CISO Tradecraft®

On this episode of CISO Tradecraft we feature Robin Dreeke from People Formula.  Robin was the former head of the FBI Counterintelligence Behavioral Analysis Program and has an amazing background in learning how individuals think, build trust, and communicate.  Robin highlights 4 Pillars of Communicating: Seek the thoughts and opinions of others Talk in terms of priorities, pain points, and challenges of others Use Nonjudgmental validation (ie seek to understand others without judging) Empower others with choice and give them cause and effect of each choice To learn more about Robin's way of thinking you can check out his podcast and books: Forged By Trust Podcast Sizing People Up  The Code of Trust  It's Not All About Me The People Formula Workbook 2.0: Communication Style Inventory  

This episode is sponsored by Varonis.  You can learn more on how to reduce your ransomware radius by performing a free ransomware readiness assessment Link On this episode, Sounil Yu continues his discussion about his new book ("Cyber Defense Matrix").  Listen to learn more about:    Pre-Event Structural Awareness vs Post-Event Situational Awareness Environmental vs Contextual Awareness Understanding Security Handoffs Rationalizing Technologies Portfolio Analysis Responding to Emerging Buzzwords (Zero Trust and SASE)

This episode is sponsored by Varonis.  You can learn more on how to reduce your ransomware radius by performing a free ransomware readiness assessment Link This episode of CISO Tradecraft has Sounil Yu talk about his new book, "Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape". Sounil reviews the Cyber Defense Matrix in depth.  We discuss how the Cyber Defense Matrix can be used for:  Capturing & Organizing Measurements & Metrics Developing a Cyber Security Roadmap Gaining Greater Situational & Structural Awareness Understanding Organizational Responsibilities & Handoffs Rationalizing Technologies & Finding Investment Opportunities Deciphering the Latest Industry Buzzword You can purchase Sounil's new book here Link    

On this episode of CISO Tradecraft, John Hellickson from Coalfire talks about his career as a CISO.  Listen and learn about: The evolving role of the CISO How John got started as a CISO Whis is a Field CISO and how does it differ from a traditional CISO role Tips on getting your career to the next level by attending the right conferences and getting an executive coach How to get Business Alignment How the Security Advisor Alliance is helping the next generation of cyber talent  

A respected journalist focusing on cybersecurity and our community of people for over 25 years, Deb Radcliff remains a trusted information source who checks and double-checks her sources before publication -- a refreshing change to the low signal - high noise world of social media. In this episode, we discuss where CISOs might turn for accurate information, how the industry has evolved in complexity, and take a look at the first of three fictional novels she's writing about a future world where hackers take on an oppressive digital state. What is really interesting is her explanation of how she went from book idea to published reality. Breaking Backbones Information is Power may be purchased from the following Amazon Link

On this Episode of CISO Tradecraft we talk about the Top 10 areas of concern for the C Suite about Ransomware.  Note you can read the full ISC2 Study here (Link). Cybersecurity professionals should keep the following golden rules in mind when communicating with the C-suite about ransomware. Increase Communication and Reporting to Leadership Temper Overconfidence as Needed Tailor Your Message Make the Case for New Staff and Other Investments Make Clear that Ransomware Defense is Everyone’s Responsibility

On this episode of CISO Tradecraft, Christian Hyatt from risk3sixty stops by to discuss the 3 major Business Objectives for CISOs: Risk Management Cost Reduction Revenue Generation He also discusses the five CISO Archetypes.   The Executive The Engineer The GRC Guru The Technician The Builder References: The 5 CISO Archetypes Book Link Designing the CISO Role Link

Chances are your organization has information that someone else wants.  If it's another nation state, their methods may not be friendly or even legal.  In this episode we address assessing risk, known "bad" actors, information targets, exfiltration, cyber security models, what the federal government is doing for contractors, and response strategies.  Listen now so you don't become a statistic later.   References: https://www.fbi.gov/file-repository/china-exec-summary-risk-to-corporate-america-2019.pdf https://nhglobalpartners.com/made-in-china-2025/ https://www.cybintsolutions.com/cyber-security-facts-stats/ http://www.secretservice.gov/ntac/final_it_sector_2008_0109.pdf http://www.secretservice.gov/ntac/final_government_sector2008_0109.pdf CIS Controls v8.0, Center for Internet Security, May 2021, https://www.cisecurity.org https://owasp.org/www-project-threat-and-safeguard-matrix/ https://www.acq.osd.mil/cmmc/about-us.html

Our career has been growing like crazy with an estimated 3.5 million unfilled cybersecurity jobs within the next few years.  More certs, more quals, more money, right?  The sky’s the limit.  But what if we’re wrong?  AI, machine learning, security-by-design, outsourcing, and H-1B programs may put huge downward pressure on future job opportunities (and pay) in this country.  Of course, we don’t WANT this, but shouldn’t a wise professional prepare for possibilities?  [We did a ton of research looking at facts, figures, industry trends, and possible futures that might have us thinking that 2022 may have been “the good old days.”  No gloom-and-doom here; just an objective look with a fresh perspective, you know, just in case.]

On this episode of CISO Tradecraft, we discuss how to avoid Death By PowerPoint by creating cyber awareness training that involves and engages listeners. Specifically we discuss: The EDGE method:  Explain, Demonstrate, Guide, and Enable Escape Rooms Tabletop Exercises Polling During Presentations Short videos from online resources References: https://blog.scoutingmagazine.org/2017/05/05/living-on-the-edge-this-is-the-correct-way-to-teach-someone-a-skill/ http://www.inquiry.net/ideals/scouting_game_purpose.htm https://cisotradecraft.podbean.com/e/ciso-tradecraft-shall-we-play-a-game/ Escape Rooms https://library.georgetown.org/virtual-escape-rooms/ https://research.fairfaxcounty.gov/unlimited/escape Tabletop Exercises From GCHQ https://www.ncsc.gov.uk/information/exercise-in-a-box From CISA https://www.cisa.gov/cisa-tabletop-exercises-packages Funny Videos on Cyber https://staysafeonline.org/resource/security-awareness-episode/