CISO Tradecraft®

Merritt Baer, former Deputy CISO at AWS and Harvard Law graduate, offers expert insights on the future of cybersecurity. She discusses the complexities of cloud security and the critical shared responsibility model. AI's dual role as both a tool and a threat is explored, including the risks of AI-generated fraud. Baer emphasizes the importance of sustainable practices in security and predicts key trends for 2025, urging CISOs to adopt robust security measures amid evolving challenges and regulatory scrutiny.

Kieran Human, a special project engineer at ThreatLocker with a master's in cybersecurity, shares compelling insights on modern endpoint protection. He explores the evolution from traditional antivirus systems to advanced EDR, revealing the critical role of allowlisting and ring fencing in today's threat landscape. Kieran discusses the limitations of conventional methods against fileless malware and ransomware, emphasizing proactive strategies to safeguard endpoints. Practical tips and real-world experiences highlight how organizations can effectively mitigate cyber risks with ThreatLocker’s innovative solutions.

Join cybersecurity experts Adam Isles and Andreas Kurland from the Chertoff Group as they delve into the pressing 'Salt Typhoon' threat from state actors targeting telecoms. They explore the vulnerabilities within telecommunications infrastructure, emphasizing the importance of encryption and secure communication methods. Learn about the risks of messaging platforms, voice communication security, and best practices for maintaining privacy during virtual meetings. They offer actionable insights to enhance corporate cybersecurity and protect against sophisticated attacks.

In this riveting episode of CISO Tradecraft, host G Mark Hardy welcomes back Richard Thieme, a thought leader in cybersecurity and technology, almost three years after his last appearance. Richard delves into the necessity of thinking like a hacker, provides insights into the AI singularity, and discusses the ethical and societal implications of emerging technologies. The conversation also touches on Richard's extensive body of work, including his books and views on cyber warfare, disinformation, and ethical decision-making. Tune in for a thought-provoking discussion that challenges conventional wisdom and explores the interconnectedness of technology, consciousness, and our future. Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/ CruiseCon Discount Code: CISOTRADECRAFT10 Link to Richard’s home page (and links to Amazon for his books):              https://thiemeworks.com/ Link to the book, The Ending of Time:             https://store.kfa.org/products/the-ending-of-time-new-edition Transcripts: https://docs.google.com/document/d/1Q7CJkF7Spji2iAbV_mYEyYHnKWobzo6N Chapters  00:00 Introduction and Guest Announcement 00:56 Upcoming Cybersecurity Event: CruiseCon 01:41 Welcoming Back Richard Thieme 02:06 Reflecting on Past Discussions 02:59 The Necessity for Thinking Like a Hacker 03:10 Exploring Richard Thieme's Books 08:25 Understanding AI and Its Implications 18:28 Soft Power and Global Influence 24:01 The Power of Fiction in Revealing Truth 24:37 Ethical Frameworks Post 9/11 26:12 The Role of Empathy in Intelligence Work 26:37 The Blurring Line Between Fact and Fiction 29:52 The Isolation of Intelligence Work 31:18 The Interconnectedness of Everything 33:36 Exploring Remote Viewing and Consciousness 36:50 The Rise of AI and Ethical Considerations 39:43 The Evolution of Technology and Society 45:07 Final Thoughts and Reflections

Shawnee Delaney, an insider threat expert with a background in espionage, shares her insights into cybersecurity's human elements. She highlights how understanding motivation is vital for detecting insider threats and stresses the importance of cultivating a positive organizational culture. Delaney discusses proactive strategies like psychological testing in hiring and employee lifecycle management. She also offers practical advice for leaders to foster open communication and build effective insider threat programs, drawing parallels from military core values.

Welcome to another enlightening episode of CISO Tradecraft! In this episode, host G. Mark Hardy dives deep into the critical topic of CISO burnout with special guest Raghav Singh, a PhD candidate from the University of Buffalo. This is an eye-opening session for anyone in the cybersecurity field, especially those in or aspiring to the CISO role. Raghav shares valuable insights from his extensive research on the unique stresses faced by CISOs, the organizational factors contributing to burnout, and practical coping mechanisms. We also explore the evolutionary phases of CISOs, from technical experts to strategic business enablers. Whether you're dealing with resource limitations, seeking executive support, or managing ever-evolving cybersecurity threats, this episode offers actionable advice to navigate the demanding role of a CISO successfully. Don't forget to like, comment, and share to help other CISOs and cybersecurity leaders! Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/ CruiseCon Discount Code: CISOTRADECRAFT10 Transcripts: https://docs.google.com/document/d/1fhLkaj_JetlYFQ50Q69uMGmsw3fS3Wqa CISO Burnout - https://aisel.aisnet.org/amcis2023/sig_lead/sig_lead/4/ CISO-CIO Power Dynamics https://aisel.aisnet.org/amcis2024/is_leader/is_leader/6/  Cybersec professionals and AI integration https://aisel.aisnet.org/amcis2024/security/security/29/ Raghav can be reached on rsingh45@buffalo.edu Chapters  00:00 Introduction and Guest Welcome 02:34 Understanding CISO Burnout 03:24 PhD Journey and Challenges 10:12 Key Findings on CISO Burnout 18:39 Six Sources of CISO Burnout 32:47 CISO Maturity Levels 42:57 Conclusion and Call to Action

Setting Sail with Cybersecurity: Exclusive Insights from Ira Winkler on CruiseCon 2025 🛳️ Join us for an exciting episode of CISO Tradecraft as G Mark Hardy sits down with renowned cybersecurity expert Ira Winkler! Discover the groundbreaking CruiseCon 2025, the first at-sea cybersecurity conference, featuring top-tier speakers and unrivaled networking opportunities. Learn about Ira's illustrious career, the significance of certifications, and the current state of the cybersecurity job market. Don't miss out on this chance to enhance your career and connect with industry luminaries. Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/ CruiseCon Discount Code: CISOTRADECRAFT10 Transcripts: https://docs.google.com/document/d/1CGyFBxOrxvJitKsH9BRKwf2_g8rRPZ6K Chapters 00:00 Introduction and Special Announcement 00:42 Reconnecting with Ira Winkler 04:07 Early Cybersecurity Days and Certifications 14:35 Innovative Ideas and CruiseCon 21:32 Meet the Top Cybersecurity Experts 22:13 Exciting Events and Networking Opportunities 24:10 Special Deals and Sponsorships 34:47 Addressing the Cybersecurity Job Market

Join G. Mark Hardy on this exciting episode of CISO Tradecraft as he interviews J.C. Vega, the first cyber colonel in the United States Army. Vega shares his invaluable insights on leadership, team building, and success strategies that can transform your cybersecurity career. Plus, learn about CruiseCon 2025, Wee Dram, and how you can take your leadership skills to the next level. Don't miss out on this episode packed with wisdom, actionable advice, and some fun anecdotes. Subscribe, comment, and share with your peers! Big Thanks to our Sponsor CruiseCon - https://cruisecon.com/ CruiseCon Discount Code: CISOTRADECRAFT10   JC Vega - https://www.linkedin.com/in/jcvega-cyber-colonel/  Transcripts: https://docs.google.com/document/d/1ExuX-WVO4_qqLoIZDuT0QS2VAvN2resW   Chapters 00:00 Introduction and Special Guest Announcement 01:15 Meet J.C. Vega: The First Cyber Colonel 01:55 The Wee Dram Community 03:39 Building a Trusted Cybersecurity Community 09:12 Leadership Principles from Military to Civilian Life 12:31 Building and Leading Effective Teams 24:17 The Peter Principle and Career Progression 24:49 Creating a Shared Understanding in Cybersecurity 26:43 Commander's Intent: Defining Success 29:29 Empowering Teams and Accepting Prudent Risk 36:19 Rules to Live By: The Vega's Top Three 44:58 Final Thoughts and Farewell

This spooky installment explores the lurking threats of Shadow IT and Zombie IT. Discover the risks associated with unauthorized technologies and obsolete systems that can compromise organizational security. Strategies like rigorous asset management and automation are highlighted to combat these hidden dangers. The discussion also emphasizes the need for comprehensive compliance reviews. Plus, there’s an enticing opportunity to network at an upcoming cybersecurity conference aboard a luxury cruise.

Discover the transformative SOC Capability Maturity Model that revolutionizes how organizations assess their cybersecurity operations. Learn about the five key domains critical for enhancing SOC efficiency and resilience. Explore real-world success stories, including impressive improvements from a financial company. Find out how to visualize your SOC capabilities using radar charts and the importance of risk-based planning. This discussion is a treasure trove of insights for cybersecurity professionals aiming for excellence!