CISO Tradecraft®

Yuriy Tsibere, a seasoned product manager at ThreatLocker with deep expertise in IT and security, dives into the critical issue of Defense Against Configurations (DAC). He explains how misconfigurations can create vulnerabilities and shares insights into ThreatLocker's DAC tool that helps organizations mitigate these risks. Topics include the impact of proper endpoint configurations, integration with Zero Trust principles, and compliance with security frameworks. Yuriy emphasizes the importance of continuous monitoring and suggests actionable steps for enhancing cybersecurity posture.

Brian Carbaugh, a former CIA operations officer with 25 years of service, and William MacMillan, a former Air Force pilot and CIA cyber leader, delve into AI's transformative impact on Security Operations Centers (SOCs). They discuss how AI dramatically reduces alert fatigue and enhances threat detection by condensing investigative hours into mere seconds. The duo shares insights on the benefits of human AI SOCs over traditional SIEMs, emphasizing open interoperability and the importance of contextual data in strengthening security measures.

In this captivating episode of CISO Tradecraft, hosted by G. Mark Hardy, we delve into the incredible life journey of Jeri Ellsworth—a renowned inventor and tech entrepreneur. From her early fascination with electronics in rural Oregon to her innovative ventures in Silicon Valley, Jeri shares her unique experiences and hard-earned wisdom. Discover the highs and lows of her career, including her time at Valve Software, navigating significant security breaches, and her foray into the world of crowdfunding and startups. This episode is packed with invaluable lessons for CISOs, cybersecurity professionals, and aspiring entrepreneurs alike. Tune in now and get inspired by Jeri's story of resilience, innovation, and leadership. Jerri Ellsworth - https://www.linkedin.com/in/jeriellsworth/

Ross Young, an experienced cybersecurity leader and former CIA operator, shares his insights on effective vulnerability management. He reveals a shocking 300-day patching backlog he encountered, emphasizing the growing threat of vulnerabilities exacerbated by AI. Ross proposes a comprehensive framework that combines people, processes, and tools to foster accountability and efficiency in patching. He discusses how integrating AI can drastically reduce remediation times, ensuring organizations can swiftly adapt to emerging threats.

In this discussion, cybersecurity expert and author Ross Young shares insights on maximizing security budgets and improving processes for CISOs. He explains the OWASP Threat and Safeguard Matrix and its importance in prioritizing defenses against key threats like phishing and identity attacks. Ross also provides strategies for negotiating master service agreements and optimizing security practices with tools like murder boards. The conversation further explores applying AI-related risk assessments and enhancing leadership approaches for new CISOs.

Ross Young, a 20-year cybersecurity veteran with experience at the CIA and Capital One, shares his expertise on optimizing security budgets. He emphasizes that throwing money at tools can dilute effectiveness and stresses prioritizing risk reduction over compliance. Ross advocates for zero-based budgeting and highlights the importance of calculating total cost of ownership. He also critiques traditional cyber risk quantification methods and stresses the need to present budget requests in financial terms that showcase ROI. His insights promise to transform how CISOs approach their spending.

Welcome to another insightful episode of CISO Tradecraft! In this episode, host G Mark Hardy engages with Aimee Cardwell, an accomplished cybersecurity expert with an impressive portfolio including UnitedHealth Group, AMEX, eBay, and more. Tune in as they dive deep into the increasing concerns of privacy, the evolving role of AI in cybersecurity, and the importance of data governance. Learn practical strategies for managing the complexities of AI and privacy, explore the intersections between cybersecurity and privacy, and get invaluable tips for aspiring CISOs. Don't miss this episode packed with expert advice and forward-thinking perspectives!Aimee Cardwell's Linkedin - https://www.linkedin.com/in/acardwell/

Dive into an exciting discussion on CISO Tradecraft as host G Mark Hardy engages with DARPA's AI Cyber Challenge director, Andrew Carney. Learn about the world of autonomous systems capable of identifying and fixing vulnerabilities at an unprecedented speed and scale. Discover the highs and lows of AIxCC's two-year journey, its groundbreaking impact on cybersecurity, and the potential it holds for the future. Whether you're a seasoned CISO or just passionate about cybersecurity, this episode is packed with insights on leveraging AI to protect critical infrastructure and defend against cyber threats. Don't miss it! https://aicyberchallenge.com/

In this engaging discussion, Neal Foard, a seasoned advertising and storytelling expert, shares his insights on the art of storytelling for cybersecurity leaders. He emphasizes that emotions drive decision-making and highlights the importance of elevating others in narratives. Neal explains how to frame security successes for executives and advocates for hopeful, people-first messaging to build trust. With practical tips on continual improvement and finding stories everywhere, he shows how effective storytelling can amplify a professional's influence and career impact.

Ronan Murphy, Chief Strategy Officer at Forcepoint and a veteran in cybersecurity, shares invaluable insights on data protection in the AI era. He emphasizes the need for CISOs to transition from legacy tools to a strategic approach that focuses on AI-driven security. The discussion unveils common pitfalls CISOs face, the importance of real-time monitoring, and the relevance of granular taxonomies for effective data governance. They also dive into shadow AI risks and the evolving role of data strategists in enhancing organizational security.