CISO Tradecraft®

Join host G Mark Hardy in this episode of CISO Tradecraft as he welcomes Olivia Rose, an experienced CISO and founder of the Rose CISO Group. Olivia discusses her journey in cybersecurity from her start in marketing to becoming a VCISO. They delve into key topics including the transition from CISO to VCISO, strategies for managing time and stress, the importance of understanding board dynamics, and practical advice on mentoring new entrants in the cybersecurity field. Olivia also shares her insights on maintaining business alignment, handling insurance as a contractor, and building a personal brand in the cybersecurity community. Olivia Rose: https://www.linkedin.com/in/oliviarosecybersecurity/ Transcripts: https://docs.google.com/document/d/1S42BepIh1QQHVWsdhhgx6x99U188q5eL Chapters 00:00 Introduction and Guest Welcome 01:14 Olivia Rose's Career Journey 06:42 Challenges in Cybersecurity Careers 15:47 Communicating with the Board 22:57 Navigating Compliance and Legal Challenges 24:10 Building Strategic Relationships 25:46 Aligning Security with Business Goals 35:05 The Importance of Reputation and Branding

In this episode of CISO Tradecraft, host G Mark Hardy continues an in-depth discussion with cybersecurity attorney Thomas Ritter on the legal considerations for cybersecurity leaders. The episode touches on essential topics such as immediate legal steps after a data breach, the importance of using correct terminology, understanding attorney-client privilege and discovery, GDPR's impact, data localization, and proactive measures CISOs should take. The conversation also explores the implications of evolving cybersecurity laws and regulations like the Digital Operations Resilience Act and the potential criminal liabilities for CISOs. Thomas Ritter: https://www.linkedin.com/in/thomas-ritter-2b91014a/ Transcripts: https://docs.google.com/document/d/15xQINUOdziGdcEFfh5SN8lS7svtK0JCT   Chapters 00:00 Introduction and Recap of Part 1 01:43 Starting the Discussion: Data Breaches 02:22 Legal Steps After a Data Breach 07:19 Understanding Attorney-Client Privilege 08:21 Discovery in Legal Cases 13:31 Staying Updated on Cybersecurity Laws 19:38 Impact of GDPR on Cybersecurity 32:00 Data Localization Challenges 34:55 Proactive Legal Preparedness 37:23 Final Thoughts and Conclusion

In this episode of CISO Tradecraft, host G Mark Hardy interviews cybersecurity lawyer Thomas Ritter. They discuss key legal topics for CISOs, including regulatory compliance, managing third-party risk, responding to data breaches, and recent legislative impacts. Thomas shares his journey into cybersecurity law and provides practical advice and real-world examples. Key points include the challenges of keeping up with evolving regulations, the intricacies of vendor management, and the implications of recent Supreme Court rulings. They also touch on major breaches like SolarWinds and Colonial Pipeline, exploring lessons learned and the importance of implementing essential security controls. Thomas Ritter - https://www.linkedin.com/in/thomas-ritter-2b91014a/ Transcripts: https://docs.google.com/document/d/1EvZ_dOpFOLCSSv5ffqxCoMnLZDOnUv_K Chapters 00:00 Introduction to CISO Tradecraft 00:48 Meet Thomas Ritter: Cybersecurity Lawyer 03:48 Legal Challenges for CISOs 04:54 Managing Third-Party Risks 13:01 Understanding Legal and Statutory Obligations 15:57 Supreme Court Rulings and Cybersecurity 32:57 Lessons from High-Profile Cyber Attacks 38:32 Ransomware Epidemic and Law Enforcement 43:30 Conclusion and Contact Information

Emotional intelligence is essential for effective leadership in cybersecurity. The discussion highlights the differences between IQ and emotional intelligence and explores various EI models. Key traits such as self-awareness, empathy, and social skills are emphasized as crucial for leaders. Practical strategies for enhancing emotional intelligence are provided, showcasing its value in building trust and fostering communication. The episode also touches on how neurodiverse traits can benefit professionals in specialized fields.

Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations. Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5 Chapters 00:00 Introduction to CISO Tradecraft 00:40 Challenges of Cybersecurity in Small Businesses 01:15 Defining Small Business and Security Baselines 01:53 Top Cybersecurity Tools for Small Businesses 02:05 Hardware and Software Essentials 04:35 Patch Management Solutions 05:19 Endpoint Detection and Response (EDR) Tools 06:06 Secure Web Gateways and Website Security 11:21 Identity and Access Management (IAM) 12:57 Email Security Gateways 14:15 Managed Detection and Response (MDR) Solutions 14:54 Recap of Essential Cybersecurity Tools 15:41 Bonus Tool: Password Managers 18:33 Aligning with CIS Controls 24:48 Conclusion and Call to Action

Welcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablement, operational resilience, and cost reduction. Tune in for insightful strategies to improve your impact as a cybersecurity leader and a sneak peek at our upcoming CISO training class! If you would like to learn more about our class, drop us a comment: https://www.cisotradecraft.com/comment Transcripts: https://docs.google.com/document/d/19SDBdQSTLc58sP5ynwzhuedNHzk7QPKj Chapters 00:00 Introduction to Profitable Growth for CISOs 01:16 Understanding Profit and Business Objectives 03:24 Enhancing Customer Experience through Cybersecurity 08:51 Service Enablement and Upselling Strategies 11:39 Ensuring Operational Resilience 13:36 Cost Reduction and Efficiency Improvements 18:31 Recap and Final Thoughts 19:10 Exciting Announcement: CISO Training Course

Exploring AI in Cybersecurity: Insights from an Expert - CISO Tradecraft with Tom Bendien In this episode of CISO Tradecraft, host G Mark Hardy sits down with AI expert Tom Bendien to delve into the impact of artificial intelligence on cybersecurity. They discuss the basics of AI, large language models, and the differences between public and private AI models. Tom shares his journey from New Zealand to the U.S. and how he became involved in AI consulting. They also cover the importance of education in AI, from executive coaching to training programs for young people. Tune in to learn about AI governance, responsible use, and how to prepare for the future of AI in cybersecurity. Transcripts: https://docs.google.com/document/d/1x0UTLiQY7hWWUdfPE6sIx7l7B0ip7CZo Chapters 00:00 Introduction and Guest Welcome 00:59 Tom Bendien's Background and Journey 02:30 Diving into AI and ChatGPT 04:29 Understanding AI Models and Neural Networks 07:11 The Role of Agents in AI 10:10 Challenges and Ethical Considerations in AI 13:47 Open Source AI and Security Concerns 18:32 Apple's AI Integration and Compliance Issues 24:01 Navigating AI in Cybersecurity 25:09 Ethical Dilemmas in AI Usage 27:59 AI Coaching and Its Importance 32:20 AI in Education and Youth Engagement 35:55 Career Coaching in the Age of AI 39:20 The Future of AI and Its Saturation Point 42:07 Final Thoughts and Contact Information

In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark explores ethical frameworks, such as rights-based ethics, justice and fairness, utilitarianism, common good, and virtue ethics, and applies them to AI development and usage. The episode also highlights ethical dilemmas, including privacy concerns, bias, transparency, accountability, and the impacts of AI on societal norms and employment. Learn about the potential dangers of AI and how to implement and control AI systems ethically in your organization.    Transcripts: https://docs.google.com/document/d/10AhefqdhkT0PrEbh8qBZVn9wWS6wABO6 Chapters 00:00 Introduction to CISO Tradecraft 01:01 Stages of Artificial Intelligence 03:33 Ethical Implications of AI 05:24 Business Models and Data Security 13:52 Ethical Frameworks Explained 23:18 AI and Human Behavior 25:44 The TikTok Feedback Loop and Digital Addiction 26:54 AI's Unpredictable Capabilities 28:25 The Ethical Dilemmas of AI 30:57 Generative AI and Its Implications 42:10 The Role of Government and Society in AI Regulation 45:49 Conclusion and Ethical Considerations

In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges complexity introduces to cybersecurity, debunking the myth that more complex systems are inherently more secure. Through examples ranging from IT support issues to the intricacies of developing a web application with Kubernetes, the discussion highlights how complexity can obscure vulnerabilities, increase maintenance costs, and expand the attack surface. The episode also offers strategies to tackle complexity, including standardization, minimization, automation, and feedback-driven improvements, aiming to guide cybersecurity leaders toward more effective and less complex security practices. Transcripts: https://docs.google.com/document/d/1J0rPr0HxULpeVJMIwXKXqHuCfnXn4gDu Chapters  00:00 Introduction 01:03 The Misconception of Complexity in Cybersecurity 02:41 Real-World Complexities and Their Impact on IT 10:06 Simplifying Cybersecurity: Strategies and Solutions 14:48 Conclusion: Embracing Simplicity in Cybersecurity

This episode of CISO Tradecraft features a conversation between host G. Mark Hardy and Chris Rothe, co-founder of Red Canary, focusing on cloud security, managed detection and response (MDR) services, and the evolution of cybersecurity practices. They discuss the genesis of Red Canary, the significance of their company name, and the distinctions between Managed Security Service Providers (MSSPs) and MDRs. The conversation also covers the importance of cloud security, the challenges of securing serverless and containerized environments, and leveraging open-source projects like Atomic Red Team for cybersecurity. They conclude with insights on the cybersecurity labor market, the value of threat detection reports, and the future of cloud security. Red Canary: https://redcanary.com/ Chris Rothe: https://www.linkedin.com/in/crothe/ Transcripts: https://docs.google.com/document/d/1XN4Bp7Sa2geGCVaHuqMRmJckms4q7_L6