CISO Tradecraft®

By CISO Tradecraft®

Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an e... more

4.8

4848 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about CISO Tradecraft®:

How many episodes does CISO Tradecraft® have?

The podcast currently has 244 episodes available.

CISO Tradecraft® episodes:

June 19, 2023#134 - Ransomware Response (with Ricoh Danielson)
A lot of times we focus on preventing ransomware, but we forget what we should do when we actually encounter it. That's why we are bringing on Ricoh Danielson to talk about it. Learn from him as he discusses tactics and techniques for businesses to follow then stuff hits the fan.
Special thanks to our sponsor Risk3Sixty for supporting this episode. https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook
Ricoh Danielson - https://www.linkedin.com/in/ricoh-danielson-736a0715/
Transcript: https://docs.google.com/document/d/1R82dUBChC3URM6iaP3D7dds_2nh27DTs/
Chapters
00:00 Introduction
03:19 How to Help a Small Business Dig Out of Cybercrime
05:00 How to Negotiate with Your Cyber Insurance Company
08:58 How to Deal with a Threat Actor
12:57 The Importance of Treating Everything Equally
15:45 How to Use Microsoft Tools to Capture Information
17:25 How to Combat a Threat Actor with Microsoft Defender
22:41 Set up PGP Keys in Advance
25:26 How to Negotiate with an OFAC sanctioned organization
28:24 How to Deal with Ransomware
30:28 The Nature of Instant Response
32:25 How to Get Concurrency in your Organization
34:05 The Importance of a a Strong Relationship with a Client
37:34 The Importance of Breach Notifications
39:21 How to Hand Combat a Threat Actor
...more
44min
June 12, 2023#133 - The Seesaw of Cyber Recruiting (with Lee Kushner)
This episode features Lee Kushner discussing various topics, including negotiating skills, the importance of degrees in the cybersecurity field, the need for diversity in the industry, challenges faced by cybersecurity professionals, starting a career in cybersecurity, and the value of technical skills. The conversation emphasizes the need for individuals to acquire technical skills, such as coding and networking, as they are in high demand and can differentiate them in the job market. It also mentions the importance of understanding the industry and its composition when seeking employment in cybersecurity.
Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their weekly thought leadership, webinars, and downloadable resources like budget and assessment templates at: https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser
Transcripts: https://docs.google.com/document/d/11askuaFcV_jYov2FklkbZXxVN3JSNu6y/
Chapters
00:00 Introduction
07:56 The Importance of Professional First Mindset in the Staffing Industry
09:33 The Importance of Perception in a Staffing Environment
11:36 The Role of the Research Professional in a Hiring Process
16:03 How to Overcome Barriers in the Recruitment Process
18:09 The Importance of Education in Executive Search
20:41 The Importance of Diversity in Cyber Talent
25:25 How to Get a Job in Cyber Security
27:48 The Importance of a Technical Foundation in Careers
32:08 How to Become a Cybersecurity Professional
34:06 The Future of Cybersecurity Career Paths
35:56 The Future of Security
41:24 How to Get in Touch With Your Clients
...more
44min
June 05, 2023#132 - Founding to Funding (with Cyndi and Ron Gula)
On this episode we bring in Cyndi and Ron Gula from Gula Tech (https://www.gula.tech/) to talk about their cyber security experiences. Listen and enjoy as they tell their stories about leaving the NSA, creating the first commercial network Intrusion Detection System (IDS), Founding Tenable Network Security, and investing in multiple cybersecurity startups.
Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their weekly thought leadership, webinars, and downloadable resources like budget and assessment templates at: https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser
Transcripts: https://docs.google.com/document/d/1zdJwzJUXHBLlQvOGYWtWVQqmxFzmAe5Z
Chapters
00:00 Introduction
02:30 The Importance of Computer Security
04:46 The Career Path to the National Security Agency
07:39 The Importance of Compatibility
10:40 How to Get Your First Customer Off the Ground
14:28 How to Make your First Hire as a Beginning Entrepreneur
16:10 The Transition to Network Security Wizards
18:35 The Origins of Tenable
21:38 How to to Survive Contact with the Enemy
24:45 The Importance of Culture in the Military
29:31 Gula Tech Adventures
33:24 The Future of Venture Investing
36:13 Secrets of Working Together as Spouses
39:33 The Future of Venture Capital
42:21 Google Tech Adventures: How to Learn Startups
...more
45min
May 29, 2023#131 - Framing Executive Discussions
How do we frame an executive discussion so we can structure and present information in a way that effectively engages and aligns with the needs and interests of the executive audience? On this episode we answer that question by discussing the 8 important elements of framing a discussion with executives:
Clearly define the objective
Start with the big picture
Identify key issues
Highlight impacts and benefits
Use visually compelling data and metrics
Be able to anticipate questions and concerns
Provide actionable recommendations
Seek alignment with existing perspectives of the organization
Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their Security Budget & Business Case Template: https://risk3sixty.com/whitepaper/security-budget-template/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=budget
Full Transcripts: https://docs.google.com/document/d/1vhLmqEAy-yQ01ZY1y8Nf7y-u_swTYCm8
Chapters
00:00 Introduction
02:42 How should we frame an executive discussion?
05:30 Start with the Bottom Line Up Front (BLUF)
07:11 1) Clearly Define the Objective
08:13 2) Start with the Big Picture
09:46 3) Identify Key Issues
10:47 4) Highlight Impact and Benefits
12:17 5) Use Visually Compelling Data and Metrics
13:07 6) Be able to Anticipate Questions and Concerns
15:06 7) Provide Actionable Recommendations
17:35 8) Seek Alignment with Existing Perspectives of the Organization
...more
22min
May 22, 2023#130 - Financial Planning (with Logan Jackson)
Learn how to unlock financial success with key strategies by Logan Jackson from Ray Capital Advisors. Logan highlights how to set clear goals, choose the right asset class, diversify your portfolio for stability and growth, build a well-diversified investment portfolio to create wealth and mitigate risk, take control of your financial future through retirement planning and goal setting, & leverage tax loss harvesting. He also discusses how to prioritize tax planning, understand the impact of behavioral finance, seek professional money management, navigate conflicts of interest in financial planning, and discover hidden wealth advisors for personalized guidance.
Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their Security Program Maturity Presentation for CISOs: https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=template
Also if you would like to contact Logan Jackson please use his contact page at: https://www.raycapitaladvisors.com/
Full Transcripts: https://docs.google.com/document/d/1DLXnE5PTm4tDbONRSBarMa-1T8aduztf
Chapters
00:00 Introduction
02:37 The Importance of Financial Goal Setting
06:48 How to Choose the Right Asset Class for Your Family
11:17 How to Diversify Your Portfolio
12:56 How to Build a Diversified Investment Portfolio
15:22 How to Diversify a Portfolio and Build Wealth
19:48 How to Take Risk Off the Table
22:47 The Importance of Diversifying Your Portfolio
24:13 The Importance of Retirement Planning
28:56 The Importance of Goal Setting
30:35 The Importance of Tax Planning
33:10 How to Maximize Your Tax Implications in Taxable Investment Accounts
35:20 How to Use Tax Loss Harvesting to Avoid Tax Losses
39:51 The Importance of Behavioral Finance in Investing
43:39 The Importance of Professional Money Management
45:55 The Conflicts of Interest in Financial Planning
47:50 How to Find a Hidden Wealth Advisor
...more
51min
May 15, 2023#129 - Protecting Your Family
Are you looking for ways to protect your most valuable asset? In this episode, G Mark Hardy argues that our most valuable asset is our family, not the crown jewels or critical assets of a corporation. He emphasizes the importance of managing money, having an emergency fund, obtaining life insurance, building retirement savings, protecting against credit card fraud, and creating a plan for your children's digital life.
Special thanks to our sponsor Risk3Sixty for supporting this episode. You can learn more about them from the Risk3Sixty Website: https://tinyurl.com/yc4xv7bj
Full Transcript: https://docs.google.com/document/d/1vVASHmOV7n7Js0luDF1kWBF3qoytDnTy
Chapters
00:00 Introduction
02:01 How to Manage Your Money
05:54 The Millionaire Next Door
10:28 How to Diversity your Investments
12:35 The Importance of Paying Yourself First
15:41 How to Buy Paper I Bonds for Yourself
17:39 How to Choose the Right Life Insurance for You
21:28 The Cost of Life Insurance
23:12 The Importance of Retirement Savings
26:51 How to Optimize Your Retirement Income
28:47 How to Protect Yourself From Credit Card Fraud
30:40 How to Manage Your Credit
33:34 How to Avoid a Data Breach
35:44 How to Manage Your Passwords Effectively
37:36 How to Protect Your Children from the Risks of Online Content
41:23 How to Get Out of Dodge Quickly
...more
46min
May 08, 2023#128 - How do CISOs spend their time?
In this episode of "CISO Tradecraft," G. Mark Hardy defines the role of a CISO and discusses the Top 10 responsibilities of a Chief Information Security Officer
Full Transcript: https://docs.google.com/document/d/1J_sCMkqEeIB7pUY4KmjCiS1sz7t6LX2F
Chapters
00:00 Introduction
01:25 Defining the Role of the CISO
04:43 1) Developing and implementing a cybersecurity strategy
07:27 2) Overseeing the organization's cybersecurity key programs and initiatives
08:20 3) Ensuring that the organization's cybersecurity policies and procedures are up-to-date and in compliance
10:44 4) Collaborating with other departments and teams
12:06 5) Developing and implementing a cybersecurity budget
14:21 6) Maintaining a high level of awareness about emerging cybersecurity threats, vulnerabilities, and technologies
15:29 7) Building and maintaining relationships with external partners and networking groups
18:07 8) Providing education, guidance, and support to the organization's employees
21:34 9) Leading and managing a team of cybersecurity professionals
24:10 10) Conducting regular risk assessments
...more
30min
May 01, 2023#127 - How to Stop Bad Guys from Staying on Your Network (with Kevin Fiscus)
In this episode of CISO Tradecraft, G Mark Hardy and guest Kevin Fiscus discuss the challenges of cybersecurity and the importance of prioritizing security decisions. Fiscus emphasizes the need for effective protective controls and detection measures, as well as the limitations of protective controls and the importance of detection. He suggests a "Detection Oriented Security Architecture" (DOSA) that includes high-fidelity, low-noise detection, automated response, and continuous monitoring. Fiscus also discusses the concept of cyber deception and proposes a new approach to cybersecurity that involves redirecting attackers to a decoy environment.
Kevin Fiscus: https://www.linkedin.com/in/kevinbfiscus/
Full Transcripts: https://docs.google.com/document/d/1zIph4r5u8UtuhsMSmIyi90bCtV52xnHv
Chapters
00:00 Introduction
04:55 The Average Time to Identify Bad Actors is 28-207 days
07:11 Why Protective Controls Don't Always Work
08:32 Protective Controls Create Resistance
10:34 The Cost of Detecting Bad Guys on Your Network
12:40 The Effects of Resistance on Protective Controls
15:56 The Problem with False Positive Alerts
20:08 How to Define Bad Guy Activity with 100% Accuracy
22:09 The Four Components of Security
24:14 Four Components of Detection Oriented Security Architecture (DOSA)
26:17 Differentiating between Monitoring & Alerting
27:13 High Fidelity and Low Fidelity Alerts
33:06 Setting a Squelch for Radios
31:37 How to Deal with False Negatives
33:56 The Importance of Non Production Resources in Detection
37:56 How to Use Cyber Trapping to Deceive an Attacker
42:54 The Role of Environment Variability in Deception
47:08 Blowing Sunshine at Attackers
...more
50min
April 24, 2023#126 - ChatGPT & Generative AI (with Konstantinos Sgantzos)
Have you heard about the latest trends in Generative Artificial Intelligence (GAI)? Listen to this episode of CISO Tradecraft to learn from Konstantinos Sgantzos and G Mark Hardy as they talk about the potential risks of GAI and how it generates new content.
Show Notes with Links: https://docs.google.com/document/d/10eCg3L00GgnHmze14g_JUkBbfHEdGZ8HW0eAGMk4PPE
Chapters
00:00 Introduction
01:37 The Future of Generative Artificial Intelligence (GAI)
06:08 The Implications of Hallucination in Generative AI
09:06 Hallucination Trivia Test for Large Language Models
10:48 The Consequences of Using Generative AI Models
12:39 The Importance of Education in Cybersecurity
14:45 The Future of Generative AI
16:17 The Importance of Understanding Large Language Models
19:47 The Differences Between Eliza and Machine Learning
24:26 How to Armorize Generative AI
29:39 The Future of Programming
31:23 The Future of Machines
33:53 The Future of Technology
37:52 The Future of CISOs
40:25 The Future of Generative AI
...more
44min
April 17, 2023#125 - Cyber Ranges (with Debbie Gordon)
Are you worried about cyber threats and data breaches? Do you want to build a strong cybersecurity program to protect your organization? Look no further! In this episode of CISO Tradecraft, G Mark Hardy and Debbie Gordon discuss the three dimensions of an effective Information Security Management System: Policy, Practice, and Proof. G Mark emphasizes the importance of having a proper cybersecurity policy that references information security controls or outcome-driven statements. However, it's not enough to have policies on paper; organizations need to practice what's on paper to be prepared for cyber events. This is where ranges come in. Ranges are a full replica of an enterprise network with real tools, traffic, and malware. They allow teams to practice detecting and responding to attacks in a safe environment. Debbie Gordon, founder of Cloud Range, explains how ranges can help organizations accelerate experience and reduce risk in cybersecurity. She emphasizes the importance of educating an organization's user base to become the first and last lines of defense against cyber threats. By training non-technical executives to spot suspicious activity and bring it to the attention of the security team, organizations can minimize the damage caused by phishing attacks, ransomware, and other cyber threats. Gordon also highlights the importance of team training in cybersecurity because it's not just about individual skills, but also about how teams work together to respond to threats. By practicing together in a range environment, organizations can improve their processes, handoffs, and speed in detecting and responding to attacks.
Special thanks to our sponsor Cloud Range Cyber for supporting this episode.
Website: www.cloudrangecyber.com
Email: [email protected]
Full Transcripts: https://docs.google.com/document/d/1yWenwauzfAiQYafFW0Iew33vbzvlO2BO
Chapters
00:00 Polished Security Programs need Policy, Practice, and Proof
00:54 Policy
02:47 Practice
03:44 Proof
04:28 How to Apply the Concepts of Ranges to Help Organizations
06:05 The importance of Experiential Learning
07:48 The Importance of following Procedures
12:12 The Benefits of Team Training for Cyber Ranges
15:33 The Importance of Muscle Memory
20:22 How to Maximize Your Investment in Cybersecurity (KPIs & Measurable Results)
24:33 The Advantages of using the MITRE ATT&CK® Framework
27:41 The Advantages of Following ISO Standards
31:36 How to Improve your Cloud Range Exercises
33:22 How to use Cognitive Aptitude Assessments for Workforce Development
37:44 How to level the Playing field for Cyber Talent
39:39 The Importance of Degrees in Cyber Security
41:03 Making the CISO's job easier
...more
45min

FAQs about CISO Tradecraft®:

How many episodes does CISO Tradecraft® have?

The podcast currently has 244 episodes available.

More shows like CISO Tradecraft®

Security Now (Audio) by TWiT

Security Now (Audio)

1,982 Listeners

Risky Business by Patrick Gray

Risky Business

364 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

640 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

370 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,017 Listeners

Smashing Security by Graham Cluley

Smashing Security

316 Listeners

Click Here by Recorded Future News

Click Here

408 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,945 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

164 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Hacking Humans by N2K Networks

Hacking Humans

312 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

76 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

128 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners

The Pragmatic Engineer by Gergely Orosz

The Pragmatic Engineer

63 Listeners