CISO Tradecraft®

The Great Resignation is upon us, and if some of your top talent hasn't given you their notice, it may be happening soon.  Or not, depending on what you choose to do.  With plenty of time to contemplate options, people are quitting jobs at a record pace.  But wise leaders learn how to listen to their people's needs and desires, create a sense of purpose that motivates far beyond a paycheck, and creates a safe working space by allowing people to be human and make the occasional mistake.  Keep your IT Security team intact with these concepts and much more. For more great CISO content please subscribe to our LinkedIn Page Thank you for listening to CISO Tradecraft References: https://www.bls.gov/news.release/archives/jolts_06082021.pdf https://info.workinstitute.com/hubfs/2020%20Retention%20Report/Work%20Institutes%202020%20Retention%20Report.pdf https://www.npr.org/2021/10/22/1048332481/the-great-resignation-why-people-are-leaving-their-jobs-in-growing-numbers https://blog.trello.com/enterprise/how-to-retain-employees https://hbr.org/2016/09/why-people-quit-their-jobs https://www.mckinsey.com/business-functions/people-and-organizational-performance/our-insights/great-attrition-or-great-attraction-the-choice-is-yours https://blog.trello.com/supportive-company-culture https://www.statista.com/chart/19064/number-of-unused-vacation-days/ https://www.glassdoor.com/blog/vacation-realities-2017/ https://hbr.org/2016/03/two-thirds-of-managers-are-uncomfortable-communicating-with-employees https://www.mckinsey.com/business-functions/people-and-organizational-performance/our-insights/igniting-individual-purpose-in-times-of-crisis https://allthatsinteresting.com/myers-briggs-test https://cybersecurityventures.com/jobs

In this episode, you can hear from Dr. Neal Krawetz, creator of Hacker Factor and FotoForensics. Neal's a long-time security practitioner who shares some fascinating insights in terms of how to identify potential bad actors early on (think reconnaissance interception), techniques for detecting bots and malicious entities, and ways to protect your team members from misattributed fake blog entries.

Special Thanks to our podcast Sponsor, Prevailion. Some of the best C-level executives start in the technical ranks.  This episode features Nate Warfield, CTO of Prevailion, who differentiated himself by creating the CTI-League.com to assist healthcare companies with ransomware.  We'll cover some of that organization, how Nate got his first C-level job, and some lessons learned you might appreciate in your own CISO journey. To learn more about Cyber Adversary Intelligence, please check out Prevailion who sponsored this episode.

When you first start a cybersecurity job, or hire someone into a cybersecurity job, there is a window of opportunity to see things with a new perspective.  In this episode, we’re privileged to share ideas with Rebecca Mossman, a successful cybersecurity leader who has led successfully a number of teams in her career.  We’ll examine relationships, stakeholders, setting priorities, communication, and knowing when to call something “done” and move on to the next task.

A Border Gateway Protocol (BGP) misconfiguration is what took out Facebook on 4 October.  Most IT folks don't understand how BGP works.  This episode helps you gain a better understanding of the protocol that creates routing tables to move information from one end of the Internet to the other.  We'll explain how Autonomous Systems (AS) share BGP route information, what should happen when things go right, and then examine what likely went wrong at Facebook and how you might be able to prepare for potential problems in advance before they occur.

This is a special treat.  On this episode of CISO Tradecraft you can hear Mark D. Rasch, JD, discuss legal and security topics that he's encountered in his more than 30 years of experience in cybersecurity law.  We look into ransomware, reportable breaches, the appropriateness (or lack thereof) of certain legal statues, and finish with some actionable advice for CISOs and security leaders that you really need to hear.

We've all suffered through horrible meetings that felt like a total waste of time.  As a security leader, you'll be convening your fair share of meetings with your staff.  Don't be "that boss" who can't run an effective meeting.  This episode shows ways you can ensure your meetings are both efficient and effective, result in actionable tasking, and keep people coming back for more because you showed respect for their time and their ideas.  And we even practice what we preach -- this episode ends early.   Harvard Meeting Cost Calculator Link OSS Simple Sabotage Manual Link

In our 31 July 2021 Episode 42, Risky Business, we covered the basics of risk and risk assessment. This part 2 episode gets into the practical application of risk management using the FAIR model, or Factor Analysis of Information Risk. We explain key risk terminology and walk through examples of how to express risk using this model, as well as creating a meaningful way to explain to executives that is actionable.   Risk Matrix Example: Link One Page FAIR Model: Link Measuring & Managing Information Risk: Link FAIR Wiki: Link

Have you ever faced a crisis?  How well did you do?  You should always want to improve your skills in case another happens.  On the 20th anniversary of 9/11, G. Mark Hardy shares some of his experiences as the on-scene commander for the military first responders at the World Trade Center, and expands that into a set of skills and attributes that you can cultivate to become a more effective crisis response leader in your role as a cybersecurity professional.   References: 5 Leadership Skills Link How to Combat a Crisis Link Manage a Crisis Link Lessons in Crisis Leadership Link Creative Leadership Guidebook Link Financial Interest in Situations Link G Mark Hardy Ground Zero Video 1 of 2 Link G Mark Hardy Ground Zero Video 2 of 2 Link

Traditional risk models focus on calculating loss frequency and magnitude, but don't go far enough in terms of modeling the most important assets in our organization, known as "crown jewels." This episode of CISO Tradecraft is a fascinating interview with the CEO and founder of a startup focusing on crown jewel analysis -- Roselle Safran. We'll look into how making this a part of your portfolio helps put the "C" in CISO by showing your understanding of the business in which you work. We'll also extend our discussion to challenges faced by women in cybersecurity, and encouragement for women (and others) to enter our exciting profession.