Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership. © Copyright 2024, National Security Corporation. All Rights Reserved
…
continue reading
Join G. Mark Hardy on this exciting episode of CISO Tradecraft as he interviews J.C. Vega, the first cyber colonel in the United States Army. Vega shares his invaluable insights on leadership, team building, and success strategies that can transform your cybersecurity career. Plus, learn about CruiseCon 2025, Wee Dram, and how you can take your lea…
…
continue reading
1
#204 - Shadows and Zombies in the Data Center
23:53
23:53
Play later
Play later
Lists
Like
Liked
23:53
In this special Halloween episode of CISO Tradecraft, host G Mark Hardy delves into the lurking dangers of Shadow IT and Zombie IT within organizations. Learn about the origins, risks, and impacts of these hidden threats, and discover proactive measures that CISOs can implement to safeguard their IT ecosystems. Strategies discussed include rigorous…
…
continue reading
Unlocking SOC Excellence: Master the SOC Capability Maturity Model Join host G Mark Hardy in this compelling episode of CISO Tradecraft as he explores the revolutionary SOC Capability Maturity Model (SOC CMM) authored by Rob van Os. This episode is a must-watch for CISOs, aspiring CISOs, and cybersecurity professionals aiming to optimize their Secu…
…
continue reading
1
#202 - Cybersecurity Crisis: Are We Failing the Next Generation?
45:09
45:09
Play later
Play later
Lists
Like
Liked
45:09
In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges and misconceptions facing the next generation of cybersecurity professionals. The discussion covers the myth of a talent shortage, the shortcomings of current educational and certification programs, and the significance of aligning curricula with real-world needs. Hardy e…
…
continue reading
In this episode of CISO Tradecraft, hosted by G Mark Hardy, you'll learn about four crucial tools in cloud security: CNAPP, CASB, CSPM, and CWPP. These tools serve various functions like protecting cloud-native applications, managing access security, maintaining cloud posture, and securing cloud workloads. The discussion covers their roles, benefit…
…
continue reading
In this episode of CISO Tradecraft, hosts G Mark Hardy and Mark Rasch discuss the intersection of artificial intelligence and the law. Recorded at the COSAC computer conference in Dublin, this episode covers the legal implications of AI, copyright issues, AI-generated content, privacy concerns, and ethical considerations. They explore the nuances b…
…
continue reading
Join G. Mark Hardy in Torremolinos, Spain, for a deep dive into the security of Generative AI. This episode of CISO Tradecraft explores the basics of generative AI, including large language models like ChatGPT, and discusses the key risks and mitigation strategies for securing AI tools in the workplace. G. Mark provides real-world examples, insight…
…
continue reading
G Mark Hardy dives deep into effective strategies for securing your business. Learn why it's essential for cybersecurity leaders to communicate the real business impact of vulnerabilities and discover the importance of identifying and prioritizing critical business processes. Gain insights from historical references and practical frameworks like th…
…
continue reading
1
#197 - Fedshark's Blueprint for Cost Effective Risk Reduction
46:27
46:27
Play later
Play later
Lists
Like
Liked
46:27
Join host G Mark Hardy as he dives deep into the complexities of compliance and reporting, featuring special guests Brian Bradley and Josh Williams from FedShark. Discover a unique and streamlined approach to compliance using FedShark's innovative tools and AI-assisted systems. Learn about their exclusive offers for CISO Tradecraft listeners, inclu…
…
continue reading
1
#196 - Cyber Thrills and Author Quills (with Deb Radcliff)
47:13
47:13
Play later
Play later
Lists
Like
Liked
47:13
G Mark Hardy and guest Deb Radcliff talk about experiences and takeaways from Black Hat, and delve into the dynamic world of cybersecurity. Deb shares her perspectives on the intersection of AI, DevSecOps, and cyber warfare, while highlighting insights from her 'Breaking Backbones' trilogy. Transcripts: https://docs.google.com/document/d/1XN9HjdljJ…
…
continue reading
1
#195 - Pentesting for Readiness not Compliance (with Snehal Antani)
47:48
47:48
Play later
Play later
Lists
Like
Liked
47:48
In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen t…
…
continue reading
In this episode of CISO Tradecraft, host G Mark Hardy delves into the intricate world of Identity and Access Management (IAM). Learn the essentials and best practices of IAM, including user registration, identity proofing, directory services, identity federation, credential issuance, and much more. Stay informed about the latest trends like proximi…
…
continue reading
1
#193 - Security Team Operating System (with Christian Hyatt)
43:06
43:06
Play later
Play later
Lists
Like
Liked
43:06
In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, …
…
continue reading
1
#192 - From Cyber Burnout to VCISO Bliss (with Olivia Rose)
45:24
45:24
Play later
Play later
Lists
Like
Liked
45:24
Join host G Mark Hardy in this episode of CISO Tradecraft as he welcomes Olivia Rose, an experienced CISO and founder of the Rose CISO Group. Olivia discusses her journey in cybersecurity from her start in marketing to becoming a VCISO. They delve into key topics including the transition from CISO to VCISO, strategies for managing time and stress, …
…
continue reading
1
#191 - From Breach to Bench (with Thomas Ritter)
44:43
44:43
Play later
Play later
Lists
Like
Liked
44:43
In this episode of CISO Tradecraft, host G Mark Hardy continues an in-depth discussion with cybersecurity attorney Thomas Ritter on the legal considerations for cybersecurity leaders. The episode touches on essential topics such as immediate legal steps after a data breach, the importance of using correct terminology, understanding attorney-client …
…
continue reading
1
#190 - Lawyers, Breaches, and CISOs: Oh My (with Thomas Ritter)
45:10
45:10
Play later
Play later
Lists
Like
Liked
45:10
In this episode of CISO Tradecraft, host G Mark Hardy interviews cybersecurity lawyer Thomas Ritter. They discuss key legal topics for CISOs, including regulatory compliance, managing third-party risk, responding to data breaches, and recent legislative impacts. Thomas shares his journey into cybersecurity law and provides practical advice and real…
…
continue reading
Emotional Intelligence for Cybersecurity Leaders | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy delves into the essential topic of emotional intelligence (EI) for cybersecurity leaders. He explores the difference between IQ and EI, the origins and significance of emotional intelligence, and its impact on leadership effectiv…
…
continue reading
Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch man…
…
continue reading
Welcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablem…
…
continue reading
Exploring AI in Cybersecurity: Insights from an Expert - CISO Tradecraft with Tom Bendien In this episode of CISO Tradecraft, host G Mark Hardy sits down with AI expert Tom Bendien to delve into the impact of artificial intelligence on cybersecurity. They discuss the basics of AI, large language models, and the differences between public and privat…
…
continue reading
1
#185 - Ethics and Artificial Intelligence (AI)
46:38
46:38
Play later
Play later
Lists
Like
Liked
46:38
In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark explores ethical frameworks, such as rights-based ethics, justice and fairness, utilit…
…
continue reading
In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges complexity introduces to cybersecurity, debunking the myth that more complex systems are inherently more secure. Through examples ranging from IT support issues to the intricacies of developing a web application with Kubernetes, the discussion highlights how complexity ca…
…
continue reading
1
#183 - Navigating the Cloud Security Landscape (with Chris Rothe)
44:25
44:25
Play later
Play later
Lists
Like
Liked
44:25
This episode of CISO Tradecraft features a conversation between host G. Mark Hardy and Chris Rothe, co-founder of Red Canary, focusing on cloud security, managed detection and response (MDR) services, and the evolution of cybersecurity practices. They discuss the genesis of Red Canary, the significance of their company name, and the distinctions be…
…
continue reading
1
#182 - Shaping the SOC of Tomorrow (with Debbie Gordon)
44:30
44:30
Play later
Play later
Lists
Like
Liked
44:30
This episode of CISO Tradecraft, hosted by G Mark Hardy, features special guest Debbie Gordon. The discussion focuses on the critical role of Security Operations Centers (SOCs) in an organization's cybersecurity efforts, emphasizing the importance of personnel, skill development, and maintaining a high-performing team. It covers the essential aspec…
…
continue reading
1
#181 - Inside the 2024 Verizon Data Breach Investigations Report
24:38
24:38
Play later
Play later
Lists
Like
Liked
24:38
In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predom…
…
continue reading
1
#180 - There's Room For Everybody In Your Router (with Giorgio Perticone)
1:06:55
1:06:55
Play later
Play later
Lists
Like
Liked
1:06:55
In this joint episode of the Security Break podcast and CISO Tradecraft podcast, hosts from both platforms come together to discuss a variety of current cybersecurity topics. They delve into the challenge of filtering relevant information in the cybersecurity sphere, elaborate on different interpretations of the same news based on the reader's back…
…
continue reading
1
#179 - The 7 Broken Pillars of Cybersecurity
32:03
32:03
Play later
Play later
Lists
Like
Liked
32:03
In this episode of CISO Tradecraft, host G. Mark Hardy discusses seven critical issues facing the cybersecurity industry, offering a detailed analysis of each problem along with counterarguments. The concerns range from the lack of a unified cybersecurity license, the inefficiency and resource waste caused by auditors, to the need for a federal dat…
…
continue reading
1
#178 - Cyber Threat Intelligence (with Jeff Majka & Andrew Dutton)
45:33
45:33
Play later
Play later
Lists
Like
Liked
45:33
In this episode of CISO Tradecraft, hosts G Mark Hardy and guests Jeff Majka and Andrew Dutton discuss the vital role of competitive threat intelligence in cybersecurity. They explore how Security Bulldog's AI-powered platform helps enterprise cybersecurity teams efficiently remediate vulnerabilities by processing vast quantities of data, thereby s…
…
continue reading
1
#177 - 2024 CISO Mindmap (with Rafeeq Rehman)
46:28
46:28
Play later
Play later
Lists
Like
Liked
46:28
This episode of CISO Tradecraft features a comprehensive discussion between host G Mark Hardy and guest Rafeeq Rehman, centered around the evolving role of CISOs, the impact of Generative AI, and strategies for effective cybersecurity leadership. Rafeeq shares insights on the CISO Mind Map, a tool for understanding the breadth of responsibilities i…
…
continue reading
1
#176 - Reality-Based Leadership (with Alex Dorr)
47:45
47:45
Play later
Play later
Lists
Like
Liked
47:45
In this episode of CISO Tradecraft, host G Mark Hardy welcomes Alex Dorr to discuss Reality-Based Leadership and its impact on reducing workplace drama and enhancing productivity. Alex shares his journey from professional basketball to becoming an evangelist of reality-based leadership, revealing how this approach helped him personally and professi…
…
continue reading
This episode of CISO Tradecraft dives deep into the New York Department of Financial Services Cybersecurity Regulation, known as Part 500. Hosted by G Mark Hardy, the podcast outlines the significance of this regulation for financial services companies and beyond. Hardy emphasizes that Part 500 serves as a high-level framework applicable not just i…
…
continue reading
1
#174 - OWASP Top 10 Web Application Attacks
44:23
44:23
Play later
Play later
Lists
Like
Liked
44:23
In this episode of CISO Tradecraft, host G. Mark Hardy delves into the crucial topic of the OWASP Top 10 Web Application Security Risks, offering insights on how attackers exploit vulnerabilities and practical advice on securing web applications. He introduces OWASP and its significant contributions to software security, then progresses to explain …
…
continue reading
1
#173 - Mastering Vulnerability Management
22:16
22:16
Play later
Play later
Lists
Like
Liked
22:16
In this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere patching, to include identification, classification, pri…
…
continue reading
This episode of CISO Tradecraft, hosted by G Mark Hardy, delves into the concept, significance, and implementation of tabletop exercises in improving organizational security posture. Tabletop exercises are described as invaluable, informal training sessions that simulate hypothetical situations allowing teams to discuss and plan responses, thereby …
…
continue reading
1
#171 - Navigating Software Supply Chain Security (with Cassie Crossley)
46:57
46:57
Play later
Play later
Lists
Like
Liked
46:57
In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intrica…
…
continue reading
1
#170 - Responsibility, Accountability, and Authority
46:41
46:41
Play later
Play later
Lists
Like
Liked
46:41
In this episode of CISO Tradecraft, the host, G Mark Hardy, delves into the concepts of responsibility, accountability, and authority. These are considered critical domains in any leadership position but are also specifically applicable in the field of cybersecurity. The host emphasizes the need for a perfect balance between these areas to avoid pu…
…
continue reading
In this episode of CISO Tradecraft, host G Mark Hardy discusses various mishaps that can occur with Multi-Factor Authentication (MFA) and how these can be exploited by attackers. The talk covers several scenarios such as the misuse of test servers, bypassing of MFA via malicious apps and phishing scams, violation of the Illinois Biometric Informati…
…
continue reading
1
#168 - Cybersecurity First Principles (with Rick Howard)
47:14
47:14
Play later
Play later
Lists
Like
Liked
47:14
In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Rick Howard, Chief Security Officer, Chief Analyst and Senior Fellow at CyberWire. Rick shares his insights on first principles in cybersecurity, discussing how these form the foundations of any cybersecurity strategy. He emphasizes the importance of understanding mate…
…
continue reading
1
#167 - Cybersecurity Apprenticeships (with Craig Barber)
44:36
44:36
Play later
Play later
Lists
Like
Liked
44:36
In this episode of CISO Tradecraft, host G Mark Hardy is joined by guest Craig Barber, the Chief Information Security Officer at SugarCRM. They discuss the increasingly critical topic of cybersecurity apprenticeships and Craig shares his personal journey from technical network engineer to CISO. They delve into the benefits of apprenticeships for bo…
…
continue reading
This video introduces a newly proposed acronym in the world of cybersecurity known as the 'Cyber UPDATE'. The acronym breaks down into Unchanging, Perimeterizing, Distributing, Authenticating and Authorizing, Tracing, and Ephemeralizing. The video aims to explain each component of the acronym and its significance in enhancing cybersecurity. Referen…
…
continue reading
1
#165 - Modernizing Our SOC Ingest (with JP Bourget)
44:34
44:34
Play later
Play later
Lists
Like
Liked
44:34
In this episode of CISO Tradecraft, host G Mark Hardy interviews JP Bourget about the security data pipeline and how modernizing SOC ingest can improve efficiency and outcomes. Featuring discussions on cybersecurity leadership, API integrations, and the role of AI and advanced model learning in future data lake architectures. They discuss how vendo…
…
continue reading
In this episode of CISO Tradecraft, we debunk seven common lies pervasive in the cybersecurity industry. From the fallacy of achieving a complete inventory before moving onto other controls, the misconception about the accuracy of AppSec tools, to the fear of being viewed as a cost center - we delve deep into these misconceptions, elucidating their…
…
continue reading
Join G Mark Hardy in this episode of the CISO Tradecraft podcast where he details how cyber protects revenue. He clarifies how cybersecurity is seen as a cost center by most organizations, but stresses how it can become a protector of business profits. Concepts like Operational Resilience Framework (ORF) Version 2 by the Global Resilience Federatio…
…
continue reading
Looking for accurate predictions on what 2024 holds for cybersecurity? Tune into our latest episode of CISO Tradecraft for intriguing insights and industry trends. Listen now and boost your cybersecurity knowledge! Earn CPEs: https://www.cisotradecraft.com/isaca Transcripts: https://docs.google.com/document/d/11YX2bjhIVThSNPF6yEKaNWECErxjWA-R Chapt…
…
continue reading
1
#161 - Secure Developer Training Programs (with Scott Russo) Part 2
45:21
45:21
Play later
Play later
Lists
Like
Liked
45:21
In the second half of the discussion about secure developer training programs, G Mark Hardy and Scott Russo delve deeper into how to engineer an effective cybersecurity course. They discuss the importance and impact of automation and shifting left, the customization needed for different programming languages and practices, and the role of gamificat…
…
continue reading
1
#160 - Secure Developer Training Programs (with Scott Russo) Part 1
42:21
42:21
Play later
Play later
Lists
Like
Liked
42:21
In this episode of CISO Tradecraft, host G Mark Hardy invites Scott Russo, a cybersecurity and engineering expert for a deep dive into the creation and maintenance of secure developer training programs. Scott discusses the importance of hands-on engaging training and the intersection of cybersecurity with teaching and mentorship. Scott shares his e…
…
continue reading
1
#159 - Refreshing Your Cybersecurity Strategy
23:26
23:26
Play later
Play later
Lists
Like
Liked
23:26
In this episode of CISO Tradecraft, host G. Mark Hardy guides listeners on how to refresh their cybersecurity strategy. Starting with the essential assessments on the current state of your security, through to the creation of a comprehensive, one-page cyber plan. The discussion covers different approaches to upskilling the workforce, tools utilizat…
…
continue reading
1
#158 - Building a Data Security Lake (with Noam Brosh)
43:57
43:57
Play later
Play later
Lists
Like
Liked
43:57
Discover the key to a more effective cybersecurity strategy in the newest episode of CISO Tradecraft! We're talking SOC tools, building a data lake for security, and more with guest Noam Brosh of Hunters. Don't miss it! Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/ Hunters - https://www.hunters.security/ Noam Brosh - https://www.l…
…
continue reading
1
#157 - SOC Skills (with Hasan Eksi) Part 2
36:06
36:06
Play later
Play later
Lists
Like
Liked
36:06
In this episode of CISO Tradecraft, G Mark Hardy and Hasan Eksi from CyberNow Labs continue the discussion about the vital skills needed for an effective incident responder within a Security Operations Center (SOC). The skills highlighted in this episode include: incident triage, incident response frameworks, communication, collaboration, documenta…
…
continue reading
1
#156 - SMB CISO Challenges (with Kevin O’Connor)
43:27
43:27
Play later
Play later
Lists
Like
Liked
43:27
In this episode of CISO Tradecraft, host G Mark Hardy talks to Kevin O'Connor, the Director of Threat Research at Adlumin. They discuss the importance of comprehensive cybersecurity for Small to Medium-sized Businesses (SMBs), including law firms and mid-sized banks. The conversation explores the complexities of managing security infrastructures, t…
…
continue reading