))
Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.
…
continue reading
Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership. © Copyright 2024, National Security Corporation. All Rights Reserved
…
continue reading
1
#219 - The Professionalization of CISOs (with Steve Zalewski & Tyson Kopczynski)
41:15
41:15
Play later
Play later
Lists
Like
Liked
41:15
This podcast episode discusses the formation of a professional association for CISOs, driven by increasing personal liability risks faced by these executives. The conversation centers on establishing a formal definition and accreditation process for the CISO role, moving beyond existing certifications to demonstrate operational and theoretical expe…
…
continue reading
In this CISO Tradecraft episode, host G. Mark Hardy delves into the recent U.S. presidential executive orders impacting AI and their implications for cybersecurity professionals. Learn about the evolution of AI policies from various administrations and how they influence national security, innovation, and the strategic decisions of CISOs. Discover …
…
continue reading
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and DJ Schleen, former distinguished security architect, Yahoo. Joining us is our sponsored guest Heath Renfrow, c…
…
continue reading
1
Can a Security Program Ever Reach Maintenance Mode?
25:12
25:12
Play later
Play later
Lists
Like
Liked
25:12
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Andrew Wilder, CISO, Vetcor. In this episode: It comes down to gr…
…
continue reading
1
#218 - How AI Changes Talent Management (with Colleen Lennox)
23:49
23:49
Play later
Play later
Lists
Like
Liked
23:49
In this episode of CISO Tradecraft, host G. Mark Hardy and special guest Colleen Lennox dive into the transformative power of AI in HR. Discover how AI can revolutionize identifying, attracting, and retaining cybersecurity talent. They discuss the challenges of finding the right personnel in the cybersecurity field, the innovative AI-driven solutio…
…
continue reading
1
The Hardest Problems in Security Aren't "Security Problems"
25:52
25:52
Play later
Play later
Lists
Like
Liked
25:52
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us Sneha Parmar, information security officer, Lufthansa Group Digital …
…
continue reading
1
#217 - Includes No Dirt (with Bill Dougherty)
44:59
44:59
Play later
Play later
Lists
Like
Liked
44:59
In this episode of CISO Tradecraft, host G. Mark Hardy sits down with Bill Dougherty, CISO of Omada Health, to discuss a groundbreaking threat model called 'Includes No Dirt'. This comprehensive model integrates security, privacy, and compliance considerations, aiming to streamline and enhance threat modeling processes. The conversation covers the …
…
continue reading
1
If and When Should a CISO Have a Long Term Security Plan?
29:20
29:20
Play later
Play later
Lists
Like
Liked
29:20
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Gaurav Kapil, CISO, Bread Financial. In this episode: It helps to ha…
…
continue reading
1
#216 - The TTPs of a Security Champions Program (with Dustin Lehr)
45:32
45:32
Play later
Play later
Lists
Like
Liked
45:32
Join G. Mark Hardy in a riveting episode of CISO Tradecraft as he sits down with Dustin Lehr to uncover strategies for creating security champions among developers. Explore effective techniques to inspire culture change, leverage AI tools for security, and discover the difference between leadership and management. This insightful discussion include…
…
continue reading
1
Do We Want CISOs Dictating How Salespeople Should Engage?
33:45
33:45
Play later
Play later
Lists
Like
Liked
33:45
All links and images for this episode can be found on CISO Series. Check out this post by Marc Ashworth, CISO at First Bank for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, vp, deputy CISO - Gaming, Microsoft. Joining us is Ken Athan…
…
continue reading
In this episode of CISO Tradecraft, host G Mark Hardy explores the top 10 cybersecurity predictions for 2025. From the rise of AI influencers to new standards in encryption, Hardy discusses significant trends and changes expected in the cybersecurity landscape. The episode delves into topics such as branding, application security, browser-based sec…
…
continue reading
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLock…
…
continue reading
1
#214 - Deceive to Detect (with Yuriy Gatupov)
45:47
45:47
Play later
Play later
Lists
Like
Liked
45:47
🔥 Hackers Beware! Cyber Deception is Changing the Game 🔥 In this must-hear episode of CISO Tradecraft, we expose a mind-blowing cybersecurity strategy that flips the script on attackers. Instead of waiting to be breached, cyber deception technology tricks hackers into revealing themselves—before they can do real damage. 🚨🎭 Imagine laying digital tr…
…
continue reading
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Young, CISO-in-residence, Team8, and Jeroen Schipper, CISO, Gemeente Den Haag. In this episode: Creating …
…
continue reading
1
#213 - How to Build a Successful Cybersecurity Startup (with Ross Haleliuk)
45:45
45:45
Play later
Play later
Lists
Like
Liked
45:45
In this episode of CISO Tradecraft, host G Mark Hardy interviews Ross Haleliuk, author of 'Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup.' Ross shares valuable insights on starting a cybersecurity company, and emphasizes the importance of understanding market needs, customer engagement, and trust in the industry. They …
…
continue reading
1
#212 - Repeatable, Attestable, and Defensible AI (with AWS's Former Deputy CISO Merritt Baer)
45:35
45:35
Play later
Play later
Lists
Like
Liked
45:35
Join us on CISO Tradecraft as we explore the future of cybersecurity with Merritt Barrett, former Deputy CISO at AWS. Merritt, a Harvard Law graduate, shares her expert insights on the trends expected in the upcoming years, emphasizing the enduring aspects of cybersecurity, the implications of AI, and challenges in cloud security. Discover valuable…
…
continue reading
1
#211 - Allowlisting and Ringfencing (with Kieran Human)
27:43
27:43
Play later
Play later
Lists
Like
Liked
27:43
In this episode of CISO Tradecraft, host G Mark Hardy discusses the history and evolution of endpoint protection with guest Kieran Human from ThreatLocker. Starting from the inception of antivirus software by John McAfee in the late 1980s, the episode delves into the advancements through Endpoint Detection and Response (EDR) and introduces the late…
…
continue reading
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Itai Tevet, CEO, Intezer. In this episode: Build for what y…
…
continue reading
1
#210 - Salt Typhoon and Vulnerable Telecoms
45:39
45:39
Play later
Play later
Lists
Like
Liked
45:39
In this crucial episode of CISO Tradecraft, host G Mark Hardy delves into the urgent topic of the 'Salt Typhoon' threat, with insights from experts Adam Isles and Andreas Kurland from the Chertoff Group. The episode covers the implications for corporate security using SMS text messages when Chinese actors are breaking into major telecommunication e…
…
continue reading
1
Vulnerability Management ≠ Vulnerability Discovery
28:39
28:39
Play later
Play later
Lists
Like
Liked
28:39
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby. In this episode: You can’t manage what you …
…
continue reading
1
#209 - AI Singularity (with Richard Thieme)
48:32
48:32
Play later
Play later
Lists
Like
Liked
48:32
In this riveting episode of CISO Tradecraft, host G Mark Hardy welcomes back Richard Thieme, a thought leader in cybersecurity and technology, almost three years after his last appearance. Richard delves into the necessity of thinking like a hacker, provides insights into the AI singularity, and discusses the ethical and societal implications of em…
…
continue reading
1
#208 - Insider Threat (with Shawnee Delaney)
45:25
45:25
Play later
Play later
Lists
Like
Liked
45:25
This podcast episode of CISO Tradecraft features Shawnee Delaney, an insider threat expert, discussing insider threats in cybersecurity. Delaney, whose background includes espionage, explains how understanding human motivation and vulnerabilities is crucial for identifying and mitigating insider threats. The conversation highlights the importance o…
…
continue reading
1
Are Security Awareness Training Platforms Effective?
26:50
26:50
Play later
Play later
Lists
Like
Liked
26:50
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Dan Walsh, CISO, Paxos. Joining us is Sharon Milz, CISO, Time. In this episode: A vicious cycle Not all traini…
…
continue reading
Welcome to another enlightening episode of CISO Tradecraft! In this episode, host G. Mark Hardy dives deep into the critical topic of CISO burnout with special guest Raghav Singh, a PhD candidate from the University of Buffalo. This is an eye-opening session for anyone in the cybersecurity field, especially those in or aspiring to the CISO role. Ra…
…
continue reading
1
The Argument For More Cybersecurity Startups
32:07
32:07
Play later
Play later
Lists
Like
Liked
32:07
All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Haleliuk, author, Venture in Security. Be sure to check out Ross's podcast, Inside the Network, and his…
…
continue reading
Setting Sail with Cybersecurity: Exclusive Insights from Ira Winkler on CruiseCon 2025 🛳️ Join us for an exciting episode of CISO Tradecraft as G Mark Hardy sits down with renowned cybersecurity expert Ira Winkler! Discover the groundbreaking CruiseCon 2025, the first at-sea cybersecurity conference, featuring top-tier speakers and unrivaled networ…
…
continue reading
All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Allan Cockriel, group CISO, Shell. In this episode: Striking a balance Will we…
…
continue reading
1
#205 - Wisdom from the 1st Cyber Colonel (JC Vega)
46:28
46:28
Play later
Play later
Lists
Like
Liked
46:28
Join G. Mark Hardy on this exciting episode of CISO Tradecraft as he interviews J.C. Vega, the first cyber colonel in the United States Army. Vega shares his invaluable insights on leadership, team building, and success strategies that can transform your cybersecurity career. Plus, learn about CruiseCon 2025, Wee Dram, and how you can take your lea…
…
continue reading
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Karthik Krishnan, founder and CEO, Concentric AI. In this ep…
…
continue reading
1
#204 - Shadows and Zombies in the Data Center
23:53
23:53
Play later
Play later
Lists
Like
Liked
23:53
In this special Halloween episode of CISO Tradecraft, host G Mark Hardy delves into the lurking dangers of Shadow IT and Zombie IT within organizations. Learn about the origins, risks, and impacts of these hidden threats, and discover proactive measures that CISOs can implement to safeguard their IT ecosystems. Strategies discussed include rigorous…
…
continue reading
1
Defending Against What Criminals Know About You
31:35
31:35
Play later
Play later
Lists
Like
Liked
31:35
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Damon Fleury, chief product officer, SpyCloud. In this epis…
…
continue reading
Unlocking SOC Excellence: Master the SOC Capability Maturity Model Join host G Mark Hardy in this compelling episode of CISO Tradecraft as he explores the revolutionary SOC Capability Maturity Model (SOC CMM) authored by Rob van Os. This episode is a must-watch for CISOs, aspiring CISOs, and cybersecurity professionals aiming to optimize their Secu…
…
continue reading
1
Will We Ever Go Back From Work From Home?
32:59
32:59
Play later
Play later
Lists
Like
Liked
32:59
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Joe Lewis, CISO, CDC. In this episode: Don’t underestimate the qu…
…
continue reading
1
#202 - Cybersecurity Crisis: Are We Failing the Next Generation?
45:09
45:09
Play later
Play later
Lists
Like
Liked
45:09
In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges and misconceptions facing the next generation of cybersecurity professionals. The discussion covers the myth of a talent shortage, the shortcomings of current educational and certification programs, and the significance of aligning curricula with real-world needs. Hardy e…
…
continue reading
1
The Lurking Dangers of Neglected Security Tools
31:39
31:39
Play later
Play later
Lists
Like
Liked
31:39
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP and deputy CISO - Gaming, Microsoft. Joining us is Adam Fletcher, CSO, Blackstone. In this epi…
…
continue reading
In this episode of CISO Tradecraft, hosted by G Mark Hardy, you'll learn about four crucial tools in cloud security: CNAPP, CASB, CSPM, and CWPP. These tools serve various functions like protecting cloud-native applications, managing access security, maintaining cloud posture, and securing cloud workloads. The discussion covers their roles, benefit…
…
continue reading
1
When You Just Can't Take It Anymore in Cyber
30:18
30:18
Play later
Play later
Lists
Like
Liked
30:18
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP, Deputy CISO - Gaming, Microsoft. Joining us is Patty Ryan, senior director, CISO, QuidelOrtho…
…
continue reading
In this episode of CISO Tradecraft, hosts G Mark Hardy and Mark Rasch discuss the intersection of artificial intelligence and the law. Recorded at the COSAC computer conference in Dublin, this episode covers the legal implications of AI, copyright issues, AI-generated content, privacy concerns, and ethical considerations. They explore the nuances b…
…
continue reading
1
Is It Possible to Inject Integrity Into AI?
37:13
37:13
Play later
Play later
Lists
Like
Liked
37:13
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. Sir Tim B…
…
continue reading
Join G. Mark Hardy in Torremolinos, Spain, for a deep dive into the security of Generative AI. This episode of CISO Tradecraft explores the basics of generative AI, including large language models like ChatGPT, and discusses the key risks and mitigation strategies for securing AI tools in the workplace. G. Mark provides real-world examples, insight…
…
continue reading
1
Are Phishing Tests Helping or Hurting Our Security Program?
27:36
27:36
Play later
Play later
Lists
Like
Liked
27:36
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Not all educat…
…
continue reading
G Mark Hardy dives deep into effective strategies for securing your business. Learn why it's essential for cybersecurity leaders to communicate the real business impact of vulnerabilities and discover the importance of identifying and prioritizing critical business processes. Gain insights from historical references and practical frameworks like th…
…
continue reading
1
Who Is Responsible for Securing SaaS Tools?
35:23
35:23
Play later
Play later
Lists
Like
Liked
35:23
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In thi…
…
continue reading
1
#197 - Fedshark's Blueprint for Cost Effective Risk Reduction
46:27
46:27
Play later
Play later
Lists
Like
Liked
46:27
Join host G Mark Hardy as he dives deep into the complexities of compliance and reporting, featuring special guests Brian Bradley and Josh Williams from FedShark. Discover a unique and streamlined approach to compliance using FedShark's innovative tools and AI-assisted systems. Learn about their exclusive offers for CISO Tradecraft listeners, inclu…
…
continue reading
1
Hiring Cyber Teenagers with Criminal Records
29:47
29:47
Play later
Play later
Lists
Like
Liked
29:47
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Arellano, vp, enterprise cybersecurity, PayPal. In this episode:…
…
continue reading
1
#196 - Cyber Thrills and Author Quills (with Deb Radcliff)
47:13
47:13
Play later
Play later
Lists
Like
Liked
47:13
G Mark Hardy and guest Deb Radcliff talk about experiences and takeaways from Black Hat, and delve into the dynamic world of cybersecurity. Deb shares her perspectives on the intersection of AI, DevSecOps, and cyber warfare, while highlighting insights from her 'Breaking Backbones' trilogy. Transcripts: https://docs.google.com/document/d/1XN9HjdljJ…
…
continue reading
1
What's Working With Third-Party Risk Management?
31:02
31:02
Play later
Play later
Lists
Like
Liked
31:02
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Segment …
…
continue reading
1
#195 - Pentesting for Readiness not Compliance (with Snehal Antani)
47:48
47:48
Play later
Play later
Lists
Like
Liked
47:48
In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen t…
…
continue reading
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Sherron Burgess, CISO, BCD Travel. In this episode: Disingenuous clai…
…
continue reading
In this episode of CISO Tradecraft, host G Mark Hardy delves into the intricate world of Identity and Access Management (IAM). Learn the essentials and best practices of IAM, including user registration, identity proofing, directory services, identity federation, credential issuance, and much more. Stay informed about the latest trends like proximi…
…
continue reading
