![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
187 episodes
![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
CISO Tradecraft® CISO Tradecraft®
-
- Technology
Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership.
-
#187 - Ensuring Profitable Growth
Welcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablement, operational resilience, and cost reduction. Tune in for insightful strategies to improve your impact as a cybersecurity leader and a sneak peek at our upcoming CISO training class! If you would like to learn more about our class, drop us a comment: https://www.cisotradecraft.com/comment
Transcripts: https://docs.google.com/document/d/19SDBdQSTLc58sP5ynwzhuedNHzk7QPKj
Chapters
00:00 Introduction to Profitable Growth for CISOs
01:16 Understanding Profit and Business Objectives
03:24 Enhancing Customer Experience through Cybersecurity
08:51 Service Enablement and Upselling Strategies
11:39 Ensuring Operational Resilience
13:36 Cost Reduction and Efficiency Improvements
18:31 Recap and Final Thoughts
19:10 Exciting Announcement: CISO Training Course -
#186 - AI Coaching (with Tom Bendien)
Exploring AI in Cybersecurity: Insights from an Expert - CISO Tradecraft with Tom Bendien In this episode of CISO Tradecraft, host G Mark Hardy sits down with AI expert Tom Bendien to delve into the impact of artificial intelligence on cybersecurity. They discuss the basics of AI, large language models, and the differences between public and private AI models. Tom shares his journey from New Zealand to the U.S. and how he became involved in AI consulting. They also cover the importance of education in AI, from executive coaching to training programs for young people. Tune in to learn about AI governance, responsible use, and how to prepare for the future of AI in cybersecurity.
Transcripts: https://docs.google.com/document/d/1x0UTLiQY7hWWUdfPE6sIx7l7B0ip7CZo
Chapters
00:00 Introduction and Guest Welcome
00:59 Tom Bendien's Background and Journey
02:30 Diving into AI and ChatGPT
04:29 Understanding AI Models and Neural Networks
07:11 The Role of Agents in AI
10:10 Challenges and Ethical Considerations in AI
13:47 Open Source AI and Security Concerns
18:32 Apple's AI Integration and Compliance Issues
24:01 Navigating AI in Cybersecurity
25:09 Ethical Dilemmas in AI Usage
27:59 AI Coaching and Its Importance
32:20 AI in Education and Youth Engagement
35:55 Career Coaching in the Age of AI
39:20 The Future of AI and Its Saturation Point
42:07 Final Thoughts and Contact Information -
#185 - Ethics and Artificial Intelligence (AI)
In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark explores ethical frameworks, such as rights-based ethics, justice and fairness, utilitarianism, common good, and virtue ethics, and applies them to AI development and usage. The episode also highlights ethical dilemmas, including privacy concerns, bias, transparency, accountability, and the impacts of AI on societal norms and employment. Learn about the potential dangers of AI and how to implement and control AI systems ethically in your organization.
Transcripts: https://docs.google.com/document/d/10AhefqdhkT0PrEbh8qBZVn9wWS6wABO6
Chapters
00:00 Introduction to CISO Tradecraft
01:01 Stages of Artificial Intelligence
03:33 Ethical Implications of AI
05:24 Business Models and Data Security
13:52 Ethical Frameworks Explained
23:18 AI and Human Behavior
25:44 The TikTok Feedback Loop and Digital Addiction
26:54 AI's Unpredictable Capabilities
28:25 The Ethical Dilemmas of AI
30:57 Generative AI and Its Implications
42:10 The Role of Government and Society in AI Regulation
45:49 Conclusion and Ethical Considerations -
#184 - Complexity is Killing Us
In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges complexity introduces to cybersecurity, debunking the myth that more complex systems are inherently more secure. Through examples ranging from IT support issues to the intricacies of developing a web application with Kubernetes, the discussion highlights how complexity can obscure vulnerabilities, increase maintenance costs, and expand the attack surface. The episode also offers strategies to tackle complexity, including standardization, minimization, automation, and feedback-driven improvements, aiming to guide cybersecurity leaders toward more effective and less complex security practices.
Transcripts: https://docs.google.com/document/d/1J0rPr0HxULpeVJMIwXKXqHuCfnXn4gDu
Chapters
00:00 Introduction
01:03 The Misconception of Complexity in Cybersecurity
02:41 Real-World Complexities and Their Impact on IT
10:06 Simplifying Cybersecurity: Strategies and Solutions
14:48 Conclusion: Embracing Simplicity in Cybersecurity -
#183 - Navigating the Cloud Security Landscape (with Chris Rothe)
This episode of CISO Tradecraft features a conversation between host G. Mark Hardy and Chris Rothe, co-founder of Red Canary, focusing on cloud security, managed detection and response (MDR) services, and the evolution of cybersecurity practices. They discuss the genesis of Red Canary, the significance of their company name, and the distinctions between Managed Security Service Providers (MSSPs) and MDRs. The conversation also covers the importance of cloud security, the challenges of securing serverless and containerized environments, and leveraging open-source projects like Atomic Red Team for cybersecurity. They conclude with insights on the cybersecurity labor market, the value of threat detection reports, and the future of cloud security.
Red Canary: https://redcanary.com/
Chris Rothe: https://www.linkedin.com/in/crothe/
Transcripts: https://docs.google.com/document/d/1XN4Bp7Sa2geGCVaHuqMRmJckms4q7_L6
-
#182 - Shaping the SOC of Tomorrow (with Debbie Gordon)
This episode of CISO Tradecraft, hosted by G Mark Hardy, features special guest Debbie Gordon. The discussion focuses on the critical role of Security Operations Centers (SOCs) in an organization's cybersecurity efforts, emphasizing the importance of personnel, skill development, and maintaining a high-performing team. It covers the essential aspects of building and managing a successful SOC, from hiring and retaining skilled incident responders to measuring their performance and productivity. The conversation also explores the benefits of simulation-based training with CloudRange Cyber, highlighting how such training can improve job satisfaction, reduce incident response times, and help organizations meet regulatory requirements. Through this in-depth discussion, listeners gain insights into best practices for enhancing their organization's cybersecurity posture and developing key skill sets to defend against evolving cyber threats.
Cloud Range Cyber: https://www.cloudrangecyber.com/
Transcripts: https://docs.google.com/document/d/18ILhpOgHIFokMrkDAYaIEHK-f9hoy63u
Chapters
00:00 Introduction
01:04 The Indispensable Role of Security Operations Centers (SOCs)
02:07 Building an Effective SOC: Starting with People
03:04 Measuring Productivity and Performance in Your SOC
05:36 The Importance of Continuous Training and Simulation in Cybersecurity
09:00 Debbie Gordon on the Evolution of Cyber Training
11:54 Developing Cybersecurity Talent: The Importance of Simulation Training
14:46 The Critical Role of People in Cybersecurity
21:57 The Impact of Regulations on Cybersecurity Practices
24:36 The Importance of Proactive Cybersecurity Training
26:26 Redefining Cybersecurity Roles and Training Approaches
30:08 Leveraging Cyber Ranges for Real-World Cybersecurity Training
36:03 Evaluating and Enhancing Cybersecurity Skills and Team Dynamics
37:49 Maximizing Cybersecurity Training ROI and Employee Engagement
41:40 Exploring CloudRange Cyber's Training Solutions
43:28 Conclusion: The Future of Cybersecurity Training