On this episode we do a master class on cyber warfare. Learn the terminology. Learn the differences and similarities between kinetic and cyber warfare. There's a lot of interesting discussion, so check it out. Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts https://docs.google.com/document/d/1yJYoVs3pO4u_Zq8UC8YQmnYVGrsH93-H Air Force Doctrine Publication 3-0 - Operations and Planning https://www.doctrine.af.mil/Portals/61/documents/AFDP_3-0/3-0-D15-OPS-Coe...
Oct 16, 2023•46 min•Ep. 151
On this episode we discuss the measuring results cheat sheet from Justin Mecham. Key focuses include: Defining SMART Goals (Specific, Measurable, Achievable, Relevant, & Time-Bound) Identifying KPIs (Key Performance Indicators) Using the WOOP Model (Wish, Outcome, Obstacle, and Plan) Using a Gap Analysis Using the 5 Why Method Using Plan, Do, Check, & Act. Link to the Measuring Results Cheat Sheet https://www.linkedin.com/posts/justinmecham_harvard-says-leaders-are-10x-more-likely-activi...
Oct 09, 2023•18 min•Ep. 150
On this episode we discuss the four key roles Boards play in cybersecurity. Setting the company's vision and risk strategy Reviewing assessment results Evaluating management cyber risk stance Approving risk management plans Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts - https://docs.google.com/document/d/1jarCcQYioT59jtIrppH4xZqyAy4Vn_tB/ Chapters 00:00 Introduction 01:36 What is a Board of Directors and what do they do? 09:33 FFIEC requirements for Boar...
Oct 02, 2023•43 min•Ep. 149
On this episode we bring on the leading expert of threat modeling ( Adam Shostack ) to discuss the four questions that every team should ask: What are we working on? What can go wrong? What are we going to do about it? Did we do a good enough job? Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Adam Shostack's LinkedIn Profile - https://www.linkedin.com/in/shostack/ Learn more about threat modeling by checking out Adam's books on threat modeling Threats: What Every Eng...
Sep 25, 2023•38 min•Ep. 147
There's a lot of new cyber attacks occurring and today we are going to talk about them in more detail. Many bad actors are using SMS spoofing and Social Engineering to get in. Listen in an learn about how those attacks played out against the casino industry. You don't want to miss when we share what you can do to stop them. Pro-tip: Good MFA is your friend. Use it everywhere you can including on your employees and customers during phone calls. Big Thanks to our Sponsor Risk3Sixty - https://risk3...
Sep 18, 2023•43 min•Ep. 148
Have you ever thought about what does it mean to say there has been a material incident? How is materiality determined? What is the history of how that term has been defined by U.S. Regulators. Listen to today's show and increase your CISO Tradecraft Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/whitepaper/ CPRIME - For those valuing leadership, policy, and governance in tech risk and security, Cprime is here to help. Enhance your skills with our training and workshops, ensuring...
Sep 11, 2023•42 min•Ep. 146
On this episode we overview the CIS Document titled, "The Cost of Cyber Defense". https://www.cisecurity.org/insights/white-papers/the-cost-of-cyber-defense-cis-controls-ig1 Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/whitepaper/ CPRIME - For those valuing leadership, policy, and governance in tech risk and security, Cprime is here to help. Enhance your skills with our training and workshops, ensuring effective policy design and strategy alignment. As a tech coaching firm, Cpr...
Sep 04, 2023•36 min•Ep. 145
In this episode of CISO Tradecraft, we delve into the evolving landscape of cybersecurity regulations. From data incident notifications to required contract language, we uncover common trends and compliance challenges. Learn how to prepare, adapt, and network within your industry to stay ahead. Tune in for insights and tips! Thanks again to our Sponsors for supporting this episode: Risk3Sixty: Check out Risk3Sixty's weekly thought leadership webinars and downloadable resources at https://risk3si...
Aug 28, 2023•24 min•Ep. 144
Here's a nice overview of cybersecurity on passwords, authentication, rainbow tables, and password managers. Enjoy the show and check out our other podcasts. Special Thanks to our Sponsors: Risk3Sixty: Being able to clearly articulate your vision for your security program to the board and other executives within your firm is critical to obtaining the buy in you need for your program's success. Risk3Sixty has created a presentation template that helps you structure your thoughts while telling a c...
Aug 21, 2023•45 min•Ep. 143
Join us at the heart of Hacker Summer Camp for insights into the cybersecurity world! Discover the art of asking powerful questions that can change your career and impact others. Learn how CISOs assess cyber solutions and how startups can win their attention. Uncover the secrets of building connections and value through meaningful inquiries. Don't miss this episode featuring expert advice on navigating the cybersecurity landscape. Special Thanks to our Sponsors: The Chertoff Group: https://www.c...
Aug 14, 2023•34 min•Ep. 142
On this episode, David London and Adam Isles from the Chertoff Group stop by to discuss emerging risk topics such as AI, Supply Chain Attacks, and the new SEC regulations. Stick around and learn the tradecraft to better protect your company. Special Thanks to our Sponsors: The Chertoff Group: https://www.chertoffgroup.com .Note you can read more about their thoughts on AI here: https://www.chertoffgroup.com/managing-ai-risks/ Prelude: https://www.preludesecurity.com/ CPrime: At work, bridging th...
Aug 07, 2023•42 min•Ep. 141
Don't let Bobby the Intern cause havoc in your network. On this episode of CISO Tradecraft, G Mark Hardy discusses the importance of training new hires in cybersecurity to create a strong security culture within an organization. The focus is on shaping employees' behavior and beliefs to enhance the overall cybersecurity posture. Special Thanks to our Two Sponsors: 1) The Chertoff Group: www.chertoffgroup.com 2) Prelude: https://www.preludesecurity.com/ Transcripts: https://docs.google.com/docume...
Jul 31, 2023•39 min•Ep. 140
On this episode we bring on CIA Veteran James "Jim" Lawler to discuss how spies are recruited, how individuals are turned, and what makes them vulnerable to being turned. Learn what managers and executives can and should know about their people to help them better understand who's at risk and the types of programs that executives can put into place to stop insider threats. Special Thanks to our Two Sponsors: 1) Prelude: https://www.preludesecurity.com/ 2) Risk3Sixty is cyber security technology ...
Jul 24, 2023•52 min•Ep. 139
This week Rafeeq Rehman returns to discuss the 2023 updates to the CISO Mindmap. Note you can find his work here: https://rafeeqrehman.com/2023/03/25/ciso-mindmap-2023-what-do-infosec-professionals-really-do/ Thanks to our two sponsors for this episode. 1) Prelude: https://www.preludesecurity.com/ 2) Risk3Sixty - Get a free copy of The Five CISO Archetypes eBook from risk3sixty. By reading this eBook, you will discover your strengths, weaknesses, areas where you need support from your team, and ...
Jul 17, 2023•43 min•Ep. 138
Imagine if you could get 1% better every day at something and do this for an entire year. Well, that's 365 days. And you go, okay, fine. 1%. 1%. That's going to be like 3.65%, right? No, because it compounds. And if you go ahead and open up your calculator and you take 1.01 and you raise it to the 365th power you're going to get 37.78. On today's show we have Andy Ellis discuss ways to get 1% better as a leader. Thanks to our two sponsors for this episode. 1) Prelude: https://www.preludesecurity...
Jul 10, 2023•49 min•Ep. 137
Are you a Chief Information Security Officer (CISO) looking to share your knowledge and insights with the world? In this episode, we explore how CISOs can embark on their journey of writing their first book. Join us as we delve into valuable tips and advice, including learning from renowned author Bill Pollock, who has paved the way for aspiring CISO authors. Risk3Sixty is cyber security technology and consulting firm that works with high-growth technology firms to help leaders build, manage and...
Jul 03, 2023•46 min•Ep. 136
One of the most important activities a CISO must perform is presenting high quality presentations to the Board of Directors. Listen and learn from Demetrios Lazarikos (Laz) and G Mark Hardy as they discuss what CISOs are putting in their decks and how best to answer the board's questions. Special thanks to our sponsor Risk3Sixty for supporting this episode. Risk3sixty has created a presentation template that helps you structure your thoughts while telling a compelling story about where you want ...
Jun 26, 2023•44 min•Ep. 135
A lot of times we focus on preventing ransomware, but we forget what we should do when we actually encounter it. That's why we are bringing on Ricoh Danielson to talk about it. Learn from him as he discusses tactics and techniques for businesses to follow then stuff hits the fan. Special thanks to our sponsor Risk3Sixty for supporting this episode. https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm...
Jun 19, 2023•44 min•Ep. 134
This episode features Lee Kushner discussing various topics, including negotiating skills, the importance of degrees in the cybersecurity field, the need for diversity in the industry, challenges faced by cybersecurity professionals, starting a career in cybersecurity, and the value of technical skills. The conversation emphasizes the need for individuals to acquire technical skills, such as coding and networking, as they are in high demand and can differentiate them in the job market. It also m...
Jun 12, 2023•44 min•Ep. 133
On this episode we bring in Cyndi and Ron Gula from Gula Tech ( https://www.gula.tech/ ) to talk about their cyber security experiences. Listen and enjoy as they tell their stories about leaving the NSA, creating the first commercial network Intrusion Detection System (IDS), Founding Tenable Network Security, and investing in multiple cybersecurity startups. Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their weekly thought leadership, webinars, and downl...
Jun 05, 2023•44 min•Ep. 132
How do we frame an executive discussion so we can structure and present information in a way that effectively engages and aligns with the needs and interests of the executive audience? On this episode we answer that question by discussing the 8 important elements of framing a discussion with executives: Clearly define the objective Start with the big picture Identify key issues Highlight impacts and benefits Use visually compelling data and metrics Be able to anticipate questions and concerns Pr...
May 29, 2023•21 min•Ep. 131
Learn how to unlock financial success with key strategies by Logan Jackson from Ray Capital Advisors. Logan highlights how to set clear goals, choose the right asset class, diversify your portfolio for stability and growth, build a well-diversified investment portfolio to create wealth and mitigate risk, take control of your financial future through retirement planning and goal setting, & leverage tax loss harvesting. He also discusses how to prioritize tax planning, understand the impact of...
May 22, 2023•51 min•Ep. 130
Are you looking for ways to protect your most valuable asset? In this episode, G Mark Hardy argues that our most valuable asset is our family, not the crown jewels or critical assets of a corporation. He emphasizes the importance of managing money, having an emergency fund, obtaining life insurance, building retirement savings, protecting against credit card fraud, and creating a plan for your children's digital life. Special thanks to our sponsor Risk3Sixty for supporting this episode. You can ...
May 15, 2023•45 min•Ep. 129
In this episode of "CISO Tradecraft," G. Mark Hardy defines the role of a CISO and discusses the Top 10 responsibilities of a Chief Information Security Officer Full Transcript: https://docs.google.com/document/d/1J_sCMkqEeIB7pUY4KmjCiS1sz7t6LX2F Chapters 00:00 Introduction 01:25 Defining the Role of the CISO 04:43 1) Developing and implementing a cybersecurity strategy 07:27 2) Overseeing the organization's cybersecurity key programs and initiatives 08:20 3) Ensuring that the organization's cyb...
May 08, 2023•30 min•Ep. 128
In this episode of CISO Tradecraft, G Mark Hardy and guest Kevin Fiscus discuss the challenges of cybersecurity and the importance of prioritizing security decisions. Fiscus emphasizes the need for effective protective controls and detection measures, as well as the limitations of protective controls and the importance of detection. He suggests a "Detection Oriented Security Architecture" (DOSA) that includes high-fidelity, low-noise detection, automated response, and continuous monitoring. Fisc...
May 01, 2023•49 min•Ep. 127
Have you heard about the latest trends in Generative Artificial Intelligence (GAI)? Listen to this episode of CISO Tradecraft to learn from Konstantinos Sgantzos and G Mark Hardy as they talk about the potential risks of GAI and how it generates new content. Show Notes with Links: https://docs.google.com/document/d/10eCg3L00GgnHmze14g_JUkBbfHEdGZ8HW0eAGMk4PPE Chapters 00:00 Introduction 01:37 The Future of Generative Artificial Intelligence (GAI) 06:08 The Implications of Hallucination in Genera...
Apr 24, 2023•43 min•Ep. 126
Are you worried about cyber threats and data breaches? Do you want to build a strong cybersecurity program to protect your organization? Look no further! In this episode of CISO Tradecraft, G Mark Hardy and Debbie Gordon discuss the three dimensions of an effective Information Security Management System: Policy, Practice, and Proof. G Mark emphasizes the importance of having a proper cybersecurity policy that references information security controls or outcome-driven statements. However, it's no...
Apr 17, 2023•44 min•Ep. 125
Are you concerned about the security of your data? If so, you're in luck, because we have an incredible episode that has Brent Deterding discuss how to implement simple, easy, and cheap cybersecurity measures. One of the key takeaways from the episode is the importance of understanding, managing, and mitigating the risk of critical data being exposed, altered, or denied. Brent Deterding shares his top four tips for CISOs, which include implementing multi-factor authentication, device posture man...
Apr 10, 2023•45 min•Ep. 124
In this episode of "CISO Tradecraft," G Mark Hardy discusses how to build an effective cyber strategy that executives will appreciate. He breaks down the four questions (Who, What, Why, and How) that need to be answered to create a successful strategy and emphasizes the importance of understanding how the company makes money and what critical business processes and IT systems support the mission. Later in the episode, Branden Newman shares his career path to becoming a CISO and his approach to b...
Apr 03, 2023•37 min•Ep. 123
Sometimes you just need structure to the madness. Christopher Crowley stops by to talk about methodologies that can help security organizations. Come and see why you need them, how we get the scientific method wrong in cyber, and how to leverage a CIA analytical methodology that can help you. There's a lot more to check out so tune in. Analysis of Competing Hypothesis https://www.cia.gov/static/9a5f1162fd0932c29bfed1c030edf4ae/Pyschology-of-Intelligence-Analysis.pdf Christopher Crowley's Company...
Mar 27, 2023•44 min•Ep. 122
