Navigating Hacker Summer Camp: A Comprehensive Guide Join host G Mark Hardy on this episode of CSO Tradecraft as he provides a detailed guide on what to expect at Hacker Summer Camp, a series of significant cybersecurity events including DEFCON, Black Hat, and BSides Las Vegas. G Mark shares historical insights, tips for first-timers, and personal anecdotes from his extensive experience attending these events over the years. Learn about the origins, key activities, and networking opportunities that make these conferences pivotal in the cybersecurity community. Stay tuned for practical advice on planning your visit and making the most out of your Hacker Summer Camp experience.

Chapters

In this episode of CISO Tradecraft, co-host G Mark Hardy and guest Ross Young explore the concept of having a personal board of directors. Learn how to leverage mentors, coaches, and role models to gain diverse perspectives and valuable advice for your professional growth as a cybersecurity leader. Discover the importance of building authentic relationships and seeking advice from experienced individuals, and understand how to make informed career decisions. Tune in to hear practical tips on creating and maintaining your own board of directors, and how it can elevate your career in cybersecurity.

Helpful Reading

https://pe.gatech.edu/blog/working-learning/personal-board-of-directors

https://career.uga.edu/uploads/documents/hireuga/PersonalBoardOfDirectors-worksheet24.pdf

Transcripts:

https://docs.google.com/document/d/1qhx38KERHAc1T0qoE6mphUODeOt2xWC4

Join G Mark Hardy in this special episode of CISO Tradecraft as he interviews Ross Young, the creator of the OWASP Threat and Safeguard Matrix (TaSM). Ross shares his extensive cybersecurity background and discusses the development and utility of the TaSM, including its applications in threat modeling and risk management. Additionally, Ross introduces his upcoming book, 'Cybersecurity's Dirty Secret: How Most Budgets Are Wasted,' and provides insights on maximizing cybersecurity budgets. Don't miss this episode for essential knowledge on enhancing your cybersecurity leadership and strategies.

OWASP Threat and Safeguard Matrix - https://owasp.org/www-project-threat-and-safeguard-matrix/

Transcripts - https://docs.google.com/document/d/1anGewI3XccGnXoV3oE2h7BfelY5QxiSL/

Chapters

00:00 Introduction to the Threat and Safeguard Matrix

00:30 Meet Ross Young: Cybersecurity Expert

01:08 Ross Young's Career Journey

01:59 The Upcoming Book: Cybersecurity's Dirty Secret

03:04 Introduction to the Threat and Safeguard Matrix (TaSM)

03:48 Understanding the TaSM Framework

07:10 Applying the TaSM to Real-World Scenarios

19:32 Using TaSM for Threat Modeling and Risk Committees

21:58 Extending TaSM Beyond Cybersecurity

23:52 AI Risks and the TaSM

24:43 Conclusion and Final Thoughts

Join us for an engaging episode of CISO Tradecraft, hosted by G Mark Hardy, featuring cybersecurity veteran Ira Winkler. In this episode, we dive deep into cybersecurity careers, discuss the unique CruiseCon cybersecurity event, and explore the evolution of information security. Hear firsthand accounts of career journey highlights, networking strategies, and the importance of democratizing top-tier content. Learn about the impacts of AI in cybersecurity, data poisoning, and upcoming cybersecurity conferences. Whether you're a seasoned professional or just starting your journey, this episode is packed with invaluable insights and advice.

https://cruisecon.com/

Don't forget to the the following code for 10% off "CISOTRADECRAFT10"

Transcripts: https://docs.google.com/document/d/1-H1CShsyirr4ZL9d1WCx6IMA_ngjWoEN

Chapters

In this episode of CISO Tradecraft, host G Mark Hardy speaks with gamification pioneer Yu-Kai Chou about his new book, '10,000 Hours of Play: Unlock Your Real Life Legendary Success.' Explore key concepts such as aligning your passions, skills, and goals through six essential steps: choosing your game, knowing your attributes, selecting your role, enhancing your skills, building alliances, and achieving your quest. Discover how gamification can lead to personal and professional success. Tune in for an insightful conversation that could change the way you approach your career and life.

Yu-Kai Chou - https://www.linkedin.com/in/yukaichou/

Actionable Gamification Book - https://a.co/d/isv7K0W

10,000 Hours of Play Book - https://a.co/d/3L88jTs

Transcripts: https://docs.google.com/document/d/1gPxWVeS8QYNsgGpXt3EDQy5zGcCYH7hL

Chapters 

In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity.

Nathan Case - https://www.linkedin.com/in/nathancase/

Chapters

Join G Mark Hardy and Carson Zimmerman, the author of '11 Strategies of a World-Class Cybersecurity Operations Center,' in this insightful episode of CISO Tradecraft. Carson shares his career journey, the evolution from the 10 to 11 strategies, and delves into the future needs of Security Operations Centers (SOCs). They discuss critical topics such as the importance of continuous improvement, AI's impact on SOCs, and the value of embracing neurodiversity in cybersecurity teams. Whether you're a seasoned cybersecurity leader or an aspiring professional, get actionable advice on how to enhance and revolutionize your SOC operations.

11 Strategies of a World Class Cybersecurity Operations Center https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf

14 Questions are all you need - https://www.first.org/resources/papers/conf2024/1445-14-Questions-Carson-Zimmerman.pdf

Transcripts - https://docs.google.com/document/d/1WVJi9WkxOG7yedQYWSooiqRFjBERd9kV

Chapters 

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations.

Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/

Connect with Matt Hillary at https://www.linkedin.com/in/matthewhillary/

Transcripts - https://docs.google.com/document/d/1VzRQSEvgUwenDERlNn2bwlIpnz4QPQ15/ 

Chapters

Join G Mark Hardy at THOTCON in Chicago for an insightful podcast episode on building a successful cybersecurity career. Featuring guest Ryan Gooler, they discuss the non-linear paths to success, the value of mentorship, financial planning, and the importance of continuous learning and adapting. Learn how to navigate career transitions, embrace risks, and find joy in teaching and learning from others in the cybersecurity community.

Transcripts: https://docs.google.com/document/d/1nsd61mkIWbmIL1qube0-cdqINsDujAVH 

Chapters

In this episode of CISO Tradecraft, host G Mark Hardy delves into the emerging concept of Model Context Protocol (MCP) and its significance in AI and enterprise security. Launched by Anthropic in November 2024, MCP is designed to standardize how AI systems interact with external data sources and applications. Hardy explores how MCP differs from traditional APIs, its implications for security, and the steps organizations need to take to prepare for its adoption. Key topics include the stateful nature of MCP, security risks such as prompt injection and tool poisoning, and the importance of developing a robust governance framework. By the end of the episode, listeners will have a comprehensive understanding of MCP and practical recommendations for safeguarding their AI-driven workflows.

Transcripts https://docs.google.com/document/d/1vyfFJgTbsH73CcQhtBBkOfDoTrJYqzl_

References

Model Context Protocol specification and security best practices, https://modelcontextprotocol.io  ⁠ 

Security risks of MCP, https://pillar.security  ⁠ ⁠

MCP security considerations, https://writer.com

Chapters