CISO Tradecraft®
Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership. © Copyright 2024, National Security Corporation. All Rights Reserved
Episodes
4 days ago
4 days ago
In this episode of CISO Tradecraft, host G Mark Hardy discusses the history and evolution of endpoint protection with guest Kieran Human from ThreatLocker. Starting from the inception of antivirus software by John McAfee in the late 1980s, the episode delves into the advancements through Endpoint Detection and Response (EDR) and introduces the latest in endpoint security: allowlisting and ring fencing. The conversation highlights the limitations of traditional antivirus and EDR solutions in today's threat landscape, emphasizing the necessity of default-deny approaches to enhance cybersecurity. Kieran explains how ThreatLocker’s allowlisting and ring-fencing capabilities can block unauthorized applications and actions, thus significantly reducing the risk of malware and ransomware attacks. Practical insights, war stories, and deployment strategies are shared to help cybersecurity leaders implement these next-generation tools effectively.
Thank you to our sponsor ThreatLocker
https://hubs.ly/Q02_HRGK0
Transcripts: https://docs.google.com/document/d/1UMrK44ysBjltNkddCkwx9ly6GJ14tIbC
Chapters
00:00 Introduction to Endpoint Protection
00:41 Upcoming Event: CruiseCon 2025
01:18 History of Endpoint Protection
03:34 Evolution of Antivirus to EDR
05:25 Next-Gen Endpoint Protection: Allowlisting
06:44 Guest Introduction: Kieran Human from ThreatLocker
08:06 Benefits of Allowlisting and Ring Fencing
17:14 Challenges and Best Practices
26:19 Conclusion and Call to Action
Monday Dec 09, 2024
Monday Dec 09, 2024
In this crucial episode of CISO Tradecraft, host G Mark Hardy delves into the urgent topic of the 'Salt Typhoon' threat, with insights from experts Adam Isles and Andreas Kurland from the Chertoff Group. The episode covers the implications for corporate security using SMS text messages when Chinese actors are breaking into major telecommunication entities. The conversation focuses on encryption, secure communications, and measures to mitigate risks from vulnerabilities in telecommunications infrastructure. The discussion includes practical steps for securing messaging, voice calls, virtual meetings, and emails. Learn actionable strategies to bolster your organization’s cybersecurity posture and ensure robust defense against sophisticated state-level cyber threats.
Thank you to our sponsor Threat Locker
https://www.threatlocker.com/pages/essential-eight-fast-track?utm_source=ciso_tradecraft&utm_medium=sponsor&utm_campaign=essential-eight_q4_24&utm_content=essential-eight&utm_term=podcast
Link to recommendations:
https://chertoffgroup.com/end-to-end-encryption-is-essential/
Transcripts https://docs.google.com/document/d/13NKPUBU3c-qYQtX18NR08oYVRSSnHD_a
Chapters:
00:00 Introduction to Salt Typhoon
01:31 Meet the Experts: Adam Isles and Andreas Kurland
02:03 Understanding the Salt Typhoon Threat
04:49 Telecommunications and Security Risks
07:37 Messaging Security: Risks and Recommendations
20:14 Voice Communication Security
28:44 Securing Virtual Meetings
34:45 Email Security: Challenges and Solutions
41:35 Conclusion and Contact Information
Monday Dec 02, 2024
Monday Dec 02, 2024
In this riveting episode of CISO Tradecraft, host G Mark Hardy welcomes back Richard Thieme, a thought leader in cybersecurity and technology, almost three years after his last appearance. Richard delves into the necessity of thinking like a hacker, provides insights into the AI singularity, and discusses the ethical and societal implications of emerging technologies. The conversation also touches on Richard's extensive body of work, including his books and views on cyber warfare, disinformation, and ethical decision-making. Tune in for a thought-provoking discussion that challenges conventional wisdom and explores the interconnectedness of technology, consciousness, and our future.
Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/
CruiseCon Discount Code: CISOTRADECRAFT10
Link to Richard’s home page (and links to Amazon for his books):
https://thiemeworks.com/
Link to the book, The Ending of Time:
https://store.kfa.org/products/the-ending-of-time-new-edition
Transcripts: https://docs.google.com/document/d/1Q7CJkF7Spji2iAbV_mYEyYHnKWobzo6N
Chapters
00:00 Introduction and Guest Announcement
00:56 Upcoming Cybersecurity Event: CruiseCon
01:41 Welcoming Back Richard Thieme
02:06 Reflecting on Past Discussions
02:59 The Necessity for Thinking Like a Hacker
03:10 Exploring Richard Thieme's Books
08:25 Understanding AI and Its Implications
18:28 Soft Power and Global Influence
24:01 The Power of Fiction in Revealing Truth
24:37 Ethical Frameworks Post 9/11
26:12 The Role of Empathy in Intelligence Work
26:37 The Blurring Line Between Fact and Fiction
29:52 The Isolation of Intelligence Work
31:18 The Interconnectedness of Everything
33:36 Exploring Remote Viewing and Consciousness
36:50 The Rise of AI and Ethical Considerations
39:43 The Evolution of Technology and Society
45:07 Final Thoughts and Reflections
Monday Nov 25, 2024
Monday Nov 25, 2024
This podcast episode of CISO Tradecraft features Shawnee Delaney, an insider threat expert, discussing insider threats in cybersecurity. Delaney, whose background includes espionage, explains how understanding human motivation and vulnerabilities is crucial for identifying and mitigating insider threats. The conversation highlights the importance of organizational culture, employee well-being, and proactive measures like employee lifecycle management and psychological testing in preventing such threats. Practical advice is offered for leaders to foster a supportive and communicative work environment to detect potential threats early. Finally, methods for creating effective insider threat programs and addressing cultural issues are explored.
Shawnee Delaney's LinkedIn - https://www.linkedin.com/in/shawnee-delaney/
Vaillance Group - https://www.vaillancegroup.com/
Transcripts: https://docs.google.com/document/d/1xJiEMDL8CjNwwfBSvNHfnhfsrVgOMuk0
Chapters
00:00 Introduction to Insider Threat
00:26 Guest Introduction: Shawnee Delaney
00:58 CruiseCon 2025 Announcement
01:33 Shawnee's Career Journey
02:18 Understanding Espionage
03:43 Motivations Behind Espionage
07:46 Indicators of Insider Threat
10:48 Building a Positive Organizational Culture
18:21 Implementing an Insider Threat Program
21:05 Psychological Testing in Hiring
23:26 Assessing Organizational Culture
25:34 Core Values in the Navy and Marine Corps
26:16 A Commanding Officer's Story
28:32 Identifying Insider Threats
32:01 The Impact of Job Uncertainty
36:50 Gamifying Security Incentives
39:12 Building a Strong Security Culture
42:05 Final Thoughts and Recommendations
Monday Nov 18, 2024
Monday Nov 18, 2024
Welcome to another enlightening episode of CISO Tradecraft! In this episode, host G. Mark Hardy dives deep into the critical topic of CISO burnout with special guest Raghav Singh, a PhD candidate from the University of Buffalo. This is an eye-opening session for anyone in the cybersecurity field, especially those in or aspiring to the CISO role. Raghav shares valuable insights from his extensive research on the unique stresses faced by CISOs, the organizational factors contributing to burnout, and practical coping mechanisms. We also explore the evolutionary phases of CISOs, from technical experts to strategic business enablers. Whether you're dealing with resource limitations, seeking executive support, or managing ever-evolving cybersecurity threats, this episode offers actionable advice to navigate the demanding role of a CISO successfully. Don't forget to like, comment, and share to help other CISOs and cybersecurity leaders!
Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/
CruiseCon Discount Code: CISOTRADECRAFT10
Transcripts: https://docs.google.com/document/d/1fhLkaj_JetlYFQ50Q69uMGmsw3fS3Wqa
CISO Burnout - https://aisel.aisnet.org/amcis2023/sig_lead/sig_lead/4/
CISO-CIO Power Dynamics https://aisel.aisnet.org/amcis2024/is_leader/is_leader/6/
Cybersec professionals and AI integration https://aisel.aisnet.org/amcis2024/security/security/29/
Raghav can be reached on rsingh45@buffalo.edu
Chapters
00:00 Introduction and Guest Welcome
02:34 Understanding CISO Burnout
03:24 PhD Journey and Challenges
10:12 Key Findings on CISO Burnout
18:39 Six Sources of CISO Burnout
32:47 CISO Maturity Levels
42:57 Conclusion and Call to Action
Monday Nov 11, 2024
Monday Nov 11, 2024
Setting Sail with Cybersecurity: Exclusive Insights from Ira Winkler on CruiseCon 2025 🛳️ Join us for an exciting episode of CISO Tradecraft as G Mark Hardy sits down with renowned cybersecurity expert Ira Winkler! Discover the groundbreaking CruiseCon 2025, the first at-sea cybersecurity conference, featuring top-tier speakers and unrivaled networking opportunities. Learn about Ira's illustrious career, the significance of certifications, and the current state of the cybersecurity job market. Don't miss out on this chance to enhance your career and connect with industry luminaries.
Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/
CruiseCon Discount Code: CISOTRADECRAFT10
Transcripts: https://docs.google.com/document/d/1CGyFBxOrxvJitKsH9BRKwf2_g8rRPZ6K
Chapters
00:00 Introduction and Special Announcement
00:42 Reconnecting with Ira Winkler
04:07 Early Cybersecurity Days and Certifications
14:35 Innovative Ideas and CruiseCon
21:32 Meet the Top Cybersecurity Experts
22:13 Exciting Events and Networking Opportunities
24:10 Special Deals and Sponsorships
34:47 Addressing the Cybersecurity Job Market
Monday Nov 04, 2024
Monday Nov 04, 2024
Join G. Mark Hardy on this exciting episode of CISO Tradecraft as he interviews J.C. Vega, the first cyber colonel in the United States Army. Vega shares his invaluable insights on leadership, team building, and success strategies that can transform your cybersecurity career. Plus, learn about CruiseCon 2025, Wee Dram, and how you can take your leadership skills to the next level. Don't miss out on this episode packed with wisdom, actionable advice, and some fun anecdotes. Subscribe, comment, and share with your peers!
Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/
CruiseCon Discount Code: CISOTRADECRAFT10
JC Vega - https://www.linkedin.com/in/jcvega-cyber-colonel/
Transcripts: https://docs.google.com/document/d/1ExuX-WVO4_qqLoIZDuT0QS2VAvN2resW
Chapters
00:00 Introduction and Special Guest Announcement
01:15 Meet J.C. Vega: The First Cyber Colonel
01:55 The Wee Dram Community
03:39 Building a Trusted Cybersecurity Community
09:12 Leadership Principles from Military to Civilian Life
12:31 Building and Leading Effective Teams
24:17 The Peter Principle and Career Progression
24:49 Creating a Shared Understanding in Cybersecurity
26:43 Commander's Intent: Defining Success
29:29 Empowering Teams and Accepting Prudent Risk
36:19 Rules to Live By: The Vega's Top Three
44:58 Final Thoughts and Farewell
Monday Oct 28, 2024
Monday Oct 28, 2024
In this special Halloween episode of CISO Tradecraft, host G Mark Hardy delves into the lurking dangers of Shadow IT and Zombie IT within organizations. Learn about the origins, risks, and impacts of these hidden threats, and discover proactive measures that CISOs can implement to safeguard their IT ecosystems. Strategies discussed include rigorous asset management, automation, and comprehensive compliance reviews. Tune in for insights to foster a secure, compliant, and efficient IT environment, and don't miss out on an exclusive opportunity to join a cybersecurity conference aboard a luxury cruise.
Big Thanks to our Sponsor
CruiseCon - https://cruisecon.com/
CruiseCon Discount Code: CISOTRADECRAFT10
Transcripts: https://docs.google.com/document/d/1lh-TQhaSOIA2rITaXgTaqugl7FRGevnn
Chapters
00:00 Introduction to Shadow IT and Zombie IT
02:14 Defining Shadow IT
04:58 Risks of Shadow IT
07:29 Introduction to Zombie IT
09:35 Risks of Zombie IT
11:25 Shadows vs Zombies
11:25 Comparing Shadow IT and Zombie IT
19:11 Lifecycle Management Strategies
19:56 Summarizing the Threats and Solutions
22:32 Final Thoughts and Call to Action
Monday Oct 21, 2024
Monday Oct 21, 2024
Unlocking SOC Excellence: Master the SOC Capability Maturity Model Join host G Mark Hardy in this compelling episode of CISO Tradecraft as he explores the revolutionary SOC Capability Maturity Model (SOC CMM) authored by Rob van Os. This episode is a must-watch for CISOs, aspiring CISOs, and cybersecurity professionals aiming to optimize their Security Operations Center (SOC). Learn how to measure, evaluate, and enhance your SOC's maturity across key domains including Business, People, Process, Technology, and Services. Gain insights into leveraging radar charts for visualizing SOC capabilities and hear case studies such as a mid-sized financial company’s remarkable improvements. Discover why understanding your SOC's strengths and weaknesses and conducting risk-based improvement planning are crucial. Don't miss out—elevate your cyber resilience today, subscribe, and share with your network to set your SOC on the path to excellence!
References:
SOC-CMM - https://www.soc-cmm.com/products/soc-cmm/
Robert van Os - https://www.linkedin.com/in/socadvisor/
Transcripts: https://docs.google.com/document/d/1Fk6_t9FMyYXDF-7EfgpX_ZjLc0iPAgfN
Chapters
00:12 Introduction to CISO Tradecraft and SOCs
01:20 Understanding SOC CMM: A Game-Changing Tool
02:29 Evaluating SOC Maturity and Capability
06:04 Benefits and Implementation of SOC CMM
07:56 Understanding SOC Assessments
08:55 Deep Dive into SOC CMM Domains
12:42 Benefits and Flexibility of SOC CMM
14:40 Real-World Application and Conclusion
Monday Oct 14, 2024
Monday Oct 14, 2024
In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges and misconceptions facing the next generation of cybersecurity professionals. The discussion covers the myth of a talent shortage, the shortcomings of current educational and certification programs, and the significance of aligning curricula with real-world needs. Hardy emphasizes the importance of hands-on experience, developing soft skills, and fostering continuous learning. The episode also highlights strategies for retaining talent, promoting internal training, and creating leadership opportunities to cultivate a skilled and satisfied cybersecurity workforce.
Transcripts: https://docs.google.com/document/d/12fI2efHXuHR4dS3cu7P0UIBCtjBdgREI
Chapters
00:00 Introduction to the Cybersecurity Talent Crisis
00:40 Debunking the Talent Shortage Myth
02:23 The Real Talent Gap: Mid-Career Professionals
03:04 Outsourcing and Its Impact on Entry-Level Jobs
08:29 Challenges in Cybersecurity Education
16:13 The Importance of Practical Skills Over Theory
23:52 The Importance of Writing Skills
25:10 Continuous Learning and Self-Investment
26:07 Performance and Career Progression
28:40 Mentorship and Onboarding
29:51 Training and Development Challenges
32:32 Retention Strategies
33:44 Engaging Junior Employees
39:07 Technology and Innovation
40:54 Conclusion and Final Thoughts
Monday Oct 07, 2024
Monday Oct 07, 2024
In this episode of CISO Tradecraft, hosted by G Mark Hardy, you'll learn about four crucial tools in cloud security: CNAPP, CASB, CSPM, and CWPP. These tools serve various functions like protecting cloud-native applications, managing access security, maintaining cloud posture, and securing cloud workloads. The discussion covers their roles, benefits, key success metrics, and best practices for CISOs. As the cloud security landscape evolves, understanding and integrating these tools is vital for keeping your organization safe against cyber threats.
Transcripts: https://docs.google.com/document/d/1Mx9qr30RuWrDUw1TLNkUDQ8xo4xvQdP_
Chapters
00:00 Introduction to Cloud Security Tools
02:24 Understanding CNAPP: The Comprehensive Cyber Defense
08:13 Exploring CASB: The Cloud Access Gatekeeper
11:12 Diving into CSPM: Ensuring Cloud Compliance
13:40 CWPP: Protecting Cloud Workloads
15:08 Best Practices for Cloud Security
15:54 Conclusion and Final Thoughts
Monday Sep 30, 2024
Monday Sep 30, 2024
In this episode of CISO Tradecraft, hosts G Mark Hardy and Mark Rasch discuss the intersection of artificial intelligence and the law. Recorded at the COSAC computer conference in Dublin, this episode covers the legal implications of AI, copyright issues, AI-generated content, privacy concerns, and ethical considerations. They explore the nuances between directed and undirected AI, the importance of training data, and the potential risks and liabilities associated with AI-driven systems. Tune in for a deep dive into how AI is reshaping cybersecurity and legal landscapes.
Transcripts: https://docs.google.com/document/d/1s_eDwz-FPuyxYZRJaOknWi2Ozjqmodrl
Chapters
00:00 Introductions
01:13 Diving into Artificial Intelligence
04:04 Directed vs. Undirected AI
11:02 Legal and Ethical Issues of AI
23:47 AI and Copyright: Who Owns the Creation?
26:59 The Role of AI in Information Security
32:51 Ethical Dilemmas in AI Decision-Making
39:18 Future Challenges and Recommendations for AI
Monday Sep 23, 2024
Monday Sep 23, 2024
Join G. Mark Hardy in Torremolinos, Spain, for a deep dive into the security of Generative AI. This episode of CISO Tradecraft explores the basics of generative AI, including large language models like ChatGPT, and discusses the key risks and mitigation strategies for securing AI tools in the workplace. G. Mark provides real-world examples, insights into the industry's major players, and practical steps for CISOs to balance innovation with security. Discover how to protect sensitive data, manage AI-driven hallucinations, and ensure compliance through effective governance and ethical guidelines. Plus, get a glimpse into the future of AI vulnerabilities and solutions in the ever-evolving tech landscape.
References
OWASP Top 10 LLM Risks https://genai.owasp.org/
Gartner CARE Standard - https://www.gartner.com/en/documents/3980890
Make sure your controls work consistently over time (Consistency)
Make sure your controls meet the business needs (Adequacy)
Make sure your controls are appropriate and fair (Reasonableness)
Make sure your controls produce the desire outcome (Effectiveness)
Transcripts: https://docs.google.com/document/d/1V2ar7JBO503MN0RZcH7Q7VBkQUW9MYk6
Chapters
00:00 Introduction from Spain
00:42 Understanding Generative AI
03:25 Major Players in Generative AI
05:02 Risks of Generative AI
15:14 Mitigating Generative AI Risks
18:23 Implementing Solutions
24:09 Conclusion and Call to Action
Monday Sep 16, 2024
Monday Sep 16, 2024
G Mark Hardy dives deep into effective strategies for securing your business. Learn why it's essential for cybersecurity leaders to communicate the real business impact of vulnerabilities and discover the importance of identifying and prioritizing critical business processes. Gain insights from historical references and practical frameworks like the CIA triad (Confidentiality, Integrity, Availability) to bolster your organization's cybersecurity posture. Tune in as G Mark, broadcasting from Glasgow, Scotland, shares valuable lessons on proactive security measures, risk-based decision-making, and crisis recovery strategies.
7 critical business processes common to most organizations.
Book
Order
Bill
Pay
Ship
Close
Communicate
Transcripts
https://docs.google.com/document/d/1Ra3c0J5Wo6s2BSqhNoNyqm9D65ogT07h
Chapters
00:00 Introduction to Securing the Business
00:12 Begin Podcast
01:08 Understanding Critical Business Processes
02:23 Identifying and Prioritizing Business Functions
03:00 Real-World Example: Restaurant Booking System
04:57 Decision Making in Crisis Situations
10:38 Mapping Confidentiality, Integrity, and Availability
19:42 Conclusion and Final Thoughts
Monday Sep 09, 2024
Monday Sep 09, 2024
Join host G Mark Hardy as he dives deep into the complexities of compliance and reporting, featuring special guests Brian Bradley and Josh Williams from FedShark. Discover a unique and streamlined approach to compliance using FedShark's innovative tools and AI-assisted systems. Learn about their exclusive offers for CISO Tradecraft listeners, including free downloads and discounted pre-assessment tools. Topics covered include CMMC, HIPAA, PCI, and more. Whether you're part of the Defense Industrial Base or dealing with multiple compliance frameworks, this episode is packed with practical advice to make your compliance journey smoother and more effective.
Thanks to our podcast sponsor, Fedshark
CISO Traderaft Promo & Link to CMMC White Papers: https://fedshark.com/ciso
RapidAssess: https://fedshark.com/rapid-assess
Company website: https://fedshark.com
FedShark Blog: https://fedshark.com/blog
Schedule a Demo: https://fedshark.com/contact-us
LinkedIn Matt Beaghley: https://www.linkedin.com/in/mbeaghley/
LinkedIn Brian Bradley: https://www.linkedin.com/in/brian-bradley-97a82668/
Chapters
00:00 Introduction and Special Offer
03:18 Meet the Experts: Brian and Josh
06:49 Challenges in Compliance
16:23 Understanding CMMC
29:02 Understanding Scope in Compliance
30:22 Introducing the AI-Enhanced Compliance Solution
31:24 Streamlining Interviews and Documentation
42:19 Final Thoughts and Recommendations
Monday Sep 02, 2024
Monday Sep 02, 2024
G Mark Hardy and guest Deb Radcliff talk about experiences and takeaways from Black Hat, and delve into the dynamic world of cybersecurity. Deb shares her perspectives on the intersection of AI, DevSecOps, and cyber warfare, while highlighting insights from her 'Breaking Backbones' trilogy.
Transcripts: https://docs.google.com/document/d/1XN9HjdljJYKlUITrxZ10HTq9e91R8FNT
Book 1: Breaking Backbones: Information Is Power https://amzn.to/4dLSBxQBook 2: Breaking Backbones: Information Should Be Free https://amzn.to/4e3BRlBBook 3: Breaking Backbones: From Chaos to Order https://amzn.to/3X8e4u2
Chapters
00:00 Introduction and Welcome Back
01:18 Black Hat and Security Leaders Dinner
04:39 The Evolution of Cybersecurity Conferences
10:59 AI and Cybersecurity Trends
22:01 The Chip Dilemma: Parenting in a Monitored Society
23:09 Crafting Characters: Inspirations and Transformations
25:58 Writing Process: From Drafts to Details
31:38 Future of Cybersecurity: Autonomous Systems and Legal Challenges
Monday Aug 26, 2024
Monday Aug 26, 2024
In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen testing may be insufficient, and how autonomous pen testing can offer continuous, scalable solutions. The conversation delves into Snehal’s extensive experience, the importance of readiness over compliance, and the future of cybersecurity tools designed with humans out of the loop. Tune in to learn how to elevate your cybersecurity posture in a rapidly evolving threat landscape.
Horizon3 - https://www.horizon3.ai
Snehal Antani - https://www.linkedin.com/in/snehalantani/
Transcripts: https://docs.google.com/document/d/1IFSQ8Uoca3I7TLqNHMkvm2X-RHk8SWpo
Chapters:
00:00 Introduction and Guest Welcome
01:43 Background and Experience of Snehal Antani
03:09 Challenges and Limitations of Traditional Pen Testing
14:47 The Future of Pen Testing: Autonomous Systems
23:10 Leveraging Data for Cybersecurity Insights
24:02 Expanding the Attack Surface: Cloud and Supply Chain
24:46 Third-Party Risk Management Evolution
44:37 Future of Cyber Warfare: Algorithms vs. Humans
Monday Aug 19, 2024
Monday Aug 19, 2024
In this episode of CISO Tradecraft, host G Mark Hardy delves into the intricate world of Identity and Access Management (IAM). Learn the essentials and best practices of IAM, including user registration, identity proofing, directory services, identity federation, credential issuance, and much more. Stay informed about the latest trends like proximity-based MFA and behavioral biometrics. Understand the importance of effective IAM implementation for safeguarding sensitive data, compliance, and operational efficiency. Plus, hear real-world examples and practical advice on improving your IAM strategy for a secure digital landscape.
Transcripts: https://docs.google.com/document/d/15zUupqhCQz9llwy21GW5cam8qXgK80JB
Chapters
00:00 Introduction to CISO Tradecraft
01:24 Understanding Identity and Access Management (IAM)
01:54 Gartner's Magic Quadrant and IAM Vendors
03:29 The Importance of IAM in Enterprises
04:28 User Registration and Verification
06:48 Password Policies and Best Practices
09:53 Identity Proofing Techniques
14:53 Directory Services and Role Management
18:27 Identity Federation and Credential Issuance
22:22 Profile and Role Management
26:17 Identity Lifecycle Management
29:23 Access Management Essentials
35:05 Review and Conclusion
Monday Aug 12, 2024
Monday Aug 12, 2024
In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, and goals, this podcast offers practical insights and tools that can improve the efficacy and culture of your security team. If you're looking for strategic frameworks to align your team with business objectives and create a resilient security culture, you won't want to miss this episode!
Christian Hyatt's LinkedIn Profile: https://www.linkedin.com/in/christianhyatt/
Link to the Book: https://a.co/d/aHpXXfr
Transcripts: https://docs.google.com/document/d/1ogBdtJolBJTOVtqyFLO5onuLxBsfqqQP
Chapters
00:00 Introduction and Guest Welcome
01:31 Overview of the Security Team Operating System
03:31 Deep Dive into the Five Elements
07:53 Aligning Security with Business Objectives
21:59 Defining Core Values for Security Teams
25:03 Aligning Organizational and Team Values
26:05 Establishing Clear Roles and Responsibilities
30:58 Implementing Effective Rhythms and Goals
Monday Aug 05, 2024
Monday Aug 05, 2024
Join host G Mark Hardy in this episode of CISO Tradecraft as he welcomes Olivia Rose, an experienced CISO and founder of the Rose CISO Group. Olivia discusses her journey in cybersecurity from her start in marketing to becoming a VCISO. They delve into key topics including the transition from CISO to VCISO, strategies for managing time and stress, the importance of understanding board dynamics, and practical advice on mentoring new entrants in the cybersecurity field. Olivia also shares her insights on maintaining business alignment, handling insurance as a contractor, and building a personal brand in the cybersecurity community.
Olivia Rose: https://www.linkedin.com/in/oliviarosecybersecurity/
Transcripts: https://docs.google.com/document/d/1S42BepIh1QQHVWsdhhgx6x99U188q5eL
Chapters
00:00 Introduction and Guest Welcome
01:14 Olivia Rose's Career Journey
06:42 Challenges in Cybersecurity Careers
15:47 Communicating with the Board
22:57 Navigating Compliance and Legal Challenges
24:10 Building Strategic Relationships
25:46 Aligning Security with Business Goals
35:05 The Importance of Reputation and Branding
Monday Jul 29, 2024
Monday Jul 29, 2024
In this episode of CISO Tradecraft, host G Mark Hardy continues an in-depth discussion with cybersecurity attorney Thomas Ritter on the legal considerations for cybersecurity leaders. The episode touches on essential topics such as immediate legal steps after a data breach, the importance of using correct terminology, understanding attorney-client privilege and discovery, GDPR's impact, data localization, and proactive measures CISOs should take. The conversation also explores the implications of evolving cybersecurity laws and regulations like the Digital Operations Resilience Act and the potential criminal liabilities for CISOs.
Thomas Ritter: https://www.linkedin.com/in/thomas-ritter-2b91014a/
Transcripts: https://docs.google.com/document/d/15xQINUOdziGdcEFfh5SN8lS7svtK0JCT
Chapters
00:00 Introduction and Recap of Part 1
01:43 Starting the Discussion: Data Breaches
02:22 Legal Steps After a Data Breach
07:19 Understanding Attorney-Client Privilege
08:21 Discovery in Legal Cases
13:31 Staying Updated on Cybersecurity Laws
19:38 Impact of GDPR on Cybersecurity
32:00 Data Localization Challenges
34:55 Proactive Legal Preparedness
37:23 Final Thoughts and Conclusion
Monday Jul 22, 2024
Monday Jul 22, 2024
In this episode of CISO Tradecraft, host G Mark Hardy interviews cybersecurity lawyer Thomas Ritter. They discuss key legal topics for CISOs, including regulatory compliance, managing third-party risk, responding to data breaches, and recent legislative impacts. Thomas shares his journey into cybersecurity law and provides practical advice and real-world examples. Key points include the challenges of keeping up with evolving regulations, the intricacies of vendor management, and the implications of recent Supreme Court rulings. They also touch on major breaches like SolarWinds and Colonial Pipeline, exploring lessons learned and the importance of implementing essential security controls.
Thomas Ritter - https://www.linkedin.com/in/thomas-ritter-2b91014a/ Transcripts: https://docs.google.com/document/d/1EvZ_dOpFOLCSSv5ffqxCoMnLZDOnUv_K
Chapters
00:00 Introduction to CISO Tradecraft
00:48 Meet Thomas Ritter: Cybersecurity Lawyer
03:48 Legal Challenges for CISOs
04:54 Managing Third-Party Risks
13:01 Understanding Legal and Statutory Obligations
15:57 Supreme Court Rulings and Cybersecurity
32:57 Lessons from High-Profile Cyber Attacks
38:32 Ransomware Epidemic and Law Enforcement
43:30 Conclusion and Contact Information
Monday Jul 15, 2024
Monday Jul 15, 2024
Emotional Intelligence for Cybersecurity Leaders | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy delves into the essential topic of emotional intelligence (EI) for cybersecurity leaders. He explores the difference between IQ and EI, the origins and significance of emotional intelligence, and its impact on leadership effectiveness. The episode covers various models of EI, including the Ability Model, the Trait Model, and the Mixed Model, and emphasizes practical actions to enhance EI, such as self-awareness, self-regulation, empathy, and social skills. Tune in to understand how developing emotional intelligence can significantly benefit your career, leadership performance, and personal life.
Transcripts: https://docs.google.com/document/d/15pyhXu3XVHJ_VE1OwKjSqM73Rybjbsm0
Chapters:
00:00 Introduction to CISO Tradecraft
00:53 Understanding IQ: The Basics
04:08 Introduction to Emotional Intelligence
07:38 Models of Emotional Intelligence
13:06 The Importance of Emotional Intelligence in Leadership
25:12 Practical Steps to Improve Emotional Intelligence
32:42 Conclusion and Final Thoughts
Monday Jul 08, 2024
Monday Jul 08, 2024
Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations.
Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5
Chapters
00:00 Introduction to CISO Tradecraft
00:40 Challenges of Cybersecurity in Small Businesses
01:15 Defining Small Business and Security Baselines
01:53 Top Cybersecurity Tools for Small Businesses
02:05 Hardware and Software Essentials
04:35 Patch Management Solutions
05:19 Endpoint Detection and Response (EDR) Tools
06:06 Secure Web Gateways and Website Security
11:21 Identity and Access Management (IAM)
12:57 Email Security Gateways
14:15 Managed Detection and Response (MDR) Solutions
14:54 Recap of Essential Cybersecurity Tools
15:41 Bonus Tool: Password Managers
18:33 Aligning with CIS Controls
24:48 Conclusion and Call to Action
Monday Jun 24, 2024
Monday Jun 24, 2024
Welcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablement, operational resilience, and cost reduction. Tune in for insightful strategies to improve your impact as a cybersecurity leader and a sneak peek at our upcoming CISO training class! If you would like to learn more about our class, drop us a comment: https://www.cisotradecraft.com/comment
Transcripts: https://docs.google.com/document/d/19SDBdQSTLc58sP5ynwzhuedNHzk7QPKj
Chapters
00:00 Introduction to Profitable Growth for CISOs
01:16 Understanding Profit and Business Objectives
03:24 Enhancing Customer Experience through Cybersecurity
08:51 Service Enablement and Upselling Strategies
11:39 Ensuring Operational Resilience
13:36 Cost Reduction and Efficiency Improvements
18:31 Recap and Final Thoughts
19:10 Exciting Announcement: CISO Training Course