G Mark Hardy dives deep into effective strategies for securing your business. Learn why it's essential for cybersecurity leaders to communicate the real business impact of vulnerabilities and discover the importance of identifying and prioritizing critical business processes.  Gain insights from historical references and practical frameworks like the CIA triad (Confidentiality, Integrity, Availability) to bolster your organization's cybersecurity posture. Tune in as G Mark, broadcasting from Glasgow, Scotland, shares valuable lessons on proactive security measures, risk-based decision-making, and crisis recovery strategies. 7 critical business processes common to most organizations. Book Order Bill PayShip CloseCommunicate Transcripts https://docs.google.com/document/d/1Ra3c0J5Wo6s2BSqhNoNyqm9D65ogT07h Chapters 00:00 Introduction to Securing the Business 00:12 Begin Podcast 01:08 Understanding Critical Business Processes 02:23 Identifying and Prioritizing Business Functions 03:00 Real-World Example: Restaurant Booking System 04:57 Decision Making in Crisis Situations 10:38 Mapping Confidentiality, Integrity, and Availability 19:42 Conclusion and Final Thoughts

Join host G Mark Hardy as he dives deep into the complexities of compliance and reporting, featuring special guests Brian Bradley and Josh Williams from FedShark. Discover a unique and streamlined approach to compliance using FedShark's innovative tools and AI-assisted systems. Learn about their exclusive offers for CISO Tradecraft listeners, including free downloads and discounted pre-assessment tools. Topics covered include CMMC, HIPAA, PCI, and more. Whether you're part of the Defense Industrial Base or dealing with multiple compliance frameworks, this episode is packed with practical advice to make your compliance journey smoother and more effective. Thanks to our podcast sponsor, Fedshark CISO Traderaft Promo & Link to CMMC White Papers: https://fedshark.com/ciso RapidAssess: https://fedshark.com/rapid-assess Company website: https://fedshark.com FedShark Blog: https://fedshark.com/blog Schedule a Demo: https://fedshark.com/contact-us LinkedIn Matt Beaghley: https://www.linkedin.com/in/mbeaghley/ LinkedIn Brian Bradley: https://www.linkedin.com/in/brian-bradley-97a82668/   Chapters  00:00 Introduction and Special Offer 03:18 Meet the Experts: Brian and Josh 06:49 Challenges in Compliance 16:23 Understanding CMMC 29:02 Understanding Scope in Compliance 30:22 Introducing the AI-Enhanced Compliance Solution 31:24 Streamlining Interviews and Documentation 42:19 Final Thoughts and Recommendations

G Mark Hardy and guest Deb Radcliff talk about experiences and takeaways from Black Hat, and delve into the dynamic world of cybersecurity. Deb shares her perspectives on the intersection of AI, DevSecOps, and cyber warfare, while highlighting insights from her 'Breaking Backbones' trilogy.  Transcripts: https://docs.google.com/document/d/1XN9HjdljJYKlUITrxZ10HTq9e91R8FNT Book 1: Breaking Backbones: Information Is Power         https://amzn.to/4dLSBxQ Book 2: Breaking Backbones: Information Should Be Free         https://amzn.to/4e3BRlB Book 3: Breaking Backbones: From Chaos to Order         https://amzn.to/3X8e4u2 Chapters 00:00 Introduction and Welcome Back 01:18 Black Hat and Security Leaders Dinner 04:39 The Evolution of Cybersecurity Conferences 10:59 AI and Cybersecurity Trends 22:01 The Chip Dilemma: Parenting in a Monitored Society 23:09 Crafting Characters: Inspirations and Transformations 25:58 Writing Process: From Drafts to Details 31:38 Future of Cybersecurity: Autonomous Systems and Legal Challenges

In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen testing may be insufficient, and how autonomous pen testing can offer continuous, scalable solutions. The conversation delves into Snehal’s extensive experience, the importance of readiness over compliance, and the future of cybersecurity tools designed with humans out of the loop. Tune in to learn how to elevate your cybersecurity posture in a rapidly evolving threat landscape. Horizon3 - https://www.horizon3.ai Snehal Antani - https://www.linkedin.com/in/snehalantani/ Transcripts: https://docs.google.com/document/d/1IFSQ8Uoca3I7TLqNHMkvm2X-RHk8SWpo Chapters: 00:00 Introduction and Guest Welcome 01:43 Background and Experience of Snehal Antani 03:09 Challenges and Limitations of Traditional Pen Testing 14:47 The Future of Pen Testing: Autonomous Systems 23:10 Leveraging Data for Cybersecurity Insights 24:02 Expanding the Attack Surface: Cloud and Supply Chain 24:46 Third-Party Risk Management Evolution 44:37 Future of Cyber Warfare: Algorithms vs. Humans

In this episode of CISO Tradecraft, host G Mark Hardy delves into the intricate world of Identity and Access Management (IAM). Learn the essentials and best practices of IAM, including user registration, identity proofing, directory services, identity federation, credential issuance, and much more. Stay informed about the latest trends like proximity-based MFA and behavioral biometrics. Understand the importance of effective IAM implementation for safeguarding sensitive data, compliance, and operational efficiency. Plus, hear real-world examples and practical advice on improving your IAM strategy for a secure digital landscape. Transcripts: https://docs.google.com/document/d/15zUupqhCQz9llwy21GW5cam8qXgK80JB Chapters 00:00 Introduction to CISO Tradecraft 01:24 Understanding Identity and Access Management (IAM) 01:54 Gartner's Magic Quadrant and IAM Vendors 03:29 The Importance of IAM in Enterprises 04:28 User Registration and Verification 06:48 Password Policies and Best Practices 09:53 Identity Proofing Techniques 14:53 Directory Services and Role Management 18:27 Identity Federation and Credential Issuance 22:22 Profile and Role Management 26:17 Identity Lifecycle Management 29:23 Access Management Essentials 35:05 Review and Conclusion

In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, and goals, this podcast offers practical insights and tools that can improve the efficacy and culture of your security team. If you're looking for strategic frameworks to align your team with business objectives and create a resilient security culture, you won't want to miss this episode! Christian Hyatt's LinkedIn Profile: https://www.linkedin.com/in/christianhyatt/ Link to the Book: https://a.co/d/aHpXXfr Transcripts: https://docs.google.com/document/d/1ogBdtJolBJTOVtqyFLO5onuLxBsfqqQP Chapters 00:00 Introduction and Guest Welcome 01:31 Overview of the Security Team Operating System 03:31 Deep Dive into the Five Elements 07:53 Aligning Security with Business Objectives 21:59 Defining Core Values for Security Teams 25:03 Aligning Organizational and Team Values 26:05 Establishing Clear Roles and Responsibilities 30:58 Implementing Effective Rhythms and Goals

Join host G Mark Hardy in this episode of CISO Tradecraft as he welcomes Olivia Rose, an experienced CISO and founder of the Rose CISO Group. Olivia discusses her journey in cybersecurity from her start in marketing to becoming a VCISO. They delve into key topics including the transition from CISO to VCISO, strategies for managing time and stress, the importance of understanding board dynamics, and practical advice on mentoring new entrants in the cybersecurity field. Olivia also shares her insights on maintaining business alignment, handling insurance as a contractor, and building a personal brand in the cybersecurity community. Olivia Rose: https://www.linkedin.com/in/oliviarosecybersecurity/ Transcripts: https://docs.google.com/document/d/1S42BepIh1QQHVWsdhhgx6x99U188q5eL Chapters 00:00 Introduction and Guest Welcome 01:14 Olivia Rose's Career Journey 06:42 Challenges in Cybersecurity Careers 15:47 Communicating with the Board 22:57 Navigating Compliance and Legal Challenges 24:10 Building Strategic Relationships 25:46 Aligning Security with Business Goals 35:05 The Importance of Reputation and Branding

In this episode of CISO Tradecraft, host G Mark Hardy continues an in-depth discussion with cybersecurity attorney Thomas Ritter on the legal considerations for cybersecurity leaders. The episode touches on essential topics such as immediate legal steps after a data breach, the importance of using correct terminology, understanding attorney-client privilege and discovery, GDPR's impact, data localization, and proactive measures CISOs should take. The conversation also explores the implications of evolving cybersecurity laws and regulations like the Digital Operations Resilience Act and the potential criminal liabilities for CISOs. Thomas Ritter: https://www.linkedin.com/in/thomas-ritter-2b91014a/ Transcripts: https://docs.google.com/document/d/15xQINUOdziGdcEFfh5SN8lS7svtK0JCT   Chapters 00:00 Introduction and Recap of Part 1 01:43 Starting the Discussion: Data Breaches 02:22 Legal Steps After a Data Breach 07:19 Understanding Attorney-Client Privilege 08:21 Discovery in Legal Cases 13:31 Staying Updated on Cybersecurity Laws 19:38 Impact of GDPR on Cybersecurity 32:00 Data Localization Challenges 34:55 Proactive Legal Preparedness 37:23 Final Thoughts and Conclusion

In this episode of CISO Tradecraft, host G Mark Hardy interviews cybersecurity lawyer Thomas Ritter. They discuss key legal topics for CISOs, including regulatory compliance, managing third-party risk, responding to data breaches, and recent legislative impacts. Thomas shares his journey into cybersecurity law and provides practical advice and real-world examples. Key points include the challenges of keeping up with evolving regulations, the intricacies of vendor management, and the implications of recent Supreme Court rulings. They also touch on major breaches like SolarWinds and Colonial Pipeline, exploring lessons learned and the importance of implementing essential security controls. Thomas Ritter - https://www.linkedin.com/in/thomas-ritter-2b91014a/ Transcripts: https://docs.google.com/document/d/1EvZ_dOpFOLCSSv5ffqxCoMnLZDOnUv_K Chapters 00:00 Introduction to CISO Tradecraft 00:48 Meet Thomas Ritter: Cybersecurity Lawyer 03:48 Legal Challenges for CISOs 04:54 Managing Third-Party Risks 13:01 Understanding Legal and Statutory Obligations 15:57 Supreme Court Rulings and Cybersecurity 32:57 Lessons from High-Profile Cyber Attacks 38:32 Ransomware Epidemic and Law Enforcement 43:30 Conclusion and Contact Information

Emotional Intelligence for Cybersecurity Leaders | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy delves into the essential topic of emotional intelligence (EI) for cybersecurity leaders. He explores the difference between IQ and EI, the origins and significance of emotional intelligence, and its impact on leadership effectiveness. The episode covers various models of EI, including the Ability Model, the Trait Model, and the Mixed Model, and emphasizes practical actions to enhance EI, such as self-awareness, self-regulation, empathy, and social skills. Tune in to understand how developing emotional intelligence can significantly benefit your career, leadership performance, and personal life.    Transcripts: https://docs.google.com/document/d/15pyhXu3XVHJ_VE1OwKjSqM73Rybjbsm0   Chapters: 00:00 Introduction to CISO Tradecraft 00:53 Understanding IQ: The Basics 04:08 Introduction to Emotional Intelligence 07:38 Models of Emotional Intelligence 13:06 The Importance of Emotional Intelligence in Leadership 25:12 Practical Steps to Improve Emotional Intelligence 32:42 Conclusion and Final Thoughts

Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations. Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5 Chapters 00:00 Introduction to CISO Tradecraft00:40 Challenges of Cybersecurity in Small Businesses01:15 Defining Small Business and Security Baselines01:53 Top Cybersecurity Tools for Small Businesses02:05 Hardware and Software Essentials04:35 Patch Management Solutions05:19 Endpoint Detection and Response (EDR) Tools06:06 Secure Web Gateways and Website Security11:21 Identity and Access Management (IAM)12:57 Email Security Gateways14:15 Managed Detection and Response (MDR) Solutions14:54 Recap of Essential Cybersecurity Tools15:41 Bonus Tool: Password Managers18:33 Aligning with CIS Controls24:48 Conclusion and Call to Action

Welcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablement, operational resilience, and cost reduction. Tune in for insightful strategies to improve your impact as a cybersecurity leader and a sneak peek at our upcoming CISO training class! If you would like to learn more about our class, drop us a comment: https://www.cisotradecraft.com/comment Transcripts: https://docs.google.com/document/d/19SDBdQSTLc58sP5ynwzhuedNHzk7QPKj Chapters 00:00 Introduction to Profitable Growth for CISOs01:16 Understanding Profit and Business Objectives03:24 Enhancing Customer Experience through Cybersecurity08:51 Service Enablement and Upselling Strategies11:39 Ensuring Operational Resilience13:36 Cost Reduction and Efficiency Improvements18:31 Recap and Final Thoughts19:10 Exciting Announcement: CISO Training Course

Exploring AI in Cybersecurity: Insights from an Expert - CISO Tradecraft with Tom Bendien In this episode of CISO Tradecraft, host G Mark Hardy sits down with AI expert Tom Bendien to delve into the impact of artificial intelligence on cybersecurity. They discuss the basics of AI, large language models, and the differences between public and private AI models. Tom shares his journey from New Zealand to the U.S. and how he became involved in AI consulting. They also cover the importance of education in AI, from executive coaching to training programs for young people. Tune in to learn about AI governance, responsible use, and how to prepare for the future of AI in cybersecurity. Transcripts: https://docs.google.com/document/d/1x0UTLiQY7hWWUdfPE6sIx7l7B0ip7CZo Chapters 00:00 Introduction and Guest Welcome 00:59 Tom Bendien's Background and Journey 02:30 Diving into AI and ChatGPT 04:29 Understanding AI Models and Neural Networks 07:11 The Role of Agents in AI 10:10 Challenges and Ethical Considerations in AI 13:47 Open Source AI and Security Concerns 18:32 Apple's AI Integration and Compliance Issues 24:01 Navigating AI in Cybersecurity 25:09 Ethical Dilemmas in AI Usage 27:59 AI Coaching and Its Importance 32:20 AI in Education and Youth Engagement 35:55 Career Coaching in the Age of AI 39:20 The Future of AI and Its Saturation Point 42:07 Final Thoughts and Contact Information

In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark explores ethical frameworks, such as rights-based ethics, justice and fairness, utilitarianism, common good, and virtue ethics, and applies them to AI development and usage. The episode also highlights ethical dilemmas, including privacy concerns, bias, transparency, accountability, and the impacts of AI on societal norms and employment. Learn about the potential dangers of AI and how to implement and control AI systems ethically in your organization.    Transcripts: https://docs.google.com/document/d/10AhefqdhkT0PrEbh8qBZVn9wWS6wABO6 Chapters 00:00 Introduction to CISO Tradecraft 01:01 Stages of Artificial Intelligence 03:33 Ethical Implications of AI 05:24 Business Models and Data Security 13:52 Ethical Frameworks Explained 23:18 AI and Human Behavior 25:44 The TikTok Feedback Loop and Digital Addiction 26:54 AI's Unpredictable Capabilities 28:25 The Ethical Dilemmas of AI 30:57 Generative AI and Its Implications 42:10 The Role of Government and Society in AI Regulation 45:49 Conclusion and Ethical Considerations

In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges complexity introduces to cybersecurity, debunking the myth that more complex systems are inherently more secure. Through examples ranging from IT support issues to the intricacies of developing a web application with Kubernetes, the discussion highlights how complexity can obscure vulnerabilities, increase maintenance costs, and expand the attack surface. The episode also offers strategies to tackle complexity, including standardization, minimization, automation, and feedback-driven improvements, aiming to guide cybersecurity leaders toward more effective and less complex security practices. Transcripts: https://docs.google.com/document/d/1J0rPr0HxULpeVJMIwXKXqHuCfnXn4gDu Chapters  00:00 Introduction 01:03 The Misconception of Complexity in Cybersecurity 02:41 Real-World Complexities and Their Impact on IT 10:06 Simplifying Cybersecurity: Strategies and Solutions 14:48 Conclusion: Embracing Simplicity in Cybersecurity

This episode of CISO Tradecraft features a conversation between host G. Mark Hardy and Chris Rothe, co-founder of Red Canary, focusing on cloud security, managed detection and response (MDR) services, and the evolution of cybersecurity practices. They discuss the genesis of Red Canary, the significance of their company name, and the distinctions between Managed Security Service Providers (MSSPs) and MDRs. The conversation also covers the importance of cloud security, the challenges of securing serverless and containerized environments, and leveraging open-source projects like Atomic Red Team for cybersecurity. They conclude with insights on the cybersecurity labor market, the value of threat detection reports, and the future of cloud security. Red Canary: https://redcanary.com/ Chris Rothe: https://www.linkedin.com/in/crothe/ Transcripts: https://docs.google.com/document/d/1XN4Bp7Sa2geGCVaHuqMRmJckms4q7_L6

This episode of CISO Tradecraft, hosted by G Mark Hardy, features special guest Debbie Gordon. The discussion focuses on the critical role of Security Operations Centers (SOCs) in an organization's cybersecurity efforts, emphasizing the importance of personnel, skill development, and maintaining a high-performing team. It covers the essential aspects of building and managing a successful SOC, from hiring and retaining skilled incident responders to measuring their performance and productivity. The conversation also explores the benefits of simulation-based training with CloudRange Cyber, highlighting how such training can improve job satisfaction, reduce incident response times, and help organizations meet regulatory requirements. Through this in-depth discussion, listeners gain insights into best practices for enhancing their organization's cybersecurity posture and developing key skill sets to defend against evolving cyber threats. Cloud Range Cyber: https://www.cloudrangecyber.com/ Transcripts: https://docs.google.com/document/d/18ILhpOgHIFokMrkDAYaIEHK-f9hoy63u  Chapters 00:00 Introduction 01:04 The Indispensable Role of Security Operations Centers (SOCs) 02:07 Building an Effective SOC: Starting with People 03:04 Measuring Productivity and Performance in Your SOC 05:36 The Importance of Continuous Training and Simulation in Cybersecurity 09:00 Debbie Gordon on the Evolution of Cyber Training 11:54 Developing Cybersecurity Talent: The Importance of Simulation Training 14:46 The Critical Role of People in Cybersecurity 21:57 The Impact of Regulations on Cybersecurity Practices 24:36 The Importance of Proactive Cybersecurity Training 26:26 Redefining Cybersecurity Roles and Training Approaches 30:08 Leveraging Cyber Ranges for Real-World Cybersecurity Training 36:03 Evaluating and Enhancing Cybersecurity Skills and Team Dynamics 37:49 Maximizing Cybersecurity Training ROI and Employee Engagement 41:40 Exploring CloudRange Cyber's Training Solutions 43:28 Conclusion: The Future of Cybersecurity Training

In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering. The episode touches on various cybersecurity measures, the omnipresence of multi-factor authentication (MFA) as a necessity rather than a best practice, and the surge in denial-of-service (DDoS) attacks. Hardy also discusses generative AI's role in enhancing social engineering attacks and the potential impact of deepfake content on elections and corporate reputations. Listeners are encouraged to download the DBIR for a deeper dive into its findings. Transcripts: https://docs.google.com/document/d/1HYHukTHr6uL6khGncR_YUJVOhikedjSE  Chapters 00:00 Welcome to CISO Tradecraft 00:35 Celebrating Milestones and Offering Services 01:39 Diving into the Verizon Data Breach Investigations Report 04:22 Top Attack Methods: VPNs and Desktop Sharing Software Vulnerabilities 09:24 The Rise of Phishing and Credential Theft 19:43 Advanced Threats: Deepfakes and Generative AI 23:23 Closing Thoughts and Recommendations

In this joint episode of the Security Break podcast and CISO Tradecraft podcast, hosts from both platforms come together to discuss a variety of current cybersecurity topics. They delve into the challenge of filtering relevant information in the cybersecurity sphere, elaborate on different interpretations of the same news based on the reader's background, and share a detailed analysis on specific cybersecurity news stories. The discussion covers topics such as the implications of data sharing without user consent by major wireless providers and the fines imposed by the FCC, the significance of increasing bug bounty payouts by tech companies like Google, and a comprehensive look at how edge devices are exploited by hackers to create botnets for various cyberattacks. The conversation addresses the complexity of the cybersecurity landscape, including how different actors with varied objectives can simultaneously compromise the same devices, making it difficult to attribute attacks and protect networks effectively. Transcripts: https://docs.google.com/document/d/1GtFIWtDf_DSIIgs_7CizcnAHGnFTTrs5 Chapters 00:00 Welcome to a Special Joint Episode: Security Break & CISO Tradecraft01:27 The Challenge of Filtering Cybersecurity Information04:23 Exploring the FCC's Fine on Wireless Providers for Privacy Breaches06:41 The Complex Landscape of Data Privacy Regulations16:00 The Economics of Data Breaches and Regulatory Fines24:23 Bug Bounties and the Value of Security Research33:21 Exploring the Economics of Cybersecurity33:50 The Lucrative World of Bug Bounties34:38 The Impact of Security Vulnerabilities on Businesses35:50 Navigating the Complex Landscape of Cybersecurity36:22 The Ethical Dilemma of Selling Exploit Information37:32 Understanding the Market Dynamics of Cybersecurity38:00 Focusing on Android Application Security38:34 The Importance of Targeting in Cybersecurity Efforts42:33 Exploring the Threat Landscape of Edge Devices46:37 The Challenge of Securing Outdated Technology49:28 The Role of Cybersecurity in Modern Warfare53:15 Strategies for Enhancing Cybersecurity Defenses01:05:25 Concluding Thoughts on Cybersecurity Challenges

In this episode of CISO Tradecraft, host G. Mark Hardy discusses seven critical issues facing the cybersecurity industry, offering a detailed analysis of each problem along with counterarguments. The concerns range from the lack of a unified cybersecurity license, the inefficiency and resource waste caused by auditors, to the need for a federal data privacy law. Hardy emphasizes the importance of evaluating policies, prioritizing effective controls, and examining current industry practices. He challenges the audience to think about solutions and encourages sharing opinions and additional concerns, aiming to foster a deeper understanding and improvement within the field of cybersecurity. Transcripts: https://docs.google.com/document/d/1H_kTbCG8n5f_d1ZHNr1QxsXf82xb08cG Chapters 00:00 Introduction 01:28 Introducing the Seven Broken Things in Cybersecurity 02:00 1. The Lack of a Unified Cybersecurity License 06:53 2. The Problem with Cybersecurity Auditors 10:09 3. The Issue with Treating All Controls as High Priority 14:12 4. The Obsession with New Cybersecurity Tools 19:23 5. Misplaced Accountability in Cybersecurity 22:38 6. Rethinking Degree Requirements for Cybersecurity Jobs 26:49 7. The Need for Federal Data Privacy Laws 30:53 Closing Thoughts and Call to Action