Welcome to CISO Tradecraft®. A podcast designed to take you through the adventure of becoming a Chief Information Security Officer (CISO) and learning about cyber security. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.
…
continue reading
A podcast that talk's about TSR's Top Secret: New World Order RPG and the Lucky 13 game engine.
…
continue reading
tradecraftpodcast.com
…
continue reading
Want to learn about all of the latest security tools and techniques? This is the show for you! We show you how to install, configure and use a wide variety of security tools for both offense and defense. Whether you are a penetration tester or defending enterprise networks, this show will help you
…
continue reading
Want to learn about all of the latest security tools and techniques? This is the show for you! We show you how to install, configure and use a wide variety of security tools for both offense and defense. Whether you are a penetration tester or defending enterprise networks, this show will help you!
…
continue reading
1
#178 - Cyber Threat Intelligence (with Jeff Majka & Andrew Dutton)
45:33
45:33
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
45:33
In this episode of CISO Tradecraft, hosts G Mark Hardy and guests Jeff Majka and Andrew Dutton discuss the vital role of competitive threat intelligence in cybersecurity. They explore how Security Bulldog's AI-powered platform helps enterprise cybersecurity teams efficiently remediate vulnerabilities by processing vast quantities of data, thereby s…
…
continue reading
1
#177 - 2024 CISO Mindmap (with Rafeeq Rehman)
46:28
46:28
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
46:28
This episode of CISO Tradecraft features a comprehensive discussion between host G Mark Hardy and guest Rafeeq Rehman, centered around the evolving role of CISOs, the impact of Generative AI, and strategies for effective cybersecurity leadership. Rafeeq shares insights on the CISO Mind Map, a tool for understanding the breadth of responsibilities i…
…
continue reading
1
#176 - Reality-Based Leadership (with Alex Dorr)
47:45
47:45
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
47:45
In this episode of CISO Tradecraft, host G Mark Hardy welcomes Alex Dorr to discuss Reality-Based Leadership and its impact on reducing workplace drama and enhancing productivity. Alex shares his journey from professional basketball to becoming an evangelist of reality-based leadership, revealing how this approach helped him personally and professi…
…
continue reading
1
#175 - Navigating NYDFS Cyber Regulation
33:24
33:24
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
33:24
This episode of CISO Tradecraft dives deep into the New York Department of Financial Services Cybersecurity Regulation, known as Part 500. Hosted by G Mark Hardy, the podcast outlines the significance of this regulation for financial services companies and beyond. Hardy emphasizes that Part 500 serves as a high-level framework applicable not just i…
…
continue reading
1
#174 - OWASP Top 10 Web Application Attacks
44:23
44:23
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
44:23
In this episode of CISO Tradecraft, host G. Mark Hardy delves into the crucial topic of the OWASP Top 10 Web Application Security Risks, offering insights on how attackers exploit vulnerabilities and practical advice on securing web applications. He introduces OWASP and its significant contributions to software security, then progresses to explain …
…
continue reading
1
#173 - Mastering Vulnerability Management
22:16
22:16
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
22:16
In this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere patching, to include identification, classification, pri…
…
continue reading
1
#172 - Table Top Exercises
41:33
41:33
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
41:33
This episode of CISO Tradecraft, hosted by G Mark Hardy, delves into the concept, significance, and implementation of tabletop exercises in improving organizational security posture. Tabletop exercises are described as invaluable, informal training sessions that simulate hypothetical situations allowing teams to discuss and plan responses, thereby …
…
continue reading
1
#171 - Navigating Software Supply Chain Security (with Cassie Crossley)
46:57
46:57
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
46:57
In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intrica…
…
continue reading
1
#170 - Responsibility, Accountability, and Authority
46:41
46:41
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
46:41
In this episode of CISO Tradecraft, the host, G Mark Hardy, delves into the concepts of responsibility, accountability, and authority. These are considered critical domains in any leadership position but are also specifically applicable in the field of cybersecurity. The host emphasizes the need for a perfect balance between these areas to avoid pu…
…
continue reading
In this episode of CISO Tradecraft, host G Mark Hardy discusses various mishaps that can occur with Multi-Factor Authentication (MFA) and how these can be exploited by attackers. The talk covers several scenarios such as the misuse of test servers, bypassing of MFA via malicious apps and phishing scams, violation of the Illinois Biometric Informati…
…
continue reading
1
#168 - Cybersecurity First Principles (with Rick Howard)
47:14
47:14
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
47:14
In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Rick Howard, Chief Security Officer, Chief Analyst and Senior Fellow at CyberWire. Rick shares his insights on first principles in cybersecurity, discussing how these form the foundations of any cybersecurity strategy. He emphasizes the importance of understanding mate…
…
continue reading
1
#167 - Cybersecurity Apprenticeships (with Craig Barber)
44:36
44:36
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
44:36
In this episode of CISO Tradecraft, host G Mark Hardy is joined by guest Craig Barber, the Chief Information Security Officer at SugarCRM. They discuss the increasingly critical topic of cybersecurity apprenticeships and Craig shares his personal journey from technical network engineer to CISO. They delve into the benefits of apprenticeships for bo…
…
continue reading
1
#166 - Cyber Acronyms You Should Know
38:49
38:49
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
38:49
This video introduces a newly proposed acronym in the world of cybersecurity known as the 'Cyber UPDATE'. The acronym breaks down into Unchanging, Perimeterizing, Distributing, Authenticating and Authorizing, Tracing, and Ephemeralizing. The video aims to explain each component of the acronym and its significance in enhancing cybersecurity. Referen…
…
continue reading
1
#165 - Modernizing Our SOC Ingest (with JP Bourget)
44:34
44:34
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
44:34
In this episode of CISO Tradecraft, host G Mark Hardy interviews JP Bourget about the security data pipeline and how modernizing SOC ingest can improve efficiency and outcomes. Featuring discussions on cybersecurity leadership, API integrations, and the role of AI and advanced model learning in future data lake architectures. They discuss how vendo…
…
continue reading
1
#164 - The 7 Lies in Cyber
29:02
29:02
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
29:02
In this episode of CISO Tradecraft, we debunk seven common lies pervasive in the cybersecurity industry. From the fallacy of achieving a complete inventory before moving onto other controls, the misconception about the accuracy of AppSec tools, to the fear of being viewed as a cost center - we delve deep into these misconceptions, elucidating their…
…
continue reading
1
#163 - Operational Resilience
23:09
23:09
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
23:09
Join G Mark Hardy in this episode of the CISO Tradecraft podcast where he details how cyber protects revenue. He clarifies how cybersecurity is seen as a cost center by most organizations, but stresses how it can become a protector of business profits. Concepts like Operational Resilience Framework (ORF) Version 2 by the Global Resilience Federatio…
…
continue reading
1
#162 - CISO Predictions for 2024
42:47
42:47
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
42:47
Looking for accurate predictions on what 2024 holds for cybersecurity? Tune into our latest episode of CISO Tradecraft for intriguing insights and industry trends. Listen now and boost your cybersecurity knowledge! Earn CPEs: https://www.cisotradecraft.com/isaca Transcripts: https://docs.google.com/document/d/11YX2bjhIVThSNPF6yEKaNWECErxjWA-R Chapt…
…
continue reading
1
#161 - Secure Developer Training Programs (with Scott Russo) Part 2
45:21
45:21
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
45:21
In the second half of the discussion about secure developer training programs, G Mark Hardy and Scott Russo delve deeper into how to engineer an effective cybersecurity course. They discuss the importance and impact of automation and shifting left, the customization needed for different programming languages and practices, and the role of gamificat…
…
continue reading
1
#160 - Secure Developer Training Programs (with Scott Russo) Part 1
42:21
42:21
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
42:21
In this episode of CISO Tradecraft, host G Mark Hardy invites Scott Russo, a cybersecurity and engineering expert for a deep dive into the creation and maintenance of secure developer training programs. Scott discusses the importance of hands-on engaging training and the intersection of cybersecurity with teaching and mentorship. Scott shares his e…
…
continue reading
1
#159 - Refreshing Your Cybersecurity Strategy
23:26
23:26
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
23:26
In this episode of CISO Tradecraft, host G. Mark Hardy guides listeners on how to refresh their cybersecurity strategy. Starting with the essential assessments on the current state of your security, through to the creation of a comprehensive, one-page cyber plan. The discussion covers different approaches to upskilling the workforce, tools utilizat…
…
continue reading
1
#158 - Building a Data Security Lake (with Noam Brosh)
43:57
43:57
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
43:57
Discover the key to a more effective cybersecurity strategy in the newest episode of CISO Tradecraft! We're talking SOC tools, building a data lake for security, and more with guest Noam Brosh of Hunters. Don't miss it! Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/ Hunters - https://www.hunters.security/ Noam Brosh - https://www.l…
…
continue reading
1
#157 - SOC Skills (with Hasan Eksi) Part 2
36:06
36:06
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
36:06
In this episode of CISO Tradecraft, G Mark Hardy and Hasan Eksi from CyberNow Labs continue the discussion about the vital skills needed for an effective incident responder within a Security Operations Center (SOC). The skills highlighted in this episode include: incident triage, incident response frameworks, communication, collaboration, documenta…
…
continue reading
1
#156 - SMB CISO Challenges (with Kevin O’Connor)
43:27
43:27
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
43:27
In this episode of CISO Tradecraft, host G Mark Hardy talks to Kevin O'Connor, the Director of Threat Research at Adlumin. They discuss the importance of comprehensive cybersecurity for Small to Medium-sized Businesses (SMBs), including law firms and mid-sized banks. The conversation explores the complexities of managing security infrastructures, t…
…
continue reading
1
#155 - SOC Skills (with Hasan Eksi) Part 1
43:31
43:31
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
43:31
In this episode of CISO Tradecraft we have a detailed conversation with Hasan Eksi from CyberNow Labs. G Mark and Hasan discuss the top 20 skills required by incident responders, covering the first 10 in part 1 of this series. The discussion ranges from understanding cybersecurity fundamentals to incident detection, threat intelligence, and malware…
…
continue reading
1
#154 - Data Protection (with Amer Deeba)
41:38
41:38
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
41:38
In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Amer Deeba, CEO and co-founder of Normalyze. They focus on the importance of data security in today's cloud-centric, multi-platform tech environment. Amer shares valuable insights on the need for a data security platform that offers a unified, holistic approach. The conver…
…
continue reading
1
#153 - Game-Based Learning (with Andy Serwin & Eric Basu)
46:13
46:13
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
46:13
On this episode we talk about the differences between Gamification and Game-Based Learning. We think you will enjoy hearing how Game-Based learning gets folks into the flow and creates novel training that resonates. We also have a great discussion on how games can be applicable for Board Members and Techies. You just need to get the right type of g…
…
continue reading
1
#152 - Speak My Language (with Andrew Chrostowski)
45:08
45:08
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
45:08
Learn the language of the board with Andrew Chrostowski. In this episode we discuss the 3 major risk categories of opportunity risk, cybersecurity risk and complex systems. We highlight intentional deficit and what to do about it. Finally, don't miss the part where we talk about the time for a digital strategy is past. What is needed today is a com…
…
continue reading
On this episode we do a master class on cyber warfare. Learn the terminology. Learn the differences and similarities between kinetic and cyber warfare. There's a lot of interesting discussion, so check it out. Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts https://docs.google.com/document/d/1yJYoVs3pO4u_Zq8UC…
…
continue reading
1
#150 - Measuring Results
17:43
17:43
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
17:43
On this episode we discuss the measuring results cheat sheet from Justin Mecham. Key focuses include: Defining SMART Goals (Specific, Measurable, Achievable, Relevant, & Time-Bound) Identifying KPIs (Key Performance Indicators) Using the WOOP Model (Wish, Outcome, Obstacle, and Plan) Using a Gap Analysis Using the 5 Why Method Using Plan, Do, Check…
…
continue reading
1
#149 - Board Perspectives
43:14
43:14
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
43:14
On this episode we discuss the four key roles Boards play in cybersecurity. Setting the company's vision and risk strategy Reviewing assessment results Evaluating management cyber risk stance Approving risk management plans Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts - https://docs.google.com/document/d/1j…
…
continue reading
1
#148 - Threat Modeling (with Adam Shostack)
37:39
37:39
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
37:39
On this episode we bring on the leading expert of threat modeling (Adam Shostack) to discuss the four questions that every team should ask: What are we working on? What can go wrong? What are we going to do about it? Did we do a good enough job? Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Adam Shostack's LinkedIn Prof…
…
continue reading
1
#147 - Betting on MFA
42:45
42:45
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
42:45
There's a lot of new cyber attacks occurring and today we are going to talk about them in more detail. Many bad actors are using SMS spoofing and Social Engineering to get in. Listen in an learn about how those attacks played out against the casino industry. You don't want to miss when we share what you can do to stop them. Pro-tip: Good MFA is you…
…
continue reading
1
#146 - Living in a Materiality World
42:15
42:15
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
42:15
Have you ever thought about what does it mean to say there has been a material incident? How is materiality determined? What is the history of how that term has been defined by U.S. Regulators. Listen to today's show and increase your CISO Tradecraft Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/whitepaper/ CPRIME - For those valui…
…
continue reading
1
#145 - The Cost of Cyber Defense
35:55
35:55
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
35:55
On this episode we overview the CIS Document titled, "The Cost of Cyber Defense". https://www.cisecurity.org/insights/white-papers/the-cost-of-cyber-defense-cis-controls-ig1 Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/whitepaper/ CPRIME - For those valuing leadership, policy, and governance in tech risk and security, Cprime is he…
…
continue reading
1
#144 - Handling Regulatory Change
24:09
24:09
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
24:09
In this episode of CISO Tradecraft, we delve into the evolving landscape of cybersecurity regulations. From data incident notifications to required contract language, we uncover common trends and compliance challenges. Learn how to prepare, adapt, and network within your industry to stay ahead. Tune in for insights and tips! Thanks again to our Spo…
…
continue reading
1
#143 - Authentication, Rainbow Tables, and Password Managers
45:18
45:18
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
45:18
Here's a nice overview of cybersecurity on passwords, authentication, rainbow tables, and password managers. Enjoy the show and check out our other podcasts. Special Thanks to our Sponsors: Risk3Sixty: Being able to clearly articulate your vision for your security program to the board and other executives within your firm is critical to obtaining t…
…
continue reading
1
#142 - Powerful Questions
33:55
33:55
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
33:55
Join us at the heart of Hacker Summer Camp for insights into the cybersecurity world! Discover the art of asking powerful questions that can change your career and impact others. Learn how CISOs assess cyber solutions and how startups can win their attention. Uncover the secrets of building connections and value through meaningful inquiries. Don't …
…
continue reading
1
#141 - Emerging Risks (with The Chertoff Group)
41:30
41:30
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
41:30
On this episode, David London and Adam Isles from the Chertoff Group stop by to discuss emerging risk topics such as AI, Supply Chain Attacks, and the new SEC regulations. Stick around and learn the tradecraft to better protect your company. Special Thanks to our Sponsors: The Chertoff Group: https://www.chertoffgroup.com.Note you can read more abo…
…
continue reading
1
#140 - Bobby the Intern
38:48
38:48
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
38:48
Don't let Bobby the Intern cause havoc in your network. On this episode of CISO Tradecraft, G Mark Hardy discusses the importance of training new hires in cybersecurity to create a strong security culture within an organization. The focus is on shaping employees' behavior and beliefs to enhance the overall cybersecurity posture. Special Thanks to o…
…
continue reading
1
#139 - Insider Threat Operations (with Jim Lawler)
51:33
51:33
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
51:33
On this episode we bring on CIA Veteran James "Jim" Lawler to discuss how spies are recruited, how individuals are turned, and what makes them vulnerable to being turned. Learn what managers and executives can and should know about their people to help them better understand who's at risk and the types of programs that executives can put into place…
…
continue reading
1
#138 - Updating the Mindmap (with Rafeeq Rehman)
42:46
42:46
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
42:46
This week Rafeeq Rehman returns to discuss the 2023 updates to the CISO Mindmap. Note you can find his work here: https://rafeeqrehman.com/2023/03/25/ciso-mindmap-2023-what-do-infosec-professionals-really-do/ Thanks to our two sponsors for this episode. 1) Prelude: https://www.preludesecurity.com/ 2) Risk3Sixty - Get a free copy of The Five CISO Ar…
…
continue reading
1
#137 - 1% Better Leadership (with Andy Ellis)
49:19
49:19
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
49:19
Imagine if you could get 1% better every day at something and do this for an entire year. Well, that's 365 days. And you go, okay, fine. 1%. 1%. That's going to be like 3.65%, right? No, because it compounds. And if you go ahead and open up your calculator and you take 1.01 and you raise it to the 365th power you're going to get 37.78. On today's s…
…
continue reading
1
#136 - From Hacking to Hardcover (with Bill Pollock)
45:40
45:40
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
45:40
Are you a Chief Information Security Officer (CISO) looking to share your knowledge and insights with the world? In this episode, we explore how CISOs can embark on their journey of writing their first book. Join us as we delve into valuable tips and advice, including learning from renowned author Bill Pollock, who has paved the way for aspiring CI…
…
continue reading
1
#135 - Board Decks (with Demetrios Lazarikos)
43:33
43:33
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
43:33
One of the most important activities a CISO must perform is presenting high quality presentations to the Board of Directors. Listen and learn from Demetrios Lazarikos (Laz) and G Mark Hardy as they discuss what CISOs are putting in their decks and how best to answer the board's questions. Special thanks to our sponsor Risk3Sixty for supporting this…
…
continue reading
1
#134 - Ransomware Response (with Ricoh Danielson)
43:34
43:34
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
43:34
A lot of times we focus on preventing ransomware, but we forget what we should do when we actually encounter it. That's why we are bringing on Ricoh Danielson to talk about it. Learn from him as he discusses tactics and techniques for businesses to follow then stuff hits the fan. Special thanks to our sponsor Risk3Sixty for supporting this episode.…
…
continue reading
1
#133 - The Seesaw of Cyber Recruiting (with Lee Kushner)
43:57
43:57
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
43:57
This episode features Lee Kushner discussing various topics, including negotiating skills, the importance of degrees in the cybersecurity field, the need for diversity in the industry, challenges faced by cybersecurity professionals, starting a career in cybersecurity, and the value of technical skills. The conversation emphasizes the need for indi…
…
continue reading
1
#132 - Founding to Funding (with Cyndi and Ron Gula)
44:06
44:06
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
44:06
On this episode we bring in Cyndi and Ron Gula from Gula Tech (https://www.gula.tech/) to talk about their cyber security experiences. Listen and enjoy as they tell their stories about leaving the NSA, creating the first commercial network Intrusion Detection System (IDS), Founding Tenable Network Security, and investing in multiple cybersecurity s…
…
continue reading
1
#131 - Framing Executive Discussions
21:15
21:15
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
21:15
How do we frame an executive discussion so we can structure and present information in a way that effectively engages and aligns with the needs and interests of the executive audience? On this episode we answer that question by discussing the 8 important elements of framing a discussion with executives: Clearly define the objective Start with the b…
…
continue reading
1
#130 - Financial Planning (with Logan Jackson)
50:55
50:55
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
50:55
Learn how to unlock financial success with key strategies by Logan Jackson from Ray Capital Advisors. Logan highlights how to set clear goals, choose the right asset class, diversify your portfolio for stability and growth, build a well-diversified investment portfolio to create wealth and mitigate risk, take control of your financial future throug…
…
continue reading
1
#129 - Protecting Your Family
45:09
45:09
Прослушать позже
Прослушать позже
Списки
Нравится
Нравится
45:09
Are you looking for ways to protect your most valuable asset? In this episode, G Mark Hardy argues that our most valuable asset is our family, not the crown jewels or critical assets of a corporation. He emphasizes the importance of managing money, having an emergency fund, obtaining life insurance, building retirement savings, protecting against c…
…
continue reading