Have you ever wanted to get a legal perspective on cybersecurity? On this episode of CISO Tradecraft, Evan Wolff stops by to discuss terms such as legal disclaimers, negligence, due care, and others. He also provides important insights on how to structure your cyber policies, respond to regulators/auditors, and partner with general council. Please enjoy. Full Transcripts: https://docs.google.com/document/d/1hbqB5GQfQsi0egPVdOtdfYEwLA3-1Jnh Chapters 00:00 Introductions 01:52 The Attorney Client P...
Mar 20, 2023•38 min•Ep. 121
Have you ever wondered how to negotiate your best CISO compensation package? On this episode, we invite Michael Piacente from Hitch Partners to discuss important parts of the compensation packages. Examples include but are not limited to: - Base Salary, Bonuses (Annual, Relocation, & Hiring) Reserve Stock Units Annual Leave Title (VP or SVP) Directors & Officers Insurance Accelerated Vesting Clauses Severance Agreements You can learn more about CISO compensations by Googling any of the f...
Mar 13, 2023•40 min•Ep. 120
One of the most difficult things to do as a manager or leader is to take an ethical stance on something you believe in. Sometimes ethical stances are clear and you know you are doing what’s right. Others are blurry, messy, and really weigh on your mind. So we thought we would take this episode to talk about various ethical models, tricky ethical scenarios you might encounter as a CISO, and finally we will look at the Federal Case where Joe Sullivan the Former Chief Security Officer of Uber was c...
Mar 06, 2023•41 min•Ep. 119
Our systems generate fantastic amounts of information, but do we have a complete understanding of how we collect, analyze, manage, store, and retrieve possibly petabytes a day? Gal Shpantzer has been doing InfoSec for over 20 years and has managed some huge data engineering projects, and offers a lot of actionable insights in this CISO Tradecraft episode. Gal's LinkedIn Page - https://www.linkedin.com/in/riskmanagement/ Gal's Twitter Page - https://twitter.com/Shpantzer Full Transcript - https:/...
Feb 27, 2023•45 min•Ep. 118
Has bad governance given you trauma, boring committees, and long speeches on irrelevant issues? Today we are going to overcome that by talking about what good governance looks like. We bring on the former CISO of Amazon Whole Foods ( Sameer Sait ) to discuss his lessons learned as a CISO. We also highlight key topics of good governance found in the Cyber Security Profile from the Cyber Risk Institute. Cyber Risk Institute - Cyber Security Profile https://cyberriskinstitute.org/the-profile/ Full ...
Feb 20, 2023•40 min•Ep. 117
In the US we often focus on SOC-2, NIST Special Pubs, and the Cybersecurity Framework. In Europe (and most of the rest of the world), ISO 27001 is the primary standard. ISO concerns itself with policy, practice, and proof, whereas NIST often shows the method to follow. Michael points out that a CISO is responsible for governance, (internal) consulting, and audit. In early stages of growing a security function, a CISO needs to be technically-focused, but as a security department matures, the CISO...
Feb 13, 2023•44 min•Ep. 116
How can cyber best help the sales organization? It's a great thought exercise that we bring on Joye Purser to discuss. Learn from her experience as we go over how cybersecurity is becoming an even closer business partner with the creation of a new important role. Full Transcript: https://docs.google.com/document/d/1Shd1Qldb8iKEHBgXJqFez81Iwfpl6JT-/ Chapters 00:00 Introduction 02:58 How did you marry those two cultures? 06:40 Building a Diverse Workforce 08:23 Is this a new role based on Pain Poi...
Feb 06, 2023•42 min•Ep. 115
Did you ever wonder how much security you can implement with a single vendor? We did and were surprised by how much you can do using the Australian Top Eight as a template. We'll bet you can improve your security by using these tips, tools, and techniques that you might not have even known were there. Special thanks to our sponsor Praetorian for supporting this episode. https://www.praetorian.com/ Full Transcripts: https://docs.google.com/document/d/12HsuOhY9an1QzIw9wOREPMX0pXe5hqkJ Helpful Link...
Jan 30, 2023•24 min•Ep. 114
This episode provides a deep dive into Static Application Security Testing (SAST) tools. Learn how they work, why they don't work as well as you think they will in certain use cases, and find some novel ways apply them to your organization. Special thanks to John Steven for coming on the show to share his expertise. Special thanks to our sponsor Praetorian for supporting this episode. https://www.praetorian.com/ Full Transcripts - https://docs.google.com/document/d/1zoA70k78IjqyJky-2u7_-i2jlWke8...
Jan 23, 2023•43 min•Ep. 113
How do you defend against automated attacks in an era of ChatGPT-formulated malware, coordinated nation-state actors, and a host of disgruntled laid-off security professionals? Want to find your vulnerabilities faster than the bad actors do? Come listen to Richard Ford to learn how to apply best practices in attack surface management and defend your crown jewels. Special thanks to our sponsor Praetorian for supporting this episode. Full Transcripts - https://docs.google.com/document/d/18QyrN-7V9...
Jan 17, 2023•42 min•Ep. 112
Have you ever wanted to be like Neo in "The Matrix" and learn things like Kung Fu in just a few minutes? Well on today's episode, we try to do just that by cramming powerful leadership concepts into your head in just 45 minutes. So sit back, relax, and enjoy CISO Tradecraft. Show Notes with Pictures & References: https://docs.google.com/document/d/1z5FwVwYlNiJlevQXP9IK48Z5kYqG-Ee_/edit?usp=sharing&ouid=104989998442085477687&rtpof=true&sd=true Full Transcript: https://docs.google....
Jan 09, 2023•45 min•Ep. 111
Want to know CISO Tradecraft's Top 10 cyber security predictions for 2023? Listen to the episode to learn more about: Proactive Identity Management = Automated Provisioning of Access + Minimizing Digital Blast Radius Convergence of Security Tools Collaboration Technology Evolution of the Endpoint (Chromebooks or Browser Isolation) Chatbots Vague and unclear cyber laws CISO liability increases Umbrella IT general controls mapping Companies will be less truthful during 3rd party questionnaires Cyb...
Jan 02, 2023•24 min•Ep. 110
Success leaves clues, but sometimes we limit ourselves by only looking close by for them. This week, we pondered what business skills are essential for a successful CISO, and then extended the search to some non-traditional sources to find some very relevant advice. Take the time to listen and do a self-examination (you don't have to submit for a grade :) and see where you could boost your skills portfolio to increase your success as a security leader. Some of the essential skills we discuss on ...
Dec 19, 2022•46 min•Ep. 109
There's a lot of things you need to know as a CISO, but one of the things least taught is budgeting best practices. On today's episode, CISO Nick Vigier stops by to share his lessons learned on the topic. His conversations focus on spends vs investments. Remember spends = overhead, whereas investments = growth. Here's a great point. [10:00] There are opportunities that we have to frame some of these things as investments versus framing them as risk mitigations. And so one of the mantras or thing...
Dec 12, 2022•43 min•Ep. 108
Special thanks to Jeff Gouge for sharing his thoughts on consolidating vulnerability management. We also thank our sponsor Nucleus Security for supporting this episode. Consistently tracking and prioritizing vulnerabilities is a difficult problem. This episode talks about it in detail and helps you increase your understanding in: Various application security scanning tools (SAST, DAST, SCA, Container, IoT, Secret Scanners, Cloud Security Scans, ...) and why companies need so many How CVSS base s...
Dec 05, 2022•43 min•Ep. 106
Are You Ready To Win Your First CISO role? Apply these techniques into your resume and interview process so both recruiters and hiring managers will offer you the job. This show focuses on: Highlighting the Different Types of CISO Roles Showing how to progress from a Senior Director Role into a Fortune 100 CISO Resume Tricks and Tips that get you noticed by recruiters How to have a great interview with a recruiter What Hiring Managers want to see from CISOs during their interviews Please note th...
Nov 28, 2022•30 min•Ep. 107
Would you like to hear a master class on what Technology professionals need to know about startups? On this episode Bob Cousins stops by to share his knowledge and experience on working in technology companies, dealing with founders, and partnering with venture capitalists. Listen and learn more about: What should a technology professional know about venture capital and dealing with venture capitalists? What is the role of marketing? What do engineers get wrong with helping businesses create pro...
Nov 21, 2022•49 min•Ep. 105
Special Thanks to our podcast sponsor, Cymulate . On this episode, Dave Klein stops by to discuss the 3 Digital Challenges that organizations face: Cyber threats evolve on a daily basis and this constant threat to our environment appears to be only accelerating The level of vulnerabilities today is 30x what it was 10 years ago. We have more IT infrastructure, complexity, and developers in our current environment. In the pursuit of digital innovation, we are changing our IT infrastructure by the ...
Nov 14, 2022•45 min•Ep. 104
Have you ever just met someone that was so interesting that you just sat and gave them your full attention? On this episode of CISO Tradecraft, we have Bill Cheswick come on the show. Bill talks about his 50 years in computing. From working with the pioneers of Unix at Bell Labs, inventing network visualization techniques for the DoD, and creating the early best practices in firewalls and perimeter defenses. He was also the first person to co-author a book on Internet Security. So listen in and ...
Nov 07, 2022•45 min•Ep. 103
Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today's episode is about how to better mentor your people (and in doing so, improve yourself as well.) Mentoring is an important part of being a leader, and I would venture that most listeners have achieved their current level of success with the insights of a mentor, along with a lot of ha...
Oct 31, 2022•39 min•Ep. 102
Special Thanks to our podcast sponsor, Obsidian Security . We are really excited to share today’s show on SaaS Security Posture Management. Please note we have Ben Johnson stopping by the show so please stick around and enjoy. First let’s go back to the basics: Today most companies have already begun their journey to the cloud. If you are in the midst of a cloud transformation, you should ask yourself three important questions: How many clouds are we in? What data are we sending to the cloud to ...
Oct 24, 2022•40 min•Ep. 101
References https://github.com/cisotradecraft/Podcast https://cisotradecraft.podbean.com/e/84-gaining-trust-with-robin-dreeke/ https://www.youtube.com/shorts/vSART2mutwc https://www.peopleformula.com/selfmastery https://cisotradecraft.podbean.com/e/ciso-tradecraft-roses-buds-thorns/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-how-to-compare-software/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-shall-we-play-a-game/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-aligning-se...
Oct 17, 2022•33 min•Ep. 100
Episode 99 - Cyberwar and the Law of Armed Conflict with Larry Dietz We bring you another episode from Naas, Ireland today speaking about cyberwar and the law of armed conflict with Larry Dietz , a retired US Army Colonel and practicing attorney. This is a follow-up to Episode 98, where we cover the Tallin Manual, discover a surprise resource on cyber conflict hosted by the Red Cross, examine what critical infrastructure might be legitimate targets, and the importance for CISOs to establish rela...
Oct 10, 2022•37 min•Ep. 99
Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it. Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a wo...
Oct 03, 2022•33 min•Ep. 98
Special Thanks to our podcast sponsor, NowSecure . On this episode, Brian Reed (Chief Mobility Officer at NowSecure) stops in to provide a world class education on Mobile Application Security. It's incredible to think that 70% of internet traffic is coming over mobile devices. Most of this traffic occurs via mobile applications so we need to understand mobile application security testing, before attackers show us how important it is. This episode will help you understand: What should you be doin...
Sep 26, 2022•44 min•Ep. 97
Ahoy! and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader. My name is G. Mark Hardy, and today we’re going to -- talk like a pirate. ARRR As always, please follow us on LinkedIn , and make sure you subscribe so you can always get the latest updates. On today’s episode we are going to talk about the 9 Cs of Cyber Security. Note these are not the 9 Seas that you might find today,...
Sep 19, 2022•31 min•Ep. 96
Special Thanks to our podcast Sponsor, Varonis. Please check out Varonis's Webpage to learn more about their custom data security solutions and ransomware protection software. On this episode Brian Vecci (Field CTO of Varonis) stops by CISO Tradecraft to discuss all things Data Security. He highlights the top 3 things every CISO needs to balance with regards to data security (Productivity, Convenience, and Security). He also discusses the most important security questions we need to understand: ...
Sep 12, 2022•46 min•Ep. 95
Hello, and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we're going to try to balance the impossible equation of better, faster, and cheaper. As always, please follow us on LinkedIn, and subscribe if you have not already done so. Shigeo Shingo, who lived from 1909-1990, helped to improve efficiency at Toyota by teaching thousands of engineer...
Sep 05, 2022•23 min•Ep. 94
How do you become a Cyber Security Expert? Hello and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we're going to talk about how to provide advice and mentoring to help people understand how to become a cybersecurity expert. As always, please follow us on LinkedIn, and subscribe to our podcasts. As a security leader, part of your role is to d...
Aug 29, 2022•30 min•Ep. 93
Show Notes Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader. My name is G. Mark Hardy, and today we're going to offer tips and tools for briefing your executive leadership team, including the four major topics that you need to cover. As always, please follow us on LinkedIn, and make sure you subscribe so you can always get the latest updates. Imagine you have been in ...
Aug 22, 2022•26 min•Ep. 92
