CISO Tradecraft®

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field. Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf  GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response  Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc Chapters 00:00 Introduction to AI and Cryptocurrencies 00:27 Welcome to CISO Tradecraft 00:55 Guest Introduction: Tomas Roccia 01:06 Tomas Roccia's Background and Career 02:51 AI in Cybersecurity: Defensive Approaches 03:19 The Democratization of AI: Risks and Opportunities 06:09 AI Tools for Cyber Defense 08:09 Challenges and Limitations of AI in Cybersecurity 09:20 Microsoft's AI Tools for Defenders 12:13 Open Source AI Security: Project Nova 18:37 Community Contributions and Open Source Projects 19:30 Case Study: Babit Crypto Hack 22:12 Money Laundering Techniques in Cryptocurrency 23:01 AI in Tracking Cryptocurrency Transactions 26:09 Sophisticated Attacks and Money Laundering 33:50 Future of AI and Cryptocurrency 38:17 Final Thoughts and Advice for Security Executives 41:28 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve. Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/ ThreatLocker - https://www.threatlocker.com/  Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b  Chapters 00:00 Introduction and Welcome 00:27 Meet Danny Jenkins, CEO of Threat Locker 01:12 The Philosophy Behind Threat Locker 02:52 Customer-Centric Culture at Threat Locker 04:32 Technical Leadership and Personal Insights 08:55 Leadership Advice for Aspiring CISOs 11:22 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy engages in an insightful conversation with Dave Lewis, Global Advisory CISO from 1Password, about AI governance and its importance in cybersecurity. They discuss AI policy and its implications, the evolving nature of AI and cybersecurity, and the critical need for governance frameworks to manage AI safely and securely. The discussion delves into the visibility challenges, shadow AI, the role of credentials, and the importance of maintaining fundamental security practices amidst rapid technological advancements. They also touch on the potential risks associated with AI, the misconceptions about its impact on jobs, and the need for a balanced approach to leveraging AI in a beneficial manner while safeguarding against its threats. This episode provides valuable guidance for cybersecurity professionals and organizations navigating the complexities of AI governance. Chapters 00:00 Introduction to AI Governance 00:30 Guest Introduction: Dave Lewis 00:49 The Importance of AI Governance 01:42 Challenges in AI Implementation 03:20 AI in the Modern Enterprise 03:49 Shadow AI and Security Concerns 04:49 AI's Impact on Jobs and Industry 05:27 The Gartner Hype Cycle and AI 05:43 AI's Influence on the Stock Market 06:14 Historical Context of AI 06:32 AI and Credential Security 08:29 The Role of Governance in AI 12:47 The Future of AI and Security 18:36 Governance and Policy Recommendations 19:26 AI Governance and Ethical Concerns 20:01 AI Self-Preservation and Human Safety 20:18 Uncontrollable AI Applications 21:17 Vectors of AI Trouble 21:58 AI Hallucinations and Data Security 22:53 AI Vulnerabilities and Exploits 26:29 Deepfakes and AI Misuse 27:33 Historical Cybersecurity Incidents 29:04 Future of AI and Job Security 33:47 Managing AI Identities and Credentials 34:21 Conclusion and Final Thoughts

Tim Brown, CISO of SolarWinds, shares his firsthand experience dealing with the infamous SolarWinds breach, diving into the role of the Russian SVR and the complexities of supply chain security. He discusses the crucial lessons learned regarding organizational communication and the accountability of CISOs in today’s evolving regulatory landscape. Listeners gain insights into the legal challenges faced post-breach, including SEC implications, as well as the immense personal and professional impact such incidents have on cybersecurity leaders.

Casey Marquette, a cybersecurity expert and COO, shares his dynamic journey from law enforcement to leading in the cybersecurity domain. He discusses crucial recruitment strategies for building effective teams, emphasizing the importance of attitude over skill. Casey highlights mentorship and networking as key factors for career growth and addresses innovative AI tools like Scout to streamline hiring. He also explores the challenges of remote hiring, insider threats, and the significance of maintaining high standards in candidate selection.

In this enlightening conversation, Christophe Foulon, a seasoned cybersecurity professional and podcast host, shares his journey from the help desk to becoming an expert in the field. He discusses the allure and challenges of the CISO role, emphasizing the importance of mentorship and aligning team strengths. Christophe offers insights into transitioning to virtual CISO positions and navigating career paths in cybersecurity. He highlights the need for inclusive recruitment and the vital role of cyber insurance in mitigating risks.

Dive into the vibrant world of Hacker Summer Camp, a must-attend series of cybersecurity events. Discover the rich history of DEF CON, and how Black Hat evolved from its hacker roots to a corporate staple. Learn about the grassroots nature of B-Sides, where overlooked voices shine. Get practical tips for first-timers, from planning your visit to networking effectively. Personal anecdotes and insights highlight the significance of these gatherings in fostering innovation and community in cybersecurity.

In this episode of CISO Tradecraft, co-host G Mark Hardy and guest Ross Young explore the concept of having a personal board of directors. Learn how to leverage mentors, coaches, and role models to gain diverse perspectives and valuable advice for your professional growth as a cybersecurity leader. Discover the importance of building authentic relationships and seeking advice from experienced individuals, and understand how to make informed career decisions. Tune in to hear practical tips on creating and maintaining your own board of directors, and how it can elevate your career in cybersecurity. Helpful Reading https://pe.gatech.edu/blog/working-learning/personal-board-of-directors https://career.uga.edu/uploads/documents/hireuga/PersonalBoardOfDirectors-worksheet24.pdf   Transcripts: https://docs.google.com/document/d/1qhx38KERHAc1T0qoE6mphUODeOt2xWC4 Chapters  00:00 Introduction to Personal Board of Directors 00:27 Welcome to CISO Tradecraft 01:25 Understanding the Concept of a Personal Board of Directors 03:51 The Role of Mentorship and Feedback 04:38 Building Effective Mentor-Mentee Relationships 06:53 The Importance of Sponsorship 07:57 Navigating Career Paths and Organizational Culture 09:28 Recruiting Your Personal Board of Directors 15:34 Making the Most of Mentorship 22:17 Advice and Board of Directors 22:46 The Power of a Mastermind 23:52 Identifying Key Roles for Your Board 26:27 Time Commitment and Mentor Relationships 27:22 Grave Diggers and Organizational Insights 28:26 Categories of Board Members 29:54 Leveraging Admins and Chiefs of Staff 31:55 Building Trust and Influence 35:09 Discernment in Taking Advice 41:23 Career Opportunities and Emerging Technologies 42:57 Summary and Final Thoughts

Join G Mark Hardy in this special episode of CISO Tradecraft as he interviews Ross Young, the creator of the OWASP Threat and Safeguard Matrix (TaSM). Ross shares his extensive cybersecurity background and discusses the development and utility of the TaSM, including its applications in threat modeling and risk management. Additionally, Ross introduces his upcoming book, 'Cybersecurity's Dirty Secret: How Most Budgets Are Wasted,' and provides insights on maximizing cybersecurity budgets. Don't miss this episode for essential knowledge on enhancing your cybersecurity leadership and strategies.   OWASP Threat and Safeguard Matrix - https://owasp.org/www-project-threat-and-safeguard-matrix/ Transcripts - https://docs.google.com/document/d/1anGewI3XccGnXoV3oE2h7BfelY5QxiSL/   Chapters 00:00 Introduction to the Threat and Safeguard Matrix 00:30 Meet Ross Young: Cybersecurity Expert 01:08 Ross Young's Career Journey 01:59 The Upcoming Book: Cybersecurity's Dirty Secret 03:04 Introduction to the Threat and Safeguard Matrix (TaSM) 03:48 Understanding the TaSM Framework 07:10 Applying the TaSM to Real-World Scenarios 19:32 Using TaSM for Threat Modeling and Risk Committees 21:58 Extending TaSM Beyond Cybersecurity 23:52 AI Risks and the TaSM 24:43 Conclusion and Final Thoughts

Join us for an engaging episode of CISO Tradecraft, hosted by G Mark Hardy, featuring cybersecurity veteran Ira Winkler. In this episode, we dive deep into cybersecurity careers, discuss the unique CruiseCon cybersecurity event, and explore the evolution of information security. Hear firsthand accounts of career journey highlights, networking strategies, and the importance of democratizing top-tier content. Learn about the impacts of AI in cybersecurity, data poisoning, and upcoming cybersecurity conferences. Whether you're a seasoned professional or just starting your journey, this episode is packed with invaluable insights and advice.   https://cruisecon.com/ Don't forget to the the following code for 10% off "CISOTRADECRAFT10"   Transcripts: https://docs.google.com/document/d/1-H1CShsyirr4ZL9d1WCx6IMA_ngjWoEN   Chapters 00:00 Introduction to CISO Tradecraft 01:34 Meet Ira Winkler: Cybersecurity Veteran 02:50 The Concept of CruiseCon 05:58 Challenges in Cybersecurity Events 08:03 Building a Cybersecurity Community 13:45 Mentorship and Networking in Cybersecurity 21:52 The Importance of Relevant Mentorship 24:40 The Importance of Programmatic Principles 25:19 Finding the Right Mentor for Your Career Path 26:38 Adapting to a Shifting Career Landscape 27:05 Understanding AI Fundamentals 29:12 The Role of Data in AI 30:57 Agentic AI and Its Applications 32:48 Challenges and Risks in AI 41:33 Upcoming Events and Keynote Speakers 43:35 Leadership Lessons from Ground Zero 46:39 Future Cruise Con Events 47:44 Conclusion and Farewell