CISO Tradecraft

Welcome to CISO Tradecraft. A podcast designed to take you through the adventure of becoming a Chief Information Security Officer (CISO) and learning about cyber security. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.

Listen on:

  • Apple Podcasts
  • Google Podcasts
  • Podbean App
  • Spotify
  • Amazon Music
  • Pandora
  • TuneIn + Alexa
  • iHeartRadio
  • PlayerFM
  • Listen Notes
  • Samsung
  • Podchaser

Episodes

7 days ago

This episode is sponsored by Varonis.  You can learn more on how to reduce your ransomware radius by performing a free ransomware readiness assessment Link On this episode, Sounil Yu continues his discussion about his new book ("Cyber Defense Matrix").  Listen to learn more about:    Pre-Event Structural Awareness vs Post-Event Situational Awareness Environmental vs Contextual Awareness Understanding Security Handoffs Rationalizing Technologies Portfolio Analysis Responding to Emerging Buzzwords (Zero Trust and SASE)

Monday Jun 13, 2022

This episode is sponsored by Varonis.  You can learn more on how to reduce your ransomware radius by performing a free ransomware readiness assessment Link This episode of CISO Tradecraft has Sounil Yu talk about his new book, "Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape". Sounil reviews the Cyber Defense Matrix in depth.  We discuss how the Cyber Defense Matrix can be used for:  Capturing & Organizing Measurements & Metrics Developing a Cyber Security Roadmap Gaining Greater Situational & Structural Awareness Understanding Organizational Responsibilities & Handoffs Rationalizing Technologies & Finding Investment Opportunities Deciphering the Latest Industry Buzzword You can purchase Sounil's new book here Link    

Monday Jun 06, 2022

On this episode of CISO Tradecraft, John Hellickson from Coalfire talks about his career as a CISO.  Listen and learn about: The evolving role of the CISO How John got started as a CISO Whis is a Field CISO and how does it differ from a traditional CISO role Tips on getting your career to the next level by attending the right conferences and getting an executive coach How to get Business Alignment How the Security Advisor Alliance is helping the next generation of cyber talent  

Monday May 30, 2022

A respected journalist focusing on cybersecurity and our community of people for over 25 years, Deb Radcliff remains a trusted information source who checks and double-checks her sources before publication -- a refreshing change to the low signal - high noise world of social media.In this episode, we discuss where CISOs might turn for accurate information, how the industry has evolved in complexity, and take a look at the first of three fictional novels she's writing about a future world where hackers take on an oppressive digital state. What is really interesting is her explanation of how she went from book idea to published reality. Breaking Backbones Information is Power may be purchased from the following Amazon Link

Monday May 23, 2022

On this Episode of CISO Tradecraft we talk about the Top 10 areas of concern for the C Suite about Ransomware.  Note you can read the full ISC2 Study here (Link). Cybersecurity professionals should keep the following golden rules in mind when communicating with the C-suite about ransomware. Increase Communication and Reporting to Leadership Temper Overconfidence as Needed Tailor Your Message Make the Case for New Staff and Other Investments Make Clear that Ransomware Defense is Everyone’s Responsibility

Monday May 16, 2022

On this episode of CISO Tradecraft, Christian Hyatt from risk3sixty stops by to discuss the 3 major Business Objectives for CISOs: Risk Management Cost Reduction Revenue Generation He also discusses the five CISO Archetypes.   The Executive The Engineer The GRC Guru The Technician The Builder References:The 5 CISO Archetypes Book Link Designing the CISO Role Link

Monday May 09, 2022

Chances are your organization has information that someone else wants.  If it's another nation state, their methods may not be friendly or even legal.  In this episode we address assessing risk, known "bad" actors, information targets, exfiltration, cyber security models, what the federal government is doing for contractors, and response strategies.  Listen now so you don't become a statistic later.   References: https://www.fbi.gov/file-repository/china-exec-summary-risk-to-corporate-america-2019.pdf https://nhglobalpartners.com/made-in-china-2025/ https://www.cybintsolutions.com/cyber-security-facts-stats/ http://www.secretservice.gov/ntac/final_it_sector_2008_0109.pdf http://www.secretservice.gov/ntac/final_government_sector2008_0109.pdf CIS Controls v8.0, Center for Internet Security, May 2021, https://www.cisecurity.org https://owasp.org/www-project-threat-and-safeguard-matrix/ https://www.acq.osd.mil/cmmc/about-us.html

Monday May 02, 2022

Our career has been growing like crazy with an estimated 3.5 million unfilled cybersecurity jobs within the next few years.  More certs, more quals, more money, right?  The sky’s the limit.  But what if we’re wrong?  AI, machine learning, security-by-design, outsourcing, and H-1B programs may put huge downward pressure on future job opportunities (and pay) in this country.  Of course, we don’t WANT this, but shouldn’t a wise professional prepare for possibilities?  [We did a ton of research looking at facts, figures, industry trends, and possible futures that might have us thinking that 2022 may have been “the good old days.”  No gloom-and-doom here; just an objective look with a fresh perspective, you know, just in case.]

Monday Apr 25, 2022

On this episode of CISO Tradecraft, we discuss how to avoid Death By PowerPoint by creating cyber awareness training that involves and engages listeners. Specifically we discuss: The EDGE method:  Explain, Demonstrate, Guide, and Enable Escape Rooms Tabletop Exercises Polling During Presentations Short videos from online resources References: https://blog.scoutingmagazine.org/2017/05/05/living-on-the-edge-this-is-the-correct-way-to-teach-someone-a-skill/ http://www.inquiry.net/ideals/scouting_game_purpose.htm https://cisotradecraft.podbean.com/e/ciso-tradecraft-shall-we-play-a-game/ Escape Rooms https://library.georgetown.org/virtual-escape-rooms/ https://research.fairfaxcounty.gov/unlimited/escape Tabletop Exercises From GCHQ https://www.ncsc.gov.uk/information/exercise-in-a-box From CISA https://www.cisa.gov/cisa-tabletop-exercises-packages Funny Videos on Cyber https://staysafeonline.org/resource/security-awareness-episode/  

Monday Apr 18, 2022

On this episode of CISO Tradecraft, we focus on the Password Security and how it's evolving.  Tune in to learn about: Why do we need passwords Ways consumers login and authenticate How bad actors attack passwords How long does it take to break passwords Different types of MFA  The future of passwords with conditional access policies Infographic:   References: https://danielmiessler.com/blog/not-all-mfa-is-equal-and-the-differences-matter-a-lot/  https://www.hivesystems.io/blog/are-your-passwords-in-the-green?utm_source=tabletext  https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps https://en.wikipedia.org/wiki/RockYou https://cisotradecraft.podbean.com/e/ciso-tradecraft-active-directory-is-active-with-attacks/ https://docs.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match

Copyright 2022 All rights reserved.

Podcast Powered By Podbean