CISO Tradecraft®

In this talk, Rajan Kapoor, VP of Security at Material Security, shares his valuable expertise in cloud workspace security. He discusses the expanding attack surfaces in cloud platforms like Google Workspace and Microsoft 365, emphasizing the need for robust protective measures. Rajan explains the importance of unified platforms to streamline investigations and reduce dwell time. He offers insights on using frameworks like MITRE to assess security maturity and addresses the risks posed by AI in data exposure, all while highlighting actionable steps for organizations to enhance their security posture.

In this enlightening discussion, AI practitioner Ross Young dives into the transformative role of AI in business. He emphasizes the critical involvement of cybersecurity leaders in AI deployments, highlighting the importance of setting clear goals and monitoring performance. The conversation covers the spectrum of AI—from traditional to agentic systems—and the risks associated with data quality and poisoning. Ross also shares insights on how to prioritize AI initiatives for maximum impact, making this a must-listen for cybersecurity professionals aiming to harness AI effectively.

Neatsun Ziv, founder of Ox Security and former executive at Check Point, shares his expertise on vibe coding and security. He highlights the balance between productivity and quality, discussing the risks of AI-generated code. Neatsun introduces VibeSec, a new approach to embedding security into development workflows, arguing that traditional methods are falling short. The conversation covers training data pitfalls, mitigating risks in AI models, and how modern tools must evolve to stay secure. Tune in for insights on protecting code and adapting to an AI-driven future!

Yuriy Tsibere, a seasoned product manager at ThreatLocker with deep expertise in IT and security, dives into the critical issue of Defense Against Configurations (DAC). He explains how misconfigurations can create vulnerabilities and shares insights into ThreatLocker's DAC tool that helps organizations mitigate these risks. Topics include the impact of proper endpoint configurations, integration with Zero Trust principles, and compliance with security frameworks. Yuriy emphasizes the importance of continuous monitoring and suggests actionable steps for enhancing cybersecurity posture.

Brian Carbaugh, a former CIA operations officer with 25 years of service, and William MacMillan, a former Air Force pilot and CIA cyber leader, delve into AI's transformative impact on Security Operations Centers (SOCs). They discuss how AI dramatically reduces alert fatigue and enhances threat detection by condensing investigative hours into mere seconds. The duo shares insights on the benefits of human AI SOCs over traditional SIEMs, emphasizing open interoperability and the importance of contextual data in strengthening security measures.

In this captivating episode of CISO Tradecraft, hosted by G. Mark Hardy, we delve into the incredible life journey of Jeri Ellsworth—a renowned inventor and tech entrepreneur. From her early fascination with electronics in rural Oregon to her innovative ventures in Silicon Valley, Jeri shares her unique experiences and hard-earned wisdom. Discover the highs and lows of her career, including her time at Valve Software, navigating significant security breaches, and her foray into the world of crowdfunding and startups. This episode is packed with invaluable lessons for CISOs, cybersecurity professionals, and aspiring entrepreneurs alike. Tune in now and get inspired by Jeri's story of resilience, innovation, and leadership. Jerri Ellsworth - https://www.linkedin.com/in/jeriellsworth/

Ross Young, an experienced cybersecurity leader and former CIA operator, shares his insights on effective vulnerability management. He reveals a shocking 300-day patching backlog he encountered, emphasizing the growing threat of vulnerabilities exacerbated by AI. Ross proposes a comprehensive framework that combines people, processes, and tools to foster accountability and efficiency in patching. He discusses how integrating AI can drastically reduce remediation times, ensuring organizations can swiftly adapt to emerging threats.

In this discussion, cybersecurity expert and author Ross Young shares insights on maximizing security budgets and improving processes for CISOs. He explains the OWASP Threat and Safeguard Matrix and its importance in prioritizing defenses against key threats like phishing and identity attacks. Ross also provides strategies for negotiating master service agreements and optimizing security practices with tools like murder boards. The conversation further explores applying AI-related risk assessments and enhancing leadership approaches for new CISOs.

Ross Young, a 20-year cybersecurity veteran with experience at the CIA and Capital One, shares his expertise on optimizing security budgets. He emphasizes that throwing money at tools can dilute effectiveness and stresses prioritizing risk reduction over compliance. Ross advocates for zero-based budgeting and highlights the importance of calculating total cost of ownership. He also critiques traditional cyber risk quantification methods and stresses the need to present budget requests in financial terms that showcase ROI. His insights promise to transform how CISOs approach their spending.

Welcome to another insightful episode of CISO Tradecraft! In this episode, host G Mark Hardy engages with Aimee Cardwell, an accomplished cybersecurity expert with an impressive portfolio including UnitedHealth Group, AMEX, eBay, and more. Tune in as they dive deep into the increasing concerns of privacy, the evolving role of AI in cybersecurity, and the importance of data governance. Learn practical strategies for managing the complexities of AI and privacy, explore the intersections between cybersecurity and privacy, and get invaluable tips for aspiring CISOs. Don't miss this episode packed with expert advice and forward-thinking perspectives!Aimee Cardwell's Linkedin - https://www.linkedin.com/in/acardwell/