CISO Tradecraft®

This episode features Lee Kushner discussing various topics, including negotiating skills, the importance of degrees in the cybersecurity field, the need for diversity in the industry, challenges faced by cybersecurity professionals, starting a career in cybersecurity, and the value of technical skills. The conversation emphasizes the need for individuals to acquire technical skills, such as coding and networking, as they are in high demand and can differentiate them in the job market. It also mentions the importance of understanding the industry and its composition when seeking employment in cybersecurity. Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their weekly thought leadership, webinars, and downloadable resources like budget and assessment templates at: https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser Transcripts: https://docs.google.com/document/d/11askuaFcV_jYov2FklkbZXxVN3JSNu6y/ Chapters 00:00 Introduction 07:56 The Importance of Professional First Mindset in the Staffing Industry 09:33 The Importance of Perception in a Staffing Environment 11:36 The Role of the Research Professional in a Hiring Process 16:03 How to Overcome Barriers in the Recruitment Process 18:09 The Importance of Education in Executive Search 20:41 The Importance of Diversity in Cyber Talent 25:25 How to Get a Job in Cyber Security 27:48 The Importance of a Technical Foundation in Careers 32:08 How to Become a Cybersecurity Professional 34:06 The Future of Cybersecurity Career Paths 35:56 The Future of Security 41:24 How to Get in Touch With Your Clients

On this episode we bring in Cyndi and Ron Gula from Gula Tech (https://www.gula.tech/) to talk about their cyber security experiences. Listen and enjoy as they tell their stories about leaving the NSA, creating the first commercial network Intrusion Detection System (IDS), Founding Tenable Network Security, and investing in multiple cybersecurity startups. Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their weekly thought leadership, webinars, and downloadable resources like budget and assessment templates at: https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser Transcripts: https://docs.google.com/document/d/1zdJwzJUXHBLlQvOGYWtWVQqmxFzmAe5Z  Chapters 00:00 Introduction 02:30 The Importance of Computer Security 04:46 The Career Path to the National Security Agency 07:39 The Importance of Compatibility 10:40 How to Get Your First Customer Off the Ground 14:28 How to Make your First Hire as a Beginning Entrepreneur 16:10 The Transition to Network Security Wizards 18:35 The Origins of Tenable 21:38 How to to Survive Contact with the Enemy 24:45 The Importance of Culture in the Military 29:31 Gula Tech Adventures 33:24 The Future of Venture Investing 36:13 Secrets of Working Together as Spouses 39:33 The Future of Venture Capital 42:21 Google Tech Adventures: How to Learn Startups

How do we frame an executive discussion so we can structure and present information in a way that effectively engages and aligns with the needs and interests of the executive audience?  On this episode we answer that question by discussing the 8 important elements of framing a discussion with executives: Clearly define the objective Start with the big picture Identify key issues Highlight impacts and benefits Use visually compelling data and metrics Be able to anticipate questions and concerns Provide actionable recommendations Seek alignment with existing perspectives of the organization Special thanks to our sponsor Risk3Sixty for supporting this episode.  Be sure to check their Security Budget & Business Case Template: https://risk3sixty.com/whitepaper/security-budget-template/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=budget Full Transcripts: https://docs.google.com/document/d/1vhLmqEAy-yQ01ZY1y8Nf7y-u_swTYCm8 Chapters 00:00 Introduction 02:42 How should we frame an executive discussion? 05:30 Start with the Bottom Line Up Front (BLUF) 07:11 1) Clearly Define the Objective 08:13 2) Start with the Big Picture 09:46 3) Identify Key Issues 10:47 4) Highlight Impact and Benefits 12:17 5) Use Visually Compelling Data and Metrics 13:07 6) Be able to Anticipate Questions and Concerns 15:06 7) Provide Actionable Recommendations 17:35 8) Seek Alignment with Existing Perspectives of the Organization

Learn how to unlock financial success with key strategies by Logan Jackson from Ray Capital Advisors.  Logan highlights how to set clear goals, choose the right asset class, diversify your portfolio for stability and growth, build a well-diversified investment portfolio to create wealth and mitigate risk, take control of your financial future through retirement planning and goal setting, & leverage tax loss harvesting. He also discusses how to prioritize tax planning, understand the impact of behavioral finance, seek professional money management, navigate conflicts of interest in financial planning, and discover hidden wealth advisors for personalized guidance. Special thanks to our sponsor Risk3Sixty for supporting this episode.  Be sure to check their Security Program Maturity Presentation for CISOs: https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=template Also if you would like to contact Logan Jackson please use his contact page at: https://www.raycapitaladvisors.com/  Full Transcripts: https://docs.google.com/document/d/1DLXnE5PTm4tDbONRSBarMa-1T8aduztf Chapters 00:00 Introduction 02:37 The Importance of Financial Goal Setting 06:48 How to Choose the Right Asset Class for Your Family 11:17 How to Diversify Your Portfolio 12:56 How to Build a Diversified Investment Portfolio 15:22 How to Diversify a Portfolio and Build Wealth 19:48 How to Take Risk Off the Table 22:47 The Importance of Diversifying Your Portfolio 24:13 The Importance of Retirement Planning 28:56 The Importance of Goal Setting 30:35 The Importance of Tax Planning 33:10 How to Maximize Your Tax Implications in Taxable Investment Accounts 35:20 How to Use Tax Loss Harvesting to Avoid Tax Losses 39:51 The Importance of Behavioral Finance in Investing 43:39 The Importance of Professional Money Management 45:55 The Conflicts of Interest in Financial Planning 47:50 How to Find a Hidden Wealth Advisor

Are you looking for ways to protect your most valuable asset? In this episode, G Mark Hardy argues that our most valuable asset is our family, not the crown jewels or critical assets of a corporation. He emphasizes the importance of managing money, having an emergency fund, obtaining life insurance, building retirement savings, protecting against credit card fraud, and creating a plan for your children's digital life.   Special thanks to our sponsor Risk3Sixty for supporting this episode. You can learn more about them from the Risk3Sixty Website: https://tinyurl.com/yc4xv7bj Full Transcript:  https://docs.google.com/document/d/1vVASHmOV7n7Js0luDF1kWBF3qoytDnTy Chapters 00:00 Introduction 02:01 How to Manage Your Money 05:54 The Millionaire Next Door 10:28 How to Diversity your Investments 12:35 The Importance of Paying Yourself First 15:41 How to Buy Paper I Bonds for Yourself 17:39 How to Choose the Right Life Insurance for You 21:28 The Cost of Life Insurance 23:12 The Importance of Retirement Savings 26:51 How to Optimize Your Retirement Income 28:47 How to Protect Yourself From Credit Card Fraud 30:40 How to Manage Your Credit 33:34 How to Avoid a Data Breach 35:44 How to Manage Your Passwords Effectively 37:36 How to Protect Your Children from the Risks of Online Content 41:23 How to Get Out of Dodge Quickly

In this episode of "CISO Tradecraft," G. Mark Hardy defines the role of a CISO and discusses the Top 10 responsibilities of a Chief Information Security Officer Full Transcript: https://docs.google.com/document/d/1J_sCMkqEeIB7pUY4KmjCiS1sz7t6LX2F Chapters 00:00 Introduction 01:25 Defining the Role of the CISO 04:43 1) Developing and implementing a cybersecurity strategy 07:27 2) Overseeing the organization's cybersecurity key programs and initiatives 08:20 3) Ensuring that the organization's cybersecurity policies and procedures are up-to-date and in compliance 10:44 4) Collaborating with other departments and teams 12:06 5) Developing and implementing a cybersecurity budget 14:21 6) Maintaining a high level of awareness about emerging cybersecurity threats, vulnerabilities, and technologies 15:29 7) Building and maintaining relationships with external partners and networking groups 18:07 8) Providing education, guidance, and support to the organization's employees 21:34 9) Leading and managing a team of cybersecurity professionals 24:10 10) Conducting regular risk assessments

In this episode of CISO Tradecraft, G Mark Hardy and guest Kevin Fiscus discuss the challenges of cybersecurity and the importance of prioritizing security decisions. Fiscus emphasizes the need for effective protective controls and detection measures, as well as the limitations of protective controls and the importance of detection. He suggests a "Detection Oriented Security Architecture" (DOSA) that includes high-fidelity, low-noise detection, automated response, and continuous monitoring. Fiscus also discusses the concept of cyber deception and proposes a new approach to cybersecurity that involves redirecting attackers to a decoy environment. Kevin Fiscus: https://www.linkedin.com/in/kevinbfiscus/ Full Transcripts: https://docs.google.com/document/d/1zIph4r5u8UtuhsMSmIyi90bCtV52xnHv Chapters 00:00 Introduction 04:55 The Average Time to Identify Bad Actors is 28-207 days 07:11 Why Protective Controls Don't Always Work 08:32 Protective Controls Create Resistance 10:34 The Cost of Detecting Bad Guys on Your Network 12:40 The Effects of Resistance on Protective Controls 15:56 The Problem with False Positive Alerts 20:08 How to Define Bad Guy Activity with 100% Accuracy 22:09 The Four Components of Security 24:14 Four Components of Detection Oriented Security Architecture (DOSA) 26:17 Differentiating between Monitoring & Alerting 27:13 High Fidelity and Low Fidelity Alerts  33:06 Setting a Squelch for Radios 31:37 How to Deal with False Negatives 33:56 The Importance of Non Production Resources in Detection 37:56 How to Use Cyber Trapping to Deceive an Attacker 42:54 The Role of Environment Variability in Deception 47:08 Blowing Sunshine at Attackers

Have you heard about the latest trends in Generative Artificial Intelligence (GAI)? Listen to this episode of CISO Tradecraft to learn from Konstantinos Sgantzos and G Mark Hardy as they talk about the potential risks of GAI and how it generates new content. Show Notes with Links: https://docs.google.com/document/d/10eCg3L00GgnHmze14g_JUkBbfHEdGZ8HW0eAGMk4PPE Chapters 00:00 Introduction 01:37 The Future of Generative Artificial Intelligence (GAI) 06:08 The Implications of Hallucination in Generative AI 09:06 Hallucination Trivia Test for Large Language Models 10:48 The Consequences of Using Generative AI Models 12:39 The Importance of Education in Cybersecurity 14:45 The Future of Generative AI 16:17 The Importance of Understanding Large Language Models 19:47 The Differences Between Eliza and Machine Learning 24:26 How to Armorize Generative AI 29:39 The Future of Programming 31:23 The Future of Machines 33:53 The Future of Technology 37:52 The Future of CISOs 40:25 The Future of Generative AI

Are you worried about cyber threats and data breaches? Do you want to build a strong cybersecurity program to protect your organization? Look no further! In this episode of CISO Tradecraft, G Mark Hardy and Debbie Gordon discuss the three dimensions of an effective Information Security Management System: Policy, Practice, and Proof. G Mark emphasizes the importance of having a proper cybersecurity policy that references information security controls or outcome-driven statements. However, it's not enough to have policies on paper; organizations need to practice what's on paper to be prepared for cyber events. This is where ranges come in. Ranges are a full replica of an enterprise network with real tools, traffic, and malware. They allow teams to practice detecting and responding to attacks in a safe environment. Debbie Gordon, founder of Cloud Range, explains how ranges can help organizations accelerate experience and reduce risk in cybersecurity. She emphasizes the importance of educating an organization's user base to become the first and last lines of defense against cyber threats. By training non-technical executives to spot suspicious activity and bring it to the attention of the security team, organizations can minimize the damage caused by phishing attacks, ransomware, and other cyber threats. Gordon also highlights the importance of team training in cybersecurity because it's not just about individual skills, but also about how teams work together to respond to threats. By practicing together in a range environment, organizations can improve their processes, handoffs, and speed in detecting and responding to attacks. Special thanks to our sponsor Cloud Range Cyber for supporting this episode. Website: www.cloudrangecyber.com Email: info@cloudrangecyber.com Full Transcripts: https://docs.google.com/document/d/1yWenwauzfAiQYafFW0Iew33vbzvlO2BO Chapters 00:00 Polished Security Programs need Policy, Practice, and Proof 00:54 Policy 02:47 Practice 03:44 Proof 04:28 How to Apply the Concepts of Ranges to Help Organizations 06:05 The importance of Experiential Learning 07:48 The Importance of following Procedures 12:12 The Benefits of Team Training for Cyber Ranges 15:33 The Importance of Muscle Memory 20:22 How to Maximize Your Investment in Cybersecurity (KPIs & Measurable Results) 24:33 The Advantages of using the MITRE ATT&CK® Framework 27:41 The Advantages of Following ISO Standards 31:36 How to Improve your Cloud Range Exercises 33:22 How to use Cognitive Aptitude Assessments for Workforce Development 37:44 How to level the Playing field for Cyber Talent 39:39 The Importance of Degrees in Cyber Security 41:03 Making the CISO's job easier

Are you concerned about the security of your data? If so, you're in luck, because we have an incredible episode that has Brent Deterding discuss how to implement simple, easy, and cheap cybersecurity measures.  One of the key takeaways from the episode is the importance of understanding, managing, and mitigating the risk of critical data being exposed, altered, or denied. Brent Deterding shares his top four tips for CISOs, which include implementing multi-factor authentication, device posture management, endpoint detection and response, and external patching. He emphasizes the importance of keeping things simple, easy, and cheap. Overall, the episode emphasizes the importance of taking a proactive approach to cybersecurity and being prepared for potential cyber threats. Brett Dietrich shares his approach to reducing risk for his company when negotiating with underwriters.  Remember significant risk reduction is simple, easy, and cheap, so don't wait to implement these tools and strategies. 10 Immutable Laws of Security: https://learn.microsoft.com/en-us/security/zero-trust/ten-laws-of-security Transcripts: https://docs.google.com/document/d/1eP7F8pD3kcrbja2sfSwSKGnJ-ADHviUt Chapters: 00:00 Introduction 02:05 How to Protect Your Organization's Critical Data 01:43 Scenario of Protecting a Small Company 08:01 The 10 Immutable Laws of Security 14:26 Tips for CISOs 15:30 Simple, Easy, & Cheap is a Technology State 19:00 How Much Do You Care About Phishing Problems? 20:46 How to a be successful at RSA? 26:00 How to Enable the Business without Reducing Friction? 28:37 How to Adopt the Australian Essential 8 31:06 Team Platform vs Best of Bread 33:00 Those with a fear of vendor lock-in are retired 36:36 How to Save Money on Cyber Insurance 38:27 How to implement the Four Hills Strategy (MFA, EDR, Device Posture Management, & Patch Management) 40:57 How to Negotiate Effectively With Insurance Companies 42:48: Getting Material Risk Reduction is Simple, Easy, and Cheap