CISO Tradecraft®
Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership. © Copyright 2025, National Security Corporation. All Rights Reserved
Episodes

3 hours ago
3 hours ago
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports.
Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/
Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz
Chapters
00:35 Verizon Data Breach Investigations Report (DBIR) Introduction
01:16 Accessing the DBIR Report
02:38 Key Takeaways from the DBIR
03:15 Third-Party Breaches
04:32 Ransomware Insights
08:08 Exploitation of Vulnerabilities
09:39 Credential Abuse
12:25 Espionage Attacks
14:04 System Intrusions in APAC
15:04 Business Email Compromise (BEC)
18:07 Human Risk and Security Awareness
19:19 Industry-Specific Trends
20:06 Multi-Layered Defense Strategy
21:08 Data Leakage to Gen AI

Monday May 05, 2025
Monday May 05, 2025
Join G Mark Hardy in this eye-opening episode of CISO Tradecraft as he shares a personal story about his dog Shelby's near-fatal experience and the costly lesson it taught him about technical debt. Discover how small overlooked issues in cybersecurity can compound and lead to significant risks and learn actionable steps to tackle technical debt before it turns into a crisis.
Pictures of Dog https://drive.google.com/file/d/1nBc9e3bBJVW0BQt5inGryhP3ahBz4XsQ/view?usp=drive_link https://drive.google.com/file/d/12V_DuwhgNBKgxJL0yqNq9Fopa4dauJfd/view?usp=drive_link
Transcripts https://docs.google.com/document/d/1-_X_9RQrurOLKRvbXyMjgbygESsabcCK
Chapters
00:21 Welcome to CISO Tradecraft
00:36 RSAC 2025 Conference Experience
01:22 Shelby's Health Scare
02:08 Understanding Technical Debt
02:41 The Consequences of Technical Debt
04:09 Shelby's Story as a Technical Debt Analogy
09:28 Lessons Learned from Shelby's Story
13:09 Conclusion and Call to Action

Monday Apr 28, 2025
Monday Apr 28, 2025
In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune in to learn how to avoid becoming the 'department of no' and start being the 'department of know.'
Transcripts https://docs.google.com/document/d/1CT9HXdDmKojuXzWTbNYUE4Kgp_D64GyB
Knostic's Website - https://www.knostic.ai/solution-brief-request
Chapters
00:00 Introduction to Microsoft Copilot Risks
00:32 Meet the Guest: Sounil Yu
02:51 Understanding Microsoft 365 Copilot
06:09 The DIKW Pyramid and Knowledge Management
08:34 Challenges of Data Permissions and Oversharing
19:01 Need to Know: A New Approach to Access Control
35:10 Measuring and Mitigating Risks with Copilot
39:46 Conclusion and Next Steps

Monday Apr 21, 2025
Monday Apr 21, 2025
In this episode of CISO Tradecraft, host G Mark Hardy delves into the crucial topic of Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS). Learn about the history, structure, and significance of the CVE database, the recent funding crisis, and what it means for the future of cybersecurity. We also explore the intricacies of CVE scoring and how it aids in prioritizing vulnerabilities. Tune in to understand how as a CISO, you can better prepare your organization against cyber threats and manage vulnerabilities efficiently.
Transcripts: https://docs.google.com/document/d/13VzyzG5uUVLGVhPA5Ws0UFbHPnfHbsII
Chapters
00:00 Introduction to CVE and CVSS
01:13 History of Vulnerability Tracking
03:07 The CVE System Explained
06:47 Understanding CVSS Scoring
13:11 Recent Funding Crisis and Its Impact
15:53 Future of the CVE Program
18:27 Conclusion and Final Thoughts

Monday Apr 14, 2025
Monday Apr 14, 2025
Join host G Mark Hardy on CISO Tradecraft as he welcomes expert Scott Gicking to discuss the Center for Internet Security's (CIS) Controls Self-Assessment Tool (CSAT). Learn what CSAT is, how to effectively use it, and how it can enhance your career in cybersecurity. Stay tuned for insights on creating effective security frameworks, measuring maturity, and improving organizational security posture using the CSAT tool.
Scott Gicking - https://www.linkedin.com/in/scottgickingus/
CIS CSAT - https://www.cisecurity.org/controls/cis-controls-self-assessment-tool-cis-csat
Transcripts: https://docs.google.com/document/d/1WAI9U0WEUSJH1ZVWM1HdtFEf-O9hLJBe
Chapters
01:16 Guest Introduction: Scott Gicking
02:49 Scott's Career Journey
04:03 The Hollywood Cybersecurity Incident
07:38 Introduction to CIS and Its Importance
09:49 Understanding the CIS CSAT Tool
10:13 Implementing CIS CSAT in a Real-World Scenario
13:00 Benefits of the CIS CSAT Tool
18:38 Developing a Three-Year Roadmap with CSAT
23:25 Scoring Policies and Controls
24:20 Control Implementation and Automation
25:22 CMMC Certification Levels
27:52 Honest Self-Assessment
30:01 Quick and Dirty Assessment Approach
33:07 Building Trust and Reporting
37:38 Business Impact Analysis Tool
40:02 Reputational Damage and CISO Challenges
42:55 Final Thoughts and Contact Information

Monday Apr 07, 2025
Monday Apr 07, 2025
Ever wonder how the CISO role went from obscure techie to boardroom MVP? In this episode of CISO Tradecraft, G Mark Hardy takes you on a journey through the evolution of the Chief Information Security Officer — from Steve Katz's groundbreaking appointment at Citibank in 1995 to the high-stakes, high-impact role CISOs play today.
Transcripts: https://docs.google.com/document/d/1FlKBW6zlVBqLoSTQMGZIfz--ZLD_aS9t/edit
Chapters
00:00 Introduction to the Evolution of the CISO Role
00:58 The First CISO: Steve Katz's Pioneering Journey
03:58 Rise of Security Certifications
08:39 Regulatory Wake-Up Calls and Compliance
12:23 Cybersecurity in the Age of State-Sponsored Attacks
17:58 The Impact of Major Cyber Incidents
25:07 Modern Challenges and the Future of the CISO Role
27:51 Conclusion and Final Thoughts

Monday Mar 31, 2025
Monday Mar 31, 2025
In this episode of CISO Tradecraft, we host Chris Hughes, CEO of Aquia, cybersecurity consultant, and author. Chris shares insights on the evolving landscape of cybersecurity, discussing software supply chain threats, vulnerability management, relationships between security and development, and the future impacts of AI. Tune in to gain expert advice on becoming an effective cybersecurity leader.
Chris Hughes - https://www.linkedin.com/in/resilientcyber/
Transcripts: https://docs.google.com/document/d/1j5ernS0Gk3LH-qcjhi6gOfojBqQljGhi
Chapters
00:00 Introduction and Special Guest Announcement
00:55 Chris Hughes' Background and Career Journey
02:46 Government and Industry Engagement
03:42 Supply Chain Security Challenges
07:34 Vulnerability Management Insights
12:13 Navigating the Overwhelming Vulnerability Landscape
22:19 Building Positive Relationships in Cybersecurity
23:41 Empowering Risk-Informed Decisions
24:29 Aligning with Organizational Risk Appetite
25:33 Navigating Job Changes and Organizational Fit
26:32 The Role of Compliance in Security
33:27 The Impact of AI on Security
43:05 Balancing Build vs. Buy Decisions
45:05 Conclusion and Final Thoughts

Monday Mar 24, 2025
Monday Mar 24, 2025
In this episode of CSO Tradecraft, host G. Mark Hardy introduces 'The Full Irish,' a cybersecurity framework based on the '12 Steps to Cybersecurity' guidance from Ireland's National Cybersecurity Center. The episode covers comprehensive steps from governance and risk management to incident response and resilience, making it a valuable resource for cybersecurity professionals. G Mark also discusses the implications of multinational companies operating in Ireland, including tax strategies and notable GDPR fines. The episode provides pragmatic guidance and actionable insights to enhance your cybersecurity program.
References: https://www.ncsc.gov.ie/pdfs/Cybersecurity_12_steps.pdf
Transcripts: https://docs.google.com/document/d/1VLeRozClLZAkZsusYsUn4Q9_1v7WCoN0
Chapters
00:00 Introduction to the Full Irish
01:32 Why Ireland?
02:40 Tax Avoidance Schemes
04:25 GDPR Penalties and Data Protection
05:54 Overview of the 12 Steps to Cybersecurity
07:19 Step 1: Governance and Organization
09:24 Step 2: Identify What Matters Most
10:31 Step 3: Understanding the Threats
12:35 Step 4: Defining Risk Appetite
14:10 Step 5: Education and Awareness
16:00 Step 6: Implement Basic Protections
18:00 Step 7: Detect and Attack
19:37 Step 8: Be Prepared to React
21:24 Step 9: Risk-Based Approach to Resilience
22:52 Step 10: Automated Protections
23:58 Step 11: Challenge and Test Regularly
25:29 Step 12: Cyber Risk Management Lifecycle
26:29 Conclusion and Final Thoughts

Monday Mar 17, 2025
Monday Mar 17, 2025
In this episode of CISO Tradecraft, host G. Mark Hardy dives into the evolution, challenges, and solutions of Data Loss Prevention (DLP). From early methods like 'dirty word lists' in the military to advanced AI and machine learning models of today, discover how DLP technologies have developed to safeguard sensitive information. Learn about different DLP phases, regulatory impacts, and modern tools like Microsoft Purview that can help manage and classify data effectively. This episode is packed with valuable insights to help you tackle data security with confidence and efficiency.
Transcripts
https://docs.google.com/document/d/1u7owNI5P3WajJvRPIXbzrUYy-PCsRcfC
References
Crash course in Microsoft Purview: A guide to securing and managing your data estate
Chapters
00:00 Introduction to Data Loss Prevention (DLP)
00:45 Early Days of DLP: Dirty Word Lists and Simple Networks
02:39 Evolution of DLP: Content Filtering and Endpoint Protection
06:05 Advanced Content Inspection and Policy Enforcement
09:19 Unified DLP and Cloud Adoption
16:04 Modern DLP: AI, Machine Learning, and Zero Trust
19:12 Implementing DLP with Microsoft Purview
28:59 Summary and Final Thoughts

Monday Mar 10, 2025
Monday Mar 10, 2025
In this episode of CISO Tradecraft, G. Mark Hardy dives deep into the world of Agentic AI and its impact on cybersecurity. The discussion covers the definition and characteristics of Agentic AI, as well as expert insights on its feasibility. Learn about its primary functions—perception, cognition, and action—and explore practical cybersecurity applications. Discover the rapid advancements made by tech giants and potential risks involved. This episode is a comprehensive guide to understanding and securely implementing Agentic AI in your enterprise.
Transcripts https://docs.google.com/document/d/1tIv2NKX0DL4NTnvqKV9rKrgrewa68m3W
References
Vladimir Putin - https://www.rt.com/news/401731-ai-rule-world-putin/
Minds and Machines - https://link.springer.com/article/10.1007/s44163-024-00216-2
Anthropic - https://www.cnbc.com/2024/10/22/anthropic-announces-ai-agents-for-complex-tasks-racing-openai.html
Convergence AI - https://convergence.ai/training-web-agents-with-web-world-models-dec-2024/
OpenAI Operator - https://openai.com/index/introducing-operator/
ByteDance UITARS - https://venturebeat.com/ai/bytedances-ui-tars-can-take-over-your-computer-outperforms-gpt-4o-and-claude/
Zapier - https://www.linkedin.com/pulse/openai-bytedance-zapier-launch-ai-agents-getcoai-l6blf/
Microsoft OmniParser - https://www.microsoft.com/en-us/research/articles/omniparser-v2-turning-any-llm-into-a-computer-use-agent/
Google Project Mariner - https://deepmind.google/technologies/project-mariner/
Rajeev Sharma - Agentic AI Architecture - https://markovate.com/blog/agentic-ai-architecture/
NIST.AI.600-1 - https://doi.org/10.6028/NIST.AI.600-1
Mitre ATLAS - https://atlas.mitre.org/
OWASP Top 10 for LLMs - https://owasp.org/www-project-top-10-for-large-language-model-applications/
ISO 42001 - https://www.iso.org/standard/81230.html
Chapters
00:00 Introduction and Intriguing Quote
01:10 Defining Agentic AI
02:01 Expert Insights on Agency
04:32 Agentic AI in Practice
06:54 Recent Developments in Agentic AI
08:20 Deep Dive into Agentic AI Infrastructure
15:35 Use Cases for Agentic AI
21:12 Challenges and Considerations
24:22 Conclusion and Recap

Monday Mar 03, 2025
Monday Mar 03, 2025
In this episode of CISO Tradecraft, G. Mark Hardy shares 15 crucial characteristics to help you succeed in your cybersecurity career and become an effective CISO. From knowing yourself and developing leadership skills to enhancing communications and staying current with trends, Hardy distills decades of wisdom into practical advice. Learn how to navigate career transitions, build technical credibility, become an effective storyteller, and master political skills essential for C-level success.
Transcripts:https://docs.google.com/document/d/1MpjXD8LqnHS_Lj1S-6T7vxcclxzUjEhe
Chapters
01:30 Know Yourself: The First Step to Success
05:23 Develop Your Leadership Skills
07:09 Enhance Your Communication Skills
11:37 Gain Broad Experience
14:28 Pursue Advanced Education
18:13 Network with Other Professionals
20:47 The Importance of Mentorship
22:20 Building Valuable Connections
23:43 Aligning with Business Goals
25:38 Deepening Technical Expertise
26:59 Staying Current with Trends
28:03 Promoting a Security-First Culture
30:18 Addressing Skills Gaps
31:53 Becoming a Master Storyteller
33:35 Engaging with Executives
34:41 Strategic Thinking and Time Management
37:27 Mastering Political Skills
39:14 Conclusion and Final Thoughts

Monday Feb 24, 2025
Monday Feb 24, 2025
In this episode of CISO Tradecraft, host G Mark Hardy discusses Microsoft's groundbreaking announcement of their new quantum chip, the Majorana. The chip harnesses properties of a topological superconductor, making quantum computing promises more tangible. The episode delves into the technical aspects of quantum bits (qubits), cryptography, and the implications of topological quantum computing. With insights on competitor advancements by Google and potential challenges, this episode provides a comprehensive overview of quantum computing's future and its cyber security implications.
Transcripts: https://docs.google.com/document/d/1O2XG47o2_6jHBtPKL2PcwGRKPe69wFvi
Link: https://azure.microsoft.com/en-us/blog/quantum/2025/02/19/microsoft-unveils-majorana-1-the-worlds-first-quantum-processor-powered-by-topological-qubits/
Chapters
00:00 Introduction to CISO Tradecraft
00:26 Microsoft's Quantum Chip Announcement
01:51 Understanding Quantum Bits
03:23 Quantum Computing and Cryptography
06:00 Microsoft's Quantum Leap
09:41 The Physics Behind Quantum Computing
16:48 Majorana Particle and Its Significance
20:29 Applications and Future of Quantum Computing
25:01 Conclusion and Final Thoughts

Monday Feb 17, 2025
Monday Feb 17, 2025
In this CISO Tradecraft episode, host G. Mark Hardy delves into the recent U.S. presidential executive orders impacting AI and their implications for cybersecurity professionals. Learn about the evolution of AI policies from various administrations and how they influence national security, innovation, and the strategic decisions of CISOs. Discover key directives, deregulatory moves, and practical steps you can take to secure your AI systems in an era marked by rapidly changing regulations. Plus, explore the benefits of using AI tools like ZeroPath to bolster your cybersecurity efforts.
Big Thanks to our Sponsors: ZeroPath - https://zeropath.com/
Transcripts: https://docs.google.com/document/d/1Nv27tpDQs2fjdOedJOi0LhlkyQ5N5dKt
Links:
https://www.americanbar.org/groups/public_education/publications/teaching-legal-docs/what-is-an-executive-order-/
https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence
https://www.csis.org/analysis/made-china-2025
https://www.researchgate.net/publication/242704112_China's_15-year_Science_and_Technology_Plan https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity
https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence
https://www.presidency.ucsb.edu/documents/executive-order-14148-initial-rescissions-harmful- executive-orders-and-actions
https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting- innovation-in-the-nations-cybersecurity
https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting- innovation-in-the-nations-cybersecurity
https://www.cisecurity.org/controls/cis-controls-list
Chapters
00:00 Introduction to AI Policy Shifts
00:23 AI Tool for Cybersecurity: ZeroPath
01:12 Understanding Executive Orders
02:44 EO 13859: Maintaining American Leadership in AI
05:42 EO 13960: Trustworthy AI in Federal Government
07:10 EO 14028: Strengthening U.S. Cybersecurity
09:38 EO 14110: Safe and Trustworthy AI Development
11:09 EO 14148: Rescinding AI Policies
12:21 EO 14179: Removing Barriers to AI Innovation
15:26 EO 14144: Strengthening Cybersecurity Innovation
37:19 Mapping Executive Orders to CIS Controls
40:15 Conclusion and Key Takeaways

Monday Feb 10, 2025
Monday Feb 10, 2025
This podcast episode discusses the formation of a professional association for CISOs, driven by increasing personal liability risks faced by these executives. The conversation centers on establishing a formal definition and accreditation process for the CISO role, moving beyond existing certifications to demonstrate operational and theoretical expertise. This professionalization effort aims to reduce personal liability through a tailored insurance product, negotiated collectively by the association, and preempt potentially ill-defined government regulations. Ultimately, the goal is to create a structured, respected profession for CISOs, offering benefits such as insurance, professional development, and a unified voice within the industry.
Professional Association of CISOs - https://theciso.org/
Transcripts - https://docs.google.com/document/d/1BNeUzSyPYX-vAYwQl9qCi0GhknYhKnWF/
Chapters
00:00 Introduction to Professionalizing the CISO Role
00:52 The Genesis of a Professional Association
03:39 Challenges and Legal Liabilities for CISOs
04:43 The Value of Joining the Association
06:24 Accreditation and Certification Process
10:38 Insurance and Risk Management for CISOs
18:45 Future Directions and Getting Involved

Monday Feb 03, 2025
Monday Feb 03, 2025
In this episode of CISO Tradecraft, host G. Mark Hardy and special guest Colleen Lennox dive into the transformative power of AI in HR. Discover how AI can revolutionize identifying, attracting, and retaining cybersecurity talent. They discuss the challenges of finding the right personnel in the cybersecurity field, the innovative AI-driven solutions that can streamline recruitment processes, and how these tools can help in talent management and career progression. Stay tuned as they explore the potential of AI in creating a more effective and bias-free hiring process, while also discussing the future implications for HR and recruiters in the evolving landscape. Big Thanks to our
Sponsors: CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!
Transcripts: https://docs.google.com/document/d/1f6B9Ye02WHWo7q15avBm0359pxGNqnVu
Chapters
00:00 Introduction: AI and Workforce Concerns
00:28 Welcome to CISO Tradecraft
01:01 Meet Colleen Lennox: AI in HR
01:27 Challenges in Cybersecurity Recruitment
03:11 AI-Powered Recruitment Solutions
07:07 Improving Talent Management with AI
13:36 Addressing Bias in AI Recruitment
17:20 Future of AI in HR and Recruitment
21:04 Conclusion and Contact Information

Monday Jan 27, 2025
Monday Jan 27, 2025
In this episode of CISO Tradecraft, host G. Mark Hardy sits down with Bill Dougherty, CISO of Omada Health, to discuss a groundbreaking threat model called 'Includes No Dirt'. This comprehensive model integrates security, privacy, and compliance considerations, aiming to streamline and enhance threat modeling processes. The conversation covers the origin and principles of the model, its applicability across different sectors, and the essential aspects of threat modeling. Listeners are also treated to insights on handling third-party risks and adapting to emerging AI challenges. The episode provides practical advice for cybersecurity leaders looking to effectively manage and mitigate risks while reducing redundancy.
Big Thanks to our Sponsors:
ZeroPath - https://zeropath.com/
CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!
The No DIRT Threat Model can be found here: http://www.includesnodirt.com/nodirt.pdf
Transcripts: https://docs.google.com/document/d/1vWq4Zx7pzM_B65W933m8_TE0fLKaUw3X
Chapters
03:27 The Genesis of Includes No Dirt
05:05 Combining Security, Privacy, and Compliance
07:24 Implementing the No Dirt Model
11:42 Scoring and Evaluating Risks
17:41 Third-Party Risk Management
25:49 Evaluating SaaS Requests Based on Risk
27:55 Adapting Threat Models for AI
31:24 Principles of Minimum Necessary Data
33:42 General Applicability of Security Principles
35:12 Includes No Dirt: A Comprehensive Threat Model
40:15 Final Thoughts and Recommendations

Monday Jan 20, 2025
Monday Jan 20, 2025
Join G. Mark Hardy in a riveting episode of CISO Tradecraft as he sits down with Dustin Lehr to uncover strategies for creating security champions among developers. Explore effective techniques to inspire culture change, leverage AI tools for security, and discover the difference between leadership and management. This insightful discussion includes actionable steps to establish a robust security champions program, from defining a vision to executing with gamification. Whether you’re an aspiring champion or a seasoned cybersecurity leader, this episode is packed with valuable insights to elevate your organization’s security practices.
Big Thanks to our Sponsors:
ZeroPath - https://zeropath.com/
CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!
Transcripts - https://docs.google.com/document/d/1IgPbmnNaEF_1GIQTRxHStOoUKtZM4azH
Learn more about this topic by reading Justin's Website - https://securitychampionsuccessguide.org/
Justin Lehr's Company - https://www.katilyst.com/
Chapters
01:05 Meet Dustin Lair
04:05 Leadership vs. Management
06:17 The Role of Security Champions
17:20 Recruiting Security Champions
24:42 Exploring the Framework: Vision and Goals
26:25 Defining Participants and Their Roles
28:37 Understanding the Current Setting
33:27 Conceptualizing Ideal Actions
35:20 Designing with Gamification in Mind
40:30 Effective Delivery and Continuous Tuning
41:30 Overcoming Challenges and Final Thoughts

Monday Jan 13, 2025
Monday Jan 13, 2025
In this episode of CISO Tradecraft, host G Mark Hardy explores the top 10 cybersecurity predictions for 2025. From the rise of AI influencers to new standards in encryption, Hardy discusses significant trends and changes expected in the cybersecurity landscape. The episode delves into topics such as branding, application security, browser-based security, and post-quantum cryptography, aiming to prepare listeners for future challenges and advancements in the field.
Big Thanks to our Sponsor
CruiseCon - https://cruisecon.com/
CruiseCon Discount Code: CISOTRADECRAFT10
Team8 Fixing AppSec Paper - https://bunny-wp-pullzone-pqzn4foj9c.b-cdn.net/wp-content/uploads/2024/11/Fixing-AppSec-Paper.pdf
Terraform and Open Policy Agent Example - https://spacelift.io/blog/terraform-best-practices#8-introduce-policy-as-code
Transcripts - https://docs.google.com/document/d/1u6B2PrkJ1D14d9HjQQHSg7Fan3M6n4dy
Chapters
01:19 1) AI Influencers become normalized
03:17 2) The Importance of Production Quality in Branding
05:19 3) Google and Apple Collaboration for Enhanced Security
06:28 4) Consolidation in Application Security and Vulnerability Management
08:36 5) The Rise of Models Committees
09:09 6) Formalizing the CISO Role
11:03 7) Exclusive CISO Retreats: The New Trend
12:12 8) Automating Cybersecurity Tasks with Agentic AI
13:10 9) Browser-Based Security Solutions
14:22 10) Post-Quantum Cryptography: Preparing for the Future

Monday Jan 06, 2025
Monday Jan 06, 2025
🔥 Hackers Beware! Cyber Deception is Changing the Game 🔥
In this must-hear episode of CISO Tradecraft, we expose a mind-blowing cybersecurity strategy that flips the script on attackers. Instead of waiting to be breached, cyber deception technology tricks hackers into revealing themselves—before they can do real damage. 🚨🎭
Imagine laying digital traps—fake credentials, bogus systems, and irresistible bait—that lead cybercriminals straight into a controlled maze where every move they make is tracked.
Early threat detection? ✅
Real-time attacker intel? ✅
Fewer false positives? ✅
🎙️ Featuring deception tech guru Yuriy Gatupov, we break down:
✅ How deception tech works & why it’s a game-changer
✅ How to expose and track hackers in real time
✅ How to prove ROI and make the case for your org Cyber deception isn’t just defense—it’s offense against cyber threats. Are you ready to fight back? Listen now!
Big thanks to our Sponsors
ThreatLocker - https://hubs.ly/Q02_HRGK0
CruiseCon - https://cruisecon.com/
Contact Yuriy Gatupov - info@labyrinth.tech
Yuri's LinkedIn - https://www.linkedin.com/in/yuriy-gatupov-373155281/
Transcripts: https://docs.google.com/document/d/1oyQzCBRoPLbDOCOCypJMGGXxcPI5w75o
Chapters
02:05 History of Cyber Deception
04:57 Advantages of Deception Technology
06:57 Engagement and Detection Strategies
10:18 How Deception Technology Works
16:13 Attack Scenarios and Detection
24:09 Decoys and Deception: A New Paradigm
24:56 Real-World Success Stories
33:30 Deception in OT and SCADA Systems
37:38 Calculating ROI for Deception Technologies

Monday Dec 30, 2024
Monday Dec 30, 2024
In this episode of CISO Tradecraft, host G Mark Hardy interviews Ross Haleliuk, author of 'Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup.' Ross shares valuable insights on starting a cybersecurity company, and emphasizes the importance of understanding market needs, customer engagement, and trust in the industry. They discuss the role of angel investors, the differences between product and service companies, and the challenges founders face. The episode also includes an announcement about CISO Tradecraft's partnership with CruiseCon for an upcoming cybersecurity conference. Additionally, Ross provides a glimpse into his non-traditional background and journey into the cybersecurity space.
Thank you to our sponsors
- ThreatLocker - https://hubs.ly/Q02_HRGK0
- CruiseCon - https://cruisecon.com/
Ross Haleliuk's Book - https://www.amazon.com/Cyber-Builders-Essential-Building-Cybersecurity/dp/173823410X/
Ross Haleliuk's LinkedIn Page - https://www.linkedin.com/in/rosshaleliuk/
Transcripts: https://docs.google.com/document/d/1b8UPolYvYWEYbmO7n_7NqrilObv-HNzo Chapters
02:28 Ross Haleliuk's Background and Journey
04:32 Discussing the Book: Cyber for Builders
10:52 Insights on Cybersecurity and Business
15:54 Challenges and Realities of Cybersecurity Startups
22:19 Navigating Market Competition
23:15 Entering Established Markets
24:28 Challenges in Security Tool Adoption
25:11 Legacy Vendors and Market Entrenchment
27:35 Building a Company: Beyond the Product
30:02 Validating Market Needs
32:27 Funding Your Startup
35:25 The Role of Angel Investors
43:29 Conclusion and Next Steps

Monday Dec 23, 2024
Monday Dec 23, 2024
Join us on CISO Tradecraft as we explore the future of cybersecurity with Merritt Barrett, former Deputy CISO at AWS. Merritt, a Harvard Law graduate, shares her expert insights on the trends expected in the upcoming years, emphasizing the enduring aspects of cybersecurity, the implications of AI, and challenges in cloud security. Discover valuable strategies for managing security risks, the evolution of ransomware, and the integration of sustainable practices within the industry. Don't miss this episode filled with practical advice for current and aspiring CISOs!
Thank you to our sponsors
- ThreatLocker - https://hubs.ly/Q02_HRGK0
- CruiseCon - https://cruisecon.com/
Transcripts https://docs.google.com/document/d/1KRkN7jVZvAaYk1eSBde3GTiD-G9RPjXJ
Chapters
00:00 Introduction and Guest Overview
01:16 Future of Cybersecurity
02:18 AWS Security Insights
04:35 Shared Responsibility Model
09:59 AI in Cybersecurity
21:55 Security and Environmental Concerns
32:36 Predictions for 2025 and Beyond
42:46 Closing Remarks and Contact Information

Monday Dec 16, 2024
Monday Dec 16, 2024
In this episode of CISO Tradecraft, host G Mark Hardy discusses the history and evolution of endpoint protection with guest Kieran Human from ThreatLocker. Starting from the inception of antivirus software by John McAfee in the late 1980s, the episode delves into the advancements through Endpoint Detection and Response (EDR) and introduces the latest in endpoint security: allowlisting and ring fencing. The conversation highlights the limitations of traditional antivirus and EDR solutions in today's threat landscape, emphasizing the necessity of default-deny approaches to enhance cybersecurity. Kieran explains how ThreatLocker’s allowlisting and ring-fencing capabilities can block unauthorized applications and actions, thus significantly reducing the risk of malware and ransomware attacks. Practical insights, war stories, and deployment strategies are shared to help cybersecurity leaders implement these next-generation tools effectively.
Thank you to our sponsor ThreatLocker
https://hubs.ly/Q02_HRGK0
Transcripts: https://docs.google.com/document/d/1UMrK44ysBjltNkddCkwx9ly6GJ14tIbC
Chapters
00:00 Introduction to Endpoint Protection
00:41 Upcoming Event: CruiseCon 2025
01:18 History of Endpoint Protection
03:34 Evolution of Antivirus to EDR
05:25 Next-Gen Endpoint Protection: Allowlisting
06:44 Guest Introduction: Kieran Human from ThreatLocker
08:06 Benefits of Allowlisting and Ring Fencing
17:14 Challenges and Best Practices
26:19 Conclusion and Call to Action

Monday Dec 09, 2024
Monday Dec 09, 2024
In this crucial episode of CISO Tradecraft, host G Mark Hardy delves into the urgent topic of the 'Salt Typhoon' threat, with insights from experts Adam Isles and Andreas Kurland from the Chertoff Group. The episode covers the implications for corporate security using SMS text messages when Chinese actors are breaking into major telecommunication entities. The conversation focuses on encryption, secure communications, and measures to mitigate risks from vulnerabilities in telecommunications infrastructure. The discussion includes practical steps for securing messaging, voice calls, virtual meetings, and emails. Learn actionable strategies to bolster your organization’s cybersecurity posture and ensure robust defense against sophisticated state-level cyber threats.
Thank you to our sponsor Threat Locker
https://www.threatlocker.com/pages/essential-eight-fast-track?utm_source=ciso_tradecraft&utm_medium=sponsor&utm_campaign=essential-eight_q4_24&utm_content=essential-eight&utm_term=podcast
Link to recommendations:
https://chertoffgroup.com/end-to-end-encryption-is-essential/
Transcripts https://docs.google.com/document/d/13NKPUBU3c-qYQtX18NR08oYVRSSnHD_a
Chapters:
00:00 Introduction to Salt Typhoon
01:31 Meet the Experts: Adam Isles and Andreas Kurland
02:03 Understanding the Salt Typhoon Threat
04:49 Telecommunications and Security Risks
07:37 Messaging Security: Risks and Recommendations
20:14 Voice Communication Security
28:44 Securing Virtual Meetings
34:45 Email Security: Challenges and Solutions
41:35 Conclusion and Contact Information

Monday Dec 02, 2024
Monday Dec 02, 2024
In this riveting episode of CISO Tradecraft, host G Mark Hardy welcomes back Richard Thieme, a thought leader in cybersecurity and technology, almost three years after his last appearance. Richard delves into the necessity of thinking like a hacker, provides insights into the AI singularity, and discusses the ethical and societal implications of emerging technologies. The conversation also touches on Richard's extensive body of work, including his books and views on cyber warfare, disinformation, and ethical decision-making. Tune in for a thought-provoking discussion that challenges conventional wisdom and explores the interconnectedness of technology, consciousness, and our future.
Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/
CruiseCon Discount Code: CISOTRADECRAFT10
Link to Richard’s home page (and links to Amazon for his books):
https://thiemeworks.com/
Link to the book, The Ending of Time:
https://store.kfa.org/products/the-ending-of-time-new-edition
Transcripts: https://docs.google.com/document/d/1Q7CJkF7Spji2iAbV_mYEyYHnKWobzo6N
Chapters
00:00 Introduction and Guest Announcement
00:56 Upcoming Cybersecurity Event: CruiseCon
01:41 Welcoming Back Richard Thieme
02:06 Reflecting on Past Discussions
02:59 The Necessity for Thinking Like a Hacker
03:10 Exploring Richard Thieme's Books
08:25 Understanding AI and Its Implications
18:28 Soft Power and Global Influence
24:01 The Power of Fiction in Revealing Truth
24:37 Ethical Frameworks Post 9/11
26:12 The Role of Empathy in Intelligence Work
26:37 The Blurring Line Between Fact and Fiction
29:52 The Isolation of Intelligence Work
31:18 The Interconnectedness of Everything
33:36 Exploring Remote Viewing and Consciousness
36:50 The Rise of AI and Ethical Considerations
39:43 The Evolution of Technology and Society
45:07 Final Thoughts and Reflections

Monday Nov 25, 2024
Monday Nov 25, 2024
This podcast episode of CISO Tradecraft features Shawnee Delaney, an insider threat expert, discussing insider threats in cybersecurity. Delaney, whose background includes espionage, explains how understanding human motivation and vulnerabilities is crucial for identifying and mitigating insider threats. The conversation highlights the importance of organizational culture, employee well-being, and proactive measures like employee lifecycle management and psychological testing in preventing such threats. Practical advice is offered for leaders to foster a supportive and communicative work environment to detect potential threats early. Finally, methods for creating effective insider threat programs and addressing cultural issues are explored.
Shawnee Delaney's LinkedIn - https://www.linkedin.com/in/shawnee-delaney/
Vaillance Group - https://www.vaillancegroup.com/
Transcripts: https://docs.google.com/document/d/1xJiEMDL8CjNwwfBSvNHfnhfsrVgOMuk0
Chapters
00:00 Introduction to Insider Threat
00:26 Guest Introduction: Shawnee Delaney
00:58 CruiseCon 2025 Announcement
01:33 Shawnee's Career Journey
02:18 Understanding Espionage
03:43 Motivations Behind Espionage
07:46 Indicators of Insider Threat
10:48 Building a Positive Organizational Culture
18:21 Implementing an Insider Threat Program
21:05 Psychological Testing in Hiring
23:26 Assessing Organizational Culture
25:34 Core Values in the Navy and Marine Corps
26:16 A Commanding Officer's Story
28:32 Identifying Insider Threats
32:01 The Impact of Job Uncertainty
36:50 Gamifying Security Incentives
39:12 Building a Strong Security Culture
42:05 Final Thoughts and Recommendations