On this episode of CISO Tradecraft, we discuss how to avoid Death By PowerPoint by creating cyber awareness training that involves and engages listeners. Specifically we discuss:

• The EDGE method:  Explain, Demonstrate, Guide, and Enable

References:

https://blog.scoutingmagazine.org/2017/05/05/living-on-the-edge-this-is-the-correct-way-to-teach-someone-a-skill/

http://www.inquiry.net/ideals/scouting_game_purpose.htm

https://cisotradecraft.podbean.com/e/ciso-tradecraft-shall-we-play-a-game/

Escape Rooms

https://library.georgetown.org/virtual-escape-rooms/

https://research.fairfaxcounty.gov/unlimited/escape

Tabletop Exercises

From GCHQ

https://www.ncsc.gov.uk/information/exercise-in-a-box

From CISA

https://www.cisa.gov/cisa-tabletop-exercises-packages

Funny Videos on Cyber

https://staysafeonline.org/resource/security-awareness-episode/

On this episode of CISO Tradecraft, we focus on the Password Security and how it's evolving.  Tune in to learn about:

• Why do we need passwords

Infographic:

References:

• https://danielmiessler.com/blog/not-all-mfa-is-equal-and-the-differences-matter-a-lot/ 

Winn Schwartau is a well-recognized icon in the cybersecurity community, and also a dear friend for over 25 years.  Always one to stir the pot and offer radical ideas (many of which come true), we discuss Hacker Jeopardy, INFOWARCON, his books "Pearl Harbor Dot Com", "Time-Based Security", and his magnum opus "Analog Security."  We speculate on the future of our industry with respect to quantum and probabilistic computing, and after hanging up his pen, looks like he's doing a Tom Brady and writing one more amazing book. **Warning Adult Language**

Winn's Website Link

On this episode of CISO Tradecraft, Anton Chuvakin talks about Logging, Security Information & Event Management (SIEM) tooling, and Cloud Security.  Anton share’s fantastic points of view on:

• How moving to the cloud is like moving to a space station (13:44)

On this special episode of CISO Tradecraft, we have Gary Hayslip talk about his lessons learned being a CISO.  He shares various tips and tricks he has used to work effectively as a CISO across multiple companies.  Everything from fish tacos and beer to how to look at an opportunity when your boss has no clue about cyber frameworks.  There's lots of great information to digest.  

Additionally, Gary has co-authored a number of amazing books on cyber security that we strongly recommend reading.  You can find them here on Gary's Amazon page.  

On this episode of CISO Tradecraft you can learn how to build relationships of trust with other executives by demonstrating executive skill & cyber security expertise.  You can learn what to say to each of the following executives to build common ground and meaningful work: 

• CFO

Note Robin Dreeke mentions 5 keys to building goals.: 

1. Learn… about their priorities, goals, and objectives.

During this week's Monday Morning Email, CISO Tradecraft answers the question on how to craft a winning resume to land your first CISO role.

InfoGraphic

On this episode of CISO Tradecraft, we talk about how cyber can help the four business key objectives identified by InfoTech:

1.  Profit generation: The revenue generated from a business capability with a product that is enabled with modern technologies.

2.  Cost reduction: The cost reduction when performing business capabilities with a product that is enabled with modern technologies.

3.  Service enablement: The productivity and efficiency gains of internal business operations from products and capabilities enhanced with modern technologies.

4.  Customer and market reach: The improved reach and insights of the business in existing or new markets.

We also discuss Franklin Covey's 4 Disciplines of Execution (TM): 

1. Focus on the Wildly Important

Please note references to Infotech and Franklin Covey Material can be found here:

• https://www.infotech.com/research/ss/build-a-business-aligned-it-strategy

Infographic:

Today we speak with Richard Thieme, a man with a reputation for stretching your mind with his insights, who has spoken at 25 consecutive DEFCONs as well as keynoted BlackHat 1 and 2.  In a far-ranging discussion, we cover the concept of what it's like to be a heretic (hint:  it's one step beyond being a visionary), the thought that the singularity has already arrived, Pierre Teilhard de Chardin's noosphere, disinformation and cyber war, ethical decision-making in automated systems, and why there is convincing evidence we are not alone in this universe. 

References:

On this episode of CISO Tradecraft we are going to talk about various Access Control & Authentication technologies.

Access Control Methodologies:

• Mandatory Access Control or (MAC)

Authentication Types:

• Password-based authentication

References

• https://riskbasedauthentication.org/

On this episode of CISO Tradecraft, you can learn about supply chain vulnerabilities and the 6 important steps you can take to mitigate this attack within your organization:

1. Centralize your software code repository

References:

https://owasp.org/www-project-threat-and-safeguard-matrix/

https://slsa.dev/

Infographic: