CISO Tradecraft®

In this episode of CISO Tradecraft, host G Mark Hardy speaks with gamification pioneer Yu-Kai Chou about his new book, '10,000 Hours of Play: Unlock Your Real Life Legendary Success.' Explore key concepts such as aligning your passions, skills, and goals through six essential steps: choosing your game, knowing your attributes, selecting your role, enhancing your skills, building alliances, and achieving your quest. Discover how gamification can lead to personal and professional success. Tune in for an insightful conversation that could change the way you approach your career and life.   Yu-Kai Chou - https://www.linkedin.com/in/yukaichou/ Actionable Gamification Book - https://a.co/d/isv7K0W 10,000 Hours of Play Book - https://a.co/d/3L88jTs Transcripts: https://docs.google.com/document/d/1gPxWVeS8QYNsgGpXt3EDQy5zGcCYH7hL   Chapters  00:00 Introduction: The Power of Play 00:34 Meet Yu-Kai Chou: Gamification Pioneer 04:16 Understanding the Octalysis Framework 07:34 10,000 Hours of Play: A New Perspective 09:24 Choosing Your Game: Discovering Your Life's Mission 16:49 Knowing Your Attributes: Identifying Your Strengths 22:14 Selecting Your Role: Layers of Your Role Sphere 23:12 Aspiration and Identity: Defining Who You Want to Be 24:46 Occupation and Specialization: Aligning Your Roles 26:48 The Importance of Direction and Continuous Growth 28:05 The Concept of Ikigai and Skill Enhancement 30:38 Creating a Skill Triangle and Role Models 31:39 Gamification in Cybersecurity and Beyond 32:50 The Role of Determination and Passion 37:50 Building Alliances for Success 41:27 Recap and Final Thoughts

In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity. Nathan Case - https://www.linkedin.com/in/nathancase/   Chapters 00:00 Introduction to the Israel-Iran Conflict 00:52 Meet the Expert: Nate Case 01:51 Cyber Warfare Insights from Russia-Ukraine Conflict 03:36 The Impact of Cyber on Critical Infrastructure 08:00 Ethics and Rules of Cyber Warfare 15:01 Iran's Cyber Capabilities and Strategies 16:56 Historical Context and Modern Cyber Threats 23:28 Foreign Cyber Threats: The Iranian Example 24:06 Israel's Cyber Capabilities 25:39 The Role of Cyber Command 26:23 Challenges in Cyber Defense 27:11 The Complexity of Cyber Warfare 32:21 Ransomware and Attribution Issues 36:13 Defensive Cyber Operations 39:39 Final Thoughts and Recommendations

Join G Mark Hardy and Carson Zimmerman, the author of '11 Strategies of a World-Class Cybersecurity Operations Center,' in this insightful episode of CISO Tradecraft. Carson shares his career journey, the evolution from the 10 to 11 strategies, and delves into the future needs of Security Operations Centers (SOCs). They discuss critical topics such as the importance of continuous improvement, AI's impact on SOCs, and the value of embracing neurodiversity in cybersecurity teams. Whether you're a seasoned cybersecurity leader or an aspiring professional, get actionable advice on how to enhance and revolutionize your SOC operations. 11 Strategies of a World Class Cybersecurity Operations Center https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf 14 Questions are all you need - https://www.first.org/resources/papers/conf2024/1445-14-Questions-Carson-Zimmerman.pdf Transcripts - https://docs.google.com/document/d/1WVJi9WkxOG7yedQYWSooiqRFjBERd9kV Chapters  00:00 Introduction and Guest Welcome 00:53 Background and Book Discussion 03:33 SOC Challenges and Stagnation 06:10 Managing SOC Alerts and Burnout 09:26 SOC Evolution and Neurodiversity 23:50 Career Progression in Cybersecurity 30:28 Impact of AI on SOC Operations 40:07 Final Thoughts and Conclusion

Matt Hillary, CISO of Drata and expert in trust management, dives into the evolution of Governance, Risk, and Compliance (GRC). He discusses using AI to tackle compliance challenges and streamline processes. Hillary emphasizes the importance of customization in GRC programs and warns against common pitfalls. He also addresses the mental health challenges GRC professionals face and highlights the need for self-care. Listeners will gain valuable insights into building effective compliance strategies that positively impact business outcomes.

Join G Mark Hardy at THOTCON in Chicago for an insightful podcast episode on building a successful cybersecurity career. Featuring guest Ryan Gooler, they discuss the non-linear paths to success, the value of mentorship, financial planning, and the importance of continuous learning and adapting. Learn how to navigate career transitions, embrace risks, and find joy in teaching and learning from others in the cybersecurity community. Transcripts: https://docs.google.com/document/d/1nsd61mkIWbmIL1qube0-cdqINsDujAVH    Chapters 00:00 Welcome to THOTCON: Meeting Amazing People 00:26 Introducing Ryan Gooler: A Journey into Cybersecurity 04:09 The Value of Mentorship in Cybersecurity 06:22 Career Management and Setting Goals 09:33 Financial Planning for Cybersecurity Professionals 16:40 Automating Finances and Smart Spending 21:25 Financial Sophistication and Mutual Funds 22:07 Automating Life Tasks 22:41 The Concept of a Finishing Stamp 24:17 Leadership and Delegation in the Navy 26:06 Building and Maintaining Culture 27:21 Surviving Toxic Environments 29:55 Taking Risks and Finding Joy 34:34 Advice for Cybersecurity Careers 39:01 The Importance of Teaching and Learning 40:29 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy delves into the emerging concept of Model Context Protocol (MCP) and its significance in AI and enterprise security. Launched by Anthropic in November 2024, MCP is designed to standardize how AI systems interact with external data sources and applications. Hardy explores how MCP differs from traditional APIs, its implications for security, and the steps organizations need to take to prepare for its adoption. Key topics include the stateful nature of MCP, security risks such as prompt injection and tool poisoning, and the importance of developing a robust governance framework. By the end of the episode, listeners will have a comprehensive understanding of MCP and practical recommendations for safeguarding their AI-driven workflows. Transcripts https://docs.google.com/document/d/1vyfFJgTbsH73CcQhtBBkOfDoTrJYqzl_   References Model Context Protocol specification and security best practices, https://modelcontextprotocol.io  ⁠  Security risks of MCP, https://pillar.security  ⁠ ⁠ MCP security considerations, https://writer.com   Chapters 00:00 Introduction to Model Context Protocol (MCP) 00:27 Understanding MCP and Its Importance 01:41 How MCP Works and Its Security Implications 04:23 Comparing MCP to Traditional APIs 08:41 MCP Architecture and Security Benefits 12:07 Top Security Risks of MCP 18:00 Implementing Security Controls for MCP 25:00 Governance Framework for MCP 28:03 Future Trends and Strategic Recommendations 30:34 Conclusion and Next Steps

Web 3.0 Explained: Business Cases, Security, and Future Prospects | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Aaron Markell to discuss the intricacies of Web 3.0. They explore the evolution from Web 1.0 and Web 2.0 to the decentralized structure of Web 3.0, describing its application in various industries like finance, healthcare, and supply chain. The conversation dives into blockchain technology, the role of tokens, smart contracts, and consensus mechanisms like proof of work and proof of stake. They also touch on potential future developments involving AI in Web 3.0, offering valuable insights for business leaders and cybersecurity professionals looking to understand and leverage this emerging technology.    Chapters 00:00 Introduction to Web 3.0 00:31 Meet the Expert: Aaron Markell 01:39 Aaron's Journey into Web 3.0 03:51 Understanding Web 1.0, 2.0, and 3.0 04:36 Decentralization and Blockchain Basics 05:51 The SETI Project and Distributed Workloads 08:09 Proof of Work and Blockchain Security 17:22 Smart Contracts Explained 20:10 Proof of Stake vs. Proof of Work 23:51 The Role of Tokens in Web 3.0 24:22 Understanding Microtransactions and Ownership 25:05 What is an NFT? 26:40 The Rise and Fall of NFTs 28:36 Web 3.0 and Its Impact on Industries 30:10 Blockchain in Finance and Commerce 30:55 Private Blockchains and Government Transparency 34:09 Blockchain in Legal and Healthcare Sectors 36:59 Supply Chain Transformation with Web 3.0 39:59 The Future of Web 3.0 and AI Integration 41:03 Final Thoughts and Security Tips

Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI

Join G Mark Hardy in this eye-opening episode of CISO Tradecraft as he shares a personal story about his dog Shelby's near-fatal experience and the costly lesson it taught him about technical debt. Discover how small overlooked issues in cybersecurity can compound and lead to significant risks and learn actionable steps to tackle technical debt before it turns into a crisis. Pictures of Dog https://drive.google.com/file/d/1nBc9e3bBJVW0BQt5inGryhP3ahBz4XsQ/view?usp=drive_link  https://drive.google.com/file/d/12V_DuwhgNBKgxJL0yqNq9Fopa4dauJfd/view?usp=drive_link Transcripts https://docs.google.com/document/d/1-_X_9RQrurOLKRvbXyMjgbygESsabcCK  Chapters 00:21 Welcome to CISO Tradecraft 00:36 RSAC 2025 Conference Experience 01:22 Shelby's Health Scare 02:08 Understanding Technical Debt 02:41 The Consequences of Technical Debt 04:09 Shelby's Story as a Technical Debt Analogy 09:28 Lessons Learned from Shelby's Story 13:09 Conclusion and Call to Action

In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune in to learn how to avoid becoming the 'department of no' and start being the 'department of know.' Transcripts https://docs.google.com/document/d/1CT9HXdDmKojuXzWTbNYUE4Kgp_D64GyB Knostic's Website - https://www.knostic.ai/solution-brief-request  Chapters 00:00 Introduction to Microsoft Copilot Risks 00:32 Meet the Guest: Sounil Yu 02:51 Understanding Microsoft 365 Copilot 06:09 The DIKW Pyramid and Knowledge Management 08:34 Challenges of Data Permissions and Oversharing 19:01 Need to Know: A New Approach to Access Control 35:10 Measuring and Mitigating Risks with Copilot 39:46 Conclusion and Next Steps