CISO Tradecraft®

G Mark Hardy & Ross Young
  • 4.8 (48)
  • TECHNOLOGY
  • UPDATED WEEKLY

You are not years away from accomplishing your career goals, you are skills away. Learn the Tradecraft to Take Your Cybersecurity Skills to the Executive Level. © Copyright 2025, National Security Corporation. All Rights Reserved

  1. #270 - And What is Truth?

    4D AGO

    #270 - And What is Truth?

    Can you still tell what’s true on the internet or does everything feel questionable now? That confusion isn’t accidental. Disinformation, deepfakes, and cyber deception are being used deliberately to manipulate attention, erode trust, and fracture societies, often faster than truth can respond. In this episode of CISO Tradecraft, we break down how modern information warfare actually works and what leaders can do to defend truth using critical thinking, verification strategies, and practical countermeasures for today’s digital battlefield.

    31 min
  2. #269 - Changing Third Party Risk Management (with Nate Lee)

    JAN 26

    #269 - Changing Third Party Risk Management (with Nate Lee)

    Third-party risk management has become a time-consuming, frustrating exercise. Security teams and vendors alike are buried under long, repetitive TPRM questionnaires that often miss what actually matters. Buyers struggle to assess real risk, while vendors waste countless hours answering low-value questions, slowing deals and draining resources. These bloated questionnaires don’t just waste time, they actively weaken security programs. Important risks get lost in the noise, assessments become checkbox exercises, and both sides grow cynical about the process. As supply chain attacks increase, relying on outdated, one-size-fits-all approaches leaves organizations exposed and ill-prepared to respond. In this episode of CISO Tradecraft, G Mark Hardy sits down with Nate Lee to explore smarter, more effective approaches to TPRM. Drawing on his experience as a CISO and entrepreneur, Nate shares practical strategies for automating assessments, asking more meaningful security questions, and using AI to reduce friction while improving insight. The conversation offers actionable guidance for buyers and vendors to streamline TPRM, focus on real risk, and build stronger, more scalable security programs. Nate Lee - https://www.linkedin.com/in/natetrustmind/ Nate Lee -  nate@trustmind.com

    34 min
  3. #268 - Zero Trust isn't a product (with George Finney)

    JAN 19

    #268 - Zero Trust isn't a product (with George Finney)

    Everyone talks about Zero Trust — but very few organizations actually know how to implement it successfully. In this episode of CISO Tradecraft, host G. Mark Hardy is joined by George Finney, a practicing CISO who literally wrote the book on Zero Trust and has implemented it in one of the most challenging environments imaginable: higher education. Together, they break down: Why Zero Trust is a strategy, not a productWhy most Zero Trust initiatives fail due to people and politics, not technologyHow attackers exploit trust and lateral movementHow to implement Zero Trust without destroying culture or productivityWhat changes when AI enters the trust modelWhy AI is effectively “100% trust” — and how to reduce the blast radiusHow CISOs should explain Zero Trust and AI risk to the boardGeorge also shares practical analogies (including his now-famous restaurant model for AI) that make Zero Trust and AI security understandable for executives, IT teams, and non-technical leaders alike. If you’re serious about: Preventing breaches instead of just responding to themLimiting lateral movementSecuring AI-driven systemsTurning Zero Trust from buzzword into business strategy👉 This episode is a must-watch. George's Books: Rise of the Machine: https://www.amazon.com/Rise-Machines-Project-Trust-Story/dp/1394303718 Project Zero Trust: https://www.amazon.com/Project-Zero-Trust-Strategy-Aligning/dp/1119884845/

    46 min
  4. #267 - Busy is the New Stupid (with Ross Young)

    JAN 12

    #267 - Busy is the New Stupid (with Ross Young)

    You’re working longer hours than ever… yet somehow getting less done. Sound familiar? In this episode of CISO Tradecraft, we break down why busy has become the enemy of effectiveness and why “Busy is the New Stupid.” This isn’t about working harder or faster. It’s about understanding how your time gets attacked, how distractions persist, and how even high-performing leaders fall into productivity traps. We introduce a practical framework inspired by MITRE ATT&CK to show: How meetings, emails, and interruptions gain initial access to your day Why multitasking and constant context-switching kill execution How “always-on” culture and people-pleasing create persistence What effective CISOs do to defend their time and focus on impact, not noise If you’re a CISO, security leader, or executive who feels constantly busy but strategically behind, this episode will challenge how you think about productivity—and give you a better way forward. 👉 Grab the Busy Is the New Stupid template for free https://www.cisotradecraft.com/bitns 👉 Share what’s missing and help us evolve the framework 👉 Follow CISO Tradecraft for more insights on leadership, strategy, and security Because being busy isn’t the goal. Being effective is.

    46 min
  5. #266 - Why CISOs Miss The Next Big Security Challenge (with Richard Stiennon)

    JAN 5

    #266 - Why CISOs Miss The Next Big Security Challenge (with Richard Stiennon)

    CISOs are expected to anticipate the next major security failure, yet the cybersecurity market is moving too fast, too fragmented, and too noisily for any leader to clearly see what’s coming next. AI is accelerating vendor sprawl, threat models are shifting mid-year, and every product claims to be “critical.” CISOs aren’t missing threats because they’re uninformed; they’re overwhelmed. By the time a risk is obvious, it’s already budgeted, deployed, and exploited. Boards ask “How did we not see this?” while CISOs are left defending decisions made with incomplete signals and outdated market maps. In this episode of CISO Tradecraft, G Mark Hardy and industry analyst Richard Stiennon break down how CISOs can regain strategic foresight. Drawing on Richard’s experience at Gartner, IT Harvest, and the Security Yearbook, they share practical ways to cut through market noise, understand where AI is truly changing security, and identify emerging risks before they become incidents giving CISOs a clearer view of what matters next.

    45 min
  6. #265 - 12 CISO Templates (with Ross Young)

    12/29/2025

    #265 - 12 CISO Templates (with Ross Young)

    In this episode of CISO Tradecraft, hosts G Mark Hardy and Ross Young discuss the extensive redesign at CISO Tradecraft and introduce a series of free cybersecurity tools and templates available on their website. The tools, created with the help of AI, range from a Cybersecurity Budget Template and Gen AI Risk Assessment to a Personal Values Exercise and Process Improvement exercise. They also cover topics such as AI coding, CMMC Compliance, Cloud Security Alliance’s AI Control Matrix, and the Cyber Six Pack for improving vulnerability management. Additionally, they share insights on tools rationalization exercises, such as the cybersecurity murder board, and the importance of aligning tasks with personal values. Tune in for detailed walkthroughs of these innovative resources designed to enhance your cybersecurity strategies without breaking the bank. Templates can be found here: https://www.cisotradecraft.com/freetemplates

    45 min
  7. #264 - Behavioral Insights (with Dr. Dustin Sachs)

    12/22/2025

    #264 - Behavioral Insights (with Dr. Dustin Sachs)

    Most cybersecurity programs are built on rigid “best practices” that assume people will behave rationally, consistently, and exactly as policy dictates; even under stress, time pressure, and uncertainty. In reality, humans don’t work that way. Cognitive bias, fatigue, incentives, and real-world constraints cause well-intentioned employees, analysts, and leaders to make decisions that quietly undermine security. The result? Incident response stalls, SOCs drown in noise, and organizations continue to repeat the same failures, even while believing they’re “doing everything right.” In this episode of CISO Tradecraft, host G. Mark Hardy and Dr. Dustin Sachs demonstrate how applying behavioral science and human decision-making can radically improve cybersecurity outcomes. By designing security around how people actually think and operate, not how policies assume they do, leaders can build adaptable, resilient programs that work in the real world. Check out Dustin's new book: https://www.amazon.com/Behavioral-Insights-Cybersecurity-Security-Leadership/dp/1032998539 Dustin Sachs's Linkedin Profile: https://www.linkedin.com/in/dustinsachs/

    46 min
  8. #263 - Stopping Attacks To Your Cloud Office Environment (with Rajan Kapoor)

    12/15/2025

    #263 - Stopping Attacks To Your Cloud Office Environment (with Rajan Kapoor)

    In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Rajan Kapoor, VP of Security at Material Security, to discuss critical topics in cloud workspace security. From discussing the increased attack surfaces in cloud environments like Google Workspace and Microsoft 365 to practical solutions for mitigating these risks, Rajan provides invaluable insights into creating a secure cloud office environment. Tune in for expert advice on improving security maturity, managing cloud security tools efficiently, and leveraging modern technology for enhanced protection and reduced dwell time. Whether you're a small enterprise or a large corporation, this episode has actionable insights to help you strengthen your security posture. Check out the Material Security Scorecard to measure your Cloud Office Security https://material.security/workspace-security-scorecard Rajan Kapoor https://www.linkedin.com/in/rajankkapoor/ MITRE ATT&CK® Office Suite platform https://attack.mitre.org/matrices/enterprise/cloud/officesuite/

    45 min
See All (270)

4.8
out of 5
48 Ratings

About

You are not years away from accomplishing your career goals, you are skills away. Learn the Tradecraft to Take Your Cybersecurity Skills to the Executive Level. © Copyright 2025, National Security Corporation. All Rights Reserved

Information

  • Creator
    G Mark Hardy & Ross Young
  • Years Active
    2020 - 2026
  • Episodes
    270
  • Rating
    Clean
  • Copyright
    © Copyright 2025, National Security Corporation. All Rights Reserved
  • Show Website
    CISO Tradecraft®

You Might Also Like