CISO Tradecraft®

CISO Tradecraft®
undefined
5 snips
May 20, 2024 • 45min

#182 - Shaping the SOC of Tomorrow (with Debbie Gordon)

Debbie Gordon, a SOC expert, discusses the importance of personnel, skill development, and team management in cybersecurity. The podcast covers building and managing successful SOCs, simulation-based training benefits, and best practices for enhancing cybersecurity posture.
undefined
May 13, 2024 • 25min

#181 - Inside the 2024 Verizon Data Breach Investigations Report

Discussing the 2024 Verizon Data Breach Investigations Report, this podcast delves into cyber threats like hacking and malware, methods of exploitation including VPN attacks and phishing, the necessity of multi-factor authentication, the rise of DDoS attacks, and the impact of generative AI and deepfake content on security and elections.
undefined
May 6, 2024 • 1h 7min

#180 - There's Room For Everybody In Your Router (with Giorgio Perticone)

In this joint episode of the Security Break podcast and CISO Tradecraft podcast, hosts from both platforms come together to discuss a variety of current cybersecurity topics. They delve into the challenge of filtering relevant information in the cybersecurity sphere, elaborate on different interpretations of the same news based on the reader's background, and share a detailed analysis on specific cybersecurity news stories. The discussion covers topics such as the implications of data sharing without user consent by major wireless providers and the fines imposed by the FCC, the significance of increasing bug bounty payouts by tech companies like Google, and a comprehensive look at how edge devices are exploited by hackers to create botnets for various cyberattacks. The conversation addresses the complexity of the cybersecurity landscape, including how different actors with varied objectives can simultaneously compromise the same devices, making it difficult to attribute attacks and protect networks effectively. Transcripts: https://docs.google.com/document/d/1GtFIWtDf_DSIIgs_7CizcnAHGnFTTrs5 Chapters 00:00 Welcome to a Special Joint Episode: Security Break & CISO Tradecraft 01:27 The Challenge of Filtering Cybersecurity Information 04:23 Exploring the FCC's Fine on Wireless Providers for Privacy Breaches 06:41 The Complex Landscape of Data Privacy Regulations 16:00 The Economics of Data Breaches and Regulatory Fines 24:23 Bug Bounties and the Value of Security Research 33:21 Exploring the Economics of Cybersecurity 33:50 The Lucrative World of Bug Bounties 34:38 The Impact of Security Vulnerabilities on Businesses 35:50 Navigating the Complex Landscape of Cybersecurity 36:22 The Ethical Dilemma of Selling Exploit Information 37:32 Understanding the Market Dynamics of Cybersecurity 38:00 Focusing on Android Application Security 38:34 The Importance of Targeting in Cybersecurity Efforts 42:33 Exploring the Threat Landscape of Edge Devices 46:37 The Challenge of Securing Outdated Technology 49:28 The Role of Cybersecurity in Modern Warfare 53:15 Strategies for Enhancing Cybersecurity Defenses 01:05:25 Concluding Thoughts on Cybersecurity Challenges
undefined
Apr 29, 2024 • 32min

#179 - The 7 Broken Pillars of Cybersecurity

Delve into the seven critical challenges plaguing cybersecurity today. Explore the absence of a unified licensing system and the inefficiency of current auditors. Learn why prioritizing all controls high can lead to mismanaged resources. The obsession with new tools and misplaced accountability are also scrutinized. Rethink traditional degree requirements in favor of practical experience, and uncover the complexities of federal data privacy laws. Engage with calls for a standardized approach to cybersecurity that could revolutionize the industry.
undefined
Apr 22, 2024 • 46min

#178 - Cyber Threat Intelligence (with Jeff Majka & Andrew Dutton)

In this episode of CISO Tradecraft, hosts G Mark Hardy and guests Jeff Majka and Andrew Dutton discuss the vital role of competitive threat intelligence in cybersecurity. They explore how Security Bulldog's AI-powered platform helps enterprise cybersecurity teams efficiently remediate vulnerabilities by processing vast quantities of data, thereby saving time and enhancing productivity. The conversation covers the importance of diverse threat intelligence sources, including open-source intelligence and insider threat awareness, and the strategic value of AI in analyzing and prioritizing data to manage cybersecurity risks effectively. The discussion also touches on the challenges and potentials of AI in cybersecurity, including the risks of data poisoning and the ongoing battle between offensive and defensive cyber operations. The Security Bulldog: https://securitybulldog.com/contact/ Transcripts: https://docs.google.com/document/d/1D6yVMAxv16XWtRXalI5g-ZdepEMYmQCe Chapters 00:00 Introduction 00:56 Introducing the Experts: Insights from the Field 02:43 Unpacking Cybersecurity Intelligence: Definitions and Importance 04:02 Exploring Cyber Threat Intelligence (CTI): Applications and Strategies 13:11 The Role of AI in Enhancing Cybersecurity Efforts 16:43 Navigating the Complex Landscape of Cyber Threats and Defenses 19:07 The Future of AI in Cybersecurity: A Balancing Act 22:33 Exploring AI's Role in Cybersecurity 22:50 The Practical Application of AI in Cybersecurity 25:08 Challenges and Trust Issues with AI in Cybersecurity 26:52 Managing AI's Risks and Ensuring Reliability 31:00 The Evolution and Impact of AI Tools in Cyber Threat Intelligence 34:45 Choosing the Right AI Solution for Cybersecurity Needs 37:27 The Business Case for AI in Cybersecurity 41:22 Final Thoughts and the Future of AI in Cybersecurity  
undefined
16 snips
Apr 15, 2024 • 46min

#177 - 2024 CISO Mindmap (with Rafeeq Rehman)

Cybersecurity expert, Rafeeq Rehman, discusses the CISO Mind Map, Gen AI, tool consolidation, cyber resilience, and business value of security controls. Insights on adapting to technological advancements, advocating for cybersecurity as a business-enabling function, and lifelong learning in information security.
undefined
Apr 8, 2024 • 48min

#176 - Reality-Based Leadership (with Alex Dorr)

In this episode of CISO Tradecraft, host G Mark Hardy welcomes Alex Dorr to discuss Reality-Based Leadership and its impact on reducing workplace drama and enhancing productivity. Alex shares his journey from professional basketball to becoming an evangelist of reality-based leadership, revealing how this approach helped him personally and professionally. They delve into the concepts of SBAR (Situation, Background, Analysis, Recommendation) for effective communication, toggling between low self and high self to manage personal reactions, and practical tools like 'thinking inside the box' to confront and solve workplace issues within given constraints. The conversation underscores the importance of focusing on actionable strategies over arguing with the drama and reality of workplace dynamics, aiming to foster a drama-free, engaged, and productive work environment. Alex Dorr's Linkedin: https://www.linkedin.com/in/alexmdorr/ Reality-Based Leadership Website: https://realitybasedleadership.com/  Transcripts: https://docs.google.com/document/d/1wge0pFLxE4MkS6neVp68bdz8h9mHrwje    Chapters 00:00 Introduction 00:57 Alex Dorr's Journey from Basketball to Leadership Expert 03:54 The Core Principles of Reality-Based Leadership 06:20 Understanding the Human Condition in the Workplace 09:19 Tackling Workplace Drama with Reality-Based Leadership 11:58 The Power of Positive Energy Management 17:42 Navigating Unpreferred Realities and Finding Impact 19:44 Reality-Based Leadership in Action: Techniques and Outcomes 23:12 The Importance of Skill Development Over Perfecting Reality 24:32 The Challenge of Employee Engagement 25:49 Secrets to Embracing Reality and Taking Action 25:58 Leadership vs. Management: Navigating Workplace Dynamics 28:28 Empowering Employees with the SBAR Framework 34:04 Addressing Venting and Negative Behaviors 36:17 Developing People: The Core of Leadership 37:50 Choosing Happiness Over Being Right 40:15 Integrating New Leadership Models and Making Them Stick 46:24 Concluding Thoughts and Contact Information
undefined
Apr 1, 2024 • 33min

#175 - Navigating NYDFS Cyber Regulation

This episode of CISO Tradecraft dives deep into the New York Department of Financial Services Cybersecurity Regulation, known as Part 500. Hosted by G Mark Hardy, the podcast outlines the significance of this regulation for financial services companies and beyond. Hardy emphasizes that Part 500 serves as a high-level framework applicable not just in New York or the financial sector but across various industries globally due to its comprehensive cybersecurity requirements. The discussion includes an overview of the regulation's history, amendments to enhance governance and incident response, and a detailed analysis of key sections such as multi-factor authentication, audit trails, access privilege management, and incident response. Additionally, the need for written policies, designating a Chief Information Security Officer (CISO), and ensuring adequate resources for implementing a cybersecurity program are highlighted. The podcast also offers guidance on how to approach certain regulatory mandates, emphasizing the importance of teamwork between CISOs, legal teams, and executive management to comply with and benefit from the regulation's requirements. AuditScripts: https://www.auditscripts.com/free-resources/critical-security-controls/ NYDFS: https://www.dfs.ny.gov/industry_guidance/cybersecurity  Transcripts: https://docs.google.com/document/d/1CWrhNjHXG1rePtOQT-iHyhed2jfBaZud Chapters 00:00 Introduction 00:35 Why Part 500 Matters Beyond New York 01:48 The Evolution of Financial Cybersecurity Regulations 03:20 Understanding Part 500: Definitions and Amendments 08:44 The Importance of Multi-Factor Authentication 14:33 Navigating the Complexities of Cybersecurity Regulations 20:23 The Critical Role of Asset Management and Access Privileges 25:37 The Essentials of Application Security and Risk Assessment 31:11 Incident Response and Business Continuity Management 32:36 Concluding Thoughts on NYDFS Cybersecurity Regulation
undefined
Mar 25, 2024 • 44min

#174 - OWASP Top 10 Web Application Attacks

In this episode of CISO Tradecraft, host G. Mark Hardy delves into the crucial topic of the OWASP Top 10 Web Application Security Risks, offering insights on how attackers exploit vulnerabilities and practical advice on securing web applications. He introduces OWASP and its significant contributions to software security, then progresses to explain each of the OWASP Top 10 risks in detail, such as broken access control, injection flaws, and security misconfigurations. Through examples and recommendations, listeners are equipped with the knowledge to better protect their web applications and ultimately improve their cybersecurity posture. OWASP Cheat Sheets: https://cheatsheetseries.owasp.org/ OWASP Top 10: https://owasp.org/www-project-top-ten/ Transcripts: https://docs.google.com/document/d/17Tzyd6i6qRqNfMJ8OOEOOGpGGW0S8w32 Chapters 00:00 Introduction 01:11 Introducing OWASP: A Pillar in Cybersecurity 02:28 The Evolution of Web Vulnerabilities 05:01 Exploring Web Application Security Risks 07:46 Diving Deep into OWASP Top 10 Risks 09:28 1) Broken Access Control 14:09 2) Cryptographic Failures 18:40 3) Injection Attacks 23:57 4) Insecure Design 25:15 5) Security Misconfiguration 29:27 6) Vulnerable and Outdated Software Components 32:31 7) Identification and Authentication Failures 36:49 8) Software and Data Integrity Failures 38:46 9) Security Logging and Monitoring Practices 40:32 10) Server Side Request Forgery (SSRF) 42:15 Recap and Conclusion: Mastering Web Application Security
undefined
Mar 18, 2024 • 22min

#173 - Mastering Vulnerability Management

In this episode, the host discusses the critical topic of vulnerability management for cybersecurity leaders, emphasizing the importance of a strategic program to prevent exploits. He covers tools like ExploitDB and Metasploit, advises on scanning tools, prioritization, and timely patching. The discussion also includes optimizing the patching process, accurate metrics, gamification, and executive buy-in to enhance security culture.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app