CISO Tradecraft®

Join Andrew Carney, Director of DARPA's AI Cyber Challenge and a veteran in vulnerability research, as he unveils the revolutionary capabilities of autonomous systems designed to identify and patch software vulnerabilities. The conversation explores the challenge's journey and its profound implications for cybersecurity, particularly in critical infrastructure. Andrew shares insights on real-world applications, the impact of synthetic vulnerabilities, and how these tools can empower defenders while emphasizing the necessity of human oversight. Discover the future of AI in cyber defense!

In this engaging discussion, Neal Foard, a seasoned advertising and storytelling expert, shares his insights on the art of storytelling for cybersecurity leaders. He emphasizes that emotions drive decision-making and highlights the importance of elevating others in narratives. Neal explains how to frame security successes for executives and advocates for hopeful, people-first messaging to build trust. With practical tips on continual improvement and finding stories everywhere, he shows how effective storytelling can amplify a professional's influence and career impact.

Ronan Murphy, Chief Strategy Officer at Forcepoint and a veteran in cybersecurity, shares invaluable insights on data protection in the AI era. He emphasizes the need for CISOs to transition from legacy tools to a strategic approach that focuses on AI-driven security. The discussion unveils common pitfalls CISOs face, the importance of real-time monitoring, and the relevance of granular taxonomies for effective data governance. They also dive into shadow AI risks and the evolving role of data strategists in enhancing organizational security.

In this discussion, Patrick Garrity, a security researcher at VulnCheck, and Tod Beardsley, VP of Security Research at RunZero, dive into the complex world of cybersecurity vulnerabilities. They explore the challenges of CVE numbering, the nuances of cyber attribution, and the ever-evolving threat landscape driven by state actors. The duo offers practical advice for CISOs on effective communication strategies to secure executive buy-in, along with insights into the critical need for strong defenses against ransomware and social engineering attacks.

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field. Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf  GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response  Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc Chapters 00:00 Introduction to AI and Cryptocurrencies 00:27 Welcome to CISO Tradecraft 00:55 Guest Introduction: Tomas Roccia 01:06 Tomas Roccia's Background and Career 02:51 AI in Cybersecurity: Defensive Approaches 03:19 The Democratization of AI: Risks and Opportunities 06:09 AI Tools for Cyber Defense 08:09 Challenges and Limitations of AI in Cybersecurity 09:20 Microsoft's AI Tools for Defenders 12:13 Open Source AI Security: Project Nova 18:37 Community Contributions and Open Source Projects 19:30 Case Study: Babit Crypto Hack 22:12 Money Laundering Techniques in Cryptocurrency 23:01 AI in Tracking Cryptocurrency Transactions 26:09 Sophisticated Attacks and Money Laundering 33:50 Future of AI and Cryptocurrency 38:17 Final Thoughts and Advice for Security Executives 41:28 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve. Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/ ThreatLocker - https://www.threatlocker.com/  Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b  Chapters 00:00 Introduction and Welcome 00:27 Meet Danny Jenkins, CEO of Threat Locker 01:12 The Philosophy Behind Threat Locker 02:52 Customer-Centric Culture at Threat Locker 04:32 Technical Leadership and Personal Insights 08:55 Leadership Advice for Aspiring CISOs 11:22 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy engages in an insightful conversation with Dave Lewis, Global Advisory CISO from 1Password, about AI governance and its importance in cybersecurity. They discuss AI policy and its implications, the evolving nature of AI and cybersecurity, and the critical need for governance frameworks to manage AI safely and securely. The discussion delves into the visibility challenges, shadow AI, the role of credentials, and the importance of maintaining fundamental security practices amidst rapid technological advancements. They also touch on the potential risks associated with AI, the misconceptions about its impact on jobs, and the need for a balanced approach to leveraging AI in a beneficial manner while safeguarding against its threats. This episode provides valuable guidance for cybersecurity professionals and organizations navigating the complexities of AI governance. Chapters 00:00 Introduction to AI Governance 00:30 Guest Introduction: Dave Lewis 00:49 The Importance of AI Governance 01:42 Challenges in AI Implementation 03:20 AI in the Modern Enterprise 03:49 Shadow AI and Security Concerns 04:49 AI's Impact on Jobs and Industry 05:27 The Gartner Hype Cycle and AI 05:43 AI's Influence on the Stock Market 06:14 Historical Context of AI 06:32 AI and Credential Security 08:29 The Role of Governance in AI 12:47 The Future of AI and Security 18:36 Governance and Policy Recommendations 19:26 AI Governance and Ethical Concerns 20:01 AI Self-Preservation and Human Safety 20:18 Uncontrollable AI Applications 21:17 Vectors of AI Trouble 21:58 AI Hallucinations and Data Security 22:53 AI Vulnerabilities and Exploits 26:29 Deepfakes and AI Misuse 27:33 Historical Cybersecurity Incidents 29:04 Future of AI and Job Security 33:47 Managing AI Identities and Credentials 34:21 Conclusion and Final Thoughts

Tim Brown, the Chief Information Security Officer of SolarWinds, shares his firsthand experience navigating the infamous supply-chain breach. He discusses the attacker’s sophisticated tactics and the challenges of incident response, including real-time communications and customer notifications. Tim emphasizes the importance of supply-chain security, highlighting tools like SBOMs for risk assessment. He also covers the legal complexities and accountability that CISOs face in today’s regulatory landscape, offering crucial insights for cybersecurity leaders.

In this engaging discussion, Casey Marquette, a cybersecurity recruitment expert and former senior security leader, shares insights on building effective cybersecurity teams and advancing careers. He emphasizes the importance of networking, mentorship, and hiring for passion over experience. Casey introduces Scout, an AI tool designed to streamline recruitment, while addressing risks like deepfakes. He also provides practical advice on career growth, highlighting the value of written goals and strong relationships, making it essential listening for both job seekers and hiring managers in the cybersecurity field.

Join host G Mark Hardy in another enlightening episode of CISO Tradecraft as he speaks with special guest Christophe Foulon, a seasoned cybersecurity professional and podcast host. In this episode, Christophe delves into his journey from the help desk to cybersecurity expert, the challenges faced by newcomers, and the keys to successfully building and leading cybersecurity teams. Learn about the importance of continuous learning, managing career transitions, and the emotional rewards and challenges of being a CISO. Whether you're an aspiring CISO or looking to advance in your cybersecurity career, this episode offers invaluable insights and practical advice. Christophe's LinkedIn: https://www.linkedin.com/in/christophefoulon/  Christophe's Website: https://christophefoulon.com/ Christophe's Podcast: https://podcasts.apple.com/us/podcast/breaking-into-cybersecurity/id1463136698  Transcripts: https://docs.google.com/document/d/1UytoyelIMezzbtxdPHo5FE_oLiXYS_58 Chapters 00:00 Introduction to the Episode 00:27 Meet the Guest: Christophe Foulon 01:30 Christophe's Journey into Cybersecurity 06:24 The Allure and Challenges of a CISO Role 09:55 Developing Political and Leadership Skills 20:30 Aligning Team Members with Their Strengths 31:34 Navigating HR and Diversity in Cybersecurity 36:29 Becoming a Fractional or Virtual CISO 42:27 Final Thoughts and How to Connect with Christophe