CISO Tradecraft®

Casey Marquette, a cybersecurity expert and COO, shares his dynamic journey from law enforcement to leading in the cybersecurity domain. He discusses crucial recruitment strategies for building effective teams, emphasizing the importance of attitude over skill. Casey highlights mentorship and networking as key factors for career growth and addresses innovative AI tools like Scout to streamline hiring. He also explores the challenges of remote hiring, insider threats, and the significance of maintaining high standards in candidate selection.

In this enlightening conversation, Christophe Foulon, a seasoned cybersecurity professional and podcast host, shares his journey from the help desk to becoming an expert in the field. He discusses the allure and challenges of the CISO role, emphasizing the importance of mentorship and aligning team strengths. Christophe offers insights into transitioning to virtual CISO positions and navigating career paths in cybersecurity. He highlights the need for inclusive recruitment and the vital role of cyber insurance in mitigating risks.

Dive into the vibrant world of Hacker Summer Camp, a must-attend series of cybersecurity events. Discover the rich history of DEF CON, and how Black Hat evolved from its hacker roots to a corporate staple. Learn about the grassroots nature of B-Sides, where overlooked voices shine. Get practical tips for first-timers, from planning your visit to networking effectively. Personal anecdotes and insights highlight the significance of these gatherings in fostering innovation and community in cybersecurity.

In this episode of CISO Tradecraft, co-host G Mark Hardy and guest Ross Young explore the concept of having a personal board of directors. Learn how to leverage mentors, coaches, and role models to gain diverse perspectives and valuable advice for your professional growth as a cybersecurity leader. Discover the importance of building authentic relationships and seeking advice from experienced individuals, and understand how to make informed career decisions. Tune in to hear practical tips on creating and maintaining your own board of directors, and how it can elevate your career in cybersecurity. Helpful Reading https://pe.gatech.edu/blog/working-learning/personal-board-of-directors https://career.uga.edu/uploads/documents/hireuga/PersonalBoardOfDirectors-worksheet24.pdf   Transcripts: https://docs.google.com/document/d/1qhx38KERHAc1T0qoE6mphUODeOt2xWC4 Chapters  00:00 Introduction to Personal Board of Directors 00:27 Welcome to CISO Tradecraft 01:25 Understanding the Concept of a Personal Board of Directors 03:51 The Role of Mentorship and Feedback 04:38 Building Effective Mentor-Mentee Relationships 06:53 The Importance of Sponsorship 07:57 Navigating Career Paths and Organizational Culture 09:28 Recruiting Your Personal Board of Directors 15:34 Making the Most of Mentorship 22:17 Advice and Board of Directors 22:46 The Power of a Mastermind 23:52 Identifying Key Roles for Your Board 26:27 Time Commitment and Mentor Relationships 27:22 Grave Diggers and Organizational Insights 28:26 Categories of Board Members 29:54 Leveraging Admins and Chiefs of Staff 31:55 Building Trust and Influence 35:09 Discernment in Taking Advice 41:23 Career Opportunities and Emerging Technologies 42:57 Summary and Final Thoughts

Join G Mark Hardy in this special episode of CISO Tradecraft as he interviews Ross Young, the creator of the OWASP Threat and Safeguard Matrix (TaSM). Ross shares his extensive cybersecurity background and discusses the development and utility of the TaSM, including its applications in threat modeling and risk management. Additionally, Ross introduces his upcoming book, 'Cybersecurity's Dirty Secret: How Most Budgets Are Wasted,' and provides insights on maximizing cybersecurity budgets. Don't miss this episode for essential knowledge on enhancing your cybersecurity leadership and strategies.   OWASP Threat and Safeguard Matrix - https://owasp.org/www-project-threat-and-safeguard-matrix/ Transcripts - https://docs.google.com/document/d/1anGewI3XccGnXoV3oE2h7BfelY5QxiSL/   Chapters 00:00 Introduction to the Threat and Safeguard Matrix 00:30 Meet Ross Young: Cybersecurity Expert 01:08 Ross Young's Career Journey 01:59 The Upcoming Book: Cybersecurity's Dirty Secret 03:04 Introduction to the Threat and Safeguard Matrix (TaSM) 03:48 Understanding the TaSM Framework 07:10 Applying the TaSM to Real-World Scenarios 19:32 Using TaSM for Threat Modeling and Risk Committees 21:58 Extending TaSM Beyond Cybersecurity 23:52 AI Risks and the TaSM 24:43 Conclusion and Final Thoughts

Join us for an engaging episode of CISO Tradecraft, hosted by G Mark Hardy, featuring cybersecurity veteran Ira Winkler. In this episode, we dive deep into cybersecurity careers, discuss the unique CruiseCon cybersecurity event, and explore the evolution of information security. Hear firsthand accounts of career journey highlights, networking strategies, and the importance of democratizing top-tier content. Learn about the impacts of AI in cybersecurity, data poisoning, and upcoming cybersecurity conferences. Whether you're a seasoned professional or just starting your journey, this episode is packed with invaluable insights and advice.   https://cruisecon.com/ Don't forget to the the following code for 10% off "CISOTRADECRAFT10"   Transcripts: https://docs.google.com/document/d/1-H1CShsyirr4ZL9d1WCx6IMA_ngjWoEN   Chapters 00:00 Introduction to CISO Tradecraft 01:34 Meet Ira Winkler: Cybersecurity Veteran 02:50 The Concept of CruiseCon 05:58 Challenges in Cybersecurity Events 08:03 Building a Cybersecurity Community 13:45 Mentorship and Networking in Cybersecurity 21:52 The Importance of Relevant Mentorship 24:40 The Importance of Programmatic Principles 25:19 Finding the Right Mentor for Your Career Path 26:38 Adapting to a Shifting Career Landscape 27:05 Understanding AI Fundamentals 29:12 The Role of Data in AI 30:57 Agentic AI and Its Applications 32:48 Challenges and Risks in AI 41:33 Upcoming Events and Keynote Speakers 43:35 Leadership Lessons from Ground Zero 46:39 Future Cruise Con Events 47:44 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy speaks with gamification pioneer Yu-Kai Chou about his new book, '10,000 Hours of Play: Unlock Your Real Life Legendary Success.' Explore key concepts such as aligning your passions, skills, and goals through six essential steps: choosing your game, knowing your attributes, selecting your role, enhancing your skills, building alliances, and achieving your quest. Discover how gamification can lead to personal and professional success. Tune in for an insightful conversation that could change the way you approach your career and life.   Yu-Kai Chou - https://www.linkedin.com/in/yukaichou/ Actionable Gamification Book - https://a.co/d/isv7K0W 10,000 Hours of Play Book - https://a.co/d/3L88jTs Transcripts: https://docs.google.com/document/d/1gPxWVeS8QYNsgGpXt3EDQy5zGcCYH7hL   Chapters  00:00 Introduction: The Power of Play 00:34 Meet Yu-Kai Chou: Gamification Pioneer 04:16 Understanding the Octalysis Framework 07:34 10,000 Hours of Play: A New Perspective 09:24 Choosing Your Game: Discovering Your Life's Mission 16:49 Knowing Your Attributes: Identifying Your Strengths 22:14 Selecting Your Role: Layers of Your Role Sphere 23:12 Aspiration and Identity: Defining Who You Want to Be 24:46 Occupation and Specialization: Aligning Your Roles 26:48 The Importance of Direction and Continuous Growth 28:05 The Concept of Ikigai and Skill Enhancement 30:38 Creating a Skill Triangle and Role Models 31:39 Gamification in Cybersecurity and Beyond 32:50 The Role of Determination and Passion 37:50 Building Alliances for Success 41:27 Recap and Final Thoughts

In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity. Nathan Case - https://www.linkedin.com/in/nathancase/   Chapters 00:00 Introduction to the Israel-Iran Conflict 00:52 Meet the Expert: Nate Case 01:51 Cyber Warfare Insights from Russia-Ukraine Conflict 03:36 The Impact of Cyber on Critical Infrastructure 08:00 Ethics and Rules of Cyber Warfare 15:01 Iran's Cyber Capabilities and Strategies 16:56 Historical Context and Modern Cyber Threats 23:28 Foreign Cyber Threats: The Iranian Example 24:06 Israel's Cyber Capabilities 25:39 The Role of Cyber Command 26:23 Challenges in Cyber Defense 27:11 The Complexity of Cyber Warfare 32:21 Ransomware and Attribution Issues 36:13 Defensive Cyber Operations 39:39 Final Thoughts and Recommendations

Join G Mark Hardy and Carson Zimmerman, the author of '11 Strategies of a World-Class Cybersecurity Operations Center,' in this insightful episode of CISO Tradecraft. Carson shares his career journey, the evolution from the 10 to 11 strategies, and delves into the future needs of Security Operations Centers (SOCs). They discuss critical topics such as the importance of continuous improvement, AI's impact on SOCs, and the value of embracing neurodiversity in cybersecurity teams. Whether you're a seasoned cybersecurity leader or an aspiring professional, get actionable advice on how to enhance and revolutionize your SOC operations. 11 Strategies of a World Class Cybersecurity Operations Center https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf 14 Questions are all you need - https://www.first.org/resources/papers/conf2024/1445-14-Questions-Carson-Zimmerman.pdf Transcripts - https://docs.google.com/document/d/1WVJi9WkxOG7yedQYWSooiqRFjBERd9kV Chapters  00:00 Introduction and Guest Welcome 00:53 Background and Book Discussion 03:33 SOC Challenges and Stagnation 06:10 Managing SOC Alerts and Burnout 09:26 SOC Evolution and Neurodiversity 23:50 Career Progression in Cybersecurity 30:28 Impact of AI on SOC Operations 40:07 Final Thoughts and Conclusion

Matt Hillary, CISO of Drata and expert in trust management, dives into the evolution of Governance, Risk, and Compliance (GRC). He discusses using AI to tackle compliance challenges and streamline processes. Hillary emphasizes the importance of customization in GRC programs and warns against common pitfalls. He also addresses the mental health challenges GRC professionals face and highlights the need for self-care. Listeners will gain valuable insights into building effective compliance strategies that positively impact business outcomes.