CISO Tradecraft® G Mark Hardy & Ross Young
-
- Technology
Welcome to CISO Tradecraft®. A podcast designed to take you through the adventure of becoming a CISO. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.
-
#180 - There's Room For Everybody In Your Router (with Giorgio Perticone)
In this joint episode of the Security Break podcast and CISO Tradecraft podcast, hosts from both platforms come together to discuss a variety of current cybersecurity topics. They delve into the challenge of filtering relevant information in the cybersecurity sphere, elaborate on different interpretations of the same news based on the reader's background, and share a detailed analysis on specific cybersecurity news stories. The discussion covers topics such as the implications of data sharing without user consent by major wireless providers and the fines imposed by the FCC, the significance of increasing bug bounty payouts by tech companies like Google, and a comprehensive look at how edge devices are exploited by hackers to create botnets for various cyberattacks. The conversation addresses the complexity of the cybersecurity landscape, including how different actors with varied objectives can simultaneously compromise the same devices, making it difficult to attribute attacks and protect networks effectively.
Transcripts: https://docs.google.com/document/d/1GtFIWtDf_DSIIgs_7CizcnAHGnFTTrs5
Chapters
00:00 Welcome to a Special Joint Episode: Security Break & CISO Tradecraft
01:27 The Challenge of Filtering Cybersecurity Information
04:23 Exploring the FCC's Fine on Wireless Providers for Privacy Breaches
06:41 The Complex Landscape of Data Privacy Regulations
16:00 The Economics of Data Breaches and Regulatory Fines
24:23 Bug Bounties and the Value of Security Research
33:21 Exploring the Economics of Cybersecurity
33:50 The Lucrative World of Bug Bounties
34:38 The Impact of Security Vulnerabilities on Businesses
35:50 Navigating the Complex Landscape of Cybersecurity
36:22 The Ethical Dilemma of Selling Exploit Information
37:32 Understanding the Market Dynamics of Cybersecurity
38:00 Focusing on Android Application Security
38:34 The Importance of Targeting in Cybersecurity Efforts
42:33 Exploring the Threat Landscape of Edge Devices
46:37 The Challenge of Securing Outdated Technology
49:28 The Role of Cybersecurity in Modern Warfare
53:15 Strategies for Enhancing Cybersecurity Defenses
01:05:25 Concluding Thoughts on Cybersecurity Challenges -
#179 - The 7 Broken Pillars of Cybersecurity
In this episode of CISO Tradecraft, host G. Mark Hardy discusses seven critical issues facing the cybersecurity industry, offering a detailed analysis of each problem along with counterarguments. The concerns range from the lack of a unified cybersecurity license, the inefficiency and resource waste caused by auditors, to the need for a federal data privacy law. Hardy emphasizes the importance of evaluating policies, prioritizing effective controls, and examining current industry practices. He challenges the audience to think about solutions and encourages sharing opinions and additional concerns, aiming to foster a deeper understanding and improvement within the field of cybersecurity.
Transcripts: https://docs.google.com/document/d/1H_kTbCG8n5f_d1ZHNr1QxsXf82xb08cG
Chapters
00:00 Introduction
01:28 Introducing the Seven Broken Things in Cybersecurity
02:00 1. The Lack of a Unified Cybersecurity License
06:53 2. The Problem with Cybersecurity Auditors
10:09 3. The Issue with Treating All Controls as High Priority
14:12 4. The Obsession with New Cybersecurity Tools
19:23 5. Misplaced Accountability in Cybersecurity
22:38 6. Rethinking Degree Requirements for Cybersecurity Jobs
26:49 7. The Need for Federal Data Privacy Laws
30:53 Closing Thoughts and Call to Action -
#178 - Cyber Threat Intelligence (with Jeff Majka & Andrew Dutton)
In this episode of CISO Tradecraft, hosts G Mark Hardy and guests Jeff Majka and Andrew Dutton discuss the vital role of competitive threat intelligence in cybersecurity. They explore how Security Bulldog's AI-powered platform helps enterprise cybersecurity teams efficiently remediate vulnerabilities by processing vast quantities of data, thereby saving time and enhancing productivity. The conversation covers the importance of diverse threat intelligence sources, including open-source intelligence and insider threat awareness, and the strategic value of AI in analyzing and prioritizing data to manage cybersecurity risks effectively. The discussion also touches on the challenges and potentials of AI in cybersecurity, including the risks of data poisoning and the ongoing battle between offensive and defensive cyber operations.
The Security Bulldog: https://securitybulldog.com/contact/
Transcripts: https://docs.google.com/document/d/1D6yVMAxv16XWtRXalI5g-ZdepEMYmQCe
Chapters
00:00 Introduction
00:56 Introducing the Experts: Insights from the Field
02:43 Unpacking Cybersecurity Intelligence: Definitions and Importance
04:02 Exploring Cyber Threat Intelligence (CTI): Applications and Strategies
13:11 The Role of AI in Enhancing Cybersecurity Efforts
16:43 Navigating the Complex Landscape of Cyber Threats and Defenses
19:07 The Future of AI in Cybersecurity: A Balancing Act
22:33 Exploring AI's Role in Cybersecurity
22:50 The Practical Application of AI in Cybersecurity
25:08 Challenges and Trust Issues with AI in Cybersecurity
26:52 Managing AI's Risks and Ensuring Reliability
31:00 The Evolution and Impact of AI Tools in Cyber Threat Intelligence
34:45 Choosing the Right AI Solution for Cybersecurity Needs
37:27 The Business Case for AI in Cybersecurity
41:22 Final Thoughts and the Future of AI in Cybersecurity
-
#177 - 2024 CISO Mindmap (with Rafeeq Rehman)
This episode of CISO Tradecraft features a comprehensive discussion between host G Mark Hardy and guest Rafeeq Rehman, centered around the evolving role of CISOs, the impact of Generative AI, and strategies for effective cybersecurity leadership. Rafeeq shares insights on the CISO Mind Map, a tool for understanding the breadth of responsibilities in cybersecurity leadership, and discusses various focal areas for CISOs in 2024-2025, including the cautious adoption of Gen AI, tool consolidation, cyber resilience, branding for security teams, and maximizing the business value of security controls. The episode also addresses the importance of understanding and adapting to technological advancements, advocating for cybersecurity as a business-enabling function, and the significance of lifelong learning in information security.
Cybersecurity Learning Saturday: https://www.linkedin.com/company/cybersecurity-learning-saturday/
2024 CISO Mindmap: https://rafeeqrehman.com/2024/03/31/ciso-mindmap-2024-what-do-infosec-professionals-really-do/
Transcripts: https://docs.google.com/document/d/1axXQJoAdJI26ySKVfROI9rflvSe9Yz50
Chapters
00:00 Introduction
00:57 Rafeeq Rehman: Beyond the CISO MindMap
04:17 The Evolution of the CISO MindMap
08:30 AI and the Future of Cybersecurity Leadership
11:47 Embracing Change: The Role of AI in Cybersecurity
14:16 Generative AI: Hype, Reality, and Strategic Advice for CISOs
22:32 Navigating the Future Job Market with AI
22:53 Framing AI for Specific Roles
24:12 Harnessing Creativity with Generative AI
25:14 Consolidating Security Tools for Efficiency
28:31 Evaluating Security Tools: A Deep Dive
32:21 Cyber Resilience: Beyond Incident Response
35:51 Building a Business-Focused Security Strategy
39:39 Maximizing Business Value Through Security
43:15 Looking Ahead: Focus Areas for the Future
43:53 Concluding Thoughts and Future Predictions -
#176 - Reality-Based Leadership (with Alex Dorr)
In this episode of CISO Tradecraft, host G Mark Hardy welcomes Alex Dorr to discuss Reality-Based Leadership and its impact on reducing workplace drama and enhancing productivity. Alex shares his journey from professional basketball to becoming an evangelist of reality-based leadership, revealing how this approach helped him personally and professionally. They delve into the concepts of SBAR (Situation, Background, Analysis, Recommendation) for effective communication, toggling between low self and high self to manage personal reactions, and practical tools like 'thinking inside the box' to confront and solve workplace issues within given constraints. The conversation underscores the importance of focusing on actionable strategies over arguing with the drama and reality of workplace dynamics, aiming to foster a drama-free, engaged, and productive work environment.
Alex Dorr's Linkedin: https://www.linkedin.com/in/alexmdorr/
Reality-Based Leadership Website: https://realitybasedleadership.com/
Transcripts: https://docs.google.com/document/d/1wge0pFLxE4MkS6neVp68bdz8h9mHrwje
Chapters
00:00 Introduction
00:57 Alex Dorr's Journey from Basketball to Leadership Expert
03:54 The Core Principles of Reality-Based Leadership
06:20 Understanding the Human Condition in the Workplace
09:19 Tackling Workplace Drama with Reality-Based Leadership
11:58 The Power of Positive Energy Management
17:42 Navigating Unpreferred Realities and Finding Impact
19:44 Reality-Based Leadership in Action: Techniques and Outcomes
23:12 The Importance of Skill Development Over Perfecting Reality
24:32 The Challenge of Employee Engagement
25:49 Secrets to Embracing Reality and Taking Action
25:58 Leadership vs. Management: Navigating Workplace Dynamics
28:28 Empowering Employees with the SBAR Framework
34:04 Addressing Venting and Negative Behaviors
36:17 Developing People: The Core of Leadership
37:50 Choosing Happiness Over Being Right
40:15 Integrating New Leadership Models and Making Them Stick
46:24 Concluding Thoughts and Contact Information -
#175 - Navigating NYDFS Cyber Regulation
This episode of CISO Tradecraft dives deep into the New York Department of Financial Services Cybersecurity Regulation, known as Part 500. Hosted by G Mark Hardy, the podcast outlines the significance of this regulation for financial services companies and beyond. Hardy emphasizes that Part 500 serves as a high-level framework applicable not just in New York or the financial sector but across various industries globally due to its comprehensive cybersecurity requirements. The discussion includes an overview of the regulation's history, amendments to enhance governance and incident response, and a detailed analysis of key sections such as multi-factor authentication, audit trails, access privilege management, and incident response. Additionally, the need for written policies, designating a Chief Information Security Officer (CISO), and ensuring adequate resources for implementing a cybersecurity program are highlighted. The podcast also offers guidance on how to approach certain regulatory mandates, emphasizing the importance of teamwork between CISOs, legal teams, and executive management to comply with and benefit from the regulation's requirements.
AuditScripts: https://www.auditscripts.com/free-resources/critical-security-controls/
NYDFS: https://www.dfs.ny.gov/industry_guidance/cybersecurity
Transcripts: https://docs.google.com/document/d/1CWrhNjHXG1rePtOQT-iHyhed2jfBaZud
Chapters
00:00 Introduction
00:35 Why Part 500 Matters Beyond New York
01:48 The Evolution of Financial Cybersecurity Regulations
03:20 Understanding Part 500: Definitions and Amendments
08:44 The Importance of Multi-Factor Authentication
14:33 Navigating the Complexities of Cybersecurity Regulations
20:23 The Critical Role of Asset Management and Access Privileges 25:37 The Essentials of Application Security and Risk Assessment
31:11 Incident Response and Business Continuity Management
32:36 Concluding Thoughts on NYDFS Cybersecurity Regulation