A respected journalist focusing on cybersecurity and our community of people for over 25 years, Deb Radcliff remains a trusted information source who checks and double-checks her sources before publication -- a refreshing change to the low signal - high noise world of social media.

Breaking Backbones Information is Power may be purchased from the following Amazon Link

On this Episode of CISO Tradecraft we talk about the Top 10 areas of concern for the C Suite about Ransomware.  Note you can read the full ISC2 Study here (Link).

Cybersecurity professionals should keep the following golden rules in mind when communicating with the C-suite about ransomware.

1. Increase Communication and Reporting to Leadership

On this episode of CISO Tradecraft, Christian Hyatt from risk3sixty stops by to discuss the 3 major Business Objectives for CISOs:

1. Risk Management

He also discusses the five CISO Archetypes.  

1. The Executive

References:

Designing the CISO Role Link

Chances are your organization has information that someone else wants.  If it's another nation state, their methods may not be friendly or even legal.  In this episode we address assessing risk, known "bad" actors, information targets, exfiltration, cyber security models, what the federal government is doing for contractors, and response strategies.  Listen now so you don't become a statistic later.

References:

https://www.fbi.gov/file-repository/china-exec-summary-risk-to-corporate-america-2019.pdf

https://nhglobalpartners.com/made-in-china-2025/

https://www.cybintsolutions.com/cyber-security-facts-stats/

http://www.secretservice.gov/ntac/final_it_sector_2008_0109.pdf

http://www.secretservice.gov/ntac/final_government_sector2008_0109.pdf

CIS Controls v8.0, Center for Internet Security, May 2021, https://www.cisecurity.org

https://owasp.org/www-project-threat-and-safeguard-matrix/

https://www.acq.osd.mil/cmmc/about-us.html

Our career has been growing like crazy with an estimated 3.5 million unfilled cybersecurity jobs within the next few years.  More certs, more quals, more money, right?  The sky’s the limit.  But what if we’re wrong?  AI, machine learning, security-by-design, outsourcing, and H-1B programs may put huge downward pressure on future job opportunities (and pay) in this country.  Of course, we don’t WANT this, but shouldn’t a wise professional prepare for possibilities?  [We did a ton of research looking at facts, figures, industry trends, and possible futures that might have us thinking that 2022 may have been “the good old days.”  No gloom-and-doom here; just an objective look with a fresh perspective, you know, just in case.]

On this episode of CISO Tradecraft, we discuss how to avoid Death By PowerPoint by creating cyber awareness training that involves and engages listeners. Specifically we discuss:

• The EDGE method:  Explain, Demonstrate, Guide, and Enable

References:

https://blog.scoutingmagazine.org/2017/05/05/living-on-the-edge-this-is-the-correct-way-to-teach-someone-a-skill/

http://www.inquiry.net/ideals/scouting_game_purpose.htm

https://cisotradecraft.podbean.com/e/ciso-tradecraft-shall-we-play-a-game/

Escape Rooms

https://library.georgetown.org/virtual-escape-rooms/

https://research.fairfaxcounty.gov/unlimited/escape

Tabletop Exercises

From GCHQ

https://www.ncsc.gov.uk/information/exercise-in-a-box

From CISA

https://www.cisa.gov/cisa-tabletop-exercises-packages

Funny Videos on Cyber

https://staysafeonline.org/resource/security-awareness-episode/

On this episode of CISO Tradecraft, we focus on the Password Security and how it's evolving.  Tune in to learn about:

• Why do we need passwords

Infographic:

References:

• https://danielmiessler.com/blog/not-all-mfa-is-equal-and-the-differences-matter-a-lot/ 

Winn Schwartau is a well-recognized icon in the cybersecurity community, and also a dear friend for over 25 years.  Always one to stir the pot and offer radical ideas (many of which come true), we discuss Hacker Jeopardy, INFOWARCON, his books "Pearl Harbor Dot Com", "Time-Based Security", and his magnum opus "Analog Security."  We speculate on the future of our industry with respect to quantum and probabilistic computing, and after hanging up his pen, looks like he's doing a Tom Brady and writing one more amazing book. **Warning Adult Language**

Winn's Website Link

On this episode of CISO Tradecraft, Anton Chuvakin talks about Logging, Security Information & Event Management (SIEM) tooling, and Cloud Security.  Anton share’s fantastic points of view on:

• How moving to the cloud is like moving to a space station (13:44)

On this special episode of CISO Tradecraft, we have Gary Hayslip talk about his lessons learned being a CISO.  He shares various tips and tricks he has used to work effectively as a CISO across multiple companies.  Everything from fish tacos and beer to how to look at an opportunity when your boss has no clue about cyber frameworks.  There's lots of great information to digest.  

Additionally, Gary has co-authored a number of amazing books on cyber security that we strongly recommend reading.  You can find them here on Gary's Amazon page.