CISO Tradecraft®

By CISO Tradecraft®

Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an e... more

4.8

4848 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about CISO Tradecraft®:

How many episodes does CISO Tradecraft® have?

The podcast currently has 244 episodes available.

CISO Tradecraft® episodes:

August 28, 2023#144 - Handling Regulatory Change
In this episode of CISO Tradecraft, we delve into the evolving landscape of cybersecurity regulations. From data incident notifications to required contract language, we uncover common trends and compliance challenges. Learn how to prepare, adapt, and network within your industry to stay ahead. Tune in for insights and tips!
Thanks again to our Sponsors for supporting this episode:
Risk3Sixty: Check out Risk3Sixty's weekly thought leadership webinars and downloadable resources at https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser
CPrime: Today's "CISO Tradecraft" is sponsored by Cprime, offering advanced tech training for exceptional teams. Experience hands-on, lab-driven classes in just two days, enhancing your skills for immediate on-the-job impact. Discover our sought-after three-day Microsoft PowerBI training, empowering you to craft dashboards, integrate data, and perform swift statistical analysis. Visit Cprime.com/train, use code 'cprimepod' for 15% off, and elevate your expertise!
References
AuditScripts: https://www.auditscripts.com/free-resources/critical-security-controls/
Secure Controls Framework: https://securecontrolsframework.com/scf-download/
Transcripts https://docs.google.com/document/d/1RplLpZCMw8foLu9oqkZs1_A2aIbYk1Xo/
Chapters
00:00 Introduction
04:28 Meeting Cybersecurity Controls and Understanding Applicable Regulations
11:28 Ensuring Compliance with Laws and Regulations
15:42 Handling Regulatory Change: Mapping Controls & Tracking Requirements
22:02 Navigating Regulatory Changes and Ensuring Compliance
...more
25min
August 21, 2023#143 - Authentication, Rainbow Tables, and Password Managers
Here's a nice overview of cybersecurity on passwords, authentication, rainbow tables, and password managers. Enjoy the show and check out our other podcasts.
Special Thanks to our Sponsors:
Risk3Sixty: Being able to clearly articulate your vision for your security program to the board and other executives within your firm is critical to obtaining the buy in you need for your program's success. Risk3Sixty has created a presentation template that helps you structure your thoughts while telling a compelling story about where you want your security program to go. Download it today for free at: https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser
CPrime: Today's "CISO Tradecraft" is sponsored by Cprime, offering advanced tech training for exceptional teams. Experience hands-on, lab-driven classes in just two days, enhancing your skills for immediate on-the-job impact. Discover our sought-after three-day Microsoft PowerBI training, empowering you to craft dashboards, integrate data, and perform swift statistical analysis. Visit Cprime.com/train, use code 'cprimepod' for 15% off, and elevate your expertise!
Transcripts: https://docs.google.com/document/d/1BD6LnITOpq6wrM2CsJzCHefN0Dw4hFp9
Chapters
00:00 Introduction
02:02 Evaluating Password Management Solutions and Design-Making Approaches
05:36 Password Security and Authentication Methods
27:25 Background Sanitization, Password Storage, and Login Screen Risks
28:52 The Importance of Commercial Password Managers and Security Threats
31:27 Considerations for Choosing a Password Manager
...more
46min
August 14, 2023#142 - Powerful Questions
Join us at the heart of Hacker Summer Camp for insights into the cybersecurity world! Discover the art of asking powerful questions that can change your career and impact others. Learn how CISOs assess cyber solutions and how startups can win their attention. Uncover the secrets of building connections and value through meaningful inquiries. Don't miss this episode featuring expert advice on navigating the cybersecurity landscape.
Special Thanks to our Sponsors:
The Chertoff Group: https://www.chertoffgroup.com
CPrime: At work, bridging the gap between risk management, IT security, and departments like finance, product, and development can be daunting. Enter Cprime, specializing in harmonious integration through secure code training, DevSecOps implementation, and
zero trust practices. We streamline, optimize, and drive innovation, empowering continuous security ops. Transform risk management at Cprime.com/train and use code 'cprimepod' for 15% off training. Unleash potential with us!
Transcripts: https://docs.google.com/document/d/1qf9kH9a5rPlK8zaOWXGAp0-E6p7PNNuT/
Chapters
00:00 Introduction
01:49 How to Get More Sales at Blackhat
05:57 How to Differentiate Yourself From the Competition
10:05 How to Solve a Priority Problem
16:07 How to Achieve Bigger Goals Through Accelerating Teamwork
18:13 How to Find a CISO Job
20:30 How to follow a Rich Dad's Advice
22:59 How to Create an Opportunity Not Just for Yourself, but for Others
24:18 How to Create Value for Others
26:20 How to Provide Value to Others
28:21 The Power of Open-Ended Questions as a CISO
32:33 How to Ask Powerful Questions
...more
34min
August 07, 2023#141 - Emerging Risks (with The Chertoff Group)
On this episode, David London and Adam Isles from the Chertoff Group stop by to discuss emerging risk topics such as AI, Supply Chain Attacks, and the new SEC regulations. Stick around and learn the tradecraft to better protect your company.
Special Thanks to our Sponsors:
The Chertoff Group: https://www.chertoffgroup.com.Note you can read more about their thoughts on AI here: https://www.chertoffgroup.com/managing-ai-risks/
Prelude: https://www.preludesecurity.com/
CPrime: At work, bridging the gap between risk management, IT security, and departments like finance, product, and development can be daunting. Enter Cprime, specializing in harmonious integration through secure code training, DevSecOps implementation, and
zero trust practices. We streamline, optimize, and drive innovation, empowering continuous security ops. Transform risk management at Cprime.com/train and use code 'cprimepod' for 15% off training. Unleash potential with us!
Transcripts: https://docs.google.com/document/d/1tW0kOYCURXgRF-z7UqeQGga0zAkwGuZ9/
Chapters
00:00 Introduction
02:33 The SEC's Final Rule on Cybersecurity Disclosure
05:29 What is a Material Incident?
07:13 The Commission's Final Rule on Board Engagement in Cybersecurity Risk
10:03 The Four Day Rule for Incident Reporting
12:46 The Implications of the New Role of the CISO
15:46 The Ticking Clock on Disclosure
18:31 SolarWinds and the Software Chain Security Exposure
19:53 The Role of the Software Bill of Materials (SBOM) in the Software Supply Chain Security Challenges
21:29 The Rise of the SBOM
23:16 The Rise of Expectations in the U.S. Government
25:02 The Future of Software Security
27:22 The Progress of the CMMC Program
29:59 The SEC Disclosure Requirements: What to Expect From Your Board
31:57 How to Reduce Complexity in Your Software Development Lifecycle
34:05 How AI is Impacting Our Business and Cyber
37:32 How to Measure and Manage Cyber Risks Effectively
39:57 The SEC's Final Rule on Disclosure
...more
42min
July 31, 2023#140 - Bobby the Intern
Don't let Bobby the Intern cause havoc in your network. On this episode of CISO Tradecraft, G Mark Hardy discusses the importance of training new hires in cybersecurity to create a strong security culture within an organization. The focus is on shaping employees' behavior and beliefs to enhance the overall cybersecurity posture.
Special Thanks to our Two Sponsors:
1) The Chertoff Group: www.chertoffgroup.com
2) Prelude: https://www.preludesecurity.com/
Transcripts: https://docs.google.com/document/d/1Z4ftmqZdUMkxD6ATRRLp0EmO_DVluQ4n
Chapters
00:00 Introduction
03:57 How to Build a Security Culture
07:19 The Importance of a Good Username and Password
11:24 How to Use MFA to Protect Your Brand
12:50 How to Teach Your Employees About Phishing
17:07 How to Deal with External Email Addresses
20:30 How to Avoid a Business Email Compromise
22:42 How to Protect Your Website from Attackers
24:40 How to Secure Your Applications
26:46 The Importance of Threat Modeling
30:48 QR Codes and How to Use Them Effectively
32:34 Delaying Desktop Patches
34:36 How to Teach Your New Hires About Security
36:30 How to Orient Your New Employees
...more
39min
July 24, 2023#139 - Insider Threat Operations (with Jim Lawler)
On this episode we bring on CIA Veteran James "Jim" Lawler to discuss how spies are recruited, how individuals are turned, and what makes them vulnerable to being turned. Learn what managers and executives can and should know about their people to help them better understand who's at risk and the types of programs that executives can put into place to stop insider threats.
Special Thanks to our Two Sponsors:
1) Prelude: https://www.preludesecurity.com/
2) Risk3Sixty is cyber security technology and consulting firm that works with high-growth technology firms to help leaders build, manage and certify security, privacy, and compliance programs. They publish weekly thought leadership, webinars, and downloadable resources like budget and assessment templates. Learn more at: https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser
Be sure to read Jim's books
1) Living Lies: A Novel of the Iranian Nuclear Weapons Program https://amzn.to/3Y5x2Sc
2) In the Twinkling of an Eye: A Novel of Biological Terror and Espionage https://amzn.to/43EkvpE
Chapters
00:00 Introduction
02:24 The Importance of Recruiting Insiders
08:06 How to Be a Successful Case Officer
11:09 The Importance of Identifying Vulnerabilities in Insider Threats
14:00 The Cockamamie Recruitment Pitch Scheme
18:50 The Importance of Rationality in Espionage
21:10 The Complex Motivations for Espionage
23:49 The Key to Stress in a Target Life
27:34 The Importance of Listening to Your People
30:02 How to Be a Good Leader
35:02 The Metaphysics of Recruitment
37:31 How to Firewall a Threat to Your Organization
41:00 Living Lies
44:49 How to Be a Better Writer
49:31 How to Be a Better Threat Manager
...more
52min
July 17, 2023#138 - Updating the Mindmap (with Rafeeq Rehman)
This week Rafeeq Rehman returns to discuss the 2023 updates to the CISO Mindmap. Note you can find his work here: https://rafeeqrehman.com/2023/03/25/ciso-mindmap-2023-what-do-infosec-professionals-really-do/
Thanks to our two sponsors for this episode.
1) Prelude: https://www.preludesecurity.com/
2) Risk3Sixty - Get a free copy of The Five CISO Archetypes eBook from risk3sixty. By reading this eBook, you will discover your strengths, weaknesses, areas where you need support from your team, and the types of organizations you best fit. The eBook also provides the tools to analyze organizations to understand their security priorities better. You will be able to use these tools to identify organizations that would most benefit from your natural strengths as a security leader. Organizations that you will love to work with and that would love to have you as part of their team. The steps outlined in this book will make you a more effective security leader and more satisfied with your career.
https://risk3sixty.com/whitepaper/five-ciso-archetypes-ebook/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook
Transcripts: https://docs.google.com/document/d/1tFhZ6DdzwG12dYXvuVpaZdmfNWBVFswx
Chapters
00:00 Introduction
03:36 How to Write a Book
05:32 How to Master a Security Tool
09:19 Updating the Mind Map for 2023 and 2024
13:12 How to Resiliently Respond to Ransomware Attacks
16:15 The Importance of Redundancy in Security
19:18 How to Manage Your Security Budget Effectively
22:43 Building a Brand for a Security Organization
26:10 Untangle the Application Web of Components
29:38 The Importance of Software Build of Materials
33:28 How to Automate Security Operations
36:31 The Six Importances of a Security Mind Map
38:43 The Future of Generative AI
40:47 The Future of CISO Tradecraft
...more
43min
July 10, 2023#137 - 1% Better Leadership (with Andy Ellis)
Imagine if you could get 1% better every day at something and do this for an entire year. Well, that's 365 days. And you go, okay, fine. 1%. 1%. That's going to be like 3.65%, right? No, because it compounds. And if you go ahead and open up your calculator and you take 1.01 and you raise it to the 365th power you're going to get 37.78. On today's show we have Andy Ellis discuss ways to get 1% better as a leader.
Thanks to our two sponsors for this episode.
1) Prelude: https://www.preludesecurity.com/
2) Risk3Sixty - Risk3Sixty is cyber security technology and consulting firm that works with high-growth technology firms to help leaders build, manage and certify security, privacy, and compliance programs. They publish weekly thought leadership, webinars, and downloadable resources like budget and assessment templates. https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook
1% Leadership Book: https://www.amazon.com/1-Leadership-Master-Improvements-Leaders-ebook/dp/B0B8YXJ2H1?&_encoding=UTF8&tag=cisotradecr05-20&linkCode=ur2&linkId=51e35f5bdcbe65e448e03d779143278c&camp=1789&creative=9325
Transcripts: https://docs.google.com/document/d/1Ul9N9cw579JMB_e7Vlk91_JpYxOBXQmx/
Chapters:
00:00 Introduction
02:09 Andy's career in cyber
04:04 The Butterfly Effect
06:06 How to Be 1% More Efficient at Cyber
09:01 The Importance of Uncloneability
10:57 The Importance of Personal Improvement in Leadership
14:21 The Importance of Commitment
16:10 The Importance of Feedback
20:23 Planning for a Sudden Change in Your Environment
26:51 How to Create Safety for Cyber Professionals
29:01 How to Face Adversity with Grace
30:36 The Importance of Culture in Email Security
32:11 The Importance of Delegation
33:55 Delegating vs Dumping
36:02 How to Reduce the Energy Cost of Inclusion
40:18 The Importance of Diversity in Organizations
42:07 Don't Borrow Evil
44:17 How to Build a Relationship with Business Leaders
46:49 How to Stop Hurting Your Team
...more
50min
July 03, 2023#136 - From Hacking to Hardcover (with Bill Pollock)
Are you a Chief Information Security Officer (CISO) looking to share your knowledge and insights with the world? In this episode, we explore how CISOs can embark on their journey of writing their first book. Join us as we delve into valuable tips and advice, including learning from renowned author Bill Pollock, who has paved the way for aspiring CISO authors.

Risk3Sixty is cyber security technology and consulting firm that works with high-growth technology firms to help leaders build, manage and certify security, privacy, and compliance programs. They publish weekly thought leadership, webinars, and downloadable resources like budget and assessment templates.
https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook

Transcripts: https://docs.google.com/document/d/1uxNgxe7ad9VBfRLeRH4nWY6tSkI-Kexd

Chapters
00:00 Introduction
04:37 How No Starch Press was Founded
07:24 The Rise and Fall of the Hacking Underground
11:41 How to be a Successful Hacker
14:11 How to Edit a Book
16:38 How to Be a Good Writer
18:14 How to Write a Book Proposal
23:50 How to Overclock Your Computer
26:31 The Future of AI
28:15 The Value of a Author Book Publishing Agreement
33:39 How to Make Money Writing a Book
37:34 The No Starch Press Foundation and the Hacker Initiative
40:30 Hacker Initiative: A Public Charity for Cyber Security
...more
46min
June 26, 2023#135 - Board Decks (with Demetrios Lazarikos)
One of the most important activities a CISO must perform is presenting high quality presentations to the Board of Directors. Listen and learn from Demetrios Lazarikos (Laz) and G Mark Hardy as they discuss what CISOs are putting in their decks and how best to answer the board's questions.
Special thanks to our sponsor Risk3Sixty for supporting this episode. Risk3sixty has created a presentation template that helps you structure your thoughts while telling a compelling story about where you want your security program to go. Download it today for free at: https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook
References
RSAC ESAF Download: https://www.rsaconference.com/rsac-programs/executive-security-action-forum
NACD 2023 Directors Handbook: https://www.nacdonline.org/insights/publications.cfm?ItemNumber=74777
Blue Lava: https://bluelava.io/cybersecurity-board-reporting/
Transcripts: https://docs.google.com/document/d/1juM8MQUEtAZEDp1HpzkPdNw-D11O3ofq
Chapters
00:00 Introduction
05:17 The Importance of External Audits in Managing Risk
06:48 How to Help Your Business of Revenue Protection Reduce Risk
11:15 How to be a Successful CISO
12:52 How to Measure the Threat to Your Environment
15:04 How to Prepare for Cyber Threats and Incidents
18:49 The Importance of Understanding the Business's Critical Assets
22:28 OSINT and CSIRT.global Tools and Technologies
25:14 Building a Matrix of Good Intention, Bad Behavior, and Access Management
28:10 How to Create an Incident Response Plan
30:20 How to Keep Your Board of Directors Informed of Cybersecurity Incidents
31:50 How to Keep Track of the Latest Cyber Threats Coming Around the Corner
34:11 How to Achieve Cyber Insurance Coverage
37:06 Cyber Liability Insurance: A Necessary Component of Running Your Business in 2023
39:22 How to Measure the Effectiveness of a Company's Cybersecurity Program
40:54 The Importance of Business Alignment
...more
44min

FAQs about CISO Tradecraft®:

How many episodes does CISO Tradecraft® have?

The podcast currently has 244 episodes available.

More shows like CISO Tradecraft®

Security Now (Audio) by TWiT

Security Now (Audio)

1,983 Listeners

Risky Business by Patrick Gray

Risky Business

364 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

640 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

369 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,017 Listeners

Smashing Security by Graham Cluley

Smashing Security

316 Listeners

Click Here by Recorded Future News

Click Here

408 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,952 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

164 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Hacking Humans by N2K Networks

Hacking Humans

312 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

76 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

128 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners

The Pragmatic Engineer by Gergely Orosz

The Pragmatic Engineer

62 Listeners