CISO Tradecraft®

By CISO Tradecraft®

What's CISO Tradecraft® about?

Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership.

Download our free app to listen on your phone

CISO Tradecraft® episodes:

06.24.2024
#187 - Ensuring Profitable Growth
Welcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a...
06.17.2024
#186 - AI Coaching (with Tom Bendien)
Exploring AI in Cybersecurity: Insights from an Expert - CISO Tradecraft with Tom Bendien In this episode of CISO Tradecraft, host G Mark Hardy sits down with AI expert Tom Bendien to delve into the impact of artificial intelligence on...
06.10.2024
#185 - Ethics and Artificial Intelligence (AI)
In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark...
06.03.2024
#184 - Complexity is Killing Us
In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges complexity introduces to cybersecurity, debunking the myth that more complex systems are inherently more secure. Through examples ranging from IT support issues to the intricacies of developing...
05.27.2024
#183 - Navigating the Cloud Security Landscape (with Chris Rothe)
This episode of CISO Tradecraft features a conversation between host G. Mark Hardy and Chris Rothe, co-founder of Red Canary, focusing on cloud security, managed detection and response (MDR) services, and the evolution of cybersecurity practices. They discuss the genesis...
05.20.2024
#182 - Shaping the SOC of Tomorrow (with Debbie Gordon)
This episode of CISO Tradecraft, hosted by G Mark Hardy, features special guest Debbie Gordon. The discussion focuses on the critical role of Security Operations Centers (SOCs) in an organization's cybersecurity efforts, emphasizing the importance of personnel, skill development, and...
05.13.2024
#181 - Inside the 2024 Verizon Data Breach Investigations Report
In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the...
05.06.2024
#180 - There's Room For Everybody In Your Router (with Giorgio Perticone)
In this joint episode of the Security Break podcast and CISO Tradecraft podcast, hosts from both platforms come together to discuss a variety of current cybersecurity topics. They delve into the challenge of filtering relevant information in the cybersecurity sphere,...
04.29.2024
#179 - The 7 Broken Pillars of Cybersecurity
In this episode of CISO Tradecraft, host G. Mark Hardy discusses seven critical issues facing the cybersecurity industry, offering a detailed analysis of each problem along with counterarguments. The concerns range from the lack of a unified cybersecurity license, the...
04.22.2024
#178 - Cyber Threat Intelligence (with Jeff Majka & Andrew Dutton)
In this episode of CISO Tradecraft, hosts G Mark Hardy and guests Jeff Majka and Andrew Dutton discuss the vital role of competitive threat intelligence in cybersecurity. They explore how Security Bulldog's AI-powered platform helps enterprise cybersecurity teams efficiently remediate...
04.15.2024
#177 - 2024 CISO Mindmap (with Rafeeq Rehman)
This episode of CISO Tradecraft features a comprehensive discussion between host G Mark Hardy and guest Rafeeq Rehman, centered around the evolving role of CISOs, the impact of Generative AI, and strategies for effective cybersecurity leadership. Rafeeq shares insights on...
04.08.2024
#176 - Reality-Based Leadership (with Alex Dorr)
In this episode of CISO Tradecraft, host G Mark Hardy welcomes Alex Dorr to discuss Reality-Based Leadership and its impact on reducing workplace drama and enhancing productivity. Alex shares his journey from professional basketball to becoming an evangelist of reality-based...
04.01.2024
#175 - Navigating NYDFS Cyber Regulation
This episode of CISO Tradecraft dives deep into the New York Department of Financial Services Cybersecurity Regulation, known as Part 500. Hosted by G Mark Hardy, the podcast outlines the significance of this regulation for financial services companies and beyond....
03.25.2024
#174 - OWASP Top 10 Web Application Attacks
In this episode of CISO Tradecraft, host G. Mark Hardy delves into the crucial topic of the OWASP Top 10 Web Application Security Risks, offering insights on how attackers exploit vulnerabilities and practical advice on securing web applications. He introduces...
03.18.2024
#173 - Mastering Vulnerability Management
In this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere...
03.11.2024
#172 - Table Top Exercises
This episode of CISO Tradecraft, hosted by G Mark Hardy, delves into the concept, significance, and implementation of tabletop exercises in improving organizational security posture. Tabletop exercises are described as invaluable, informal training sessions that simulate hypothetical situations allowing teams...
03.04.2024
#171 - Navigating Software Supply Chain Security (with Cassie Crossley)
In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they...
02.26.2024
#170 - Responsibility, Accountability, and Authority
In this episode of CISO Tradecraft, the host, G Mark Hardy, delves into the concepts of responsibility, accountability, and authority. These are considered critical domains in any leadership position but are also specifically applicable in the field of cybersecurity. The...
02.19.2024
#169 - MFA Mishaps
In this episode of CISO Tradecraft, host G Mark Hardy discusses various mishaps that can occur with Multi-Factor Authentication (MFA) and how these can be exploited by attackers. The talk covers several scenarios such as the misuse of test servers,...
02.12.2024
#168 - Cybersecurity First Principles (with Rick Howard)
In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Rick Howard, Chief Security Officer, Chief Analyst and Senior Fellow at CyberWire. Rick shares his insights on first principles in cybersecurity, discussing how these form...
02.05.2024
#167 - Cybersecurity Apprenticeships (with Craig Barber)
In this episode of CISO Tradecraft, host G Mark Hardy is joined by guest Craig Barber, the Chief Information Security Officer at SugarCRM. They discuss the increasingly critical topic of cybersecurity apprenticeships and Craig shares his personal journey from technical...
01.29.2024
#166 - Cyber Acronyms You Should Know
This video introduces a newly proposed acronym in the world of cybersecurity known as the 'Cyber UPDATE'. The acronym breaks down into Unchanging, Perimeterizing, Distributing, Authenticating and Authorizing, Tracing, and Ephemeralizing. The video aims to explain each component of the...
01.22.2024
#165 - Modernizing Our SOC Ingest (with JP Bourget)
In this episode of CISO Tradecraft, host G Mark Hardy interviews JP Bourget about the security data pipeline and how modernizing SOC ingest can improve efficiency and outcomes. Featuring discussions on cybersecurity leadership, API integrations, and the role of AI...
01.15.2024
#164 - The 7 Lies in Cyber
In this episode of CISO Tradecraft, we debunk seven common lies pervasive in the cybersecurity industry. From the fallacy of achieving a complete inventory before moving onto other controls, the misconception about the accuracy of AppSec tools, to the fear...
01.08.2024
#163 - Operational Resilience
Join G Mark Hardy in this episode of the CISO Tradecraft podcast where he details how cyber protects revenue. He clarifies how cybersecurity is seen as a cost center by most organizations, but stresses how it can become a protector...
01.01.2024
#162 - CISO Predictions for 2024
Looking for accurate predictions on what 2024 holds for cybersecurity? Tune into our latest episode of CISO Tradecraft for intriguing insights and industry trends. Listen now and boost your cybersecurity knowledge! Earn CPEs: https://www.cisotradecraft.com/isaca Transcripts: https://docs.google.com/document/d/11YX2bjhIVThSNPF6yEKaNWECErxjWA-R Chapters 00:00 Introduction 02:11 1) CISOs flock...
12.25.2023
#161 - Secure Developer Training Programs (with Scott Russo) Part 2
In the second half of the discussion about secure developer training programs, G Mark Hardy and Scott Russo delve deeper into how to engineer an effective cybersecurity course. They discuss the importance and impact of automation and shifting left, the...
12.18.2023
#160 - Secure Developer Training Programs (with Scott Russo) Part 1
In this episode of CISO Tradecraft, host G Mark Hardy invites Scott Russo, a cybersecurity and engineering expert for a deep dive into the creation and maintenance of secure developer training programs. Scott discusses the importance of hands-on engaging training...
12.11.2023
#159 - Refreshing Your Cybersecurity Strategy
In this episode of CISO Tradecraft, host G. Mark Hardy guides listeners on how to refresh their cybersecurity strategy. Starting with the essential assessments on the current state of your security, through to the creation of a comprehensive, one-page cyber...
12.04.2023
#158 - Building a Data Security Lake (with Noam Brosh)
Discover the key to a more effective cybersecurity strategy in the newest episode of CISO Tradecraft! We're talking SOC tools, building a data lake for security, and more with guest Noam Brosh of Hunters. Don't miss it! Big Thanks to our...
11.27.2023
#157 - SOC Skills (with Hasan Eksi) Part 2
In this episode of CISO Tradecraft, G Mark Hardy and Hasan Eksi from CyberNow Labs continue the discussion about the vital skills needed for an effective incident responder within a Security Operations Center (SOC). The skills highlighted in this episode...
11.20.2023
#156 - SMB CISO Challenges (with Kevin O’Connor)
In this episode of CISO Tradecraft, host G Mark Hardy talks to Kevin O'Connor, the Director of Threat Research at Adlumin. They discuss the importance of comprehensive cybersecurity for Small to Medium-sized Businesses (SMBs), including law firms and mid-sized banks....
11.13.2023
#155 - SOC Skills (with Hasan Eksi) Part 1
In this episode of CISO Tradecraft we have a detailed conversation with Hasan Eksi from CyberNow Labs. G Mark and Hasan discuss the top 20 skills required by incident responders, covering the first 10 in part 1 of this series....
11.06.2023
#154 - Data Protection (with Amer Deeba)
In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Amer Deeba, CEO and co-founder of Normalyze. They focus on the importance of data security in today's cloud-centric, multi-platform tech environment. Amer shares valuable insights on the...
10.30.2023
#153 - Game-Based Learning (with Andy Serwin & Eric Basu)
On this episode we talk about the differences between Gamification and Game-Based Learning. We think you will enjoy hearing how Game-Based learning gets folks into the flow and creates novel training that resonates. We also have a great discussion on...
10.23.2023
#152 - Speak My Language (with Andrew Chrostowski)
Learn the language of the board with Andrew Chrostowski. In this episode we discuss the 3 major risk categories of opportunity risk, cybersecurity risk and complex systems. We highlight intentional deficit and what to do about it. Finally, don't miss...
10.16.2023
#151 - Cyber War
On this episode we do a master class on cyber warfare. Learn the terminology. Learn the differences and similarities between kinetic and cyber warfare. There's a lot of interesting discussion, so check it out. Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/...
10.09.2023
#150 - Measuring Results
On this episode we discuss the measuring results cheat sheet from Justin Mecham. Key focuses include: Defining SMART Goals (Specific, Measurable, Achievable, Relevant, & Time-Bound) Identifying KPIs (Key Performance Indicators) Using the WOOP Model (Wish, Outcome, Obstacle, and Plan) Using a Gap Analysis Using the...
10.02.2023
#149 - Board Perspectives
On this episode we discuss the four key roles Boards play in cybersecurity. Setting the company's vision and risk strategy Reviewing assessment results Evaluating management cyber risk stance Approving risk management plans Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts - https://docs.google.com/document/d/1jarCcQYioT59jtIrppH4xZqyAy4Vn_tB/ Chapters 00:00 Introduction 01:36 What is...
09.25.2023
#148 - Threat Modeling (with Adam Shostack)
On this episode we bring on the leading expert of threat modeling (Adam Shostack) to discuss the four questions that every team should ask: What are we working on? What can go wrong? What are we going to do about it? Did we do...
09.18.2023
#147 - Betting on MFA
There's a lot of new cyber attacks occurring and today we are going to talk about them in more detail. Many bad actors are using SMS spoofing and Social Engineering to get in. Listen in an learn about how those...
09.11.2023
#146 - Living in a Materiality World
Have you ever thought about what does it mean to say there has been a material incident? How is materiality determined? What is the history of how that term has been defined by U.S. Regulators. Listen to today's show and...
09.04.2023
#145 - The Cost of Cyber Defense
On this episode we overview the CIS Document titled, "The Cost of Cyber Defense". https://www.cisecurity.org/insights/white-papers/the-cost-of-cyber-defense-cis-controls-ig1 Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/whitepaper/ CPRIME - For those valuing leadership, policy, and governance in tech risk and security, Cprime is here to...
08.28.2023
#144 - Handling Regulatory Change
In this episode of CISO Tradecraft, we delve into the evolving landscape of cybersecurity regulations. From data incident notifications to required contract language, we uncover common trends and compliance challenges. Learn how to prepare, adapt, and network within your industry...
08.21.2023
#143 - Authentication, Rainbow Tables, and Password Managers
Here's a nice overview of cybersecurity on passwords, authentication, rainbow tables, and password managers. Enjoy the show and check out our other podcasts. Special Thanks to our Sponsors: Risk3Sixty: Being able to clearly articulate your vision for your security program to the...
08.14.2023
#142 - Powerful Questions
Join us at the heart of Hacker Summer Camp for insights into the cybersecurity world! Discover the art of asking powerful questions that can change your career and impact others. Learn how CISOs assess cyber solutions and how startups can...
08.07.2023
#141 - Emerging Risks (with The Chertoff Group)
On this episode, David London and Adam Isles from the Chertoff Group stop by to discuss emerging risk topics such as AI, Supply Chain Attacks, and the new SEC regulations. Stick around and learn the tradecraft to better protect your...
07.31.2023
#140 - Bobby the Intern
Don't let Bobby the Intern cause havoc in your network. On this episode of CISO Tradecraft, G Mark Hardy discusses the importance of training new hires in cybersecurity to create a strong security culture within an organization. The focus is...
07.24.2023
#139 - Insider Threat Operations (with Jim Lawler)
On this episode we bring on CIA Veteran James "Jim" Lawler to discuss how spies are recruited, how individuals are turned, and what makes them vulnerable to being turned. Learn what managers and executives can and should know about their...
07.17.2023
#138 - Updating the Mindmap (with Rafeeq Rehman)
This week Rafeeq Rehman returns to discuss the 2023 updates to the CISO Mindmap. Note you can find his work here: https://rafeeqrehman.com/2023/03/25/ciso-mindmap-2023-what-do-infosec-professionals-really-do/ Thanks to our two sponsors for this episode. 1) Prelude: https://www.preludesecurity.com/ 2) Risk3Sixty - Get a free copy of...

What's CISO Tradecraft® about?

Download our free app to listen on your phone

CISO Tradecraft® episodes:

#187 - Ensuring Profitable Growth

#186 - AI Coaching (with Tom Bendien)

#185 - Ethics and Artificial Intelligence (AI)

#184 - Complexity is Killing Us

#183 - Navigating the Cloud Security Landscape (with Chris Rothe)

#182 - Shaping the SOC of Tomorrow (with Debbie Gordon)

#181 - Inside the 2024 Verizon Data Breach Investigations Report

#180 - There's Room For Everybody In Your Router (with Giorgio Perticone)

#179 - The 7 Broken Pillars of Cybersecurity

#178 - Cyber Threat Intelligence (with Jeff Majka & Andrew Dutton)

#177 - 2024 CISO Mindmap (with Rafeeq Rehman)

#176 - Reality-Based Leadership (with Alex Dorr)

#175 - Navigating NYDFS Cyber Regulation

#174 - OWASP Top 10 Web Application Attacks

#173 - Mastering Vulnerability Management

#172 - Table Top Exercises

#171 - Navigating Software Supply Chain Security (with Cassie Crossley)

#170 - Responsibility, Accountability, and Authority

#169 - MFA Mishaps

#168 - Cybersecurity First Principles (with Rick Howard)

#167 - Cybersecurity Apprenticeships (with Craig Barber)

#166 - Cyber Acronyms You Should Know

#165 - Modernizing Our SOC Ingest (with JP Bourget)

#164 - The 7 Lies in Cyber

#163 - Operational Resilience

#162 - CISO Predictions for 2024

#161 - Secure Developer Training Programs (with Scott Russo) Part 2

#160 - Secure Developer Training Programs (with Scott Russo) Part 1

#159 - Refreshing Your Cybersecurity Strategy

#158 - Building a Data Security Lake (with Noam Brosh)

#157 - SOC Skills (with Hasan Eksi) Part 2

#156 - SMB CISO Challenges (with Kevin O’Connor)

#155 - SOC Skills (with Hasan Eksi) Part 1

#154 - Data Protection (with Amer Deeba)

#153 - Game-Based Learning (with Andy Serwin & Eric Basu)

#152 - Speak My Language (with Andrew Chrostowski)

#151 - Cyber War

#150 - Measuring Results

#149 - Board Perspectives

#148 - Threat Modeling (with Adam Shostack)

#147 - Betting on MFA

#146 - Living in a Materiality World

#145 - The Cost of Cyber Defense

#144 - Handling Regulatory Change

#143 - Authentication, Rainbow Tables, and Password Managers

#142 - Powerful Questions

#141 - Emerging Risks (with The Chertoff Group)

#140 - Bobby the Intern

#139 - Insider Threat Operations (with Jim Lawler)

#138 - Updating the Mindmap (with Rafeeq Rehman)