CISO Tradecraft® cover image

CISO Tradecraft®

Latest episodes

undefined
Mar 10, 2025 • 26min

#223 - A CISO Primer on Agentic AI

In this episode of CISO Tradecraft, G. Mark Hardy dives deep into the world of Agentic AI and its impact on cybersecurity. The discussion covers the definition and characteristics of Agentic AI, as well as expert insights on its feasibility. Learn about its primary functions—perception, cognition, and action—and explore practical cybersecurity applications. Discover the rapid advancements made by tech giants and potential risks involved. This episode is a comprehensive guide to understanding and securely implementing Agentic AI in your enterprise. Transcripts https://docs.google.com/document/d/1tIv2NKX0DL4NTnvqKV9rKrgrewa68m3W References Vladimir Putin - https://www.rt.com/news/401731-ai-rule-world-putin/ Minds and Machines - https://link.springer.com/article/10.1007/s44163-024-00216-2 Anthropic - https://www.cnbc.com/2024/10/22/anthropic-announces-ai-agents-for-complex-tasks-racing-openai.html Convergence AI - https://convergence.ai/training-web-agents-with-web-world-models-dec-2024/ OpenAI Operator - https://openai.com/index/introducing-operator/ ByteDance UITARS - https://venturebeat.com/ai/bytedances-ui-tars-can-take-over-your-computer-outperforms-gpt-4o-and-claude/ Zapier - https://www.linkedin.com/pulse/openai-bytedance-zapier-launch-ai-agents-getcoai-l6blf/ Microsoft OmniParser - https://www.microsoft.com/en-us/research/articles/omniparser-v2-turning-any-llm-into-a-computer-use-agent/ Google Project Mariner - https://deepmind.google/technologies/project-mariner/ Rajeev Sharma - Agentic AI Architecture - https://markovate.com/blog/agentic-ai-architecture/ NIST.AI.600-1 - https://doi.org/10.6028/NIST.AI.600-1 Mitre ATLAS - https://atlas.mitre.org/ OWASP Top 10 for LLMs - https://owasp.org/www-project-top-10-for-large-language-model-applications/ ISO 42001 - https://www.iso.org/standard/81230.html Chapters  00:00 Introduction and Intriguing Quote 01:10 Defining Agentic AI 02:01 Expert Insights on Agency 04:32 Agentic AI in Practice 06:54 Recent Developments in Agentic AI 08:20 Deep Dive into Agentic AI Infrastructure 15:35 Use Cases for Agentic AI 21:12 Challenges and Considerations 24:22 Conclusion and Recap
undefined
Mar 3, 2025 • 40min

#222 - 40 Years of Career Advice in 40 Minutes

In this episode of CISO Tradecraft, G. Mark Hardy shares 15 crucial characteristics to help you succeed in your cybersecurity career and become an effective CISO. From knowing yourself and developing leadership skills to enhancing communications and staying current with trends, Hardy distills decades of wisdom into practical advice. Learn how to navigate career transitions, build technical credibility, become an effective storyteller, and master political skills essential for C-level success. Transcripts: https://docs.google.com/document/d/1MpjXD8LqnHS_Lj1S-6T7vxcclxzUjEhe   Chapters 01:30 Know Yourself: The First Step to Success 05:23 Develop Your Leadership Skills 07:09 Enhance Your Communication Skills 11:37 Gain Broad Experience 14:28 Pursue Advanced Education 18:13 Network with Other Professionals 20:47 The Importance of Mentorship 22:20 Building Valuable Connections 23:43 Aligning with Business Goals 25:38 Deepening Technical Expertise 26:59 Staying Current with Trends 28:03 Promoting a Security-First Culture 30:18 Addressing Skills Gaps 31:53 Becoming a Master Storyteller 33:35 Engaging with Executives 34:41 Strategic Thinking and Time Management 37:27 Mastering Political Skills 39:14 Conclusion and Final Thoughts
undefined
Feb 24, 2025 • 28min

#221 - Microsoft Majorana is Taking the Quantum Leap

In this episode of CISO Tradecraft, host G Mark Hardy discusses Microsoft's groundbreaking announcement of their new quantum chip, the Majorana. The chip harnesses properties of a topological superconductor, making quantum computing promises more tangible. The episode delves into the technical aspects of quantum bits (qubits), cryptography, and the implications of topological quantum computing. With insights on competitor advancements by Google and potential challenges, this episode provides a comprehensive overview of quantum computing's future and its cyber security implications.   Transcripts: https://docs.google.com/document/d/1O2XG47o2_6jHBtPKL2PcwGRKPe69wFvi Link: https://azure.microsoft.com/en-us/blog/quantum/2025/02/19/microsoft-unveils-majorana-1-the-worlds-first-quantum-processor-powered-by-topological-qubits/   Chapters 00:00 Introduction to CISO Tradecraft 00:26 Microsoft's Quantum Chip Announcement 01:51 Understanding Quantum Bits 03:23 Quantum Computing and Cryptography 06:00 Microsoft's Quantum Leap 09:41 The Physics Behind Quantum Computing 16:48 Majorana Particle and Its Significance 20:29 Applications and Future of Quantum Computing 25:01 Conclusion and Final Thoughts  
undefined
Feb 17, 2025 • 43min

#220 - Executive Updates to AI

In this CISO Tradecraft episode, host G. Mark Hardy delves into the recent U.S. presidential executive orders impacting AI and their implications for cybersecurity professionals. Learn about the evolution of AI policies from various administrations and how they influence national security, innovation, and the strategic decisions of CISOs. Discover key directives, deregulatory moves, and practical steps you can take to secure your AI systems in an era marked by rapidly changing regulations. Plus, explore the benefits of using AI tools like ZeroPath to bolster your cybersecurity efforts. Big Thanks to our Sponsors: ZeroPath - https://zeropath.com/ Transcripts: https://docs.google.com/document/d/1Nv27tpDQs2fjdOedJOi0LhlkyQ5N5dKt Links:  https://www.americanbar.org/groups/public_education/publications/teaching-legal-docs/what-is-an-executive-order-/  https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence https://www.csis.org/analysis/made-china-2025 https://www.researchgate.net/publication/242704112_China's_15-year_Science_and_Technology_Plan  https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government  https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence  https://www.presidency.ucsb.edu/documents/executive-order-14148-initial-rescissions-harmful- executive-orders-and-actions https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting- innovation-in-the-nations-cybersecurity https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting- innovation-in-the-nations-cybersecurity  https://www.cisecurity.org/controls/cis-controls-list  Chapters  00:00 Introduction to AI Policy Shifts 00:23 AI Tool for Cybersecurity: ZeroPath 01:12 Understanding Executive Orders 02:44 EO 13859: Maintaining American Leadership in AI 05:42 EO 13960: Trustworthy AI in Federal Government 07:10 EO 14028: Strengthening U.S. Cybersecurity 09:38 EO 14110: Safe and Trustworthy AI Development 11:09 EO 14148: Rescinding AI Policies 12:21 EO 14179: Removing Barriers to AI Innovation 15:26 EO 14144: Strengthening Cybersecurity Innovation 37:19 Mapping Executive Orders to CIS Controls 40:15 Conclusion and Key Takeaways
undefined
4 snips
Feb 10, 2025 • 41min

#219 - The Professionalization of CISOs (with Steve Zalewski & Tyson Kopczynski)

This podcast episode discusses the formation of a professional association for CISOs, driven by increasing personal liability risks faced by these executives. The conversation centers on establishing a formal definition and accreditation process for the CISO role, moving beyond existing certifications to demonstrate operational and theoretical expertise. This professionalization effort aims to reduce personal liability through a tailored insurance product, negotiated collectively by the association, and preempt potentially ill-defined government regulations. Ultimately, the goal is to create a structured, respected profession for CISOs, offering benefits such as insurance, professional development, and a unified voice within the industry. Professional Association of CISOs - https://theciso.org/ Transcripts - https://docs.google.com/document/d/1BNeUzSyPYX-vAYwQl9qCi0GhknYhKnWF/  Chapters  00:00 Introduction to Professionalizing the CISO Role 00:52 The Genesis of a Professional Association 03:39 Challenges and Legal Liabilities for CISOs 04:43 The Value of Joining the Association 06:24 Accreditation and Certification Process 10:38 Insurance and Risk Management for CISOs 18:45 Future Directions and Getting Involved
undefined
Feb 3, 2025 • 24min

#218 - How AI Changes Talent Management (with Colleen Lennox)

In this episode of CISO Tradecraft, host G. Mark Hardy and special guest Colleen Lennox dive into the transformative power of AI in HR. Discover how AI can revolutionize identifying, attracting, and retaining cybersecurity talent. They discuss the challenges of finding the right personnel in the cybersecurity field, the innovative AI-driven solutions that can streamline recruitment processes, and how these tools can help in talent management and career progression. Stay tuned as they explore the potential of AI in creating a more effective and bias-free hiring process, while also discussing the future implications for HR and recruiters in the evolving landscape. Big Thanks to our Sponsors: CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration! Transcripts: https://docs.google.com/document/d/1f6B9Ye02WHWo7q15avBm0359pxGNqnVu   Chapters  00:00 Introduction: AI and Workforce Concerns 00:28 Welcome to CISO Tradecraft 01:01 Meet Colleen Lennox: AI in HR 01:27 Challenges in Cybersecurity Recruitment 03:11 AI-Powered Recruitment Solutions 07:07 Improving Talent Management with AI 13:36 Addressing Bias in AI Recruitment 17:20 Future of AI in HR and Recruitment 21:04 Conclusion and Contact Information
undefined
Jan 27, 2025 • 45min

#217 - Includes No Dirt (with Bill Dougherty)

In this episode of CISO Tradecraft, host G. Mark Hardy sits down with Bill Dougherty, CISO of Omada Health, to discuss a groundbreaking threat model called 'Includes No Dirt'. This comprehensive model integrates security, privacy, and compliance considerations, aiming to streamline and enhance threat modeling processes. The conversation covers the origin and principles of the model, its applicability across different sectors, and the essential aspects of threat modeling. Listeners are also treated to insights on handling third-party risks and adapting to emerging AI challenges. The episode provides practical advice for cybersecurity leaders looking to effectively manage and mitigate risks while reducing redundancy.   Big Thanks to our Sponsors: ZeroPath - https://zeropath.com/ CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!   The No DIRT Threat Model can be found here: http://www.includesnodirt.com/nodirt.pdf   Transcripts: https://docs.google.com/document/d/1vWq4Zx7pzM_B65W933m8_TE0fLKaUw3X   Chapters 03:27 The Genesis of Includes No Dirt 05:05 Combining Security, Privacy, and Compliance 07:24 Implementing the No Dirt Model 11:42 Scoring and Evaluating Risks 17:41 Third-Party Risk Management 25:49 Evaluating SaaS Requests Based on Risk 27:55 Adapting Threat Models for AI 31:24 Principles of Minimum Necessary Data 33:42 General Applicability of Security Principles 35:12 Includes No Dirt: A Comprehensive Threat Model 40:15 Final Thoughts and Recommendations
undefined
Jan 20, 2025 • 46min

#216 - The TTPs of a Security Champions Program (with Dustin Lehr)

Dustin Lehr, a software engineer and expert in cybersecurity and application security, shares his insights on building security champions in development teams. He discusses the impact of culture change on security practices and the key differences between leadership and management. Learn about effective recruitment strategies for security champions and the importance of defining vision and goals. The conversation also explores the role of gamification to enhance engagement and motivation, providing actionable steps for a robust security champions program.
undefined
Jan 13, 2025 • 19min

#215 - CISO Predictions for 2025

Cybersecurity is on the brink of transformation as we look toward 2025. Expect AI influencers to become commonplace, reshaping branding and public interactions. A significant collaboration between Google and Apple aims to bolster security standards. The trends will also include consolidation in application security and a shift towards browser-based security solutions. The formalization of the CISO role and the rise of models committees highlight the evolving landscape, all while preparing for the complexities of post-quantum cryptography.
undefined
Jan 6, 2025 • 46min

#214 - Deceive to Detect (with Yuriy Gatupov)

🔥 Hackers Beware! Cyber Deception is Changing the Game 🔥 In this must-hear episode of CISO Tradecraft, we expose a mind-blowing cybersecurity strategy that flips the script on attackers. Instead of waiting to be breached, cyber deception technology tricks hackers into revealing themselves—before they can do real damage. 🚨🎭 Imagine laying digital traps—fake credentials, bogus systems, and irresistible bait—that lead cybercriminals straight into a controlled maze where every move they make is tracked. Early threat detection? ✅ Real-time attacker intel? ✅ Fewer false positives? ✅ 🎙️ Featuring deception tech guru Yuriy Gatupov, we break down: ✅ How deception tech works & why it’s a game-changer ✅ How to expose and track hackers in real time ✅ How to prove ROI and make the case for your org Cyber deception isn’t just defense—it’s offense against cyber threats. Are you ready to fight back? Listen now!   Big thanks to our Sponsors ThreatLocker - https://hubs.ly/Q02_HRGK0  CruiseCon - https://cruisecon.com/   Contact Yuriy Gatupov -  info@labyrinth.tech  Yuri's LinkedIn - https://www.linkedin.com/in/yuriy-gatupov-373155281/    Transcripts: https://docs.google.com/document/d/1oyQzCBRoPLbDOCOCypJMGGXxcPI5w75o    Chapters  02:05 History of Cyber Deception 04:57 Advantages of Deception Technology 06:57 Engagement and Detection Strategies 10:18 How Deception Technology Works 16:13 Attack Scenarios and Detection 24:09 Decoys and Deception: A New Paradigm 24:56 Real-World Success Stories 33:30 Deception in OT and SCADA Systems 37:38 Calculating ROI for Deception Technologies

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode