
CISO Tradecraft®
Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership.
© Copyright 2025, National Security Corporation. All Rights Reserved
Latest episodes

Jun 30, 2025 • 45min
#239 - Actionable Gamification and Lasting Success (with Yu Kai Chou)
In this episode of CISO Tradecraft, host G Mark Hardy speaks with gamification pioneer Yu-Kai Chou about his new book, '10,000 Hours of Play: Unlock Your Real Life Legendary Success.' Explore key concepts such as aligning your passions, skills, and goals through six essential steps: choosing your game, knowing your attributes, selecting your role, enhancing your skills, building alliances, and achieving your quest. Discover how gamification can lead to personal and professional success. Tune in for an insightful conversation that could change the way you approach your career and life.
Yu-Kai Chou - https://www.linkedin.com/in/yukaichou/
Actionable Gamification Book - https://a.co/d/isv7K0W
10,000 Hours of Play Book - https://a.co/d/3L88jTs
Transcripts: https://docs.google.com/document/d/1gPxWVeS8QYNsgGpXt3EDQy5zGcCYH7hL
Chapters
00:00 Introduction: The Power of Play
00:34 Meet Yu-Kai Chou: Gamification Pioneer
04:16 Understanding the Octalysis Framework
07:34 10,000 Hours of Play: A New Perspective
09:24 Choosing Your Game: Discovering Your Life's Mission
16:49 Knowing Your Attributes: Identifying Your Strengths
22:14 Selecting Your Role: Layers of Your Role Sphere
23:12 Aspiration and Identity: Defining Who You Want to Be
24:46 Occupation and Specialization: Aligning Your Roles
26:48 The Importance of Direction and Continuous Growth
28:05 The Concept of Ikigai and Skill Enhancement
30:38 Creating a Skill Triangle and Role Models
31:39 Gamification in Cybersecurity and Beyond
32:50 The Role of Determination and Passion
37:50 Building Alliances for Success
41:27 Recap and Final Thoughts

Jun 23, 2025 • 45min
#238 - The Impact of the Israel Iran Conflict (with Nathan Case)
In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity.
Nathan Case - https://www.linkedin.com/in/nathancase/
Chapters
00:00 Introduction to the Israel-Iran Conflict
00:52 Meet the Expert: Nate Case
01:51 Cyber Warfare Insights from Russia-Ukraine Conflict
03:36 The Impact of Cyber on Critical Infrastructure
08:00 Ethics and Rules of Cyber Warfare
15:01 Iran's Cyber Capabilities and Strategies
16:56 Historical Context and Modern Cyber Threats
23:28 Foreign Cyber Threats: The Iranian Example
24:06 Israel's Cyber Capabilities
25:39 The Role of Cyber Command
26:23 Challenges in Cyber Defense
27:11 The Complexity of Cyber Warfare
32:21 Ransomware and Attribution Issues
36:13 Defensive Cyber Operations
39:39 Final Thoughts and Recommendations

Jun 16, 2025 • 42min
#237 - Build a World Class SOC (with Carson Zimmerman)
Join G Mark Hardy and Carson Zimmerman, the author of '11 Strategies of a World-Class Cybersecurity Operations Center,' in this insightful episode of CISO Tradecraft. Carson shares his career journey, the evolution from the 10 to 11 strategies, and delves into the future needs of Security Operations Centers (SOCs). They discuss critical topics such as the importance of continuous improvement, AI's impact on SOCs, and the value of embracing neurodiversity in cybersecurity teams. Whether you're a seasoned cybersecurity leader or an aspiring professional, get actionable advice on how to enhance and revolutionize your SOC operations.
11 Strategies of a World Class Cybersecurity Operations Center https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf
14 Questions are all you need - https://www.first.org/resources/papers/conf2024/1445-14-Questions-Carson-Zimmerman.pdf
Transcripts - https://docs.google.com/document/d/1WVJi9WkxOG7yedQYWSooiqRFjBERd9kV
Chapters
00:00 Introduction and Guest Welcome
00:53 Background and Book Discussion
03:33 SOC Challenges and Stagnation
06:10 Managing SOC Alerts and Burnout
09:26 SOC Evolution and Neurodiversity
23:50 Career Progression in Cybersecurity
30:28 Impact of AI on SOC Operations
40:07 Final Thoughts and Conclusion

8 snips
Jun 9, 2025 • 47min
#236 - Build a World Class GRC Program (with Matt Hillary)
Matt Hillary, CISO of Drata and expert in trust management, dives into the evolution of Governance, Risk, and Compliance (GRC). He discusses using AI to tackle compliance challenges and streamline processes. Hillary emphasizes the importance of customization in GRC programs and warns against common pitfalls. He also addresses the mental health challenges GRC professionals face and highlights the need for self-care. Listeners will gain valuable insights into building effective compliance strategies that positively impact business outcomes.

Jun 2, 2025 • 41min
#235 - Grey is the New Black (with Ryan Gooler)
Join G Mark Hardy at THOTCON in Chicago for an insightful podcast episode on building a successful cybersecurity career. Featuring guest Ryan Gooler, they discuss the non-linear paths to success, the value of mentorship, financial planning, and the importance of continuous learning and adapting. Learn how to navigate career transitions, embrace risks, and find joy in teaching and learning from others in the cybersecurity community.
Transcripts: https://docs.google.com/document/d/1nsd61mkIWbmIL1qube0-cdqINsDujAVH
Chapters
00:00 Welcome to THOTCON: Meeting Amazing People
00:26 Introducing Ryan Gooler: A Journey into Cybersecurity
04:09 The Value of Mentorship in Cybersecurity
06:22 Career Management and Setting Goals
09:33 Financial Planning for Cybersecurity Professionals
16:40 Automating Finances and Smart Spending
21:25 Financial Sophistication and Mutual Funds
22:07 Automating Life Tasks
22:41 The Concept of a Finishing Stamp
24:17 Leadership and Delegation in the Navy
26:06 Building and Maintaining Culture
27:21 Surviving Toxic Environments
29:55 Taking Risks and Finding Joy
34:34 Advice for Cybersecurity Careers
39:01 The Importance of Teaching and Learning
40:29 Conclusion and Farewell

May 26, 2025 • 33min
#234 - Model Context Protocol (MCP)
In this episode of CISO Tradecraft, host G Mark Hardy delves into the emerging concept of Model Context Protocol (MCP) and its significance in AI and enterprise security. Launched by Anthropic in November 2024, MCP is designed to standardize how AI systems interact with external data sources and applications. Hardy explores how MCP differs from traditional APIs, its implications for security, and the steps organizations need to take to prepare for its adoption. Key topics include the stateful nature of MCP, security risks such as prompt injection and tool poisoning, and the importance of developing a robust governance framework. By the end of the episode, listeners will have a comprehensive understanding of MCP and practical recommendations for safeguarding their AI-driven workflows.
Transcripts https://docs.google.com/document/d/1vyfFJgTbsH73CcQhtBBkOfDoTrJYqzl_
References
Model Context Protocol specification and security best practices, https://modelcontextprotocol.io
Security risks of MCP, https://pillar.security
MCP security considerations, https://writer.com
Chapters
00:00 Introduction to Model Context Protocol (MCP)
00:27 Understanding MCP and Its Importance
01:41 How MCP Works and Its Security Implications
04:23 Comparing MCP to Traditional APIs
08:41 MCP Architecture and Security Benefits
12:07 Top Security Risks of MCP
18:00 Implementing Security Controls for MCP
25:00 Governance Framework for MCP
28:03 Future Trends and Strategic Recommendations
30:34 Conclusion and Next Steps

May 19, 2025 • 45min
#233 - Web 3.0 Explained (with Aaron Markell)
Web 3.0 Explained: Business Cases, Security, and Future Prospects | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Aaron Markell to discuss the intricacies of Web 3.0. They explore the evolution from Web 1.0 and Web 2.0 to the decentralized structure of Web 3.0, describing its application in various industries like finance, healthcare, and supply chain. The conversation dives into blockchain technology, the role of tokens, smart contracts, and consensus mechanisms like proof of work and proof of stake. They also touch on potential future developments involving AI in Web 3.0, offering valuable insights for business leaders and cybersecurity professionals looking to understand and leverage this emerging technology.
Chapters
00:00 Introduction to Web 3.0
00:31 Meet the Expert: Aaron Markell
01:39 Aaron's Journey into Web 3.0
03:51 Understanding Web 1.0, 2.0, and 3.0
04:36 Decentralization and Blockchain Basics
05:51 The SETI Project and Distributed Workloads
08:09 Proof of Work and Blockchain Security
17:22 Smart Contracts Explained
20:10 Proof of Stake vs. Proof of Work
23:51 The Role of Tokens in Web 3.0
24:22 Understanding Microtransactions and Ownership
25:05 What is an NFT?
26:40 The Rise and Fall of NFTs
28:36 Web 3.0 and Its Impact on Industries
30:10 Blockchain in Finance and Commerce
30:55 Private Blockchains and Government Transparency
34:09 Blockchain in Legal and Healthcare Sectors
36:59 Supply Chain Transformation with Web 3.0
39:59 The Future of Web 3.0 and AI Integration
41:03 Final Thoughts and Security Tips

10 snips
May 12, 2025 • 26min
#232 - Inside The 2025 Verizon Data Breach Investigations Report
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports.
Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/
Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz
Chapters
00:35 Verizon Data Breach Investigations Report (DBIR) Introduction
01:16 Accessing the DBIR Report
02:38 Key Takeaways from the DBIR
03:15 Third-Party Breaches
04:32 Ransomware Insights
08:08 Exploitation of Vulnerabilities
09:39 Credential Abuse
12:25 Espionage Attacks
14:04 System Intrusions in APAC
15:04 Business Email Compromise (BEC)
18:07 Human Risk and Security Awareness
19:19 Industry-Specific Trends
20:06 Multi-Layered Defense Strategy
21:08 Data Leakage to Gen AI

May 5, 2025 • 14min
#231 - Tackle Your Technical Debt
Join G Mark Hardy in this eye-opening episode of CISO Tradecraft as he shares a personal story about his dog Shelby's near-fatal experience and the costly lesson it taught him about technical debt. Discover how small overlooked issues in cybersecurity can compound and lead to significant risks and learn actionable steps to tackle technical debt before it turns into a crisis.
Pictures of Dog https://drive.google.com/file/d/1nBc9e3bBJVW0BQt5inGryhP3ahBz4XsQ/view?usp=drive_link https://drive.google.com/file/d/12V_DuwhgNBKgxJL0yqNq9Fopa4dauJfd/view?usp=drive_link
Transcripts https://docs.google.com/document/d/1-_X_9RQrurOLKRvbXyMjgbygESsabcCK
Chapters
00:21 Welcome to CISO Tradecraft
00:36 RSAC 2025 Conference Experience
01:22 Shelby's Health Scare
02:08 Understanding Technical Debt
02:41 The Consequences of Technical Debt
04:09 Shelby's Story as a Technical Debt Analogy
09:28 Lessons Learned from Shelby's Story
13:09 Conclusion and Call to Action

Apr 28, 2025 • 45min
#230 - How To Make Your AI Less Chatty (with Sounil Yu)
In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune in to learn how to avoid becoming the 'department of no' and start being the 'department of know.'
Transcripts https://docs.google.com/document/d/1CT9HXdDmKojuXzWTbNYUE4Kgp_D64GyB
Knostic's Website - https://www.knostic.ai/solution-brief-request
Chapters
00:00 Introduction to Microsoft Copilot Risks
00:32 Meet the Guest: Sounil Yu
02:51 Understanding Microsoft 365 Copilot
06:09 The DIKW Pyramid and Knowledge Management
08:34 Challenges of Data Permissions and Oversharing
19:01 Need to Know: A New Approach to Access Control
35:10 Measuring and Mitigating Risks with Copilot
39:46 Conclusion and Next Steps