization or the proverbial “generalist” who can cover many corners of the cyber space? It is an ongoing debate in the industry, and today, we’ve brought together two security thought leaders to provide their take. We sat down with Kayne McGladrey, Co-Founder and Spokesperson, Include Security, and Rebecca Wynn, Head of Information Security and Data Protection Officer (DPO), Senior Director, Matrix Medical Network.
For creative direction on hiring, Kayne McGladrey, co-founder of Include Cybersecurity, turned to "Who," by Geoff Smart and Randy Street. “This is a book I consistently recommend to all managers and directors who are responsible for hiring personnel, in that it defines a consistent and repeatable technique for identifying and hiring high-performing candidates,” McGladrey says. “When I started as a manager, I followed a lot of the pseudo-science that I’d seen from prior managers and found it wasn’t reliable advice.”
Besides working nights, I learned in my fifteen-minute conversation that Rosa volunteers at an elementary school. She’d met no one who worked in cyber security, and the kids she worked with hadn’t considered it as a career option. They wanted to be rappers, they wanted to be marine biologists; they didn’t know there was a high-paying position called “security operations center analyst.”
“The most essential technology for tomorrow’s workspace is a reliable and agreed-upon primary communications technology, with a backup,” says Kayne McGladrey (@kaynemcgladrey), director of Security and IT at Pensar Development. “As organizations recognize the benefits of remote work for employees and contractors, they still need to reach people quickly.”
Online threats are only getting more and more sophisticated as technology continues to advance. Kayne McGladrey, Director of Security and Information Technology at Pensar Development, says organizations will need to study the tools, techniques, and procedures (TTPs) of each cyber-attacker in order to build a defensive strategy to contain them.
As the clock ticks towards a massive and preventable cyberattack on IIoT devices, manufacturers and companies deploying them must address three challenges.