Look for any podcast host, guest or anyone
Showing episodes and shows of

Mark Hardy

Shows

CISO Tradecraft®
CISO Tradecraft®#243 - Navigating Hacker Summer Camp in 2025Navigating Hacker Summer Camp: A Comprehensive Guide Join host G Mark Hardy on this episode of CSO Tradecraft as he provides a detailed guide on what to expect at Hacker Summer Camp, a series of significant cybersecurity events including DEFCON, Black Hat, and BSides Las Vegas. G Mark shares historical insights, tips for first-timers, and personal anecdotes from his extensive experience attending these events over the years. Learn about the origins, key activities, and networking opportunities that make these conferences pivotal in the cybersecurity community. Stay tuned for practical advice on planning your visit and making the most out...
2025-07-2926 minCISO Tradecraft®
CISO Tradecraft®#243 - Navigating Hacker Summer Camp in 2025Navigating Hacker Summer Camp: A Comprehensive Guide Join host G Mark Hardy on this episode of CSO Tradecraft as he provides a detailed guide on what to expect at Hacker Summer Camp, a series of significant cybersecurity events including DEFCON, Black Hat, and BSides Las Vegas. G Mark shares historical insights, tips for first-timers, and personal anecdotes from his extensive experience attending these events over the years. Learn about the origins, key activities, and networking opportunities that make these conferences pivotal in the cybersecurity community. Stay tuned for practical advice on planning your visit and making the most out...
2025-07-2926 minCISO Tradecraft®
CISO Tradecraft®#234 - Model Context Protocol (MCP)In this episode of CISO Tradecraft, host G Mark Hardy delves into the emerging concept of Model Context Protocol (MCP) and its significance in AI and enterprise security. Launched by Anthropic in November 2024, MCP is designed to standardize how AI systems interact with external data sources and applications. Hardy explores how MCP differs from traditional APIs, its implications for security, and the steps organizations need to take to prepare for its adoption. Key topics include the stateful nature of MCP, security risks such as prompt injection and tool poisoning, and the importance of developing a robust governance framework. By...
2025-05-2632 minCISO Tradecraft®
CISO Tradecraft®#234 - Model Context Protocol (MCP)In this episode of CISO Tradecraft, host G Mark Hardy delves into the emerging concept of Model Context Protocol (MCP) and its significance in AI and enterprise security. Launched by Anthropic in November 2024, MCP is designed to standardize how AI systems interact with external data sources and applications. Hardy explores how MCP differs from traditional APIs, its implications for security, and the steps organizations need to take to prepare for its adoption. Key topics include the stateful nature of MCP, security risks such as prompt injection and tool poisoning, and the importance of developing a robust governance framework. By...
2025-05-2632 minCISO Tradecraft®
CISO Tradecraft®#225 - The Full IrishIn this episode of CSO Tradecraft, host G. Mark Hardy introduces 'The Full Irish,' a cybersecurity framework based on the '12 Steps to Cybersecurity' guidance from Ireland's National Cybersecurity Center. The episode covers comprehensive steps from governance and risk management to incident response and resilience, making it a valuable resource for cybersecurity professionals. G Mark also discusses the implications of multinational companies operating in Ireland, including tax strategies and notable GDPR fines. The episode provides pragmatic guidance and actionable insights to enhance your cybersecurity program. References: https://www.ncsc.gov.ie/pdfs/Cybersecurity_12_steps.pdf
2025-03-2428 minCISO Tradecraft®
CISO Tradecraft®#225 - The Full IrishIn this episode of CSO Tradecraft, host G. Mark Hardy introduces 'The Full Irish,' a cybersecurity framework based on the '12 Steps to Cybersecurity' guidance from Ireland's National Cybersecurity Center. The episode covers comprehensive steps from governance and risk management to incident response and resilience, making it a valuable resource for cybersecurity professionals. G Mark also discusses the implications of multinational companies operating in Ireland, including tax strategies and notable GDPR fines. The episode provides pragmatic guidance and actionable insights to enhance your cybersecurity program. References: https://www.ncsc.gov.ie/pdfs/Cybersecurity_12_steps.pdf
2025-03-2428 minCISO Tradecraft®
CISO Tradecraft®#222 - 40 Years of Career Advice in 40 MinutesIn this episode of CISO Tradecraft, G. Mark Hardy shares 15 crucial characteristics to help you succeed in your cybersecurity career and become an effective CISO. From knowing yourself and developing leadership skills to enhancing communications and staying current with trends, Hardy distills decades of wisdom into practical advice. Learn how to navigate career transitions, build technical credibility, become an effective storyteller, and master political skills essential for C-level success. Transcripts: https://docs.google.com/document/d/1MpjXD8LqnHS_Lj1S-6T7vxcclxzUjEhe   Chapters 01:30 Know Yourself: The First Step to Success 05:23 Develop Y...
2025-03-0340 minCISO Tradecraft®
CISO Tradecraft®#222 - 40 Years of Career Advice in 40 MinutesIn this episode of CISO Tradecraft, G. Mark Hardy shares 15 crucial characteristics to help you succeed in your cybersecurity career and become an effective CISO. From knowing yourself and developing leadership skills to enhancing communications and staying current with trends, Hardy distills decades of wisdom into practical advice. Learn how to navigate career transitions, build technical credibility, become an effective storyteller, and master political skills essential for C-level success. Transcripts: https://docs.google.com/document/d/1MpjXD8LqnHS_Lj1S-6T7vxcclxzUjEhe   Chapters 01:30 Know Yourself: The First Step to Success 05:23 Develop Your L...
2025-03-0340 minCISO Tradecraft®
CISO Tradecraft®#215 - CISO Predictions for 2025In this episode of CISO Tradecraft, host G Mark Hardy explores the top 10 cybersecurity predictions for 2025. From the rise of AI influencers to new standards in encryption, Hardy discusses significant trends and changes expected in the cybersecurity landscape. The episode delves into topics such as branding, application security, browser-based security, and post-quantum cryptography, aiming to prepare listeners for future challenges and advancements in the field.   Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/ CruiseCon Discount Code: CISOTRADECRAFT10   Team8 Fixing AppSec Paper - https://bunny-wp-pullzone-pqzn4foj9c...
2025-01-1318 minCISO Tradecraft®
CISO Tradecraft®#215 - CISO Predictions for 2025In this episode of CISO Tradecraft, host G Mark Hardy explores the top 10 cybersecurity predictions for 2025. From the rise of AI influencers to new standards in encryption, Hardy discusses significant trends and changes expected in the cybersecurity landscape. The episode delves into topics such as branding, application security, browser-based security, and post-quantum cryptography, aiming to prepare listeners for future challenges and advancements in the field.   Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/ CruiseCon Discount Code: CISOTRADECRAFT10   Team8 Fixing AppSec Paper - https://bunny-wp-pullzone-pqzn4foj9c...
2025-01-1318 minCISO Tradecraft®
CISO Tradecraft®#202 - Cybersecurity Crisis: Are We Failing the Next Generation?In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges and misconceptions facing the next generation of cybersecurity professionals. The discussion covers the myth of a talent shortage, the shortcomings of current educational and certification programs, and the significance of aligning curricula with real-world needs. Hardy emphasizes the importance of hands-on experience, developing soft skills, and fostering continuous learning. The episode also highlights strategies for retaining talent, promoting internal training, and creating leadership opportunities to cultivate a skilled and satisfied cybersecurity workforce. Transcripts: https://docs.google.com/document/d/12fI2efHXuHR4dS3cu7P0...
2024-10-1445 minCISO Tradecraft®
CISO Tradecraft®#202 - Cybersecurity Crisis: Are We Failing the Next Generation?In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges and misconceptions facing the next generation of cybersecurity professionals. The discussion covers the myth of a talent shortage, the shortcomings of current educational and certification programs, and the significance of aligning curricula with real-world needs. Hardy emphasizes the importance of hands-on experience, developing soft skills, and fostering continuous learning. The episode also highlights strategies for retaining talent, promoting internal training, and creating leadership opportunities to cultivate a skilled and satisfied cybersecurity workforce. Transcripts: https://docs.google.com/document/d/12fI2efHXuHR4dS3cu7P0...
2024-10-1445 minCISO Tradecraft®
CISO Tradecraft®#200 - Copywriting AI (with Mark Rasch)In this episode of CISO Tradecraft, hosts G Mark Hardy and Mark Rasch discuss the intersection of artificial intelligence and the law. Recorded at the COSAC computer conference in Dublin, this episode covers the legal implications of AI, copyright issues, AI-generated content, privacy concerns, and ethical considerations. They explore the nuances between directed and undirected AI, the importance of training data, and the potential risks and liabilities associated with AI-driven systems. Tune in for a deep dive into how AI is reshaping cybersecurity and legal landscapes. Transcripts: https://docs.google.com/document/d/1s_eDwz-FPuyxYZRJaOknWi2Ozjqmodrl
2024-09-3044 minCISO Tradecraft®
CISO Tradecraft®#200 - Copywriting AI (with Mark Rasch)In this episode of CISO Tradecraft, hosts G Mark Hardy and Mark Rasch discuss the intersection of artificial intelligence and the law. Recorded at the COSAC computer conference in Dublin, this episode covers the legal implications of AI, copyright issues, AI-generated content, privacy concerns, and ethical considerations. They explore the nuances between directed and undirected AI, the importance of training data, and the potential risks and liabilities associated with AI-driven systems. Tune in for a deep dive into how AI is reshaping cybersecurity and legal landscapes. Transcripts: https://docs.google.com/document/d/1s_eDwz-FPuyxYZRJaOknWi2Ozjqmodrl
2024-09-3044 minCISO Tradecraft®
CISO Tradecraft®#199 - How to Secure Generative AIJoin G. Mark Hardy in Torremolinos, Spain, for a deep dive into the security of Generative AI. This episode of CISO Tradecraft explores the basics of generative AI, including large language models like ChatGPT, and discusses the key risks and mitigation strategies for securing AI tools in the workplace. G. Mark provides real-world examples, insights into the industry's major players, and practical steps for CISOs to balance innovation with security. Discover how to protect sensitive data, manage AI-driven hallucinations, and ensure compliance through effective governance and ethical guidelines. Plus, get a glimpse into the future of AI vulnerabilities and...
2024-09-2327 minCISO Tradecraft®
CISO Tradecraft®#199 - How to Secure Generative AIJoin G. Mark Hardy in Torremolinos, Spain, for a deep dive into the security of Generative AI. This episode of CISO Tradecraft explores the basics of generative AI, including large language models like ChatGPT, and discusses the key risks and mitigation strategies for securing AI tools in the workplace. G. Mark provides real-world examples, insights into the industry's major players, and practical steps for CISOs to balance innovation with security. Discover how to protect sensitive data, manage AI-driven hallucinations, and ensure compliance through effective governance and ethical guidelines. Plus, get a glimpse into the future of AI vulnerabilities and...
2024-09-2327 minCISO Tradecraft®
CISO Tradecraft®#198 - Securing the Business ProcessesG Mark Hardy dives deep into effective strategies for securing your business. Learn why it's essential for cybersecurity leaders to communicate the real business impact of vulnerabilities and discover the importance of identifying and prioritizing critical business processes.  Gain insights from historical references and practical frameworks like the CIA triad (Confidentiality, Integrity, Availability) to bolster your organization's cybersecurity posture. Tune in as G Mark, broadcasting from Glasgow, Scotland, shares valuable lessons on proactive security measures, risk-based decision-making, and crisis recovery strategies. 7 critical business processes common to most organizations. Book  Order  Bill  Pay Ship  Close Communicate  Transc...
2024-09-1621 minCISO Tradecraft®
CISO Tradecraft®#198 - Securing the Business ProcessesG Mark Hardy dives deep into effective strategies for securing your business. Learn why it's essential for cybersecurity leaders to communicate the real business impact of vulnerabilities and discover the importance of identifying and prioritizing critical business processes.  Gain insights from historical references and practical frameworks like the CIA triad (Confidentiality, Integrity, Availability) to bolster your organization's cybersecurity posture. Tune in as G Mark, broadcasting from Glasgow, Scotland, shares valuable lessons on proactive security measures, risk-based decision-making, and crisis recovery strategies. 7 critical business processes common to most organizations. Book  Order  Bill  Pay Ship  Close Communicate  Transc...
2024-09-1621 minCISO Tradecraft®
CISO Tradecraft®#195 - Pentesting for Readiness not Compliance (with Snehal Antani)In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen testing may be insufficient, and how autonomous pen testing can offer continuous, scalable solutions. The conversation delves into Snehal’s extensive experience, the importance of readiness over compliance, and the future of cybersecurity tools designed with humans out of the loop. Tune in to learn how to elevate your cy...
2024-08-2647 minCISO Tradecraft®
CISO Tradecraft®#194 - The IAM MasterclassIn this episode of CISO Tradecraft, host G Mark Hardy delves into the intricate world of Identity and Access Management (IAM). Learn the essentials and best practices of IAM, including user registration, identity proofing, directory services, identity federation, credential issuance, and much more. Stay informed about the latest trends like proximity-based MFA and behavioral biometrics. Understand the importance of effective IAM implementation for safeguarding sensitive data, compliance, and operational efficiency. Plus, hear real-world examples and practical advice on improving your IAM strategy for a secure digital landscape. Transcripts: https://docs.google.com/document/d/15zUupqhCQz9llwy21GW5...
2024-08-1938 minCISO Tradecraft®
CISO Tradecraft®#193 - Security Team Operating System (with Christian Hyatt)In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, and goals, this podcast offers practical insights and tools that can improve the efficacy and culture of your security team. If you're looking for strategic frameworks to align your team with business objectives and create a resilient security culture, you won't want to miss this episode!
2024-08-1243 minCISO Tradecraft®
CISO Tradecraft®#192 - From Cyber Burnout to VCISO Bliss (with Olivia Rose)Join host G Mark Hardy in this episode of CISO Tradecraft as he welcomes Olivia Rose, an experienced CISO and founder of the Rose CISO Group. Olivia discusses her journey in cybersecurity from her start in marketing to becoming a VCISO. They delve into key topics including the transition from CISO to VCISO, strategies for managing time and stress, the importance of understanding board dynamics, and practical advice on mentoring new entrants in the cybersecurity field. Olivia also shares her insights on maintaining business alignment, handling insurance as a contractor, and building a personal brand in the cybersecurity community.
2024-08-0545 minCISO Tradecraft®
CISO Tradecraft®#191 - From Breach to Bench (with Thomas Ritter)In this episode of CISO Tradecraft, host G Mark Hardy continues an in-depth discussion with cybersecurity attorney Thomas Ritter on the legal considerations for cybersecurity leaders. The episode touches on essential topics such as immediate legal steps after a data breach, the importance of using correct terminology, understanding attorney-client privilege and discovery, GDPR's impact, data localization, and proactive measures CISOs should take. The conversation also explores the implications of evolving cybersecurity laws and regulations like the Digital Operations Resilience Act and the potential criminal liabilities for CISOs. Thomas Ritter: https://www.linkedin.com/in/thomas-ritter-2b91014a/
2024-07-2944 minCISO Tradecraft®
CISO Tradecraft®#190 - Lawyers, Breaches, and CISOs: Oh My (with Thomas Ritter)In this episode of CISO Tradecraft, host G Mark Hardy interviews cybersecurity lawyer Thomas Ritter. They discuss key legal topics for CISOs, including regulatory compliance, managing third-party risk, responding to data breaches, and recent legislative impacts. Thomas shares his journey into cybersecurity law and provides practical advice and real-world examples. Key points include the challenges of keeping up with evolving regulations, the intricacies of vendor management, and the implications of recent Supreme Court rulings. They also touch on major breaches like SolarWinds and Colonial Pipeline, exploring lessons learned and the importance of implementing essential security controls. Thomas...
2024-07-2245 minCISO Tradecraft®
CISO Tradecraft®#189 - Emotional IntelligenceEmotional Intelligence for Cybersecurity Leaders | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy delves into the essential topic of emotional intelligence (EI) for cybersecurity leaders. He explores the difference between IQ and EI, the origins and significance of emotional intelligence, and its impact on leadership effectiveness. The episode covers various models of EI, including the Ability Model, the Trait Model, and the Mixed Model, and emphasizes practical actions to enhance EI, such as self-awareness, self-regulation, empathy, and social skills. Tune in to understand how developing emotional intelligence can significantly benefit your career, leadership performance, and...
2024-07-1533 minCISO Tradecraft®
CISO Tradecraft®#188 - Securing Small BusinessesSecuring Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations. Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5
2024-07-0825 minCISO Tradecraft®
CISO Tradecraft®#188 - Securing Small BusinessesSecuring Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations. Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5
2024-07-0825 minCISO Tradecraft®
CISO Tradecraft®#187 - Ensuring Profitable GrowthWelcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablement, operational resilience, and cost reduction. Tune in for insightful strategies to improve your impact as a cybersecurity leader and a sneak peek at our upcoming CISO training class! If you would like to learn more about our class, drop us a comment: https://www...
2024-06-2420 minCISO Tradecraft®
CISO Tradecraft®#187 - Ensuring Profitable GrowthWelcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablement, operational resilience, and cost reduction. Tune in for insightful strategies to improve your impact as a cybersecurity leader and a sneak peek at our upcoming CISO training class! If you would like to learn more about our class, drop us a comment: https://www...
2024-06-2420 minCISO Tradecraft®
CISO Tradecraft®#186 - AI Coaching (with Tom Bendien)Exploring AI in Cybersecurity: Insights from an Expert - CISO Tradecraft with Tom Bendien In this episode of CISO Tradecraft, host G Mark Hardy sits down with AI expert Tom Bendien to delve into the impact of artificial intelligence on cybersecurity. They discuss the basics of AI, large language models, and the differences between public and private AI models. Tom shares his journey from New Zealand to the U.S. and how he became involved in AI consulting. They also cover the importance of education in AI, from executive coaching to training programs for young people. Tune in to...
2024-06-1744 minCISO Tradecraft®
CISO Tradecraft®#185 - Ethics and Artificial Intelligence (AI)In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark explores ethical frameworks, such as rights-based ethics, justice and fairness, utilitarianism, common good, and virtue ethics, and applies them to AI development and usage. The episode also highlights ethical dilemmas, including privacy concerns, bias, transparency, accountability, and the impacts of AI on societal norms and employment. Learn about the potential dangers of AI and how to implement and control...
2024-06-1046 minCISO Tradecraft®
CISO Tradecraft®#185 - Ethics and Artificial Intelligence (AI)In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark explores ethical frameworks, such as rights-based ethics, justice and fairness, utilitarianism, common good, and virtue ethics, and applies them to AI development and usage. The episode also highlights ethical dilemmas, including privacy concerns, bias, transparency, accountability, and the impacts of AI on societal norms and employment. Learn about the potential dangers of AI and how to implement and control...
2024-06-1046 minCISO Tradecraft®
CISO Tradecraft®#184 - Complexity is Killing UsIn this episode of CISO Tradecraft, host G Mark Hardy explores the challenges complexity introduces to cybersecurity, debunking the myth that more complex systems are inherently more secure. Through examples ranging from IT support issues to the intricacies of developing a web application with Kubernetes, the discussion highlights how complexity can obscure vulnerabilities, increase maintenance costs, and expand the attack surface. The episode also offers strategies to tackle complexity, including standardization, minimization, automation, and feedback-driven improvements, aiming to guide cybersecurity leaders toward more effective and less complex security practices. Transcripts: https://docs.google.com/document/d/1J0...
2024-06-0315 minCISO Tradecraft®
CISO Tradecraft®#183 - Navigating the Cloud Security Landscape (with Chris Rothe)This episode of CISO Tradecraft features a conversation between host G. Mark Hardy and Chris Rothe, co-founder of Red Canary, focusing on cloud security, managed detection and response (MDR) services, and the evolution of cybersecurity practices. They discuss the genesis of Red Canary, the significance of their company name, and the distinctions between Managed Security Service Providers (MSSPs) and MDRs. The conversation also covers the importance of cloud security, the challenges of securing serverless and containerized environments, and leveraging open-source projects like Atomic Red Team for cybersecurity. They conclude with insights on the cybersecurity labor market, the value of...
2024-05-2744 minCISO Tradecraft®
CISO Tradecraft®#182 - Shaping the SOC of Tomorrow (with Debbie Gordon)This episode of CISO Tradecraft, hosted by G Mark Hardy, features special guest Debbie Gordon. The discussion focuses on the critical role of Security Operations Centers (SOCs) in an organization's cybersecurity efforts, emphasizing the importance of personnel, skill development, and maintaining a high-performing team. It covers the essential aspects of building and managing a successful SOC, from hiring and retaining skilled incident responders to measuring their performance and productivity. The conversation also explores the benefits of simulation-based training with CloudRange Cyber, highlighting how such training can improve job satisfaction, reduce incident response times, and help organizations meet regulatory requirements...
2024-05-2044 minCISO Tradecraft®
CISO Tradecraft®#181 - Inside the 2024 Verizon Data Breach Investigations ReportIn this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering...
2024-05-1324 minCISO Tradecraft®
CISO Tradecraft®#181 - Inside the 2024 Verizon Data Breach Investigations ReportIn this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering...
2024-05-1324 minCISO Tradecraft®
CISO Tradecraft®#179 - The 7 Broken Pillars of CybersecurityIn this episode of CISO Tradecraft, host G. Mark Hardy discusses seven critical issues facing the cybersecurity industry, offering a detailed analysis of each problem along with counterarguments. The concerns range from the lack of a unified cybersecurity license, the inefficiency and resource waste caused by auditors, to the need for a federal data privacy law. Hardy emphasizes the importance of evaluating policies, prioritizing effective controls, and examining current industry practices. He challenges the audience to think about solutions and encourages sharing opinions and additional concerns, aiming to foster a deeper understanding and improvement within the field of cybersecurity.
2024-04-2932 minCISO Tradecraft®
CISO Tradecraft®#179 - The 7 Broken Pillars of CybersecurityIn this episode of CISO Tradecraft, host G. Mark Hardy discusses seven critical issues facing the cybersecurity industry, offering a detailed analysis of each problem along with counterarguments. The concerns range from the lack of a unified cybersecurity license, the inefficiency and resource waste caused by auditors, to the need for a federal data privacy law. Hardy emphasizes the importance of evaluating policies, prioritizing effective controls, and examining current industry practices. He challenges the audience to think about solutions and encourages sharing opinions and additional concerns, aiming to foster a deeper understanding and improvement within the field of cybersecurity.
2024-04-2932 minCISO Tradecraft®
CISO Tradecraft®#178 - Cyber Threat Intelligence (with Jeff Majka & Andrew Dutton)In this episode of CISO Tradecraft, hosts G Mark Hardy and guests Jeff Majka and Andrew Dutton discuss the vital role of competitive threat intelligence in cybersecurity. They explore how Security Bulldog's AI-powered platform helps enterprise cybersecurity teams efficiently remediate vulnerabilities by processing vast quantities of data, thereby saving time and enhancing productivity. The conversation covers the importance of diverse threat intelligence sources, including open-source intelligence and insider threat awareness, and the strategic value of AI in analyzing and prioritizing data to manage cybersecurity risks effectively. The discussion also touches on the challenges and potentials of AI in cybersecurity...
2024-04-2245 minCISO Tradecraft®
CISO Tradecraft®#177 - 2024 CISO Mindmap (with Rafeeq Rehman)This episode of CISO Tradecraft features a comprehensive discussion between host G Mark Hardy and guest Rafeeq Rehman, centered around the evolving role of CISOs, the impact of Generative AI, and strategies for effective cybersecurity leadership. Rafeeq shares insights on the CISO Mind Map, a tool for understanding the breadth of responsibilities in cybersecurity leadership, and discusses various focal areas for CISOs in 2024-2025, including the cautious adoption of Gen AI, tool consolidation, cyber resilience, branding for security teams, and maximizing the business value of security controls. The episode also addresses the importance of understanding and adapting to technological...
2024-04-1546 minCISO Tradecraft®
CISO Tradecraft®#176 - Reality-Based Leadership (with Alex Dorr)In this episode of CISO Tradecraft, host G Mark Hardy welcomes Alex Dorr to discuss Reality-Based Leadership and its impact on reducing workplace drama and enhancing productivity. Alex shares his journey from professional basketball to becoming an evangelist of reality-based leadership, revealing how this approach helped him personally and professionally. They delve into the concepts of SBAR (Situation, Background, Analysis, Recommendation) for effective communication, toggling between low self and high self to manage personal reactions, and practical tools like 'thinking inside the box' to confront and solve workplace issues within given constraints. The conversation underscores the importance of focusing...
2024-04-0847 minCISO Tradecraft®
CISO Tradecraft®#175 - Navigating NYDFS Cyber RegulationThis episode of CISO Tradecraft dives deep into the New York Department of Financial Services Cybersecurity Regulation, known as Part 500. Hosted by G Mark Hardy, the podcast outlines the significance of this regulation for financial services companies and beyond. Hardy emphasizes that Part 500 serves as a high-level framework applicable not just in New York or the financial sector but across various industries globally due to its comprehensive cybersecurity requirements. The discussion includes an overview of the regulation's history, amendments to enhance governance and incident response, and a detailed analysis of key sections such as multi-factor authentication, audit trails, access...
2024-04-0133 minCISO Tradecraft®
CISO Tradecraft®#175 - Navigating NYDFS Cyber RegulationThis episode of CISO Tradecraft dives deep into the New York Department of Financial Services Cybersecurity Regulation, known as Part 500. Hosted by G Mark Hardy, the podcast outlines the significance of this regulation for financial services companies and beyond. Hardy emphasizes that Part 500 serves as a high-level framework applicable not just in New York or the financial sector but across various industries globally due to its comprehensive cybersecurity requirements. The discussion includes an overview of the regulation's history, amendments to enhance governance and incident response, and a detailed analysis of key sections such as multi-factor authentication, audit trails, access...
2024-04-0133 minCISO Tradecraft®
CISO Tradecraft®#174 - OWASP Top 10 Web Application AttacksIn this episode of CISO Tradecraft, host G. Mark Hardy delves into the crucial topic of the OWASP Top 10 Web Application Security Risks, offering insights on how attackers exploit vulnerabilities and practical advice on securing web applications. He introduces OWASP and its significant contributions to software security, then progresses to explain each of the OWASP Top 10 risks in detail, such as broken access control, injection flaws, and security misconfigurations. Through examples and recommendations, listeners are equipped with the knowledge to better protect their web applications and ultimately improve their cybersecurity posture. OWASP Cheat Sheets: https://cheatsheetseries.owasp...
2024-03-2544 minCISO Tradecraft®
CISO Tradecraft®#173 - Mastering Vulnerability ManagementIn this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere patching, to include identification, classification, prioritization, remediation, and mitigation of software vulnerabilities. Hardy emphasizes the necessity of a strategic vulnerability management program to prevent exploitations by bad actors, illustrating how vulnerabilities are exploited using tools like ExploitDB, Metasploit, and Shodan. He advises on deploying a variety of scanning tools to uncover different types of vulnerabilities across operating systems, middleware...
2024-03-1822 minCISO Tradecraft®
CISO Tradecraft®#173 - Mastering Vulnerability ManagementIn this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere patching, to include identification, classification, prioritization, remediation, and mitigation of software vulnerabilities. Hardy emphasizes the necessity of a strategic vulnerability management program to prevent exploitations by bad actors, illustrating how vulnerabilities are exploited using tools like ExploitDB, Metasploit, and Shodan. He advises on deploying a variety of scanning tools to uncover different types of vulnerabilities across operating systems, middleware...
2024-03-1822 minCISO Tradecraft®
CISO Tradecraft®#172 - Table Top ExercisesThis episode of CISO Tradecraft, hosted by G Mark Hardy, delves into the concept, significance, and implementation of tabletop exercises in improving organizational security posture. Tabletop exercises are described as invaluable, informal training sessions that simulate hypothetical situations allowing teams to discuss and plan responses, thereby refining incident response plans and protocols. The podcast covers the advantages of conducting these exercises, highlighting their cost-effectiveness and the crucial role they play in crisis preparation and response. It also discusses various aspects of preparing for and executing a successful tabletop exercise, including setting objectives, selecting participants, creating scenarios, and the importance...
2024-03-1141 minCISO Tradecraft®
CISO Tradecraft®#171 - Navigating Software Supply Chain Security (with Cassie Crossley)In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a...
2024-03-0446 minCISO Tradecraft®
CISO Tradecraft®#171 - Navigating Software Supply Chain Security (with Cassie Crossley)In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a...
2024-03-0446 minCISO Tradecraft®
CISO Tradecraft®#170 - Responsibility, Accountability, and AuthorityIn this episode of CISO Tradecraft, the host, G Mark Hardy, delves into the concepts of responsibility, accountability, and authority. These are considered critical domains in any leadership position but are also specifically applicable in the field of cybersecurity. The host emphasizes the need for a perfect balance between these areas to avoid putting one in a scapegoat position, which is often common for CISOs. Drawing on his military and cybersecurity experiences, he provides insights into how responsibility, accountability, and authority can be perfectly aligned for the efficient execution of duties. He also addresses how these concepts intertwine with...
2024-02-2646 minCISO Tradecraft®
CISO Tradecraft®#169 - MFA MishapsIn this episode of CISO Tradecraft, host G Mark Hardy discusses various mishaps that can occur with Multi-Factor Authentication (MFA) and how these can be exploited by attackers. The talk covers several scenarios such as the misuse of test servers, bypassing of MFA via malicious apps and phishing scams, violation of the Illinois Biometric Information Protection Act by using biometric data without proper consent, and potential future legal restrictions on biometric data usage. G Mark also highlights the significance of correct implementation of MFA to ensure optimum organizational security and how companies can fail to achieve this due to...
2024-02-1933 minCISO Tradecraft®
CISO Tradecraft®#169 - MFA MishapsIn this episode of CISO Tradecraft, host G Mark Hardy discusses various mishaps that can occur with Multi-Factor Authentication (MFA) and how these can be exploited by attackers. The talk covers several scenarios such as the misuse of test servers, bypassing of MFA via malicious apps and phishing scams, violation of the Illinois Biometric Information Protection Act by using biometric data without proper consent, and potential future legal restrictions on biometric data usage. G Mark also highlights the significance of correct implementation of MFA to ensure optimum organizational security and how companies can fail to achieve this due to...
2024-02-1933 minCISO Tradecraft®
CISO Tradecraft®#168 - Cybersecurity First Principles (with Rick Howard)In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Rick Howard, Chief Security Officer, Chief Analyst and Senior Fellow at CyberWire. Rick shares his insights on first principles in cybersecurity, discussing how these form the foundations of any cybersecurity strategy. He emphasizes the importance of understanding materiality and integrating the concept of time bound risk assessment to achieve a resilient cybersecurity environment. The episode also delves into the value of Fermi estimates and Bayes algorithm for risk calculation. Amid humor and personal anecdotes, Rick and Mark also reflect on their experiences during 9/11. Rick...
2024-02-1247 minCISO Tradecraft®
CISO Tradecraft®#168 - Cybersecurity First Principles (with Rick Howard)In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Rick Howard, Chief Security Officer, Chief Analyst and Senior Fellow at CyberWire. Rick shares his insights on first principles in cybersecurity, discussing how these form the foundations of any cybersecurity strategy. He emphasizes the importance of understanding materiality and integrating the concept of time bound risk assessment to achieve a resilient cybersecurity environment. The episode also delves into the value of Fermi estimates and Bayes algorithm for risk calculation. Amid humor and personal anecdotes, Rick and Mark also reflect on their experiences during 9/11. Rick...
2024-02-1247 minCISO Tradecraft®
CISO Tradecraft®#167 - Cybersecurity Apprenticeships (with Craig Barber)In this episode of CISO Tradecraft, host G Mark Hardy is joined by guest Craig Barber, the Chief Information Security Officer at SugarCRM. They discuss the increasingly critical topic of cybersecurity apprenticeships and Craig shares his personal journey from technical network engineer to CISO. They delve into the benefits of apprenticeships for both the individual and the organization, drawing parallels with guilds and trade schools of the past and incorporating real-world examples. They also look at the potential challenges and pitfalls of such programs, providing insights for organizations considering creating an apprenticeship scheme. Lastly, they examine the key attributes...
2024-02-0544 minCISO Tradecraft®
CISO Tradecraft®#165 - Modernizing Our SOC Ingest (with JP Bourget)In this episode of CISO Tradecraft, host G Mark Hardy interviews JP Bourget about the security data pipeline and how modernizing SOC ingest can improve efficiency and outcomes. Featuring discussions on cybersecurity leadership, API integrations, and the role of AI and advanced model learning in future data lake architectures. They discuss how vendor policies can impact data accessibility. They also reflect on their shared Buffalo roots and because their professional journeys. Tune in for valuable insights from top cybersecurity experts. Transcripts: https://docs.google.com/document/d/1evI2JTGg7S_Hjaf0sV-Nk_i0oiv8XNAr  C...
2024-01-2244 minCISO Tradecraft®
CISO Tradecraft®#163 - Operational ResilienceJoin G Mark Hardy in this episode of the CISO Tradecraft podcast where he details how cyber protects revenue. He clarifies how cybersecurity is seen as a cost center by most organizations, but stresses how it can become a protector of business profits. Concepts like Operational Resilience Framework (ORF) Version 2 by the Global Resilience Federation are discussed in depth. Hardy also outlines seven steps from ORF to operational resilience including implementing industry-recognized frameworks, understanding the organization's role in the ecosystem, defining viable service levels, and more.    Link to the ORF - https://www.grf.org/or...
2024-01-0823 minCISO Tradecraft®
CISO Tradecraft®#163 - Operational ResilienceJoin G Mark Hardy in this episode of the CISO Tradecraft podcast where he details how cyber protects revenue. He clarifies how cybersecurity is seen as a cost center by most organizations, but stresses how it can become a protector of business profits. Concepts like Operational Resilience Framework (ORF) Version 2 by the Global Resilience Federation are discussed in depth. Hardy also outlines seven steps from ORF to operational resilience including implementing industry-recognized frameworks, understanding the organization's role in the ecosystem, defining viable service levels, and more.    Link to the ORF - https://www.grf.org/or...
2024-01-0823 minCISO Tradecraft®
CISO Tradecraft®#161 - Secure Developer Training Programs (with Scott Russo) Part 2In the second half of the discussion about secure developer training programs, G Mark Hardy and Scott Russo delve deeper into how to engineer an effective cybersecurity course. They discuss the importance and impact of automation and shifting left, the customization needed for different programming languages and practices, and the role of gamification in engagement and learning. The conversation also touches upon anticipating secular trends, compliance with privacy and data protection regulations, different leaning styles and preferences, and effective strategies to enhance courses based on participant feedback. Scott highlights the lasting impacts and future implications of secure developer training...
2023-12-2545 minCISO Tradecraft®
CISO Tradecraft®#161 - Secure Developer Training Programs (with Scott Russo) Part 2In the second half of the discussion about secure developer training programs, G Mark Hardy and Scott Russo delve deeper into how to engineer an effective cybersecurity course. They discuss the importance and impact of automation and shifting left, the customization needed for different programming languages and practices, and the role of gamification in engagement and learning. The conversation also touches upon anticipating secular trends, compliance with privacy and data protection regulations, different leaning styles and preferences, and effective strategies to enhance courses based on participant feedback. Scott highlights the lasting impacts and future implications of secure developer training...
2023-12-2545 minCISO Tradecraft®
CISO Tradecraft®#160 - Secure Developer Training Programs (with Scott Russo) Part 1In this episode of CISO Tradecraft, host G Mark Hardy invites Scott Russo, a cybersecurity and engineering expert for a deep dive into the creation and maintenance of secure developer training programs. Scott discusses the importance of hands-on engaging training and the intersection of cybersecurity with teaching and mentorship. Scott shares his experiences building a secure developer training program, emphasizing the importance of gamification, tiered training, showmanship, and real-world examples to foster engagement and efficient learning. Note this episode will continue in with a part two in the next episode ISACA Event (10 Jan 2024) With G Mark Hardy...
2023-12-1842 minCISO Tradecraft®
CISO Tradecraft®#160 - Secure Developer Training Programs (with Scott Russo) Part 1In this episode of CISO Tradecraft, host G Mark Hardy invites Scott Russo, a cybersecurity and engineering expert for a deep dive into the creation and maintenance of secure developer training programs. Scott discusses the importance of hands-on engaging training and the intersection of cybersecurity with teaching and mentorship. Scott shares his experiences building a secure developer training program, emphasizing the importance of gamification, tiered training, showmanship, and real-world examples to foster engagement and efficient learning. Note this episode will continue in with a part two in the next episode ISACA Event (10 Jan 2024) With G Mark Hardy...
2023-12-1842 minCISO Tradecraft®
CISO Tradecraft®#159 - Refreshing Your Cybersecurity StrategyIn this episode of CISO Tradecraft, host G. Mark Hardy guides listeners on how to refresh their cybersecurity strategy. Starting with the essential assessments on the current state of your security, through to the creation of a comprehensive, one-page cyber plan. The discussion covers different approaches to upskilling the workforce, tools utilization, vulnerability management, relevant regulations, and selecting the best solution for your specific needs. The show also includes tips on building a roadmap, creating effective key performance indicators, and validation exercises or trap analysis to ensure the likelihood of success. At the end of the discussion, G. Mark...
2023-12-1123 minCISO Tradecraft®
CISO Tradecraft®#159 - Refreshing Your Cybersecurity StrategyIn this episode of CISO Tradecraft, host G. Mark Hardy guides listeners on how to refresh their cybersecurity strategy. Starting with the essential assessments on the current state of your security, through to the creation of a comprehensive, one-page cyber plan. The discussion covers different approaches to upskilling the workforce, tools utilization, vulnerability management, relevant regulations, and selecting the best solution for your specific needs. The show also includes tips on building a roadmap, creating effective key performance indicators, and validation exercises or trap analysis to ensure the likelihood of success. At the end of the discussion, G. Mark...
2023-12-1123 minCISO Tradecraft®
CISO Tradecraft®#157 - SOC Skills (with Hasan Eksi) Part 2In this episode of CISO Tradecraft, G Mark Hardy and Hasan Eksi from CyberNow Labs continue the discussion about the vital skills needed for an effective incident responder within a Security Operations Center (SOC). The skills highlighted in this episode include: incident triage, incident response frameworks, communication, collaboration, documentation, memory analysis, incident containment and eradication, scripting and automation, cloud security, and crisis management. Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/ Adlumin - https://adlumin.com/ Hasan Eksi's LinkedIn Profile: https://www.linkedin.com/in/eksihasan/ Transcripts: https://docs...
2023-11-2736 minCISO Tradecraft®
CISO Tradecraft®#156 - SMB CISO Challenges (with Kevin O’Connor)In this episode of CISO Tradecraft, host G Mark Hardy talks to Kevin O'Connor, the Director of Threat Research at Adlumin. They discuss the importance of comprehensive cybersecurity for Small to Medium-sized Businesses (SMBs), including law firms and mid-sized banks. The conversation explores the complexities of managing security infrastructures, the role of managed security service providers, and the usefulness of managed detection and response systems. The discussion also delves into the increasing threat of ransomware and the critical importance of managing data vulnerabilities and providing security awareness training. Big Thanks to our Sponsor: Adlumin - https://adlumin...
2023-11-2043 minCISO Tradecraft®
CISO Tradecraft®#154 - Data Protection (with Amer Deeba)In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Amer Deeba, CEO and co-founder of Normalyze. They focus on the importance of data security in today's cloud-centric, multi-platform tech environment. Amer shares valuable insights on the need for a data security platform that offers a unified, holistic approach. The conversation also delves into the importance of understanding the value of your data, and how solutions such as Normalyze can accurately identify and classify sensitive data, measure its value, and mitigate risk of compromise. Ideal for CISOs and professionals navigating data security, this episode provides key...
2023-11-0641 minCISO Tradecraft®
CISO Tradecraft®#140 - Bobby the InternDon't let Bobby the Intern cause havoc in your network. On this episode of CISO Tradecraft, G Mark Hardy discusses the importance of training new hires in cybersecurity to create a strong security culture within an organization. The focus is on shaping employees' behavior and beliefs to enhance the overall cybersecurity posture. Special Thanks to our Two Sponsors: 1) The Chertoff Group: www.chertoffgroup.com 2) Prelude: https://www.preludesecurity.com/  Transcripts: https://docs.google.com/document/d/1Z4ftmqZdUMkxD6ATRRLp0EmO_DVluQ4n Chapters 00:00 Introduction 03:57 How to Build a S...
2023-07-3138 minCISO Tradecraft®
CISO Tradecraft®#135 - Board Decks (with Demetrios Lazarikos)One of the most important activities a CISO must perform is presenting high quality presentations to the Board of Directors.  Listen and learn from Demetrios Lazarikos (Laz) and G Mark Hardy as they discuss what CISOs are putting in their decks and how best to answer the board's questions.  Special thanks to our sponsor Risk3Sixty for supporting this episode. Risk3sixty has created a presentation template that helps you structure your thoughts while telling a compelling story about where you want your security program to go. Download it today for free at: https://risk3sixty.com/whi...
2023-06-2643 minCISO Tradecraft®
CISO Tradecraft®#129 - Protecting Your FamilyAre you looking for ways to protect your most valuable asset? In this episode, G Mark Hardy argues that our most valuable asset is our family, not the crown jewels or critical assets of a corporation. He emphasizes the importance of managing money, having an emergency fund, obtaining life insurance, building retirement savings, protecting against credit card fraud, and creating a plan for your children's digital life.   Special thanks to our sponsor Risk3Sixty for supporting this episode. You can learn more about them from the Risk3Sixty Website: https://tinyurl.com/yc4xv7bj Fu...
2023-05-1545 minCISO Tradecraft®
CISO Tradecraft®#128 - How do CISOs spend their time?In this episode of "CISO Tradecraft," G. Mark Hardy defines the role of a CISO and discusses the Top 10 responsibilities of a Chief Information Security Officer Full Transcript: https://docs.google.com/document/d/1J_sCMkqEeIB7pUY4KmjCiS1sz7t6LX2F Chapters 00:00 Introduction 01:25 Defining the Role of the CISO 04:43 1) Developing and implementing a cybersecurity strategy 07:27 2) Overseeing the organization's cybersecurity key programs and initiatives 08:20 3) Ensuring that the organization's cybersecurity policies and procedures are up-to-date and in compliance 10:44 4) Collaborating with other departments and teams 12:06 5) Developing and implementing a cybersecurity budget 14:21 6) Maintaining a high level of...
2023-05-0829 minCISO Tradecraft®
CISO Tradecraft®#127 - How to Stop Bad Guys from Staying on Your Network (with Kevin Fiscus)In this episode of CISO Tradecraft, G Mark Hardy and guest Kevin Fiscus discuss the challenges of cybersecurity and the importance of prioritizing security decisions. Fiscus emphasizes the need for effective protective controls and detection measures, as well as the limitations of protective controls and the importance of detection. He suggests a "Detection Oriented Security Architecture" (DOSA) that includes high-fidelity, low-noise detection, automated response, and continuous monitoring. Fiscus also discusses the concept of cyber deception and proposes a new approach to cybersecurity that involves redirecting attackers to a decoy environment. Kevin Fiscus: https://www.linkedin.com/in...
2023-05-0149 minCISO Tradecraft®
CISO Tradecraft®#126 - ChatGPT & Generative AI (with Konstantinos Sgantzos)Have you heard about the latest trends in Generative Artificial Intelligence (GAI)? Listen to this episode of CISO Tradecraft to learn from Konstantinos Sgantzos and G Mark Hardy as they talk about the potential risks of GAI and how it generates new content. Show Notes with Links: https://docs.google.com/document/d/10eCg3L00GgnHmze14g_JUkBbfHEdGZ8HW0eAGMk4PPE Chapters 00:00 Introduction 01:37 The Future of Generative Artificial Intelligence (GAI) 06:08 The Implications of Hallucination in Generative AI 09:06 Hallucination Trivia Test for Large Language Models 10:48 The Consequences of Using Generative AI Models 12:39 The Importance of...
2023-04-2443 minCISO Tradecraft®
CISO Tradecraft®#125 - Cyber Ranges (with Debbie Gordon)Are you worried about cyber threats and data breaches? Do you want to build a strong cybersecurity program to protect your organization? Look no further! In this episode of CISO Tradecraft, G Mark Hardy and Debbie Gordon discuss the three dimensions of an effective Information Security Management System: Policy, Practice, and Proof. G Mark emphasizes the importance of having a proper cybersecurity policy that references information security controls or outcome-driven statements. However, it's not enough to have policies on paper; organizations need to practice what's on paper to be prepared for cyber events. This is where ranges come in...
2023-04-1744 minCISO Tradecraft®
CISO Tradecraft®#125 - Cyber Ranges (with Debbie Gordon)Are you worried about cyber threats and data breaches? Do you want to build a strong cybersecurity program to protect your organization? Look no further! In this episode of CISO Tradecraft, G Mark Hardy and Debbie Gordon discuss the three dimensions of an effective Information Security Management System: Policy, Practice, and Proof. G Mark emphasizes the importance of having a proper cybersecurity policy that references information security controls or outcome-driven statements. However, it's not enough to have policies on paper; organizations need to practice what's on paper to be prepared for cyber events. This is where ranges come in...
2023-04-1744 minCISO Tradecraft®
CISO Tradecraft®#123 - Accepted Cyber Strategy (with Branden Newman)In this episode of "CISO Tradecraft," G Mark Hardy discusses how to build an effective cyber strategy that executives will appreciate. He breaks down the four questions (Who, What, Why, and How) that need to be answered to create a successful strategy and emphasizes the importance of understanding how the company makes money and what critical business processes and IT systems support the mission. Later in the episode, Branden Newman shares his career path to becoming a CISO and his approach to building an effective cyber strategy. Newman stresses the importance of communication skills and the ability to influence...
2023-04-0336 minCISO Tradecraft®
CISO Tradecraft®#110 - CISO Predictions for 2023Want to know CISO Tradecraft's Top 10 cyber security predictions for 2023?  Listen to the episode to learn more about: Proactive Identity Management = Automated Provisioning of Access + Minimizing Digital Blast Radius Convergence of Security Tools Collaboration Technology Evolution of the Endpoint (Chromebooks or Browser Isolation) Chatbots Vague and unclear cyber laws CISO liability increases Umbrella IT general controls mapping Companies will be less truthful during 3rd party questionnaires Cyber defense will become more difficult because of people Be sure to also check out G Mark Hardy's annual ISACA talk at http://isaca-cmc.org/  Link to full tr...
2023-01-0224 minCISO Tradecraft®
CISO Tradecraft®#102 - Mentorship, Sponsorship, and A Message to GarciaHello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today's episode is about how to better mentor your people (and in doing so, improve yourself as well.)  Mentoring is an important part of being a leader, and I would venture that most listeners have achieved their current level of success with the insights of a mentor, along with a lot of hard work.  Today we're going to give you a template for creating a p...
2022-10-3138 minCISO Tradecraft®
CISO Tradecraft®#100 - 7 Ways CISOs Setup for SuccessReferences https://github.com/cisotradecraft/Podcast https://cisotradecraft.podbean.com/e/84-gaining-trust-with-robin-dreeke/ https://www.youtube.com/shorts/vSART2mutwc https://www.peopleformula.com/selfmastery https://cisotradecraft.podbean.com/e/ciso-tradecraft-roses-buds-thorns/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-how-to-compare-software/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-shall-we-play-a-game/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-aligning-security-initiatives-with-business-objectives/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-promotion-through-politics/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-presentation-skills/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-avoiding-death-by-powerpoint/ https://cisotradecraft.podbean.com/e/ciso-tradecraft-partnership-is-key/ Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be...
2022-10-1733 minCISO Tradecraft®
CISO Tradecraft®#98 - Outrunning the BearHello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it.  Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a world away from the battlefield that someone is not going to re...
2022-10-0333 minCISO Tradecraft®
CISO Tradecraft®#96 - The 9 Cs of CyberAhoy! and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader.  My name is G. Mark Hardy, and today we’re going to -- talk like a pirate.  ARRR As always, please follow us on LinkedIn, and make sure you subscribe so you can always get the latest updates. On today’s episode we are going to talk about the 9 Cs of Cyber Security.  Note these are not the 9 Seas that you might find today, the 19th of Sept...
2022-09-1930 minCISO Tradecraft®
CISO Tradecraft®#96 - The 9 Cs of CyberAhoy! and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader.  My name is G. Mark Hardy, and today we’re going to -- talk like a pirate.  ARRR As always, please follow us on LinkedIn, and make sure you subscribe so you can always get the latest updates. On today’s episode we are going to talk about the 9 Cs of Cyber Security.  Note these are not the 9 Seas that you might find today, the 19th of Sept...
2022-09-1930 minCISO Tradecraft®
CISO Tradecraft®#94 - Easier, Better, Faster, & Cheaper SoftwareHello, and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we're going to try to balance the impossible equation of better, faster, and cheaper.  As always, please follow us on LinkedIn, and subscribe if you have not already done so. Shigeo Shingo, who lived from 1909-1990, helped to improve efficiency at Toyota by teaching thousands of engineers the Toyota Production System, and even influenced the creation of Kaizen.  He wrote, "There are fou...
2022-09-0523 minCISO Tradecraft®
CISO Tradecraft®#93 - How to Become a Cyber Security ExpertHow do you become a Cyber Security Expert? Hello and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we're going to talk about how to provide advice and mentoring to help people understand how to become a cybersecurity expert.  As always, please follow us on LinkedIn, and subscribe to our podcasts. As a security leader, part of your role is to develop your people.  That may not be written anywhere in...
2022-08-2929 minCISO Tradecraft®
CISO Tradecraft®#92 - Updating the Executive Leadership Team on CyberShow Notes Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader.  My name is G. Mark Hardy, and today we're going to offer tips and tools for briefing your executive leadership team, including the four major topics that you need to cover.  As always, please follow us on LinkedIn, and make sure you subscribe so you can always get the latest updates. Imagine you have been in your role as the Chief Information Security Officer fo...
2022-08-2226 minCISO Tradecraft®
CISO Tradecraft®#90 - A CISO’s Guide to PentestingA CISO’s Guide to Pentesting References https://en.wikipedia.org/wiki/Penetration_test https://partner-security.withgoogle.com/docs/pentest_guidelines#assessment-methodology https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf  https://pentest-standard.readthedocs.io/en/latest/ https://www.isecom.org/OSSTMM.3.pdf https://s2.security/the-mage-platform/ https://bishopfox.com/platform https://www.pentera.io/ https://www.youtube.com/watch?v=g3yROAs-oAc    **************************** Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the infor...
2022-08-0816 minCISO Tradecraft®
CISO Tradecraft®#46 - Crisis Leadership with G Mark Hardy‘s 9/11 ExperienceHave you ever faced a crisis?  How well did you do?  You should always want to improve your skills in case another happens.  On the 20th anniversary of 9/11, G. Mark Hardy shares some of his experiences as the on-scene commander for the military first responders at the World Trade Center, and expands that into a set of skills and attributes that you can cultivate to become a more effective crisis response leader in your role as a cybersecurity professional.   References: 5 Leadership Skills Link How to Combat a Crisis Link Manage a Crisis Link Lessons in C...
2021-09-1045 minCISO Tradecraft®
CISO Tradecraft®#46 - Crisis Leadership with G Mark Hardy‘s 9/11 ExperienceHave you ever faced a crisis?  How well did you do?  You should always want to improve your skills in case another happens.  On the 20th anniversary of 9/11, G. Mark Hardy shares some of his experiences as the on-scene commander for the military first responders at the World Trade Center, and expands that into a set of skills and attributes that you can cultivate to become a more effective crisis response leader in your role as a cybersecurity professional.   References: 5 Leadership Skills Link How to Combat a Crisis Link Manage a Crisis Link Lessons in C...
2021-09-1045 minCISO Tradecraft®
CISO Tradecraft®#30 - Cloud Drift (with Yoni Leitersdorf)This episode is sponsored by Indeni.   On this episode of CISO Tradecraft, G Mark Hardy discusses with Yoni Leitersdorf (CEO and CISO of Indeni) the risks which can occur in a cloud environment after it has been provisioned. Essentially it's quite common for organizations to change their cloud environment from what was declared in a Terraform or Cloud Formation Script.  These unapproved cloud changes or Cloud Drift often create harmful misconfigurations and have the potential to create data loss events. The podcast discusses the pros and cons of two key approaches to solve the Cloud Dri...
2021-05-2142 minCISO Tradecraft®
CISO Tradecraft®#24 - Everything you wanted to know about RansomwareWould you like to know more about Ransomware?  On this episode of CISO Tradecraft, G Mark Hardy and Ross Young provide an in-depth discussion on Ransomware.  Key discussions include: What is ransomware? Why does it work? Ransomware Types (Client-Side, Server-Side, & Hybrid) How each of these enter a target environment Ransomware Incidents The Economics of Ransomware How is Ransomware Evolving? Why Ransomware continues to work :( Ethical Issues to consider before paying Ransomware Defenses Please subscribe to the CISO Tradecraft LinkedIn Group to get even more great content CISA Ransomware Guide Link
2021-04-0845 minCISO Tradecraft®
CISO Tradecraft®#23 - NSA’s Top 10 Cybersecurity Mitigation StrategiesIf there's one place that knows how Advanced Persistent Threat (APT) actors work, it's the National Security Agency (NSA).  On this episode of CISO Tradecraft G Mark Hardy and Ross Young discuss NSA's Top Ten Cybersecurity Mitigation Strategies and how to use them to secure your company. Since the mitigation strategies are ranked by effectiveness against known APT tactics, they can be used to set the priorities for organizations to minimize mission impact from cyber attacks. Update and Upgrade Software Immediately Defend Privileges and Accounts Enforce Signed Software Execution Policies Exercise a System Recovery Plan Actively M...
2021-04-0243 minCISO Tradecraft®
CISO Tradecraft®#22 - Modern Software Development PracticesWould you like to know the best practices in modern software development?  On this episode G Mark Hardy and Ross Young overview the 12 Factor App and its best practices: Codebase: One codebase tracked in revision control with many deploys. Dependencies: Explicitly declare and isolate dependencies. Config: Store configurations in the environment. Backing Services: Treat backing services as attached resources Build, Release, Run: Strictly separate build and run stages  Processes: Execute the app as one or more stateless processes. Port Binding: Export services are via port binding. Concurrency: Scale out via the process model. Disposability: Maximize robustness with fast st...
2021-03-2645 minCISO Tradecraft®
CISO Tradecraft®#20 - Zero TrustWould you actually like to learn about what Zero Trust is without a bunch of marketing jargon?  On this week's episode G Mark Hardy and Ross Young provide a thoughtful discussion on Zero Trust from NIST and Microsoft: Microsoft's Zero Trust Principles Verify Explicitly Use Least Privileged Access Assume Breach NIST 800-207 Seven Tenets of Zero Trust All data sources and computing services are considered resources All communication is secured regardless of network location Access to individual enterprise resources is granted on a per-session basis Access to resources is determined by dynamic policy The enterprise monitors and measures t...
2021-03-1245 minCISO Tradecraft®
CISO Tradecraft®#19 - Team BuildingEvery leader needs to know how to lead and manage a team.  On this episode G Mark Hardy and Ross Young share tradecraft on team building. Pitfalls to team building with becoming a hero Organizational Maturity Models (Levels 1-5) Tuckman Teaming Model (Forming, Storming, Norming, and Performing) Leadership Styles (Telling, Selling, Participating, & Delegating) Aligning your Team and Regaining former employees
2021-03-0544 minCISO Tradecraft®
CISO Tradecraft®#18 - Executive PresenceHaving the ability to inspire confidence is crucial to lead others and allows you the opportunity to gain access to executive roles.  On this episode G Mark Hardy and Ross Young discuss executive presence: What is it Why you need it How to get it We will discuss Gerry Valentine's 7 Key Steps to building Your executive presence: Have a vision, and articulate it well Understand how others experience you Build your communication skills Become an excellent listener Cultivate your network and build political savvy Learn to operate effectively under stress Make sure your appearance isn't a d...
2021-02-2648 minCISO Tradecraft®
CISO Tradecraft®#13 - Executive CompetenciesHave you ever wanted to become an executive, but didn’t know what skills to focus on?  On this episode of CISO Tradecraft, G Mark Hardy and Ross Young provide guidance from the Office of Personnel Management (Chief Human Resources Agency and personnel policy manager for the US government).  The podcast discusses the 6 Fundamental Competencies and the 5 Executive Core Qualifications required by all federal executives.   Fundamental Competencies: Interpersonal Skills Oral Communication Integrity/Honesty Written Communication Continual Learning Public Service Motivation Executive Core Qualifications Leading Change Leading People Results Driven Business Acumen Building Coali...
2021-01-2247 minCISO Tradecraft®
CISO Tradecraft®#12 - The Three Ways of DevOpsMaking things cheaper, faster, and better is the key to gaining competitive advantage. If you can gain a competitive advantage in cyber, then you will reduce risk to the business and protect key revenue streams. This episode discusses the three ways of DevOps and how you can use them to improve information security.  The three ways of DevOps consist of: The First Way: Principles of Flow The Second Way: Principles of Feedback The Third Way: Principles of Continuous Learning If you would like to learn more about the three ways of DevOps, G Mark Hardy and...
2021-01-1545 minCISO Tradecraft®
CISO Tradecraft®#8 - Crucial ConversationsCISOs often encounter situations where everyone has a different opinion, it's a high stakes decision, and emotions are running high.  These situations create crucial conversations opportunities where a CISO needs to be effective.  This podcast discusses how to turn disagreement into dialogue, surface any subject, and make it safe to discuss. Please listen as G Mark Hardy and Ross Young discuss the 8 step process from the book, "Crucial Conversations." Get Unstuck  Start With Heart Master My Stories State My Path Learn To Look Make IT Safe Explore Others' Path Move To Action We recommend you visit the fol...
2020-12-1856 minCISO Tradecraft®
CISO Tradecraft®#1 - What is a CISO?On this pilot episode you will get to meet the hosts of the show (G Mark Hardy & Ross Young) and learn a little bit about their backgrounds. Chapters 00:00 Introductions 04:47 What is a CISO? 07:24 Enable the Rock Climber to Take Risks 13:32 What do CISOs need to know? 18:07 Compliance is a C- 21:23 What functions and services do CISOs oversee? 25:48 The importance of a Purple Team 29:45 Is your Security Office a Red Team or a Blue Team? 34:50 Which organization in security is most likely to produce a CISO 39:11 The Hidden Key to Success is Communication Skills 41:17 CISO Key Capabilities...
2020-10-3050 min