Events , Governance & Risk Management , RSA Conference

Top CISO Gen AI Challenges: Employee Use, Red Team Testing

Daniel Kennedy of 451 Research Details Gen AI, MFA and Cyber Insurance Challenges
Daniel Kennedy, principal research analyst, 451 Research

Dealing with generative artificial intelligence is increasingly challenging for CISOs on multiple security fronts, said Daniel Kennedy, principal research analyst for information security for quantitative research at 451 Research, a part of S&P Global Market Intelligence.

See Also: Insights into Enhanced Cybersecurity Insurance Requirements: Meeting the demands of cyber risk insurers

Specific pain points include employee use of gen AI and having to monitor that. Organizations building their own large language models and products also must test them for security, said Kennedy, who regularly speaks with CISO end users as part of his ongoing "Voice of the Enterprise: Information Security" quantitative research into top pain points.

"Traditional red teams are having to get up to speed because there is a lot of AI knowledge required to test these platforms," Kennedy said. As a former CISO, he said, working collaboratively with developers to understand and collaboratively fix security issues can oftentimes be a challenge. "The developers working on AI systems are like developers on steroids," he said, owing to their extremes of talent and to gen AI being such a new discipline.

In this video interview with Information Security Media Group at RSA Conference 2024, Kennedy also discussed:

  • CISOs' top gen AI security concerns and how to manage them;
  • Multifactor authentication barriers, including legacy applications;
  • Changes in cyber insurance and how they complicate organizations' risk management strategies.

Kennedy is responsible for managing all phases of the user-driven research process for information security and networking at 451 Research. Prior to that, he was a partner in the information security consultancy Praetorian Security LLC. Before that, he was global head of information security for D.B. Zwirn & Co. and vice president of application security and development manager at Pershing LLC, a division of the Bank of New York.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.